update 2023-05-07 23:35:16

2026-02-07 07:18:00 +08:00 · 2023-05-07 23:35:16 +08:00
parent 3cab2f5c28
commit fefd44fafd
27 changed files with 302 additions and 251 deletions
--- a/ipt2socks/Makefile
+++ b/ipt2socks/Makefile
@@ -5,12 +5,12 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=ipt2socks
-PKG_VERSION:=1.1.3
+PKG_VERSION:=1.1.3
 PKG_RELEASE:=3
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/zfl9/ipt2socks/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=5279eb1cb7555cf9292423cc9f672dc43e6e214b3411a6df26a6a1cfa59d88b7
+PKG_HASH:=5279eb1cb7555cf9292423cc9f672dc43e6e214b3411a6df26a6a1cfa59d88b7
 PKG_BUILD_PARALLEL:=1
 PKG_USE_MIPS16:=0
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.65-2
+PKG_VERSION:=4.66-1
 PKG_RELEASE:=
 PKG_CONFIG_DEPENDS:= \
--- a/luci-app-passwall/luasrc/controller/passwall.lua
+++ b/luci-app-passwall/luasrc/controller/passwall.lua
@@ -290,7 +290,7 @@ end
 function copy_node()
 	local section = luci.http.formvalue("section")
-	local uuid = api.gen_uuid()
+	local uuid = api.gen_short_uuid()
 	ucic:section(appname, "nodes", uuid)
 	for k, v in pairs(ucic:get_all(appname, section)) do
 		local filter = k:find("%.")
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -155,7 +155,7 @@ if (has_v2ray or has_xray) and #nodes_table > 0 then
 	end
 	if #normal_list > 0 then
 		for k, v in pairs(shunt_list) do
-			local vid = v.id:sub(1, 8)
+			local vid = v.id
 			-- shunt node type, V2ray or Xray
 			local type = s:taboption("Main", ListValue, vid .. "-type", translate("Type"))
 			if has_v2ray then
@@ -400,7 +400,7 @@ end
 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
 o.inputstyle = "remove"
 function o.write(e, e)
-	luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"gfwlist\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+	luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"passwall_\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
 	luci.http.redirect(api.url("log"))
 end
@@ -512,7 +512,7 @@ s.anonymous = true
 s.addremove = true
 s.template = "cbi/tblsection"
 function s.create(e, t)
-	TypedSection.create(e, api.gen_uuid())
+	TypedSection.create(e, api.gen_short_uuid())
 end
 o = s:option(DummyValue, "status", translate("Status"))
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/haproxy.lua
@@ -76,7 +76,7 @@ s.anonymous = true
 s.addremove = true
 s.create = function(e, t)
-	TypedSection.create(e, api.gen_uuid())
+	TypedSection.create(e, api.gen_short_uuid())
 end
 s.remove = function(self, section)
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/node_list.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/node_list.lua
@@ -26,7 +26,7 @@ s.addremove = true
 s.template = "cbi/tblsection"
 s.extedit = api.url("node_config", "%s")
 function s.create(e, t)
-	local uuid = api.gen_uuid()
+	local uuid = api.gen_short_uuid()
 	t = uuid
 	TypedSection.create(e, t)
 	luci.http.redirect(e.extedit:format(t))
--- a/luci-app-passwall/luasrc/passwall/api.lua
+++ b/luci-app-passwall/luasrc/passwall/api.lua
@@ -365,6 +365,10 @@ function gen_uuid(format)
 	return uuid
 end
 function gen_short_uuid()
 	return sys.exec("echo -n $(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8)")
 end
 function uci_get_type(type, config, default)
 	local value = uci:get_first(appname, type, config, default) or sys.exec("echo -n $(uci -q get " .. appname .. ".@" .. type .."[0]." .. config .. ")")
 	if (value == nil or value == "") and (default and default ~= "") then
--- a/luci-app-passwall/luasrc/passwall/util_xray.lua
+++ b/luci-app-passwall/luasrc/passwall/util_xray.lua
@@ -602,7 +602,7 @@ function gen_config(var)
 		end
 		local function get_balancer_tag(_node_id)
-			return "balancer-" .. _node_id:sub(1, 8)
+			return "balancer-" .. _node_id
 		end
 		local function gen_balancer(_node, loopbackTag)
@@ -611,7 +611,7 @@ function gen_config(var)
 			local valid_nodes = {}
 			for i = 1, length do
 				local blc_node_id = blc_nodes[i]
-				local blc_node_tag = "blc-" .. blc_node_id:sub(1, 8)
+				local blc_node_tag = "blc-" .. blc_node_id
 				local is_new_blc_node = true
 				for _, outbound in ipairs(outbounds) do
 					if outbound.tag == blc_node_tag then
--- a/luci-app-passwall/luasrc/view/passwall/global/footer.htm
+++ b/luci-app-passwall/luasrc/view/passwall/global/footer.htm
@@ -50,10 +50,11 @@ local auto_switch = api.uci_get_type("auto_switch", "enable", 0)
 							if (dom.id) {
 								var s = dom.id.match(reg1);
 								if (s) {
-									dom_id = dom.id.split("cbi-").join("cbid-").split("-").join(".");
+									var cbi_id = global_id + "-"
 									var dom_id = dom.id.split(cbi_id).join(cbi_id.split("-").join(".")).split("cbi.").join("cbid.")
