MagiTrickle/README.md

# kvas2-go

Better implementation of [KVAS](https://github.com/qzeleza/kvas)

Roadmap:
- [x] DNS Proxy
- [x] DNS Records table
- [ ] IPTables rules to remap DNS server [1]
- [ ] Rule composer
- [ ] List loading/watching (temporary)
- [ ] IPSet integration
- [ ] Listing of interfaces
- [ ] IPTables rules to IPSet [2]
- [ ] HTTP API
- [ ] HTTP GUI
- [ ] Getting readable names of interfaces from Keenetic NDMS
- [ ] HTTP Auth

[1] Example
```bash
KVAS2_NAME=KVAS2
KVAS2_DNS_PORT=7548

# Создание правил
iptables -t nat -N ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING
iptables -t nat -A ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING -p udp --dport 53 -j REDIRECT --to-port ${KVAS2_DNS_PORT}

# Применение правил
iptables -t nat -I PREROUTING 1 -j ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING

# Удаление правил
iptables -t nat -D PREROUTING -j ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING
iptables -t nat -F ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING
iptables -t nat -X ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING
```

[2] Example
```bash
KVAS2_NAME=KVAS2
IPSET_TABLE=kvas2
MARK=1
TABLE=100
INTERFACE=ovpn_br0

# Создание правил
iptables -t mangle -N ${KVAS2_NAME}_ROUTING_PREROUTING
iptables -t nat -N ${KVAS2_NAME}_ROUTING_POSTROUTING
iptables -t mangle -A ${KVAS2_NAME}_ROUTING_PREROUTING -m set --match-set ${IPSET_TABLE} dst -j MARK --set-mark ${MARK}
iptables -t nat -A ${KVAS2_NAME}_ROUTING_POSTROUTING -o ${INTERFACE} -j MASQUERADE

# Применение правил
ip rule add fwmark ${MARK} table ${TABLE}
ip route add default dev ${INTERFACE} table ${TABLE}
iptables -t mangle -A PREROUTING -j ${KVAS2_NAME}_ROUTING_PREROUTING
iptables -t nat -A POSTROUTING -j ${KVAS2_NAME}_ROUTING_POSTROUTING

# Удаление правил
ip rule del fwmark ${MARK} table ${TABLE}
ip route del default dev ${INTERFACE} table ${TABLE}
iptables -t mangle -D PREROUTING -j ${KVAS2_NAME}_ROUTING_PREROUTING
iptables -t mangle -F ${KVAS2_NAME}_ROUTING_PREROUTING
iptables -t mangle -X ${KVAS2_NAME}_ROUTING_PREROUTING
iptables -t nat -D POSTROUTING -j ${KVAS2_NAME}_ROUTING_POSTROUTING
iptables -t nat -F ${KVAS2_NAME}_ROUTING_POSTROUTING
iptables -t nat -X ${KVAS2_NAME}_ROUTING_POSTROUTING
```
readme 2024-08-24 01:29:29 +03:00			`# kvas2-go`

			`Better implementation of [KVAS](https://github.com/qzeleza/kvas)`

			`Roadmap:`
			`- [x] DNS Proxy`
dns records table 2024-08-24 19:47:10 +03:00			`- [x] DNS Records table`
readme 2024-08-24 01:29:29 +03:00			`- [ ] IPTables rules to remap DNS server [1]`
add point to roadmap 2024-08-24 17:47:43 +03:00			`- [ ] Rule composer`
readme 2024-08-24 01:29:29 +03:00			`- [ ] List loading/watching (temporary)`
			`- [ ] IPSet integration`
			`- [ ] Listing of interfaces`
			`- [ ] IPTables rules to IPSet [2]`
			`- [ ] HTTP API`
			`- [ ] HTTP GUI`
			`- [ ] Getting readable names of interfaces from Keenetic NDMS`
			`- [ ] HTTP Auth`

