diff --git a/anda/misc/zapret/anda.hcl b/anda/misc/zapret/anda.hcl
new file mode 100644
index 0000000000..17c1ddc2ba
--- /dev/null
+++ b/anda/misc/zapret/anda.hcl
@@ -0,0 +1,5 @@
+project pkg {
+    rpm {
+        spec = "zapret.spec"
+    }
+}
diff --git a/anda/misc/zapret/build-dont-strip.patch b/anda/misc/zapret/build-dont-strip.patch
new file mode 100644
index 0000000000..7ddc2b01f6
--- /dev/null
+++ b/anda/misc/zapret/build-dont-strip.patch
@@ -0,0 +1,119 @@
+From 77ade97f4c3a1acc5955feeac3bf6e83e0f4d22e Mon Sep 17 00:00:00 2001
+From: VirtualFreeEx <contact@ffi.lol>
+Date: Thu, 1 May 2025 18:21:33 +0300
+Subject: [PATCH 2/2] build: dont strip
+
+---
+ ip2net/Makefile | 6 +++---
+ mdig/Makefile   | 8 ++++----
+ nfq/Makefile    | 4 ++--
+ tpws/Makefile   | 8 ++++----
+ 4 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/ip2net/Makefile b/ip2net/Makefile
+index 484f3d7..209ad3c 100644
+--- a/ip2net/Makefile
++++ b/ip2net/Makefile
+@@ -9,14 +9,14 @@ SRC_FILES = ip2net.c qsort.c
+ all: ip2net
+ 
+ ip2net: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) -o ip2net $(SRC_FILES) $(LIBS) $(LDFLAGS)
++	$(CC) $(CFLAGS) -o ip2net $(SRC_FILES) $(LIBS) $(LDFLAGS)
+ 
+ systemd: ip2net
+ 
+ android: ip2net
+ 
+ bsd: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) $(CFLAGS_BSD) -o ip2net $(SRC_FILES) $(LIBS) $(LDFLAGS)
++	$(CC) $(CFLAGS) $(CFLAGS_BSD) -o ip2net $(SRC_FILES) $(LIBS) $(LDFLAGS)
+ 
+ mac: $(SRC_FILES)
+ 	$(CC) $(CFLAGS) $(CFLAGS_BSD) -o ip2neta $(SRC_FILES) -target arm64-apple-macos10.8 $(LIBS) $(LDFLAGS)
+@@ -26,7 +26,7 @@ mac: $(SRC_FILES)
+ 	rm -f ip2netx ip2neta
+ 
+ win: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) $(CFLAGS_WIN) -o ip2net $(SRC_FILES) $(LIBS_WIN) $(LDFLAGS)
++	$(CC) $(CFLAGS) $(CFLAGS_WIN) -o ip2net $(SRC_FILES) $(LIBS_WIN) $(LDFLAGS)
+ 
+ clean:
+ 	rm -f ip2net *.o
+diff --git a/mdig/Makefile b/mdig/Makefile
+index 21b6c84..a9ea0e1 100644
+--- a/mdig/Makefile
++++ b/mdig/Makefile
+@@ -10,15 +10,15 @@ SRC_FILES = *.c
+ all: mdig
+ 
+ mdig: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS) $(LDFLAGS)
++	$(CC) $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS) $(LDFLAGS)
+ 
+ systemd: mdig
+ 
+ android: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS_ANDROID) $(LDFLAGS)
++	$(CC) $(CFLAGS) -o mdig $(SRC_FILES) $(LIBS_ANDROID) $(LDFLAGS)
+ 
+ bsd: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) $(CFLAGS_BSD) -o mdig $(SRC_FILES) $(LIBS) $(LDFLAGS)
++	$(CC) $(CFLAGS) $(CFLAGS_BSD) -o mdig $(SRC_FILES) $(LIBS) $(LDFLAGS)
+ 
+ mac: $(SRC_FILES)
+ 	$(CC) $(CFLAGS) $(CFLAGS_BSD) -o mdiga $(SRC_FILES) -target arm64-apple-macos10.8 $(LIBS_BSD) $(LDFLAGS)
+@@ -28,7 +28,7 @@ mac: $(SRC_FILES)
+ 	rm -f mdigx mdiga
+ 
+ win: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) $(CFLAGS_WIN) -o mdig $(SRC_FILES) $(LIBS_WIN) $(LDFLAGS)
++	$(CC) $(CFLAGS) $(CFLAGS_WIN) -o mdig $(SRC_FILES) $(LIBS_WIN) $(LDFLAGS)
+ 
