8-ipset實現網站過濾

iptables只能根據ip地址進行轉發，不能識別域名，而dnsmasq-full不僅可以實現域名-IP的映射，還可以把這個映射關係存儲在ipset中，所以使用dnsmasq+ipset就可以實現iptables對域名的轉發，可以實現很多功能

原理很簡單，就是Dnsmasq接收到一個DNS查詢請求，首先匹配配置文件中的域名列表，如果匹配成功某域名，就把IP的查詢結果存儲在一個或幾個ipset集合中，然後使用iptables對這個ipset中的全部ip進行匹配並做相應的處理，如DROP或者REDIRECT或者設置mark

Dnsmasq+ipset+iptables基於域名的流量管理:
https://blog.csdn.net/lvshaorong/article/details/52981169

iptables -t mangle -I PREROUTING -m set --match-set wechat dst -j DROP
iptables -t mangle -D PREROUTING -m set --match-set wechat dst -j DROP
iptables -t mangle -I PREROUTING -m set --match-set video dst -j DROP
iptables -t mangle -D PREROUTING -m set --match-set video dst -j DROP

zipset/Makefile

include $(TOPDIR)/rules.mk

PKG_NAME:=zipset
PKG_VERSION:=1.0
PKG_RELEASE:=2019.07.31

PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)

include $(INCLUDE_DIR)/package.mk

define Package/$(PKG_NAME)
  SECTION:=ZIHOME
  CATEGORY:=ZIHOME
  DEPENDS:=+dnsmasq_full_ipset +ipset
  TITLE:=ZIHOME ipset scripts
  PKGARCH:=all
  SUBMENU:=net
endef

define Package/$(PKG_NAME)/description
 ZIHOME ipset.
endef

define Build/Prepare
endef

define Build/Configure
endef

define Build/Compile
endef

define Package/$(PKG_NAME)/install
    $(INSTALL_DIR) $(1)
    $(CP) ./files/* $(1)/
endef

$(eval $(call BuildPackage,$(PKG_NAME)))

zipset/files/etc/init.d/zipset

#!/bin/sh /etc/rc.common

START=40

start()
{
    local f n

    cd /etc/zihome-dnsmasq.d || return 0
    files="$(ls)"
    for f in *.ipset; do
        if [ ! -f $f ]; then
            continue
        fi
        n=${f%.ipset}
        ipset -! create $n hash:net || continue
        ipset flush $n || continue
    done
}

stop()
{
    local f n

    cd /etc/zihome-dnsmasq.d || return 0
    files="$(ls)"
    for f in *.ipset; do
        if [ ! -f $f ]; then
            continue
        fi
        n=${f%.ipset}
        ipset flush $n 2>/dev/null
        ipset destroy $n 2>/dev/null
    done
}

zipset/files/etc/zihome-dnsmasq.d/wechat.ipset

ipset=/v.qq.com/video
ipset=/video.qq.com/video
ipset=/ke.qq.com/video
ipset=/iqiyi.com/video
ipset=/tv.sohu.com/video
ipset=/youku.com/video
ipset=/tudou.com/video
ipset=/mgtv.com/video
ipset=/tv.cctv.com/video
ipset=/v.baidu.com/video
ipset=/bilibili.com/video
ipset=/v.pptv.com/video
ipset=/v.ifeng.com/video
ipset=/baofeng.com/video
ipset=/douyin.com/video
ipset=/ixigua.com/video

愛奇藝

123.125.111.85
36.110.238.90
124.64.199.173
111.202.75.89
119.249.58.216
124.64.199.37
111.202.75.27
124.64.199.177
119.249.58.212
119.249.58.218
202.108.14.116
123.125.111.111
124.64.199.179
124.64.198.191
123.125.111.70
123.125.111.84
111.206.70.152
111.206.70.132
111.206.70.153
119.249.58.213
101.72.202.218
202.108.14.117
119.249.58.217
111.202.75.109
101.72.202.211
111.202.74.189
124.64.199.232
119.249.58.211
202.108.14.140
101.72.202.214
101.72.202.213
119.249.58.215
111.206.70.130
111.202.75.18
111.202.75.68
123.125.115.196
101.72.202.216
119.249.58.214
125.39.12.5
111.206.13.22
111.202.75.57
111.206.23.96
111.202.74.192
101.72.202.217
123.125.111.100
123.125.111.81
202.108.14.143
124.64.199.181
106.38.219.16
111.206.23.97
123.125.84.228
124.64.199.175
111.202.75.29
61.240.130.161
111.202.74.191
111.206.70.199
111.202.75.92
101.227.21.91
123.125.111.117
111.202.75.9
111.206.70.161
111.206.70.144
124.64.198.209
123.125.111.71
111.206.70.214
116.211.189.222
124.64.198.195
101.227.21.92
202.108.14.150
111.202.74.190
101.72.202.212
61.240.130.162
111.206.70.205
202.108.14.145
111.202.75.80
111.202.75.102
111.206.70.133
101.72.202.215

抖音與西瓜一起

124.165.219.248
175.20.90.213
119.249.58.214
175.20.82.250
121.18.239.211
124.165.219.245
111.161.117.1
116.136.150.1
124.166.234.58
139.215.130.233
124.166.234.53
218.60.51.3
175.20.82.246
221.195.244.230
222.161.248.244
120.52.72.102
218.60.51.5
125.39.12.5
222.161.248.242
221.195.195.241
139.215.130.231
124.165.219.244
60.215.125.100
175.20.82.243
103.135.80.130
60.221.194.224
124.165.219.250
221.194.147.230
139.215.130.232
101.28.133.99
60.9.4.222
119.249.58.216
124.165.219.242
218.24.17.1
221.195.195.243
222.161.248.245
124.163.195.218
175.20.90.215
139.215.130.226
222.161.248.248
121.29.9.87
221.195.195.249
119.249.58.212
60.28.125.1
182.118.0.248
119.249.58.218
222.161.248.250
124.166.234.55
221.195.195.242
222.161.248.243
175.20.90.211
139.215.225.60
221.195.195.240
175.20.90.214
175.20.90.218
218.60.51.6
124.165.219.243
61.134.110.35
218.60.51.7
116.136.135.224
124.166.236.226
119.249.58.213
139.215.130.227
175.20.90.212
124.165.219.249
175.20.82.248
124.166.234.59
101.28.134.46
139.215.130.228
101.28.134.48
124.165.219.246
139.215.130.229
175.20.90.217
218.60.51.4
218.60.51.2
139.215.130.230
116.136.134.84
120.52.72.103
119.249.48.185
175.20.82.245
119.249.58.211
218.60.51.1
103.135.80.131
60.28.124.1
60.222.12.2
221.195.195.244
61.240.28.1
119.249.58.217
175.20.82.242
110.249.197.232
222.161.248.246
60.215.125.102
175.20.82.249
119.249.58.215
101.72.202.216
221.195.195.250
103.135.80.129
222.161.248.249
221.194.149.1