 									var node_select = document.getElementsByName(dom_id)[0];
 									var node_select_value = node_select.value;
-									if (node_select_value && node_select_value != "nil" && node_select_value.indexOf("_default") != 0 && node_select_value.indexOf("_direct") != 0 && node_select_value.indexOf("_blackhole") != 0) {
+									if (node_select_value && node_select_value != "nil" && node_select_value.indexOf("socks://") != 0 && node_select_value.indexOf("_default") != 0 && node_select_value.indexOf("_direct") != 0 && node_select_value.indexOf("_blackhole") != 0) {
 										if (global_id != null && node_select_value.indexOf("tcp") == 0) {
 											var d = global_id + "-tcp_node";
 											d = d.replace("cbi-", "cbid-").replace(new RegExp("-", 'g'), ".");
@@ -63,20 +64,16 @@ local auto_switch = api.uci_get_type("auto_switch", "enable", 0)
 												node_select_value = _node_select_value;
 											}
 										}
-										var v = document.getElementById(dom_id + "-" + node_select_value);
+										
-										if (v) {
+										if (node_select.tagName == "INPUT") {
-											node_select.title = v.text;
+											node_select = document.getElementById("cbi.combobox." + dom_id);
 										} else {
 											node_select.title = node_select.options[node_select.options.selectedIndex].text;
 										}
 										var new_html = "";
 										var new_a = document.createElement("a");
 										new_a.innerHTML = "<%:Edit%>";
 										new_a.href = "#";
 										new_a.setAttribute("onclick", "location.href='" + '<%=api.url("node_config")%>' + "/" + node_select_value + "'");
-										new_html = new_a.outerHTML;
+										var new_html = new_a.outerHTML;
 										if (s[0] == "tcp" || s[0] == "udp") {
 											var log_a = document.createElement("a");
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -416,11 +416,11 @@ run_chinadns_ng() {
 		[ -s "${RULES_PATH}/chnlist" ] && {
 			local _chnlist_file="${TMP_PATH}/chinadns_chnlist"
 			cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}"
-			local chnroute4_set="chnroute"
+			local chnroute4_set="passwall_chnroute"
-			local chnroute6_set="chnroute6"
+			local chnroute6_set="passwall_chnroute6"
 			[ "$nftflag" = "1" ] && {
-				chnroute4_set="inet@fw4@chnroute"
+				chnroute4_set="inet@fw4@passwall_chnroute"
-				chnroute6_set="inet@fw4@chnroute6"
+				chnroute6_set="inet@fw4@passwall_chnroute6"
 			}
 			_extra_param="${_extra_param} -4 ${chnroute4_set} -6 ${chnroute6_set} -m ${_chnlist_file} -M -a"
 		}
@@ -429,8 +429,8 @@ run_chinadns_ng() {
 	([ -n "$_chnlist" ] || [ -n "$_gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
 		local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
 		cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
-		local gfwlist_set="gfwlist,gfwlist6"
+		local gfwlist_set="passwall_gfwlist,passwall_gfwlist6"
-		[ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@gfwlist,inet@fw4@gfwlist6"
+		[ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@passwall_gfwlist,inet@fw4@passwall_gfwlist6"
 		_extra_param="${_extra_param} -g ${_gfwlist_file} -A ${gfwlist_set}"
 		#当只有使用gfwlist模式时设置默认DNS为本地直连
 		[ -n "$_gfwlist" ] && [ -z "$_chnlist" ] && _default_tag="chn"
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@@ -197,7 +197,7 @@ if not fs.access(CACHE_DNS_PATH) then
 		local address = t.address
 		if datatypes.hostname(address) then
 			set_domain_dns(address, LOCAL_DNS)
-			set_domain_ipset(address, setflag_4 .. "vpsiplist," .. setflag_6 .. "vpsiplist6")
+			set_domain_ipset(address, setflag_4 .. "passwall_vpsiplist," .. setflag_6 .. "passwall_vpsiplist6")
 		end
 	end)
 	log(string.format("  - 节点列表中的域名(vpsiplist)：%s", LOCAL_DNS or "默认"))
@@ -207,7 +207,7 @@ if not fs.access(CACHE_DNS_PATH) then
 		if line ~= "" and not line:find("#") then
 			add_excluded_domain(line)
 			set_domain_dns(line, LOCAL_DNS)
-			set_domain_ipset(line, setflag_4 .. "whitelist," .. setflag_6 .. "whitelist6")
+			set_domain_ipset(line, setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6")
 		end
 	end
 	log(string.format("  - 域名白名单(whitelist)：%s", LOCAL_DNS or "默认"))
@@ -220,10 +220,10 @@ if not fs.access(CACHE_DNS_PATH) then
 	for line in io.lines("/usr/share/passwall/rules/proxy_host") do
 		if line ~= "" and not line:find("#") then
 			add_excluded_domain(line)
-			local ipset_flag = setflag_4 .. "blacklist," .. setflag_6 .. "blacklist6"
+			local ipset_flag = setflag_4 .. "passwall_blacklist," .. setflag_6 .. "passwall_blacklist6"
 			if NO_PROXY_IPV6 == "1" then
 				set_domain_address(line, "::")
-				ipset_flag = setflag_4 .. "blacklist"
+				ipset_flag = setflag_4 .. "passwall_blacklist"
 			end
 			if REMOTE_FAKEDNS == "1" then
 				ipset_flag = nil
@@ -251,12 +251,12 @@ if not fs.access(CACHE_DNS_PATH) then
 				if _node_id == "_direct" then
 					fwd_dns = LOCAL_DNS
-					ipset_flag = setflag_4 .. "whitelist," .. setflag_6 .. "whitelist6"
+					ipset_flag = setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6"
 				else
 					fwd_dns = TUN_DNS
-					ipset_flag = setflag_4 .. "shuntlist," .. setflag_6 .. "shuntlist6"
+					ipset_flag = setflag_4 .. "passwall_shuntlist," .. setflag_6 .. "passwall_shuntlist6"
 					if NO_PROXY_IPV6 == "1" then
-						ipset_flag = setflag_4 .. "shuntlist"
+						ipset_flag = setflag_4 .. "passwall_shuntlist"
 						no_ipv6 = true
 					end
 					if not only_global then
@@ -295,9 +295,9 @@ if not fs.access(CACHE_DNS_PATH) then
 			if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
 				fwd_dns = nil
 			else
-				local ipset_flag = setflag_4 .. "gfwlist," .. setflag_6 .. "gfwlist6"
+				local ipset_flag = setflag_4 .. "passwall_gfwlist," .. setflag_6 .. "passwall_gfwlist6"
 				if NO_PROXY_IPV6 == "1" then
-					ipset_flag = setflag_4 .. "gfwlist"
+					ipset_flag = setflag_4 .. "passwall_gfwlist"
 				end
 				if not only_global then
 					if REMOTE_FAKEDNS == "1" then
@@ -329,7 +329,7 @@ if not fs.access(CACHE_DNS_PATH) then
 				for line in string.gmatch(chnlist_str, "[^\r\n]+") do
 					if line ~= "" then
 						set_domain_dns(line, fwd_dns)
-						set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
+						set_domain_ipset(line, setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6")
 					end
 				end
 			end
@@ -340,9 +340,9 @@ if not fs.access(CACHE_DNS_PATH) then
 			local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
 			for line in string.gmatch(chnlist_str, "[^\r\n]+") do
 				if line ~= "" then
-					local ipset_flag = setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6"
+					local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6"
 					if NO_PROXY_IPV6 == "1" then
-						ipset_flag = setflag_4 .. "chnroute"
+						ipset_flag = setflag_4 .. "passwall_chnroute"
 						set_domain_address(line, "::")
 					end
 					if not only_global then
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -2,23 +2,23 @@
 DIR="$(cd "$(dirname "$0")" && pwd)"
 MY_PATH=$DIR/iptables.sh
-IPSET_LANIPLIST="laniplist"
+IPSET_LANLIST="passwall_lanlist"
-IPSET_VPSIPLIST="vpsiplist"