+ clean:
+ 	rm -f mdig *.o
+diff --git a/nfq/Makefile b/nfq/Makefile
+index 85a29e4..4b6491b 100644
+--- a/nfq/Makefile
++++ b/nfq/Makefile
+@@ -16,10 +16,10 @@ SRC_FILES = *.c crypto/*.c
+ all: nfqws
+ 
+ nfqws: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LDFLAGS)
++	$(CC) $(CFLAGS) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LDFLAGS)
+ 
+ systemd: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) $(CFLAGS_SYSTEMD) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LIBS_SYSTEMD) $(LDFLAGS)
++	$(CC) $(CFLAGS) $(CFLAGS_SYSTEMD) -o nfqws $(SRC_FILES) $(LIBS_LINUX) $(LIBS_SYSTEMD) $(LDFLAGS)
+ 
+ android: nfqws
+ 
+diff --git a/tpws/Makefile b/tpws/Makefile
+index 2f53263..4fc1743 100644
+--- a/tpws/Makefile
++++ b/tpws/Makefile
+@@ -11,16 +11,16 @@ SRC_FILES_ANDROID = $(SRC_FILES) andr/*.c
+ all: tpws
+ 
+ tpws: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) -o tpws $(SRC_FILES) $(LIBS) $(LDFLAGS)
++	$(CC) -g $(CFLAGS) -o tpws $(SRC_FILES) $(LIBS) $(LDFLAGS)
+ 
+ systemd: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) $(CFLAGS_SYSTEMD) -o tpws $(SRC_FILES) $(LIBS) $(LIBS_SYSTEMD) $(LDFLAGS)
++	$(CC) -g $(CFLAGS) $(CFLAGS_SYSTEMD) -o tpws $(SRC_FILES) $(LIBS) $(LIBS_SYSTEMD) $(LDFLAGS)
+ 
+ android: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) -o tpws $(SRC_FILES_ANDROID) $(LIBS_ANDROID) $(LDFLAGS)
++	$(CC) -g $(CFLAGS) -o tpws $(SRC_FILES_ANDROID) $(LIBS_ANDROID) $(LDFLAGS)
+ 
+ bsd: $(SRC_FILES)
+-	$(CC) -s $(CFLAGS) $(CFLAGS_BSD) -Iepoll-shim/include -o tpws $(SRC_FILES) epoll-shim/src/*.c $(LIBS) $(LDFLAGS)
++	$(CC) $(CFLAGS) $(CFLAGS_BSD) -Iepoll-shim/include -o tpws $(SRC_FILES) epoll-shim/src/*.c $(LIBS) $(LDFLAGS)
+ 
+ mac: $(SRC_FILES)
+ 	$(CC) $(CFLAGS) $(CFLAGS_BSD) -Iepoll-shim/include -Imacos -o tpwsa -target arm64-apple-macos10.8 $(SRC_FILES) epoll-shim/src/*.c $(LIBS) $(LDFLAGS)
+-- 
+2.49.0
+
diff --git a/anda/misc/zapret/chore-move-to-different-dirs.patch b/anda/misc/zapret/chore-move-to-different-dirs.patch
new file mode 100644
index 0000000000..e363b2a391
--- /dev/null
+++ b/anda/misc/zapret/chore-move-to-different-dirs.patch
@@ -0,0 +1,164 @@
+From 97c9edf12cad05fb8c682ce432a3e8e5ff4c1956 Mon Sep 17 00:00:00 2001
+From: VirtualFreeEx <contact@ffi.lol>
+Date: Thu, 1 May 2025 18:22:41 +0300
+Subject: [PATCH 1/2] chore: move to different dirs
+
+---
+ blockcheck.sh                             | 15 ++++++++-------
+ config.default                            |  3 ---
+ init.d/systemd/nfqws@.service             |  2 +-
+ init.d/systemd/tpws@.service              |  2 +-
+ init.d/systemd/zapret-list-update.service |  2 +-
+ init.d/systemd/zapret.service             |  4 ++--
+ init.d/sysv/functions                     |  9 +++++----
+ init.d/sysv/zapret                        |  2 +-
+ 8 files changed, 19 insertions(+), 20 deletions(-)
+
+diff --git a/blockcheck.sh b/blockcheck.sh
+index a827843..9fb0d2b 100755
+--- a/blockcheck.sh
