neroanelli
| mode: rule | |
| ipv6: true | |
| log-level: info | |
| allow-lan: false | |
| mixed-port: 7890 | |
| unified-delay: false | |
| tcp-concurrent: true | |
| external-controller: 127.0.0.1:9091 | |
| external-ui: ui |
| #policy: read,test | |
| #pppoe-interface | |
| :local pppoe "pppoe-out1" | |
| #dnspod-token | |
| :local token "uid,api-toekn" | |
| #dnspod-domain | |
| :local domain "example.com" |
| #!/bin/sh | |
| echo 'use "curl -sSL git.io/corefile | bash" to update Corefile' | |
| echo "remember to change 192.168.1.1 to your ISP's DNS server address or use public DNS server such as 114/DNSPod etc. directly" | |
| china=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/accelerated-domains.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| apple=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/apple.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| google=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/google.china.conf | while read line; do awk -F '/' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| bogus=`curl -sSL https://raw.githubusercontent.com/felixonmars/dnsmasq-china-list/master/bogus-nxdomain.china.conf | grep "=" | while read line; do awk -F '=' '{print $2}' | grep -v '#' ; done | paste -sd " " -` | |
| cat>Corefile |
- Install Proxmox 5.0.X with lvm storage
- Get the jun's loader 1.02b at the following url :
- Retrieve a DSM pat file here : https://usdl.synology.com/download/DSM/release/
- Create the proxmox VM as the following :
- OS Type : Linux 4.x
dhcp-script=/etc/detect_new_device.sh
Reference:
| #!/usr/bin/env sh | |
| ## update.sh - manage a OpenWRT LetsEncrypt https instalation | |
| # HOWTO: | |
| # - put update.sh in its own directory (like /root/.https) | |
| # - run ./update.sh your.domain.com (that domain needs to point to your router) | |
| # * this get an issued cert from letsencrypt.org using the webroot verification method | |
| # * also installs curl and ca-certificates packages | |
| # - use crontab -e; add the line `0 0 * * * "/root/.https/update.sh" >>/root/.https/log.txt 2>&` | |
| # * this runs the update every day, logging everything to log.txt | |
| # |
This script allows you to automatically archive and upload a backup of your existing Ghost data to your Dropbox account.
You'll need to follow this tutorial.
Then, you must create an executable script using the code of ghost_backup.sh in this gist (but modifying your blog's path and prefix).
由于路由管控系统的建立,实时动态黑洞路由已成为最有效的封锁手段,TCP连接重置和DNS污染成为次要手段,利用漏洞的穿墙方法已不再具有普遍意义。对此应对方法是多样化协议的VPN来抵抗识别。这里介绍一种太简单、有时很朴素的“穷人VPN”。
朴素VPN只需要一次内核配置(Linux内核),即可永久稳定运行,不需要任何用户态守护进程。所有流量转换和加密全部由内核完成,原生性能,开销几乎没有。静态配置,避免动态握手和参数协商产生指纹特征导致被识别。并且支持NAT,移动的内网用户可以使用此方法。支持广泛,基于L2TPv3标准,Linux内核3.2+都有支持,其他操作系统原则上也能支持。但有两个局限:需要root权限;一个隧道只支持一个用户。
朴素VPN利用UDP封装的静态L2TP隧道实现VPN,内核XFRM实现静态IPsec。实际上IP-in-IP隧道即可实现VPN,但是这种协议无法穿越NAT,因此必须利用UDP封装。内核3.18将支持Foo-over-UDP,在UDP里面直接封装IP,与静态的L2TP-over-UDP很类似。
Others have recently developed packages for this same functionality, and done it better than anything I could do. Use the packages instead of this script:
-
Gargoyle package by @lantis1008
-
OpenWRT package by @dibdot
In its basic usage, this script will modify the router such that blocked addresses are null routed and unreachable. Since the address blocklist is full of advertising, malware, and tracking servers, this setup is generally a good thing. In addition, the router will update the blocklist weekly. However, the blocking is leaky, so do not expect everything to be blocked.