站内搜索
opwifi中继src华为路由gl-agh-statsInodesluci.dbg无线桥接遥控器荒野无灯动态IP蓝屏远程SSHADSLbudsfileauth.txtnoipkenroll品牌折扣店XML地图按摩器材
经验心得

Dnsmasq实现ipset网站过滤KoolProxy过滤视频广告iPSet工作CPU占用高

2021-10-23
0评论
/
1084阅读
爱搜啊

文章底部有关于使用KoolProxy过滤视频广告iPSet工作CPU占用高解决方法

iptables只能根据ip地址进行转发,不能识别域名,而Dnsmasq-full不仅可以实现域名-IP的映射,还可以把这个映射关系存储在iPSet中,所以使用dnsmasq+ipset就可以实现iptables对域名的转发,可以实现很多功能

原理很简单,就是Dnsmasq接收到一个DNS查询请求,首先匹配配置文件中的域名列表,如果匹配成功某域名,就把IP的查询结果存储在一个或几个ipset集合中,然后使用iptables对这个ipset中的全部ip进行匹配并做相应的处理,如DROP或者REDIRECT或者设置mark

Dnsmasq+ipset+iptables基于域名的流量管理: 

iptables -t mangle -I PREROUTING -m set --match-set wechat dst -j DROP
iptables -t mangle -D PREROUTING -m set --match-set wechat dst -j DROP
iptables -t mangle -I PREROUTING -m set --match-set video dst -j DROP
iptables -t mangle -D PREROUTING -m set --match-set video dst -j DROP

zipset/Makefile 

include $(TOPDIR)/rules.mk

PKG_NAME:=zipset
PKG_VERSION:=1.0
PKG_RELEASE:=2019.07.31
PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
  SECTION:=ZIHOME
  CATEGORY:=ZIHOME
  DEPENDS:=+dnsmasq_full_ipset +ipset
  TITLE:=ZIHOME ipset scripts
  PKGARCH:=all
  SUBMENU:=net
endef
define Package/$(PKG_NAME)/description
 ZIHOME ipset.
endef
define Build/Prepare
endef
define Build/Configure
endef
define Build/Compile
endef
define Package/$(PKG_NAME)/install
    $(INSTALL_DIR) $(1)
    $(CP) ./files/* $(1)/
endef
$(eval $(call BuildPackage,$(PKG_NAME)))

zipset/files/etc/init.d/zipset 

#!/bin/sh /etc/rc.common
START=40
start()
{
    local f n
    cd /etc/zihome-dnsmasq.d || return 0
    files="$(ls)"
    for f in *.ipset; do
        if [ ! -f $f ]; then
            continue
        fi
        n=${f%.ipset}
        ipset -! create $n hash:net || continue
        ipset flush $n || continue
    done
}
stop()
{
    local f n
    cd /etc/zihome-dnsmasq.d || return 0
    files="$(ls)"
    for f in *.ipset; do
        if [ ! -f $f ]; then
            continue
        fi
        n=${f%.ipset}
        ipset flush $n 2>/dev/null
        ipset destroy $n 2>/dev/null
    done
}

zipset/files/etc/zihome-dnsmasq.d/wechat.ipset 

ipset=/v.qq.com/video
ipset=/video.qq.com/video
ipset=/ke.qq.com/video
ipset=/iqiyi.com/video
ipset=/tv.sohu.com/video
ipset=/youku.com/video
ipset=/tudou.com/video
ipset=/mgtv.com/video
ipset=/tv.cctv.com/video
ipset=/v.baidu.com/video
ipset=/bilibili.com/video
ipset=/v.pptv.com/video
ipset=/v.ifeng.com/video
ipset=/baofeng.com/video
ipset=/douyin.com/video
ipset=/ixigua.com/video