++++ b/blockcheck.sh
+@@ -3,9 +3,10 @@
+ EXEDIR="$(dirname "$0")"
+ EXEDIR="$(cd "$EXEDIR"; pwd)"
+ ZAPRET_BASE=${ZAPRET_BASE:-"$EXEDIR"}
+-ZAPRET_RW=${ZAPRET_RW:-"$ZAPRET_BASE"}
++ZAPRET_BINARIES="/usr/bin"
++ZAPRET_RW=${ZAPRET_RW:-"/etc/zapret"}
+ ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
+-ZAPRET_CONFIG_DEFAULT="$ZAPRET_BASE/config.default"
++ZAPRET_CONFIG_DEFAULT="$ZAPRET_RW/config.default"
+ 
+ CURL=${CURL:-curl}
+ 
+@@ -28,11 +29,11 @@ QNUM=${QNUM:-59780}
+ SOCKS_PORT=${SOCKS_PORT:-1993}
+ TPWS_UID=${TPWS_UID:-1}
+ TPWS_GID=${TPWS_GID:-3003}
+-NFQWS=${NFQWS:-${ZAPRET_BASE}/nfq/nfqws}
+-DVTWS=${DVTWS:-${ZAPRET_BASE}/nfq/dvtws}
+-WINWS=${WINWS:-${ZAPRET_BASE}/nfq/winws}
+-TPWS=${TPWS:-${ZAPRET_BASE}/tpws/tpws}
+-MDIG=${MDIG:-${ZAPRET_BASE}/mdig/mdig}
++NFQWS=${NFQWS:-${ZAPRET_BINARIES}/nfqws}
++DVTWS=${DVTWS:-${ZAPRET_BINARIES}/dvtws}
++WINWS=${WINWS:-${ZAPRET_BINARIES}/winws}
++TPWS=${TPWS:-${ZAPRET_BINARIES}/tpws}
++MDIG=${MDIG:-${ZAPRET_BINARIES}/mdig}
+ DESYNC_MARK=0x10000000
+ IPFW_RULE_NUM=${IPFW_RULE_NUM:-1}
+ IPFW_DIVERT_PORT=${IPFW_DIVERT_PORT:-59780}
+diff --git a/config.default b/config.default
+index 3a79e59..6a4fc31 100644
+--- a/config.default
++++ b/config.default
+@@ -1,9 +1,6 @@
+ # this file is included from init scripts
+ # change values here
+ 
+-# can help in case /tmp has not enough space
+-#TMPDIR=/opt/zapret/tmp
+-
+ # redefine user for zapret daemons. required on Keenetic
+ #WS_USER=nobody
+ 
+diff --git a/init.d/systemd/nfqws@.service b/init.d/systemd/nfqws@.service
+index ca1a6d5..3ddbbb5 100644
+--- a/init.d/systemd/nfqws@.service
++++ b/init.d/systemd/nfqws@.service
+@@ -30,7 +30,7 @@ After=network.target
+ Type=notify
+ Restart=on-failure
+ 
+-ExecSearchPath=/opt/zapret/binaries/my
++ExecSearchPath=/usr/bin
+ ExecStart=nfqws @${CONFIG_DIR}/${INSTANCE}.conf
+ Environment=CONFIG_DIR=/etc/zapret
+ Environment=INSTANCE=%i
+diff --git a/init.d/systemd/tpws@.service b/init.d/systemd/tpws@.service
+index d6cce63..6ce1ca9 100644
+--- a/init.d/systemd/tpws@.service
++++ b/init.d/systemd/tpws@.service
+@@ -30,7 +30,7 @@ After=network.target
+ Type=notify
+ Restart=on-failure
+ 
+-ExecSearchPath=/opt/zapret/binaries/my
++ExecSearchPath=/usr/bin
+ ExecStart=tpws @${CONFIG_DIR}/${INSTANCE}.conf
+ Environment=CONFIG_DIR=/etc/zapret
+ Environment=INSTANCE=%i
+diff --git a/init.d/systemd/zapret-list-update.service b/init.d/systemd/zapret-list-update.service
+index eeee1b0..1a476d2 100644
+--- a/init.d/systemd/zapret-list-update.service
++++ b/init.d/systemd/zapret-list-update.service
+@@ -7,7 +7,7 @@ IgnoreSIGPIPE=no
+ KillMode=control-group
+ GuessMainPID=no
+ RemainAfterExit=no
+-ExecStart=/opt/zapret/ipset/get_config.sh
++ExecStart=/usr/share/zapret/ipset/get_config.sh
+ 
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/init.d/systemd/zapret.service b/init.d/systemd/zapret.service
+index 9d3bf41..4d13d3c 100644