+IPSET_VPSLIST="passwall_vpslist"
-IPSET_SHUNTLIST="shuntlist"
+IPSET_SHUNTLIST="passwall_shuntlist"
-IPSET_GFW="gfwlist"
+IPSET_GFW="passwall_gfwlist"
-IPSET_CHN="chnroute"
+IPSET_CHN="passwall_chnroute"
-IPSET_BLACKLIST="blacklist"
+IPSET_BLACKLIST="passwall_blacklist"
-IPSET_WHITELIST="whitelist"
+IPSET_WHITELIST="passwall_whitelist"
-IPSET_BLOCKLIST="blocklist"
+IPSET_BLOCKLIST="passwall_blocklist"
-IPSET_LANIPLIST6="laniplist6"
+IPSET_LANLIST6="passwall_lanlist6"
-IPSET_VPSIPLIST6="vpsiplist6"
+IPSET_VPSLIST6="passwall_vpslist6"
-IPSET_SHUNTLIST6="shuntlist6"
+IPSET_SHUNTLIST6="passwall_shuntlist6"
-IPSET_GFW6="gfwlist6"
+IPSET_GFW6="passwall_gfwlist6"
-IPSET_CHN6="chnroute6"
+IPSET_CHN6="passwall_chnroute6"
-IPSET_BLACKLIST6="blacklist6"
+IPSET_BLACKLIST6="passwall_blacklist6"
-IPSET_WHITELIST6="whitelist6"
+IPSET_WHITELIST6="passwall_whitelist6"
-IPSET_BLOCKLIST6="blocklist6"
+IPSET_BLOCKLIST6="passwall_blocklist6"
 FORCE_INDEX=2
@@ -223,11 +223,11 @@ get_action_chain_name() {
 	esac
 }
-gen_laniplist() {
+gen_lanlist() {
 	cat $RULES_PATH/lanlist_ipv4 | tr -s '\n' | grep -v "^#"
 }
-gen_laniplist_6() {
+gen_lanlist_6() {
 	cat $RULES_PATH/lanlist_ipv6 | tr -s '\n' | grep -v "^#"
 }
@@ -557,15 +557,15 @@ load_acl() {
 filter_haproxy() {
 	for item in ${haproxy_items}; do
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
-		ipset -q add $IPSET_VPSIPLIST $ip
+		ipset -q add $IPSET_VPSLIST $ip
 	done
-	echolog "加入负载均衡的节点到ipset[$IPSET_VPSIPLIST]直连完成"
+	echolog "加入负载均衡的节点到ipset[$IPSET_VPSLIST]直连完成"
 }
 filter_vpsip() {
-	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	echolog "加入所有节点到ipset[$IPSET_VPSIPLIST]直连完成"
+	echolog "加入所有节点到ipset[$IPSET_VPSLIST]直连完成"
 }
 filter_node() {
@@ -600,8 +600,8 @@ filter_node() {
 		local ADD_INDEX=$FORCE_INDEX
 		for _ipt in 4 6; do
-			[ "$_ipt" == "4" ] && _ipt=$ipt_tmp && _set_name=$IPSET_VPSIPLIST
+			[ "$_ipt" == "4" ] && _ipt=$ipt_tmp && _set_name=$IPSET_VPSLIST
-			[ "$_ipt" == "6" ] && _ipt=$ip6t_m && _set_name=$IPSET_VPSIPLIST6
+			[ "$_ipt" == "6" ] && _ipt=$ip6t_m && _set_name=$IPSET_VPSLIST6
 			$_ipt -n -L PSW_OUTPUT | grep -q "${address}:${port}"
 			if [ $? -ne 0 ]; then
 				unset dst_rule
@@ -679,8 +679,8 @@ dns_hijack() {
 add_firewall_rule() {
 	echolog "开始加载防火墙规则..."
-	ipset -! create $IPSET_LANIPLIST nethash maxelem 1048576
+	ipset -! create $IPSET_LANLIST nethash maxelem 1048576
-	ipset -! create $IPSET_VPSIPLIST nethash maxelem 1048576
+	ipset -! create $IPSET_VPSLIST nethash maxelem 1048576
 	ipset -! create $IPSET_SHUNTLIST nethash maxelem 1048576
 	ipset -! create $IPSET_GFW nethash maxelem 1048576
 	ipset -! create $IPSET_CHN nethash maxelem 1048576
@@ -688,8 +688,8 @@ add_firewall_rule() {
 	ipset -! create $IPSET_WHITELIST nethash maxelem 1048576
 	ipset -! create $IPSET_BLOCKLIST nethash maxelem 1048576
-	ipset -! create $IPSET_LANIPLIST6 nethash family inet6 maxelem 1048576
+	ipset -! create $IPSET_LANLIST6 nethash family inet6 maxelem 1048576
-	ipset -! create $IPSET_VPSIPLIST6 nethash family inet6 maxelem 1048576
+	ipset -! create $IPSET_VPSLIST6 nethash family inet6 maxelem 1048576
 	ipset -! create $IPSET_SHUNTLIST6 nethash family inet6 maxelem 1048576
 	ipset -! create $IPSET_GFW6 nethash family inet6 maxelem 1048576
 	ipset -! create $IPSET_CHN6 nethash family inet6 maxelem 1048576
@@ -718,11 +718,11 @@ add_firewall_rule() {
 	cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 	ipset -! -R <<-EOF
-		$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
+		$(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /")
 	EOF
 	ipset -! -R <<-EOF
-		$(gen_laniplist_6 | sed -e "s/^/add $IPSET_LANIPLIST6 /")
+		$(gen_lanlist_6 | sed -e "s/^/add $IPSET_LANLIST6 /")
 	EOF
 	# 忽略特殊IP段
@@ -735,11 +735,11 @@ add_firewall_rule() {
 		#echolog "本机IPv6网段互访直连：${lan_ip6}"
 		[ -n "$lan_ip" ] && ipset -! -R <<-EOF
-			$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST /")
+			$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANLIST /")
 		EOF
 		[ -n "$lan_ip6" ] && ipset -! -R <<-EOF
-			$(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST6 /")
+			$(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANLIST6 /")
 		EOF
 	}
@@ -774,8 +774,8 @@ add_firewall_rule() {
 	fi
 	$ipt_n -N PSW
-	$ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_n -A PSW $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_n -A PSW $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 	WAN_IP=$(get_wan_ip)
@@ -785,8 +785,8 @@ add_firewall_rule() {
 	[ -z "${is_tproxy}" ] && insert_rule_after "$ipt_n" "PREROUTING" "prerouting_rule" "-p tcp -j PSW"
 	$ipt_n -N PSW_OUTPUT
-	$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
@@ -805,8 +805,8 @@ add_firewall_rule() {
 	$ipt_m -A PSW_RULE -j CONNMARK --save-mark
 	$ipt_m -N PSW
-	$ipt_m -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_m -A PSW $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_m -A PSW $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_m -A PSW $(dst $IPSET_BLOCKLIST) -j DROP
@@ -817,8 +817,8 @@ add_firewall_rule() {
 	insert_rule_before "$ipt_m" "PREROUTING" "PSW" "-p tcp -m socket -j PSW_DIVERT"
 	$ipt_m -N PSW_OUTPUT
-	$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
 	$ipt_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST) -j DROP
@@ -828,14 +828,14 @@ add_firewall_rule() {
 	[ "$accept_icmpv6" = "1" ] && {
 		$ip6t_n -N PSW
-		$ip6t_n -A PSW $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_LANLIST6) -j RETURN
-		$ip6t_n -A PSW $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_VPSLIST6) -j RETURN
 		$ip6t_n -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
 		$ip6t_n -A PREROUTING -p ipv6-icmp -j PSW
 		$ip6t_n -N PSW_OUTPUT
-		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
-		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
 		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
 		$ip6t_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
 	}
@@ -852,8 +852,8 @@ add_firewall_rule() {
 	$ip6t_m -A PSW_RULE -j CONNMARK --save-mark
 	$ip6t_m -N PSW
-	$ip6t_m -A PSW $(dst $IPSET_LANIPLIST6) -j RETURN
+	$ip6t_m -A PSW $(dst $IPSET_LANLIST6) -j RETURN
-	$ip6t_m -A PSW $(dst $IPSET_VPSIPLIST6) -j RETURN
+	$ip6t_m -A PSW $(dst $IPSET_VPSLIST6) -j RETURN
 	$ip6t_m -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
 	$ip6t_m -A PSW $(dst $IPSET_BLOCKLIST6) -j DROP
@@ -866,8 +866,8 @@ add_firewall_rule() {
 	$ip6t_m -N PSW_OUTPUT
 	$ip6t_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
+	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
-	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
 	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
 	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST6) -j DROP
@@ -938,7 +938,7 @@ add_firewall_rule() {
 			_proxy_tcp_access() {
 				[ -n "${2}" ] || return 0
-				ipset -q test $IPSET_LANIPLIST ${2}
+				ipset -q test $IPSET_LANLIST ${2}
 				[ $? -eq 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 TCP 代理转发对该服务器 TCP/${3} 端口的访问"
 					return 0
@@ -1010,7 +1010,7 @@ add_firewall_rule() {
 			echolog "加载路由器自身 UDP 代理..."
