B4

[русский язык] [telegram]

Network packet processor that bypasses Deep Packet Inspection (DPI) using netfilter queue manipulation.

Requirements

• Linux-system (desktop, server or router)
• Root-access (sudo)

That's it. The installer will take care of the rest

Installation

Note

In some systems you need to run sudo b4install.sh.

With wget:

wget -qO- https://raw.githubusercontent.com/DanielLavrushin/b4/main/install.sh | sh

With curl:

curl -fsSL https://raw.githubusercontent.com/DanielLavrushin/b4/main/install.sh | sh

If something went wrong try to run it with the flag --sysinfo - this will diagnose the system

curl -fsSL https://raw.githubusercontent.com/DanielLavrushin/b4/main/install.sh | sh -s -- --sysinfo

Or pass --help to get more information about the possible options.

curl -fsSL https://raw.githubusercontent.com/DanielLavrushin/b4/main/install.sh | sh -s -- --help

To remove B4:

curl -fsSL https://raw.githubusercontent.com/DanielLavrushin/b4/main/install.sh | sh -s -- --remove

Installer options

# Install latest b4 version
./install.sh

# Show help message
./install.sh -h

# Show system diagnostics and b4 status
./install.sh --sysinfo

# Install specific version
./install.sh v1.10.0

# Quiet mode (suppress output except for errors)
./install.sh --quiet

# Specify geosite.dat source URL and destination
./install.sh --geosite-src=--geosite-src=https://example.com/geosite.dat --geosite-dst=/opt/etc/b4

# Update b4 to latest version
./install.sh --update

# Uninstall b4
./install.sh --remove

Building from Source

git clone https://github.com/daniellavrushin/b4.git
cd b4

# Build UI
cd src/http/ui
pnpm install && pnpm build
cd ../../..

# Build binary
make build

# All architectures
make build-all

# Or build specific
make linux-amd64
make linux-arm64
make linux-armv7

Docker

Quick Start

docker run --network host \
  --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_MODULE \
  -v /etc/b4:/etc/b4 \
  lavrushin/b4:latest --config /opt/etc/b4/b4.json

Web UI: http://localhost:7000

Docker Compose

services:
  b4:
    image: lavrushin/b4:latest
    container_name: b4
    network_mode: host
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_MODULE
    volumes:
      - ./config:/etc/b4
    command: ["--config", "/etc/b4/b4.json"]
    restart: unless-stopped

Docker Requirements

• Linux host only — b4 uses netfilter queue (NFQUEUE) which is a Linux kernel feature
• --network host is mandatory — b4 must access the host network stack directly
• Capabilities: NET_ADMIN (firewall rules), NET_RAW (raw sockets), SYS_MODULE (kernel module loading)
• Host kernel must have nfqueue support (xt_NFQUEUE, nf_conntrack modules)

Usage

Starting B4

# Standard Linux (systemd)
sudo systemctl start b4
sudo systemctl enable b4 # Start on load

# OpenWRT
/etc/init.d/b4 restart # start | stop

# Entware/MerlinWRT
/opt/etc/init.d/S99b4 restart # start | stop

Web UI

http://your-device-ip:7000

Command Line

# Print help
b4 --help

# Basic - manual domains
b4 --sni-domains youtube.com,netflix.com

# With geosite categories
b4 --geosite /etc/b4/geosite.dat --geosite-categories youtube,netflix

# Custom config
b4 --config /path/to/config.json

Web interface

The web interface is available at http://your-ip:7000 (default port, can be changed in config file).

Features:

• Realtime metrics (connections, packets, bandwidth)
• Logs streaming with filtering and keybinds (p to pause streaming, del to clear logs)
• Domain/ip configuration on the go (Add domain or ip to a set by clicking it in the Domains tab)
• Quick domain tests and domain-specific bypass strat discovery
• ipinfo.io api integration for ASN scanning
• Custom payload capturing for faking

HTTPS / TLS Support

You can enable HTTPS for the web interface in the Web UI under Settings > Network Configuration > Web Server (TLS Certificate / TLS Key fields), or by setting tls_cert and tls_key in the config JSON:

{
  "system": {
    "web_server": {
      "tls_cert": "/path/to/server.crt",
      "tls_key": "/path/to/server.key"
    }
  }
}

The installer automatically detects router certificates on OpenWrt (uhttpd) and Asus Merlin and enables HTTPS in the config if they are found.

SOCKS5 Proxy

B4 includes a built-in SOCKS5 proxy server. Applications that support SOCKS5 (browsers, curl, torrent clients, etc.) can route traffic through B4 without any system-wide configuration.

Enable it in the Web UI under Settings > Network Configuration > SOCKS5 Server, or in the config JSON:

{
  "system": {
    "socks5": {
      "enabled": true,
      "port": 1080,
      "bind_address": "0.0.0.0",
      "username": "",
      "password": ""
    }
  }
}

Leave username and password empty for no authentication.

Examples:

# curl
curl --socks5 127.0.0.1:1080 https://example.com

# Firefox: Preferences > Network Settings > Manual proxy
# SOCKS Host: 127.0.0.1, Port: 1080, SOCKS v5

# Git
git config --global http.proxy socks5://127.0.0.1:1080

Note

Restart B4 after changing SOCKS5 settings.

Geosite Integration

B4 supports v2ray/xray geosite.dat files from various sources:

# Loyalsoldier
wget https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat

# RUNET Freedom
wget https://raw.githubusercontent.com/runetfreedom/russia-v2ray-rules-dat/release/geosite.dat

# Nidelon
wget https://github.com/Nidelon/ru-block-v2ray-rules/releases/latest/download/geosite.dat

Place the file in /etc/b4/geosite.dat and configure categories:

sudo b4 --geosite /etc/b4/geosite.dat --geosite-categories youtube,netflix,facebook

Tip

All these settings can be configured via the web interface.

Contributing

Contributions are accepted through GitHub pull requests.

Credits

Based on research from:

• youtubeUnblock - C-based DPI bypass
• GoodbyeDPI - Windows DPI circumvention
• zapret - Advanced DPI bypass techniques
• dpi-detector - DPI/TSPU detection techniques

License

This project is provided for educational purposes. Users are responsible for compliance with applicable laws and regulations. The authors are not responsible for misuse of this software.