Zapret is a content filtering and censorship package developed by the Russian government, specifically designed to block access to websites deemed undesirable or prohibited by the authorities. The system works by intercepting and inspecting internet traffic, comparing it to a centralized blacklist of blocked websites, and redirecting users to a warning page if they attempt to access a restricted site. Zapret is often used to enforce Russia's strict internet regulations and block webpages.

Deep Packet Inspection (DPI) is a technique used to analyze and inspect the contents of internet traffic, allowing for more granular control over network activity. Unlike traditional packet filtering methods, which only examine packet headers, DPI delves deeper into the packet's payload to identify the specific application, protocol, or content being transmitted. This is achieved by analyzing the packet's contents against predefined signatures, patterns, or rules, enabling DPI systems to accurately classify and categorize traffic. By doing so, DPI enables network administrators and internet service providers to enforce policies, block specific types of content, and prioritize certain types of traffic, making it a powerful tool for network management, security, and censorship.

DNS blocking involves intercepting and modifying DNS (Domain Name System) queries to prevent users from accessing specific websites or domains. When a user attempts to access a blocked website, the DNS query is redirected to a fake or non-existent IP address, or a warning page is displayed.

DNS blocking is often used as a simpler and less resource-intensive alternative to DPI blocking, as it doesn't require analyzing the contents of internet traffic. Instead, it relies on the DNS system to filter out requests to blocked domains. However, DNS blocking can be circumvented by users who use alternative DNS servers, VPNs, or other techniques to bypass the blocking.

Some advantages of DNS blocking over DPI blocking include:

• Lower computational overhead
• Easier to implement and manage
• Less invasive, as it doesn't require inspecting the contents of internet traffic

However, DNS blocking may not be as effective as DPI blocking in certain scenarios, as it can be more easily bypassed and may not be able to block specific types of content or applications.

After changing a Linux machine's hostname, some distributions (particularly Debian-based) require this update to prevent network resolution issues.

sudo sed -i "s/^\(127\.0\.1\.1\s\+\)\S\+/\1$(hostname)/" /etc/hosts

The command given above ensures:

• Local services resolve correctly
• sudo commands don't show “unable to resolve host” warnings
• System matches FQDN (Full Qualified Domain Name) expectations

Note: While 127.0.0.1 is standard localhost, 127.0.1.1 is a Debian convention for mapping the system's actual hostname.

Nslookup (Name Server Lookup) is a network administration command-line tool for querying the Domain Name System (DNS) to obtain the mapping between domain name and IP address, or other DNS records.

sudo apt install -y dnsutils

Nslookup tool is required by Zapret to check DNS during installation.

This is an essential tool for extracting zip files. You will download the latest release of Zapret and you should unzip the downloaded file to install Zapret.

sudo apt install -y unzip

Whay DNS settings is necessary to run Zapret?

Zapret only bypasses DPI restrictions. But it does not set up a DNS for us. We need to do that ourselves. We are using Yandex DNS here.

# Unlock /etc/resolv.conf file if it is already locked
sudo chattr -i /etc/resolv.conf
 
# Delete the /etc/resolv.conf file as it may be set as a symlink
sudo rm -rf /etc/resolv.conf
 
# Rewrite the /etc/resolv.conf file and specify that we will use Yandex DNS in it
echo -e "nameserver 77.88.8.8\nnameserver 77.88.8.1" | sudo tee /etc/resolv.conf
 
# Make the file read-only so that the system cannot change it
sudo chattr +i /etc/resolv.conf
 
# Restart NetworkManager for the changes to take effect
sudo systemctl restart NetworkManager

You can also use the other DNS':

You can check the following webpage for more.

If you want to undo the actions that provided above you can do the following:

# Unlock /etc/resolv.conf file if it is already locked
sudo chattr -i /etc/resolv.conf
 
# Delete /etc/resolv.conf file to reset it to default
sudo rm -rf /etc/resolv.conf
 
# Restart the system for everything to work properly
sudo reboot

Download the compiled zip file of Zapret from the main Zapret repo's Releases page. And unzip the downloaded files into your home directory. Or, you can download the compiled zip file with using the URL and wget:

cd ~
wget https://github.com/bol-van/zapret/releases/download/v70.6/zapret-v70.6.zip

You can check the latest release from the following link.

Extract the downloaded zip file and then you are free to delete it.

unzip ./zapret-v70.6.zip
 
# Optional - You can delete the zip file
rm -rf ./zapret-v70.5.zip

Install the pre-installation requirements and prepare to perform a clean install.

# Enter the folder
cd ./zapret-v70.5
 
# For a clean installation, remove any installation files that may be present in case an installation has been made before
./uninstall_easy.sh
/opt/zapret/uninstall_easy.sh
sudo rm -rf /opt/zapret
 
# Install requirements
./install_prereq.sh
./install_bin.sh

Questions that may arise at this time:

1. Firewall type: nftables

Find the DPI methods implemented by the ISP. This is the one of the most important part of the installation process. We should enter websites that we cannot access/blocked. Afterwards, the script start to test the combinations for DPI. At the end, script will provide a summary of working DPI configuration list. We will use the output configurations. Let's start with running the script.

./blockcheck.sh

Questions that may arise at this time:

8.1 - Enter Domain(s)

# Enter the blocked or non-accessed pages. I will write pastebin.com, you can write whatever you want.
domain(s): pastebin.com

This is the first question and script wants to know the blocked or non-accessed webpages. You can type multiple webpages separated by white-space between them. For example: domain(s): pastebin.com discord.com example.org.

8.2 - Select IP Protocol

ip protocol version: 4

8.3 - HTTP Enablement

check http: N

8.4 - TLS1.2

check https tls 1.2: Y

8.5 - TLS1.3

check https tls 1.3: N

8.6 - Repetition Number

# Higher numbers increase the test time
how many times to repeat each test: 1 

8.7 - Scan Type

scan type: standard

Most of the selections are default value based, I did not changed most of the default values. So you can just push enter for all the questions or edit the values however you want.

Now you should wait for the test to finish. This process will take a few minutes time and duration varies depends on you choices. After process is finished, the test results will appear. Copy the latest setting from these results. Example:

ipv4 discord.com curl_test_https_tls12 : nfqws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=1

This is an example settings for NFQWS. It may be different for each person. Make a note of it.

--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=5 --dpi-desync-split-pos=1

You can also follow another tutorial. He explains the installation steps extremely well, and this page inspired from the document that Keift provide given below:

Video: Fırat Özden - LINUX VPN KULLANMADAN TÜM ERİŞİM ENGELLERİNİ KALDIRIN!

Blog: Keift - Setup Zapret

1- No Compatible Binaries Found

This problem probably caused by cloning the repo from directly github. To solve this problem, you can download the Zapret from Releases page. After downloading latest release as zip or tar file, you can extract the files and retry the installation steps again.