			`[1] Example`
			```bash
readme: update rules for DNS override 2024-08-24 20:12:45 +03:00			`KVAS2_NAME=KVAS2`
readme 2024-08-24 01:29:29 +03:00			`KVAS2_DNS_PORT=7548`
readme: update rules for DNS override 2024-08-24 20:12:45 +03:00
			`# Создание правил`
readme: update names 2024-08-24 20:23:30 +03:00			`iptables -t nat -N ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING`
			`iptables -t nat -A ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING -p udp --dport 53 -j REDIRECT --to-port ${KVAS2_DNS_PORT}`
readme: update rules for DNS override 2024-08-24 20:12:45 +03:00
			`# Применение правил`
readme: update names 2024-08-24 20:23:30 +03:00			`iptables -t nat -I PREROUTING 1 -j ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING`
readme: update rules for DNS override 2024-08-24 20:12:45 +03:00
			`# Удаление правил`
readme: update names 2024-08-24 20:23:30 +03:00			`iptables -t nat -D PREROUTING -j ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING`
readme: flushing tables when removing 2024-08-24 20:30:23 +03:00			`iptables -t nat -F ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING`
			`iptables -t nat -X ${KVAS2_NAME}_DNSOVERRIDE_PREROUTING`
readme 2024-08-24 01:29:29 +03:00			```

			`[2] Example`
			```bash
readme: update rules for routing 2024-08-24 20:17:19 +03:00			`KVAS2_NAME=KVAS2`
readme 2024-08-24 01:29:29 +03:00			`IPSET_TABLE=kvas2`
			`MARK=1`
			`TABLE=100`
			`INTERFACE=ovpn_br0`
readme: update rules for routing 2024-08-24 20:17:19 +03:00
			`# Создание правил`
readme: update names 2024-08-24 20:23:30 +03:00			`iptables -t mangle -N ${KVAS2_NAME}_ROUTING_PREROUTING`
			`iptables -t nat -N ${KVAS2_NAME}_ROUTING_POSTROUTING`
			`iptables -t mangle -A ${KVAS2_NAME}_ROUTING_PREROUTING -m set --match-set ${IPSET_TABLE} dst -j MARK --set-mark ${MARK}`
			`iptables -t nat -A ${KVAS2_NAME}_ROUTING_POSTROUTING -o ${INTERFACE} -j MASQUERADE`
readme: update rules for routing 2024-08-24 20:17:19 +03:00
			`# Применение правил`
			`ip rule add fwmark ${MARK} table ${TABLE}`
			`ip route add default dev ${INTERFACE} table ${TABLE}`
readme: update names 2024-08-24 20:23:30 +03:00			`iptables -t mangle -A PREROUTING -j ${KVAS2_NAME}_ROUTING_PREROUTING`
			`iptables -t nat -A POSTROUTING -j ${KVAS2_NAME}_ROUTING_POSTROUTING`
readme: update rules for routing 2024-08-24 20:17:19 +03:00
			`# Удаление правил`
			`ip rule del fwmark ${MARK} table ${TABLE}`
			`ip route del default dev ${INTERFACE} table ${TABLE}`
readme: update names 2024-08-24 20:23:30 +03:00			`iptables -t mangle -D PREROUTING -j ${KVAS2_NAME}_ROUTING_PREROUTING`
readme: flushing tables when removing 2024-08-24 20:30:23 +03:00			`iptables -t mangle -F ${KVAS2_NAME}_ROUTING_PREROUTING`
			`iptables -t mangle -X ${KVAS2_NAME}_ROUTING_PREROUTING`
readme: update names 2024-08-24 20:23:30 +03:00			`iptables -t nat -D POSTROUTING -j ${KVAS2_NAME}_ROUTING_POSTROUTING`
readme: flushing tables when removing 2024-08-24 20:30:23 +03:00			`iptables -t nat -F ${KVAS2_NAME}_ROUTING_POSTROUTING`
			`iptables -t nat -X ${KVAS2_NAME}_ROUTING_POSTROUTING`
readme 2024-08-24 01:29:29 +03:00			```