 			_proxy_udp_access() {
 				[ -n "${2}" ] || return 0
-				ipset -q test $IPSET_LANIPLIST ${2}
+				ipset -q test $IPSET_LANLIST ${2}
 				[ $? == 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 UDP 代理转发对该服务器 UDP/${3} 端口的访问"
 					return 0
@@ -1099,8 +1099,8 @@ del_firewall_rule() {
 	ip -6 rule del fwmark 1 table 100 2>/dev/null
 	ip -6 route del local ::/0 dev lo table 100 2>/dev/null
-	destroy_ipset $IPSET_LANIPLIST
+	destroy_ipset $IPSET_LANLIST
-	destroy_ipset $IPSET_VPSIPLIST
+	destroy_ipset $IPSET_VPSLIST
 	#destroy_ipset $IPSET_SHUNTLIST
 	#destroy_ipset $IPSET_GFW
 	#destroy_ipset $IPSET_CHN
@@ -1108,8 +1108,8 @@ del_firewall_rule() {
 	destroy_ipset $IPSET_BLOCKLIST
 	destroy_ipset $IPSET_WHITELIST
-	destroy_ipset $IPSET_LANIPLIST6
+	destroy_ipset $IPSET_LANLIST6
-	destroy_ipset $IPSET_VPSIPLIST6
+	destroy_ipset $IPSET_VPSLIST6
 	#destroy_ipset $IPSET_SHUNTLIST6
 	#destroy_ipset $IPSET_GFW6
 	#destroy_ipset $IPSET_CHN6
@@ -1122,8 +1122,9 @@ del_firewall_rule() {
 flush_ipset() {
 	del_firewall_rule
-	destroy_ipset $IPSET_VPSIPLIST $IPSET_SHUNTLIST $IPSET_GFW $IPSET_CHN $IPSET_BLACKLIST $IPSET_BLOCKLIST $IPSET_WHITELIST $IPSET_LANIPLIST
+	for _name in $(ipset list | grep "Name: " | grep "passwall_" | awk '{print $2}'); do
-	destroy_ipset $IPSET_VPSIPLIST6 $IPSET_SHUNTLIST6 $IPSET_GFW6 $IPSET_CHN6 $IPSET_BLACKLIST6 $IPSET_BLOCKLIST6 $IPSET_WHITELIST6 $IPSET_LANIPLIST6
+		destroy_ipset ${_name}
 	done
 	rm -rf /tmp/etc/passwall_tmp/dnsmasq*
 	/etc/init.d/passwall reload
 }
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -2,23 +2,23 @@
 DIR="$(cd "$(dirname "$0")" && pwd)"
 MY_PATH=$DIR/nftables.sh
-NFTSET_LANIPLIST="laniplist"
+NFTSET_LANLIST="passwall_lanlist"
-NFTSET_VPSIPLIST="vpsiplist"
+NFTSET_VPSLIST="passwall_vpslist"
-NFTSET_SHUNTLIST="shuntlist"
+NFTSET_SHUNTLIST="passwall_shuntlist"
-NFTSET_GFW="gfwlist"
+NFTSET_GFW="passwall_gfwlist"
-NFTSET_CHN="chnroute"
+NFTSET_CHN="passwall_chnroute"
-NFTSET_BLACKLIST="blacklist"
+NFTSET_BLACKLIST="passwall_blacklist"
-NFTSET_WHITELIST="whitelist"
+NFTSET_WHITELIST="passwall_whitelist"
-NFTSET_BLOCKLIST="blocklist"
+NFTSET_BLOCKLIST="passwall_blocklist"
-NFTSET_LANIPLIST6="laniplist6"
+NFTSET_LANLIST6="passwall_lanlist6"
-NFTSET_VPSIPLIST6="vpsiplist6"
+NFTSET_VPSLIST6="passwall_vpslist6"
-NFTSET_SHUNTLIST6="shuntlist6"
+NFTSET_SHUNTLIST6="passwall_shuntlist6"
-NFTSET_GFW6="gfwlist6"
+NFTSET_GFW6="passwall_gfwlist6"
-NFTSET_CHN6="chnroute6"
+NFTSET_CHN6="passwall_chnroute6"
-NFTSET_BLACKLIST6="blacklist6"
+NFTSET_BLACKLIST6="passwall_blacklist6"
-NFTSET_WHITELIST6="whitelist6"
+NFTSET_WHITELIST6="passwall_whitelist6"
-NFTSET_BLOCKLIST6="blocklist6"
+NFTSET_BLOCKLIST6="passwall_blocklist6"
 FORCE_INDEX=2
@@ -233,11 +233,11 @@ get_action_chain_name() {
 	esac
 }
-gen_laniplist() {
+gen_lanlist() {
 	cat $RULES_PATH/lanlist_ipv4 | tr -s '\n' | grep -v "^#"
 }
-gen_laniplist_6() {
+gen_lanlist_6() {
 	cat $RULES_PATH/lanlist_ipv6 | tr -s '\n' | grep -v "^#"
 }
@@ -563,24 +563,24 @@ load_acl() {
 filter_haproxy() {
 	for item in ${haproxy_items}; do
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
-		insert_nftset $NFTSET_VPSIPLIST $ip
+		insert_nftset $NFTSET_VPSLIST $ip
 	done
-	echolog "加入负载均衡的节点到nftset[$NFTSET_VPSIPLIST]直连完成"
+	echolog "加入负载均衡的节点到nftset[$NFTSET_VPSLIST]直连完成"
 }
 filter_vps_addr() {
 	for server_host in $@; do
 		local vps_ip4=$(get_host_ip "ipv4" ${server_host})
 		local vps_ip6=$(get_host_ip "ipv6" ${server_host})
-		[ -n "$vps_ip4" ] && insert_nftset $NFTSET_VPSIPLIST $vps_ip4
+		[ -n "$vps_ip4" ] && insert_nftset $NFTSET_VPSLIST $vps_ip4
-		[ -n "$vps_ip6" ] && insert_nftset $NFTSET_VPSIPLIST6 $vps_ip6
+		[ -n "$vps_ip6" ] && insert_nftset $NFTSET_VPSLIST6 $vps_ip6
 	done
 }
 filter_vpsip() {
-	insert_nftset $NFTSET_VPSIPLIST $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d")
+	insert_nftset $NFTSET_VPSLIST $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d")
-	insert_nftset $NFTSET_VPSIPLIST6 $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
+	insert_nftset $NFTSET_VPSLIST6 $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
-	echolog "加入所有节点到nftset[$NFTSET_VPSIPLIST]直连完成"
+	echolog "加入所有节点到nftset[$NFTSET_VPSLIST]直连完成"
 }
 filter_node() {
@@ -613,8 +613,8 @@ filter_node() {
 		local ADD_INDEX=$FORCE_INDEX
 		for _ipt in 4 6; do
-			[ "$_ipt" == "4" ] && _ip_type=ip4 && _set_name=$NFTSET_VPSIPLIST
+			[ "$_ipt" == "4" ] && _ip_type=ip4 && _set_name=$NFTSET_VPSLIST
-			[ "$_ipt" == "6" ] && _ip_type=ip6 && _set_name=$NFTSET_VPSIPLIST6
+			[ "$_ipt" == "6" ] && _ip_type=ip6 && _set_name=$NFTSET_VPSLIST6
 			nft "list chain inet fw4 $nft_output_chain" | grep -q "${address}:${port}"
 			if [ $? -ne 0 ]; then
 				unset dst_rule
@@ -693,18 +693,18 @@ dns_hijack() {
 add_firewall_rule() {
 	echolog "开始加载防火墙规则..."