爱奇艺 

123.125.111.85
36.110.238.90
124.64.199.173
111.202.75.89
119.249.58.216
124.64.199.37
111.202.75.27
124.64.199.177
119.249.58.212
119.249.58.218
202.108.14.116
123.125.111.111
124.64.199.179
124.64.198.191
123.125.111.70
123.125.111.84
111.206.70.152
111.206.70.132
111.206.70.153
119.249.58.213
101.72.202.218
202.108.14.117
119.249.58.217
111.202.75.109
101.72.202.211
111.202.74.189
124.64.199.232
119.249.58.211
202.108.14.140
101.72.202.214
101.72.202.213
119.249.58.215
111.206.70.130
111.202.75.18
111.202.75.68
123.125.115.196
101.72.202.216
119.249.58.214
125.39.12.5
111.206.13.22
111.202.75.57
111.206.23.96
111.202.74.192
101.72.202.217
123.125.111.100
123.125.111.81
202.108.14.143
124.64.199.181
106.38.219.16
111.206.23.97
123.125.84.228
124.64.199.175
111.202.75.29
61.240.130.161
111.202.74.191
111.206.70.199
111.202.75.92
101.227.21.91
123.125.111.117
111.202.75.9
111.206.70.161
111.206.70.144
124.64.198.209
123.125.111.71
111.206.70.214
116.211.189.222
124.64.198.195
101.227.21.92
202.108.14.150
111.202.74.190
101.72.202.212
61.240.130.162
111.206.70.205
202.108.14.145
111.202.75.80
111.202.75.102
111.206.70.133
101.72.202.215

抖音与西瓜一起 

124.165.219.248
175.20.90.213
119.249.58.214
175.20.82.250
121.18.239.211
124.165.219.245
111.161.117.1
116.136.150.1
124.166.234.58
139.215.130.233
124.166.234.53
218.60.51.3
175.20.82.246
221.195.244.230
222.161.248.244
120.52.72.102
218.60.51.5
125.39.12.5
222.161.248.242
221.195.195.241
139.215.130.231
124.165.219.244
60.215.125.100
175.20.82.243
103.135.80.130
60.221.194.224
124.165.219.250
221.194.147.230
139.215.130.232
101.28.133.99
60.9.4.222
119.249.58.216
124.165.219.242
218.24.17.1
221.195.195.243
222.161.248.245
124.163.195.218
175.20.90.215
139.215.130.226
222.161.248.248
121.29.9.87
221.195.195.249
119.249.58.212
60.28.125.1
182.118.0.248
119.249.58.218
222.161.248.250
124.166.234.55
221.195.195.242
222.161.248.243
175.20.90.211
139.215.225.60
221.195.195.240
175.20.90.214
175.20.90.218
218.60.51.6
124.165.219.243
61.134.110.35
218.60.51.7
116.136.135.224
124.166.236.226
119.249.58.213
139.215.130.227
175.20.90.212
124.165.219.249
175.20.82.248
124.166.234.59
101.28.134.46
139.215.130.228
101.28.134.48
124.165.219.246
139.215.130.229
175.20.90.217
218.60.51.4
218.60.51.2
139.215.130.230
116.136.134.84
120.52.72.103
119.249.48.185
175.20.82.245
119.249.58.211
218.60.51.1
103.135.80.131
60.28.124.1
60.222.12.2
221.195.195.244
61.240.28.1
119.249.58.217
175.20.82.242
110.249.197.232
222.161.248.246
60.215.125.102
175.20.82.249
119.249.58.215
101.72.202.216
221.195.195.250
103.135.80.129
222.161.248.249
221.194.149.1

KoolProxy只过滤视频广告iPSet工作模式解决CPU占用高

由于KoolProxy占用CPU非常高,所以就想能不能只过滤视频广告,这样应该会降低一些CPU占用,下面是具体实现方法。

KoolProxy过滤视频广告iPSet工作CPU占用高

修改原理:刚才说用ipSet 测试speedtest.net,CPU占用是比较低的,测试结果在93.XMbit。所以需要修改视频模式(全局)为iPSet工作模式。

修改结果:视频模式 修改前后对比效果看图。当然最后用ie测试了优酷和qq视频过滤效果是有的。

KoolProxy过滤视频广告iPSet工作CPU占用高

本站附件分享,如果附件失效,可以去找找看

诚通网盘附件百度网盘附件

标签: Dnsmasq iPSet KoolProxy 过滤视频广告 cpu
于2021-10-23发布
上一页
下一页
openwrt使用MWAN3多线接入多线叠加——3、配置MWAN3实现宽带多线接入多线叠加
openwrt使用MWAN3多线接入多线叠加——3、配置MWAN3实现宽带多线接入多线叠加

2020-11-012444

dd-wrt中继隐藏ssid方法,dd中继模式下隐藏SSID的方法
dd-wrt中继隐藏ssid方法,dd中继模式下隐藏SSID的方法

2016-01-222545

帝国cms登录成功显示您还未登录怎么办帝国cms权限不足导致登录失败
帝国cms登录成功显示您还未登录怎么办帝国cms权限不足导致登录失败

2018-10-251668

求生之路2使用望夜插件过关后队友头像错位的解决方法
求生之路2使用望夜插件过关后队友头像错位的解决方法

2023-08-03104

相关文章