Dnsmasq实现ipset网站过滤KoolProxy过滤视频广告iPSet工作CPU占用高
文章底部有关于使用KoolProxy过滤视频广告iPSet工作CPU占用高解决方法
iptables只能根据ip地址进行转发,不能识别域名,而Dnsmasq-full不仅可以实现域名-IP的映射,还可以把这个映射关系存储在iPSet中,所以使用dnsmasq+ipset就可以实现iptables对域名的转发,可以实现很多功能
原理很简单,就是Dnsmasq接收到一个DNS查询请求,首先匹配配置文件中的域名列表,如果匹配成功某域名,就把IP的查询结果存储在一个或几个ipset集合中,然后使用iptables对这个ipset中的全部ip进行匹配并做相应的处理,如DROP或者REDIRECT或者设置mark
Dnsmasq+ipset+iptables基于域名的流量管理:
iptables -t mangle -I PREROUTING -m set --match-set wechat dst -j DROP iptables -t mangle -D PREROUTING -m set --match-set wechat dst -j DROP iptables -t mangle -I PREROUTING -m set --match-set video dst -j DROP iptables -t mangle -D PREROUTING -m set --match-set video dst -j DROP
zipset/Makefile
include $(TOPDIR)/rules.mk
PKG_NAME:=zipset
PKG_VERSION:=1.0
PKG_RELEASE:=2019.07.31
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
SECTION:=ZIHOME
CATEGORY:=ZIHOME
DEPENDS:=+dnsmasq_full_ipset +ipset
TITLE:=ZIHOME ipset scripts
PKGARCH:=all
SUBMENU:=net
endef
define Package/$(PKG_NAME)/description
ZIHOME ipset.
endef
define Build/Prepare
endef
define Build/Configure
endef
define Build/Compile
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)
$(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,$(PKG_NAME)))
zipset/files/etc/init.d/zipset
#!/bin/sh /etc/rc.common
START=40
start()
{
local f n
cd /etc/zihome-dnsmasq.d || return 0
files="$(ls)"
for f in *.ipset; do
if [ ! -f $f ]; then
continue
fi
n=${f%.ipset}
ipset -! create $n hash:net || continue
ipset flush $n || continue
done
}
stop()
{
local f n
cd /etc/zihome-dnsmasq.d || return 0
files="$(ls)"
for f in *.ipset; do
if [ ! -f $f ]; then
continue
fi
n=${f%.ipset}
ipset flush $n 2>/dev/null
ipset destroy $n 2>/dev/null
done
}
zipset/files/etc/zihome-dnsmasq.d/wechat.ipset
ipset=/v.qq.com/video ipset=/video.qq.com/video ipset=/ke.qq.com/video ipset=/iqiyi.com/video ipset=/tv.sohu.com/video ipset=/youku.com/video ipset=/tudou.com/video ipset=/mgtv.com/video ipset=/tv.cctv.com/video ipset=/v.baidu.com/video ipset=/bilibili.com/video ipset=/v.pptv.com/video ipset=/v.ifeng.com/video ipset=/baofeng.com/video ipset=/douyin.com/video ipset=/ixigua.com/video
爱奇艺
123.125.111.85 36.110.238.90 124.64.199.173 111.202.75.89 119.249.58.216 124.64.199.37 111.202.75.27 124.64.199.177 119.249.58.212 119.249.58.218 202.108.14.116 123.125.111.111 124.64.199.179 124.64.198.191 123.125.111.70 123.125.111.84 111.206.70.152 111.206.70.132 111.206.70.153 119.249.58.213 101.72.202.218 202.108.14.117 119.249.58.217 111.202.75.109 101.72.202.211 111.202.74.189 124.64.199.232 119.249.58.211 202.108.14.140 101.72.202.214 101.72.202.213 119.249.58.215 111.206.70.130 111.202.75.18 111.202.75.68 