-	gen_nftset $NFTSET_VPSIPLIST ipv4_addr
+	gen_nftset $NFTSET_VPSLIST ipv4_addr
 	gen_nftset $NFTSET_GFW ipv4_addr
-	gen_nftset $NFTSET_LANIPLIST ipv4_addr $(gen_laniplist)
+	gen_nftset $NFTSET_LANLIST ipv4_addr $(gen_lanlist)
 	gen_nftset $NFTSET_CHN ipv4_addr $(cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#")
 	gen_nftset $NFTSET_BLACKLIST ipv4_addr $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 	gen_nftset $NFTSET_WHITELIST ipv4_addr $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 	gen_nftset $NFTSET_BLOCKLIST ipv4_addr $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 	gen_nftset $NFTSET_SHUNTLIST ipv4_addr
-	gen_nftset $NFTSET_VPSIPLIST6 ipv6_addr
+	gen_nftset $NFTSET_VPSLIST6 ipv6_addr
 	gen_nftset $NFTSET_GFW6 ipv6_addr
-	gen_nftset $NFTSET_LANIPLIST6 ipv6_addr $(gen_laniplist_6)
+	gen_nftset $NFTSET_LANLIST6 ipv6_addr $(gen_lanlist_6)
 	gen_nftset $NFTSET_CHN6 ipv6_addr $(cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#")
 	gen_nftset $NFTSET_BLACKLIST6 ipv6_addr $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
 	gen_nftset $NFTSET_WHITELIST6 ipv6_addr $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
@@ -730,8 +730,8 @@ add_firewall_rule() {
 		#echolog "本机IPv4网段互访直连：${lan_ip}"
 		#echolog "本机IPv6网段互访直连：${lan_ip6}"
-		[ -n "$lan_ip" ] && insert_nftset $NFTSET_LANIPLIST $(echo $lan_ip | sed -e "s/ /\n/g")
+		[ -n "$lan_ip" ] && insert_nftset $NFTSET_LANLIST $(echo $lan_ip | sed -e "s/ /\n/g")
-		[ -n "$lan_ip6" ] && insert_nftset $NFTSET_LANIPLIST6 $(echo $lan_ip6 | sed -e "s/ /\n/g")
+		[ -n "$lan_ip6" ] && insert_nftset $NFTSET_LANLIST6 $(echo $lan_ip6 | sed -e "s/ /\n/g")
 	}
 	[ -n "$ISP_DNS" ] && {
@@ -792,15 +792,15 @@ add_firewall_rule() {
 	#ipv4 tproxy mode and udp
 	nft "add chain inet fw4 PSW_MANGLE"
 	nft "flush chain inet fw4 PSW_MANGLE"
-	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_LANIPLIST counter return"
+	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_LANLIST counter return"
-	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_VPSIPLIST counter return"
+	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
 	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
 	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
 	nft "add chain inet fw4 PSW_OUTPUT_MANGLE"
 	nft "flush chain inet fw4 PSW_OUTPUT_MANGLE"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANIPLIST counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANLIST counter return"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSIPLIST counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE meta mark 0xff counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
@@ -813,16 +813,16 @@ add_firewall_rule() {
 	[ -z "${is_tproxy}" ] && {
 		nft "add chain inet fw4 PSW"
 		nft "flush chain inet fw4 PSW"
-		nft "add rule inet fw4 PSW ip daddr @$NFTSET_LANIPLIST counter return"
+		nft "add rule inet fw4 PSW ip daddr @$NFTSET_LANLIST counter return"
-		nft "add rule inet fw4 PSW ip daddr @$NFTSET_VPSIPLIST counter return"
+		nft "add rule inet fw4 PSW ip daddr @$NFTSET_VPSLIST counter return"
 		nft "add rule inet fw4 PSW ip daddr @$NFTSET_WHITELIST counter return"
 		nft "add rule inet fw4 PSW ip daddr @$NFTSET_BLOCKLIST counter drop"
 		nft "add rule inet fw4 dstnat ip protocol tcp counter jump PSW"
 		nft "add chain inet fw4 PSW_OUTPUT"
 		nft "flush chain inet fw4 PSW_OUTPUT"
-		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_LANIPLIST counter return"
+		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_LANLIST counter return"
-		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_VPSIPLIST counter return"
+		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_VPSLIST counter return"
 		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_WHITELIST counter return"
 		nft "add rule inet fw4 PSW_OUTPUT meta mark 0xff counter return"
 		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_BLOCKLIST counter drop"
@@ -832,13 +832,13 @@ add_firewall_rule() {
 	if [ "$accept_icmp" = "1" ]; then
 		nft "add chain inet fw4 PSW_ICMP_REDIRECT"
 		nft "flush chain inet fw4 PSW_ICMP_REDIRECT"
-		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_LANIPLIST counter return"
+		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_LANLIST counter return"
-		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_VPSIPLIST counter return"
+		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_VPSLIST counter return"
 		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_WHITELIST counter return"
 		[ "$accept_icmpv6" = "1" ] && {
-			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_LANIPLIST6 counter return"
+			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_LANLIST6 counter return"
-			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_VPSIPLIST6 counter return"
+			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_VPSLIST6 counter return"
 			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_WHITELIST6 counter return"
 		}
@@ -858,15 +858,15 @@ add_firewall_rule() {
 	#ipv6 tproxy mode and udp
 	nft "add chain inet fw4 PSW_MANGLE_V6"
 	nft "flush chain inet fw4 PSW_MANGLE_V6"
-	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_LANIPLIST6 counter return"
+	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_LANLIST6 counter return"
-	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_VPSIPLIST6 counter return"
+	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_VPSLIST6 counter return"
 	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return"
 	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop"
 	nft "add chain inet fw4 PSW_OUTPUT_MANGLE_V6"
 	nft "flush chain inet fw4 PSW_OUTPUT_MANGLE_V6"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_LANIPLIST6 counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_LANLIST6 counter return"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_VPSIPLIST6 counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_VPSLIST6 counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta mark 0xff counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop"
@@ -944,7 +944,7 @@ add_firewall_rule() {
 			_proxy_tcp_access() {
 				[ -n "${2}" ] || return 0
-				nft "get element inet fw4 $NFTSET_LANIPLIST {${2}}" &>/dev/null
+				nft "get element inet fw4 $NFTSET_LANLIST {${2}}" &>/dev/null
 				[ $? -eq 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 TCP 代理转发对该服务器 TCP/${3} 端口的访问"
 					return 0
@@ -1015,7 +1015,7 @@ add_firewall_rule() {
 			echolog "加载路由器自身 UDP 代理..."