+--- a/init.d/systemd/zapret.service
++++ b/init.d/systemd/zapret.service
+@@ -10,8 +10,8 @@ IgnoreSIGPIPE=no
+ KillMode=none
+ GuessMainPID=no
+ RemainAfterExit=no
+-ExecStart=/opt/zapret/init.d/sysv/zapret start
+-ExecStop=/opt/zapret/init.d/sysv/zapret stop
++ExecStart=/usr/bin/zapret start
++ExecStop=/usr/bin/zapret stop
+ 
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/init.d/sysv/functions b/init.d/sysv/functions
+index 59e488e..4eb7c97 100644
+--- a/init.d/sysv/functions
++++ b/init.d/sysv/functions
+@@ -1,7 +1,8 @@
+ # init script functions library for desktop linux systems
+ 
+-ZAPRET_BASE=${ZAPRET_BASE:-/opt/zapret}
+-ZAPRET_RW=${ZAPRET_RW:-"$ZAPRET_BASE"}
++ZAPRET_BASE=${ZAPRET_BASE:-/usr/share/zapret}
++ZAPRET_BINARIES="/usr/bin"
++ZAPRET_RW=${ZAPRET_RW:-"/etc/zapret"}
+ ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
+ . "$ZAPRET_CONFIG"
+ . "$ZAPRET_BASE/common/base.sh"
+@@ -74,12 +75,12 @@ IPSET_CR="$ZAPRET_BASE/ipset/create_ipset.sh"
+ [ -n "$DESYNC_MARK_POSTNAT" ] || DESYNC_MARK_POSTNAT=0x20000000
+ 
+ [ -n "$QNUM" ] || QNUM=200
+-[ -n "$NFQWS" ] || NFQWS="$ZAPRET_BASE/nfq/nfqws"
++[ -n "$NFQWS" ] || NFQWS="$ZAPRET_BINARIES/nfqws"
+ NFQWS_OPT_BASE="$USEROPT --dpi-desync-fwmark=$DESYNC_MARK"
+ 
+ [ -n "$TPPORT" ] || TPPORT=988
+ [ -n "$TPPORT_SOCKS" ] || TPPORT_SOCKS=987
+-[ -n "$TPWS" ] || TPWS="$ZAPRET_BASE/tpws/tpws"
++[ -n "$TPWS" ] || TPWS="$ZAPRET_BINARIES/tpws"
+ TPWS_LOCALHOST4=127.0.0.127
+ 
+ TPWS_OPT_BASE="$USEROPT"
+diff --git a/init.d/sysv/zapret b/init.d/sysv/zapret
+index bb15abb..8d45cec 100755
+--- a/init.d/sysv/zapret
++++ b/init.d/sysv/zapret
+@@ -9,7 +9,7 @@
+ 
+ SCRIPT=$(readlink -f "$0")
+ EXEDIR=$(dirname "$SCRIPT")
+-ZAPRET_BASE=$(readlink -f "$EXEDIR/../..")
++# ZAPRET_BASE=$(readlink -f "$EXEDIR/../..")
+ . "$EXEDIR/functions"
+ 
+ NAME=zapret
+-- 
+2.49.0
+
diff --git a/anda/misc/zapret/zapret.spec b/anda/misc/zapret/zapret.spec
new file mode 100644
index 0000000000..e982b1ec96
--- /dev/null
+++ b/anda/misc/zapret/zapret.spec
@@ -0,0 +1,149 @@
+Name:    zapret
+Version: 70.6
+Release: 6%{?dist}
+Summary: A multi-platform Deep Packet Inspection (DPI) bypass tool
+License: MIT 
+ExcludeArch: s390x
+Packager: libffi <contact@ffi.lol>
+
+URL:     https://github.com/bol-van/%{name}
+Source0: https://github.com/bol-van/%{name}/archive/refs/tags/v%{version}.tar.gz
+Patch0:  chore-move-to-different-dirs.patch
+Patch1:  build-dont-strip.patch
+
+# Build tools.
+BuildRequires: gcc
+BuildRequires: make
+BuildRequires: git
+# Headers.
+BuildRequires: libcap-devel
+BuildRequires: systemd-devel
+
+# Runtime libraries.
+Requires: libcap
+Requires: systemd
+Requires: glibc
+# Runtime binaries - scripts.
+Suggests: nmap-ncat
+Suggests: curl
+# Runtime binaries - networking.
+Requires: ipset
+Requires: nftables
+# Subpackage dependencies.
+Requires: %{name}-nfqws
+Requires: %{name}-tpws
+
+# NFQws.
+%package nfqws
+Summary: NFQUEUE-based worker solution.