123.125.115.196 101.72.202.216 119.249.58.214 125.39.12.5 111.206.13.22 111.202.75.57 111.206.23.96 111.202.74.192 101.72.202.217 123.125.111.100 123.125.111.81 202.108.14.143 124.64.199.181 106.38.219.16 111.206.23.97 123.125.84.228 124.64.199.175 111.202.75.29 61.240.130.161 111.202.74.191 111.206.70.199 111.202.75.92 101.227.21.91 123.125.111.117 111.202.75.9 111.206.70.161 111.206.70.144 124.64.198.209 123.125.111.71 111.206.70.214 116.211.189.222 124.64.198.195 101.227.21.92 202.108.14.150 111.202.74.190 101.72.202.212 61.240.130.162 111.206.70.205 202.108.14.145 111.202.75.80 111.202.75.102 111.206.70.133 101.72.202.215
抖音与西瓜一起
124.165.219.248 175.20.90.213 119.249.58.214 175.20.82.250 121.18.239.211 124.165.219.245 111.161.117.1 116.136.150.1 124.166.234.58 139.215.130.233 124.166.234.53 218.60.51.3 175.20.82.246 221.195.244.230 222.161.248.244 120.52.72.102 218.60.51.5 125.39.12.5 222.161.248.242 221.195.195.241 139.215.130.231 124.165.219.244 60.215.125.100 175.20.82.243 103.135.80.130 60.221.194.224 124.165.219.250 221.194.147.230 139.215.130.232 101.28.133.99 60.9.4.222 119.249.58.216 124.165.219.242 218.24.17.1 221.195.195.243 222.161.248.245 124.163.195.218 175.20.90.215 139.215.130.226 222.161.248.248 121.29.9.87 221.195.195.249 119.249.58.212 60.28.125.1 182.118.0.248 119.249.58.218 222.161.248.250 124.166.234.55 221.195.195.242 222.161.248.243 175.20.90.211 139.215.225.60 221.195.195.240 175.20.90.214 175.20.90.218 218.60.51.6 124.165.219.243 61.134.110.35 218.60.51.7 116.136.135.224 124.166.236.226 119.249.58.213 139.215.130.227 175.20.90.212 124.165.219.249 175.20.82.248 124.166.234.59 101.28.134.46 139.215.130.228 101.28.134.48 124.165.219.246 139.215.130.229 175.20.90.217 218.60.51.4 218.60.51.2 139.215.130.230 116.136.134.84 120.52.72.103 119.249.48.185 175.20.82.245 119.249.58.211 218.60.51.1 103.135.80.131 60.28.124.1 60.222.12.2 221.195.195.244 61.240.28.1 119.249.58.217 175.20.82.242 110.249.197.232 222.161.248.246 60.215.125.102 175.20.82.249 119.249.58.215 101.72.202.216 221.195.195.250 103.135.80.129 222.161.248.249 221.194.149.1
KoolProxy只过滤视频广告iPSet工作模式解决CPU占用高
由于KoolProxy占用CPU非常高,所以就想能不能只过滤视频广告,这样应该会降低一些CPU占用,下面是具体实现方法。
修改原理:刚才说用ipSet 测试speedtest.net,CPU占用是比较低的,测试结果在93.XMbit。所以需要修改视频模式(全局)为iPSet工作模式。
修改结果:视频模式 修改前后对比效果看图。当然最后用ie测试了优酷和qq视频过滤效果是有的。
点击链接加入群聊三群:751529538
点击链接加入群聊二群:376877156
点击链接加入群聊【路由器交流群:622891808已满】
本站附件分享,如果附件失效,可以去找找看
饿了么红包
于2021-10-23发布
![[N1盒子]Docker内OpenWRT设置成主路由,docker上的OpenWRT连接光猫拨号上网](https://img.ioozu.com/2021/02/202102077799_6997.png?imageMogr2/thumbnail/x150/blur/1x0/quality/50 "[N1盒子]Docker内OpenWRT设置成主路由,docker上的OpenWRT连接光猫拨号上网")