 			_proxy_udp_access() {
 				[ -n "${2}" ] || return 0
-				nft "get element inet fw4 $NFTSET_LANIPLIST {${2}}" &>/dev/null
+				nft "get element inet fw4 $NFTSET_LANLIST {${2}}" &>/dev/null
 				[ $? == 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 UDP 代理转发对该服务器 UDP/${3} 端口的访问"
 					return 0
@@ -1101,8 +1101,8 @@ del_firewall_rule() {
 	ip -6 rule del fwmark 1 table 100 2>/dev/null
 	ip -6 route del local ::/0 dev lo table 100 2>/dev/null
-	destroy_nftset $NFTSET_LANIPLIST
+	destroy_nftset $NFTSET_LANLIST
-	destroy_nftset $NFTSET_VPSIPLIST
+	destroy_nftset $NFTSET_VPSLIST
 	#destroy_nftset $NFTSET_SHUNTLIST
 	#destroy_nftset $NFTSET_GFW
 	#destroy_nftset $NFTSET_CHN
@@ -1110,8 +1110,8 @@ del_firewall_rule() {
 	destroy_nftset $NFTSET_BLOCKLIST
 	destroy_nftset $NFTSET_WHITELIST
-	destroy_nftset $NFTSET_LANIPLIST6
+	destroy_nftset $NFTSET_LANLIST6
-	destroy_nftset $NFTSET_VPSIPLIST6
+	destroy_nftset $NFTSET_VPSLIST6
 	#destroy_nftset $NFTSET_SHUNTLIST6
 	#destroy_nftset $NFTSET_GFW6
 	#destroy_nftset $NFTSET_CHN6
@@ -1124,8 +1124,8 @@ del_firewall_rule() {
 flush_nftset() {
 	del_firewall_rule
-	destroy_nftset $NFTSET_VPSIPLIST $NFTSET_SHUNTLIST $NFTSET_GFW $NFTSET_CHN $NFTSET_BLACKLIST $NFTSET_BLOCKLIST $NFTSET_WHITELIST $NFTSET_LANIPLIST
+	destroy_nftset $NFTSET_VPSLIST $NFTSET_SHUNTLIST $NFTSET_GFW $NFTSET_CHN $NFTSET_BLACKLIST $NFTSET_BLOCKLIST $NFTSET_WHITELIST $NFTSET_LANLIST
-	destroy_nftset $NFTSET_VPSIPLIST6 $NFTSET_SHUNTLIST6 $NFTSET_GFW6 $NFTSET_CHN6 $NFTSET_BLACKLIST6 $NFTSET_BLOCKLIST6 $NFTSET_WHITELIST6 $NFTSET_LANIPLIST6
+	destroy_nftset $NFTSET_VPSLIST6 $NFTSET_SHUNTLIST6 $NFTSET_GFW6 $NFTSET_CHN6 $NFTSET_BLACKLIST6 $NFTSET_BLOCKLIST6 $NFTSET_WHITELIST6 $NFTSET_LANLIST6
 	rm -rf /tmp/etc/passwall_tmp/dnsmasq*
 	/etc/init.d/passwall reload
 }
--- a/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@@ -1059,7 +1059,7 @@ local function update_node(manual)
 		local remark = v["remark"]
 		local list = v["list"]
 		for _, vv in ipairs(list) do
-			local cfgid = uci:section(appname, "nodes", api.gen_uuid())
+			local cfgid = uci:section(appname, "nodes", api.gen_short_uuid())
 			for kkk, vvv in pairs(vv) do
 				uci:set(appname, cfgid, kkk, vvv)
 			end
--- a/luci-app-passwall2/Makefile
+++ b/luci-app-passwall2/Makefile
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-passwall2
-PKG_VERSION:=1.14-3
+PKG_VERSION:=1.15-1
 PKG_RELEASE:=
 PKG_CONFIG_DEPENDS:= \
--- a/luci-app-passwall2/luasrc/controller/passwall2.lua
+++ b/luci-app-passwall2/luasrc/controller/passwall2.lua
@@ -275,7 +275,7 @@ end
 function copy_node()
 	local section = luci.http.formvalue("section")
-	local uuid = api.gen_uuid()
+	local uuid = api.gen_short_uuid()
 	ucic:section(appname, "nodes", uuid)
 	for k, v in pairs(ucic:get_all(appname, section)) do
 		local filter = k:find("%.")
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/global.lua
@@ -298,7 +298,7 @@ s.anonymous = true
 s.addremove = true
 s.template = "cbi/tblsection"
 function s.create(e, t)
-	TypedSection.create(e, api.gen_uuid())
+	TypedSection.create(e, api.gen_short_uuid())
 end
 o = s:option(DummyValue, "status", translate("Status"))
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/haproxy.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/haproxy.lua
@@ -76,7 +76,7 @@ s.anonymous = true
 s.addremove = true
 s.create = function(e, t)
-	TypedSection.create(e, api.gen_uuid())
+	TypedSection.create(e, api.gen_short_uuid())
 end
 s.remove = function(self, section)
--- a/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_list.lua
+++ b/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_list.lua
@@ -26,7 +26,7 @@ s.addremove = true
 s.template = "cbi/tblsection"
 s.extedit = api.url("node_config", "%s")
 function s.create(e, t)
-	local uuid = api.gen_uuid()
+	local uuid = api.gen_short_uuid()
 	t = uuid
 	TypedSection.create(e, t)
 	luci.http.redirect(e.extedit:format(t))
--- a/luci-app-passwall2/luasrc/passwall2/api.lua
+++ b/luci-app-passwall2/luasrc/passwall2/api.lua
@@ -348,6 +348,10 @@ function gen_uuid(format)
 	return uuid
 end
 function gen_short_uuid()
 	return sys.exec("echo -n $(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 8)")
 end
 function uci_get_type(type, config, default)
 	local value = uci:get_first(appname, type, config, default) or sys.exec("echo -n $(uci -q get " .. appname .. ".@" .. type .."[0]." .. config .. ")")
 	if (value == nil or value == "") and (default and default ~= "") then
--- a/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/app.sh
@@ -350,7 +350,7 @@ run_v2ray() {
 		ln_run "$(first_type $(config_t_get global_app ${type}_file) ${type})" ${type} $V2RAY_DNS_DIRECT_LOG run -c "$V2RAY_DNS_DIRECT_CONFIG"
 		direct_dnsmasq_listen_port=$(get_new_port $(expr $dns_direct_listen_port + 1) udp)
-		run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=127.0.0.1#${dns_direct_listen_port} ipset=whitelist,whitelist6 config_file=$TMP_PATH/dnsmasq_${flag}_direct.conf