+
+BuildRequires: libnetfilter_queue-devel
+BuildRequires: zlib-ng-compat-devel
+
+Requires: libnetfilter_queue
+Requires: zlib-ng-compat
+
+# TPws.
+%package tpws
+Summary: Transparent proxy worker solution.
+
+%description
+A stand-alone (without 3rd party servers) DPI circumvention tool.
+May allow to bypass HTTP(S) website blocking or speed shaping, resist
+signature TCP/UDP protocol discovery.
+
+%description nfqws
+NFQUEUE-based worker solution.
+
+%description tpws
+Transparent proxy worker solution.
+
+%prep
+%autosetup -S git
+rm -rf files/huawei/ # FIX: Remove a busybox dependency.
+
+%build
+%make_build systemd
+
+# Credit: https://aur.archlinux.org/packages/zapret-git
+%install
+  for n in ip2net mdig; do
+    install -Dm755 "binaries/my/$n" "%{buildroot}/%{_bindir}/$n"
+  done
+
+  install -Dm755 blockcheck.sh -t "%{buildroot}/%{_datadir}/%{name}/"
+  install -dm755 "%{buildroot}" %{buildroot}/%{_datadir}/%{name}/files
+  cp --reflink=auto -a files/* "%{buildroot}"/%{_datadir}/%{name}/files
+
+  install -Dm644 init.d/systemd/* -t "%{buildroot}%{_prefix}/lib/systemd/system/"
+  install -Dm755 init.d/sysv/{functions,%{name}} -t "%{buildroot}/%{_datadir}/%{name}/init.d/sysv/"
+  install -Dm755 ipset/* -t "%{buildroot}/%{_datadir}/%{name}/ipset/"
+  install -Dm644 common/* -t "%{buildroot}/%{_datadir}/%{name}/common/"
+
+  install -Dm644 /dev/stdin "%{buildroot}/%{_prefix}/lib/sysusers.d/%{name}.conf" << END
+u %{name} - "%{name} dpi bypasser"
+END
+
+  install -dm755 "%{buildroot}/{%_bindir}"
+  for i in init.d/sysv/zapret; do
+    mkdir %{buildroot}/%{_bindir} -p
+    ln -s "%{_datadir}/%{name}/$i" "%{buildroot}/%{_bindir}/${i##*/}"
+  done
+
+  sed -e '1s/$/\n\nWS_USER=%{name}/' -i "%{buildroot}/%{_datadir}/%{name}/init.d/sysv/functions"
+
+  for i in nfq/nfqws tpws/tpws; do
+    install -Dm755 "binaries/my/${i##*/}" "%{buildroot}/%{_bindir}/${i##*/}"
+  done
+
+  # docs
+  install -Dm644 docs/*.* -t "%{buildroot}/usr/share/doc/%{name}"
+  install -Dm644 docs/LICENSE.txt "%{buildroot}/usr/share/licenses/%{name}/LICENSE"
+
+  # config
+  install -Dm755 config.default %{buildroot}/etc/zapret/config.default
+  ln -s config.default %{buildroot}/etc/zapret/config
+
+%files
+# Configuration.
+%{_sysconfdir}/%{name}/
+%{_prefix}/lib/sysusers.d/zapret.conf
+
+# Units.
+%{_unitdir}/%{name}-list-update.service
+%{_unitdir}/%{name}-list-update.timer
+%{_unitdir}/%{name}.service
+
+# Executables.
+%{_bindir}/%{name}
+%{_bindir}/ip2net
+%{_bindir}/mdig
+
+# Share.
+%{_datadir}/%{name}
+
+# Documentation.
+%{_docdir}/%{name}
+%license LICENSE
+
+%files nfqws
+# Binaries.
+%{_bindir}/nfqws
+%{_unitdir}/nfqws@.service
+
+%files tpws
+# Binaries.
+%{_bindir}/tpws
+%{_unitdir}/tpws@.service
+
+%changelog
+* Thu May 1 2025 libffi <contact@ffi.lol> - 70.6-6
+- Fix init.d breakages.
+* Thu May 1 2025 libffi <contact@ffi.lol> - 70.6-5
+- Depend on subpackages.
+* Thu May 1 2025 libffi <contact@ffi.lol> - 70.6-4
+- Use subpackages.
+* Wed Apr 30 2025 libffi <contact@ffi.lol> - 70.6-3
+- Use more macros in the .spec file
+* Wed Apr 23 2025 libffi <contact@ffi.lol> - 70.6-2
+- Change from /opt/ to /usr/