Prepare a device capable of running OpenWrt. Here, for demonstration purposes, we'll use Proxmox Virtual Environment (PVE) for deployment. Please search online for installation instructions.
- Architecture: amd64
- Firmware: iStore OS
- Demo: Windows 10
Once the system is installed, please SSH into it and then open a browser to access the control panel 192.168.100.1. The username is root and the password is password.
- Update the package repositories.
Location: System > Software
-
Update the package repositories.
-
Install
golangand its extensions.
Due to the outdated version 1.19 provided by OpenWrt, compilation is not feasible. You'll need to use the latest version 1.22, which can be obtained from here. Please download according to your architecture.
- golang_1.22.0-1_x86_64.ipk
- golang-src_1.22.0-1_x86_64.ipk
- golang-doc_1.22.0-1_x86_64.ipk
- Install Git.
Install the required packages as shown in the image below.
- Open an SSH session and clone the OpenGFW source code.
git clone https://github.com/apernet/OpenGFW.git
cd OpenGFW
- Install dependencies
opkg install kmod-nft-queue kmod-nf-conntrack-netlink iptables-mod-nfqueue
- Begin building the source code.
go build
- Create configuration files and rule files.
vim config.yaml
# config
io:
queueSize: 1024
local: false # Note that the 'router' option should be set to 'false' to avoid blocking issues.
workers:
count: 4
queueSize: 16
tcpMaxBufferedPagesTotal: 4096
tcpMaxBufferedPagesPerConn: 64
udpMaxStreams: 4096
vim rules.yaml
# rules
# block bilibili
- name: block bilibili http
action: block
expr: string(http?.req?.headers?.host) endsWith "bilibili.com"
- name: block bilibili https
action: block
expr: string(tls?.req?.sni) endsWith "bilibili.com"
# block csdn
- name: block csdn http
action: block
expr: string(http?.req?.headers?.host) endsWith "csdn.net"
- name: block csdn https
action: block
expr: string(tls?.req?.sni) endsWith "csdn.net"
# block github
- name: block github http
action: block
expr: string(http?.req?.headers?.host) endsWith "github.com"
- name: block github https
action: block
expr: string(tls?.req?.sni) endsWith "github.com"
- Start the process.
export OPENGFW_LOG_LEVEL=debug
./OpenGFW -c config.yaml rules.yaml
Let's demonstrate the results by creating a virtual machine running Windows 10 to observe the effects.
-
Please ensure that OpenWrt has successfully assigned an IP address to the Windows 10 virtual machine.
-
Open a browser and attempt to access the URL specified in the
relus.yamlfile. If you are unable to access it, then the setup is successful.
-
The blocking records in the log file.
Reference materials