+		run_ipset_dnsmasq listen_port=${direct_dnsmasq_listen_port} server_dns=127.0.0.1#${dns_direct_listen_port} ipset=passwall2_whitelist,passwall2_whitelist6 config_file=$TMP_PATH/dnsmasq_${flag}_direct.conf
 		V2RAY_DNS_REMOTE_CONFIG="${TMP_PATH}/${flag}_dns_remote.json"
 		V2RAY_DNS_REMOTE_LOG="${TMP_PATH}/${flag}_dns_remote.log"
--- a/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/helper_dnsmasq.sh
@@ -94,7 +94,7 @@ add() {
 	#始终用国内DNS解析节点域名
 	servers=$(uci show "${CONFIG}" | grep ".address=" | cut -d "'" -f 2)
-	hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items ipsets="vpsiplist,vpsiplist6" dnss="${LOCAL_DNS:-${DEFAULT_DNS}}" outf="${TMP_DNSMASQ_PATH}/10-vpsiplist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
+	hosts_foreach "servers" host_from_url | grep '[a-zA-Z]$' | sort -u | gen_items ipsets="passwall2_vpsiplist,passwall2_vpsiplist6" dnss="${LOCAL_DNS:-${DEFAULT_DNS}}" outf="${TMP_DNSMASQ_PATH}/10-vpsiplist_host.conf" ipsetoutf="${TMP_DNSMASQ_PATH}/ipset.conf"
 	echolog "  - [$?]节点列表中的域名(vpsiplist)：${DEFAULT_DNS:-默认}"
 	echo "conf-dir=${TMP_DNSMASQ_PATH}" > $DNSMASQ_CONF_FILE
--- a/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
+++ b/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
@@ -2,13 +2,13 @@
 DIR="$(cd "$(dirname "$0")" && pwd)"
 MY_PATH=$DIR/iptables.sh
-IPSET_LANIPLIST="laniplist"
+IPSET_LANLIST="passwall2_lanlist"
-IPSET_VPSIPLIST="vpsiplist"
+IPSET_VPSLIST="passwall2_vpslist"
-IPSET_WHITELIST="whitelist"
+IPSET_WHITELIST="passwall2_whitelist"
-IPSET_LANIPLIST6="laniplist6"
+IPSET_LANLIST6="passwall2_lanlist6"
-IPSET_VPSIPLIST6="vpsiplist6"
+IPSET_VPSLIST6="passwall2_vpslist6"
-IPSET_WHITELIST6="whitelist6"
+IPSET_WHITELIST6="passwall2_whitelist6"
 FORCE_INDEX=2
@@ -117,7 +117,7 @@ get_action_chain_name() {
 	echo "全局代理"
 }
-gen_laniplist() {
+gen_lanlist() {
 	cat <<-EOF
 		0.0.0.0/8
 		10.0.0.0/8
@@ -131,7 +131,7 @@ gen_laniplist() {
 	EOF
 }
-gen_laniplist_6() {
+gen_lanlist_6() {
 	cat <<-EOF
 		::/128
 		::1/128
@@ -388,15 +388,15 @@ load_acl() {
 filter_haproxy() {
 	for item in $(uci show $CONFIG | grep ".lbss=" | cut -d "'" -f 2); do
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
-		[ -n "$ip" ] && ipset -q add $IPSET_VPSIPLIST $ip
+		[ -n "$ip" ] && ipset -q add $IPSET_VPSLIST $ip
 	done
-	echolog "加入负载均衡的节点到ipset[$IPSET_VPSIPLIST]直连完成"
+	echolog "加入负载均衡的节点到ipset[$IPSET_VPSLIST]直连完成"
 }
 filter_vpsip() {
-	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	echolog "加入所有节点到ipset[$IPSET_VPSIPLIST]直连完成"
+	echolog "加入所有节点到ipset[$IPSET_VPSLIST]直连完成"
 }
 filter_node() {
@@ -443,7 +443,7 @@ filter_node() {
 					msg2="套娃使用(${msg}:${port} -> ${_port})"
 				}
 				[ -n "$_proxy" ] && [ "$_proxy" == "1" ] && [ -n "$_port" ] || {
-					ADD_INDEX=$(RULE_LAST_INDEX "$_ipt" PSW2_OUTPUT "$IPSET_VPSIPLIST" $FORCE_INDEX)
+					ADD_INDEX=$(RULE_LAST_INDEX "$_ipt" PSW2_OUTPUT "$IPSET_VPSLIST" $FORCE_INDEX)
 					dst_rule=" -j RETURN"
 					msg2="直连代理"
 				}
@@ -510,20 +510,20 @@ dns_hijack() {
 add_firewall_rule() {
 	echolog "开始加载防火墙规则..."
-	ipset -! create $IPSET_LANIPLIST nethash maxelem 1048576
+	ipset -! create $IPSET_LANLIST nethash maxelem 1048576
-	ipset -! create $IPSET_VPSIPLIST nethash maxelem 1048576
+	ipset -! create $IPSET_VPSLIST nethash maxelem 1048576
 	ipset -! create $IPSET_WHITELIST nethash maxelem 1048576
-	ipset -! create $IPSET_LANIPLIST6 nethash family inet6 maxelem 1048576
+	ipset -! create $IPSET_LANLIST6 nethash family inet6 maxelem 1048576
-	ipset -! create $IPSET_VPSIPLIST6 nethash family inet6 maxelem 1048576
+	ipset -! create $IPSET_VPSLIST6 nethash family inet6 maxelem 1048576
 	ipset -! create $IPSET_WHITELIST6 nethash family inet6 maxelem 1048576
 	ipset -! -R <<-EOF
-		$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
+		$(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /")
 	EOF
 	ipset -! -R <<-EOF
-		$(gen_laniplist_6 | sed -e "s/^/add $IPSET_LANIPLIST6 /")
+		$(gen_lanlist_6 | sed -e "s/^/add $IPSET_LANLIST6 /")
 	EOF
 	# 忽略特殊IP段
@@ -536,18 +536,18 @@ add_firewall_rule() {
 		#echolog "本机IPv6网段互访直连：${lan_ip6}"
 		[ -n "$lan_ip" ] && ipset -! -R <<-EOF
-			$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST /")
+			$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANLIST /")
 		EOF
 		[ -n "$lan_ip6" ] && ipset -! -R <<-EOF
-			$(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST6 /")
+			$(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANLIST6 /")
 		EOF
 	}
 	[ -n "$ISP_DNS" ] && {
 		#echolog "处理 ISP DNS 例外..."
 		for ispip in $ISP_DNS; do
-			ipset -! add $IPSET_LANIPLIST $ispip >/dev/null 2>&1 &
+			ipset -! add $IPSET_LANLIST $ispip >/dev/null 2>&1 &
 			#echolog "  - 追加到白名单：${ispip}"
 		done
 	}
@@ -555,7 +555,7 @@ add_firewall_rule() {
 	[ -n "$ISP_DNS6" ] && {
 		#echolog "处理 ISP IPv6 DNS 例外..."
 		for ispip6 in $ISP_DNS6; do
-			ipset -! add $IPSET_LANIPLIST6 $ispip6 >/dev/null 2>&1 &
+			ipset -! add $IPSET_LANLIST6 $ispip6 >/dev/null 2>&1 &
 			#echolog "  - 追加到白名单：${ispip6}"
 		done
 	}
@@ -575,8 +575,8 @@ add_firewall_rule() {
 	fi
 	$ipt_n -N PSW2
-	$ipt_n -A PSW2 $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_n -A PSW2 $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_n -A PSW2 $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_n -A PSW2 $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_n -A PSW2 $(dst $IPSET_WHITELIST) ! -d $FAKE_IP -j RETURN
 	WAN_IP=$(get_wan_ip)
@@ -586,8 +586,8 @@ add_firewall_rule() {
 	[ -z "${is_tproxy}" ] && insert_rule_after "$ipt_n" "PREROUTING" "prerouting_rule" "-p tcp -j PSW2"
 	$ipt_n -N PSW2_OUTPUT
-	$ipt_n -A PSW2_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_n -A PSW2_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_n -A PSW2_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_n -A PSW2_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_n -A PSW2_OUTPUT $(dst $IPSET_WHITELIST) ! -d $FAKE_IP -j RETURN
 	$ipt_n -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
@@ -606,8 +606,8 @@ add_firewall_rule() {
 	$ipt_m -A PSW2_RULE -j CONNMARK --save-mark
 	$ipt_m -N PSW2
-	$ipt_m -A PSW2 $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_m -A PSW2 $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_m -A PSW2 $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_m -A PSW2 $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_m -A PSW2 $(dst $IPSET_WHITELIST) ! -d $FAKE_IP -j RETURN
 	[ ! -z "${WAN_IP}" ] && $ipt_m -A PSW2 $(comment "WAN_IP_RETURN") -d "${WAN_IP}" -j RETURN
@@ -618,8 +618,8 @@ add_firewall_rule() {
 	$ipt_m -N PSW2_OUTPUT
 	$ipt_m -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
-	$ipt_m -A PSW2_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
+	$ipt_m -A PSW2_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
-	$ipt_m -A PSW2_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_m -A PSW2_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_m -A PSW2_OUTPUT $(dst $IPSET_WHITELIST) ! -d $FAKE_IP -j RETURN
 	ip rule add fwmark 1 lookup 100
@@ -627,14 +627,14 @@ add_firewall_rule() {
 	[ "$accept_icmpv6" = "1" ] && {
 		$ip6t_n -N PSW2
-		$ip6t_n -A PSW2 $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW2 $(dst $IPSET_LANLIST6) -j RETURN
-		$ip6t_n -A PSW2 $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW2 $(dst $IPSET_VPSLIST6) -j RETURN
 		$ip6t_n -A PSW2 $(dst $IPSET_WHITELIST6) ! -d $FAKE_IP_6 -j RETURN
 		$ip6t_n -A PREROUTING -p ipv6-icmp -j PSW2
 		$ip6t_n -N PSW2_OUTPUT
-		$ip6t_n -A PSW2_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
+		$ip6t_n -A PSW2_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
-		$ip6t_n -A PSW2_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW2_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
 		$ip6t_n -A PSW2_OUTPUT $(dst $IPSET_WHITELIST6) ! -d $FAKE_IP_6 -j RETURN
 		$ip6t_n -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
 	}
@@ -651,8 +651,8 @@ add_firewall_rule() {
 	$ip6t_m -A PSW2_RULE -j CONNMARK --save-mark
 	$ip6t_m -N PSW2
-	$ip6t_m -A PSW2 $(dst $IPSET_LANIPLIST6) -j RETURN
+	$ip6t_m -A PSW2 $(dst $IPSET_LANLIST6) -j RETURN
-	$ip6t_m -A PSW2 $(dst $IPSET_VPSIPLIST6) -j RETURN
+	$ip6t_m -A PSW2 $(dst $IPSET_VPSLIST6) -j RETURN
 	$ip6t_m -A PSW2 $(dst $IPSET_WHITELIST6) ! -d $FAKE_IP_6 -j RETURN
 	WAN6_IP=$(get_wan6_ip)
@@ -664,8 +664,8 @@ add_firewall_rule() {
 	$ip6t_m -N PSW2_OUTPUT
 	$ip6t_m -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
-	$ip6t_m -A PSW2_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
+	$ip6t_m -A PSW2_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
-	$ip6t_m -A PSW2_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+	$ip6t_m -A PSW2_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
 	$ip6t_m -A PSW2_OUTPUT $(dst $IPSET_WHITELIST6) ! -d $FAKE_IP_6 -j RETURN
 	ip -6 rule add fwmark 1 table 100
@@ -816,8 +816,9 @@ del_firewall_rule() {
 flush_ipset() {
 	del_firewall_rule
-	destroy_ipset $IPSET_WHITELIST $IPSET_VPSIPLIST $IPSET_LANIPLIST
+	for _name in $(ipset list | grep "Name: " | grep "passwall2_" | awk '{print $2}'); do
-	destroy_ipset $IPSET_WHITELIST6 $IPSET_VPSIPLIST6 $IPSET_LANIPLIST6
+		destroy_ipset ${_name}
 	done
 	/etc/init.d/passwall2 reload
 }
--- a/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
+++ b/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
@@ -954,7 +954,7 @@ local function update_node(manual)
 		local remark = v["remark"]
 		local list = v["list"]
 		for _, vv in ipairs(list) do
-			local cfgid = uci:section(appname, "nodes", api.gen_uuid())
+			local cfgid = uci:section(appname, "nodes", api.gen_short_uuid())
 			for kkk, vvv in pairs(vv) do
 				uci:set(appname, cfgid, kkk, vvv)
 			end
--- a/luci-app-serverchan/Makefile
+++ b/luci-app-serverchan/Makefile
@@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-serverchan
-PKG_VERSION:=2.06.2
+PKG_VERSION:=2.07.0
 PKG_RELEASE:=10
 PKG_MAINTAINER:=tty228 <tty228@yeah.net>
--- a/luci-app-serverchan/luasrc/model/cbi/serverchan/setting.lua
+++ b/luci-app-serverchan/luasrc/model/cbi/serverchan/setting.lua
@@ -335,6 +335,7 @@ a = s:taboption("ipset", Flag, "port_knocking", translate("端口敲门"))
 a.default = 0
 a.rmempty = true
 a.description = translate("登录成功后开放端口")
 a.description = translate("如在 防火墙 - 区域设置 中禁用了 LAN 口入站和转发，将不起作用<br/>写起来太鸡儿麻烦了，告辞")
 a = s:taboption("ipset", Value, "ip_port_white", "端口")
 a.default = ""
--- a/luci-app-serverchan/root/usr/share/serverchan/serverchan
+++ b/luci-app-serverchan/root/usr/share/serverchan/serverchan
@@ -59,14 +59,14 @@ function read_config(){
 # 初始化
 function serverchan_init(){
 	enable_detection
 	echo "---------------------------------------------------------------------------------------" >> ${logfile}
 	echo "`date "+%Y-%m-%d %H:%M:%S"` 【初始化】start running..." >> ${logfile}
 	if [ -f "/usr/share/serverchan/errlog" ]; then
 		cat /usr/share/serverchan/errlog > ${logfile}
 		echo "`date "+%Y-%m-%d %H:%M:%S"` 【！！！】载入上次重启前日志" >> ${logfile}
 		echo "--------------------------------------------------------" >> ${logfile}
 	fi
 	down_oui &
 	get_syslog
 	set_ip_black
 	rm -f ${dir}fd1 ${dir}sheep_usage ${dir}old_sheep_usage ${dir}client_usage_aliases ${dir}old_client_usage_aliases /usr/share/serverchan/errlog >/dev/null 2>&1
 	[ ! -f "/usr/sbin/wrtbwmon" ] && echo "`date "+%Y-%m-%d %H:%M:%S"` 【info】未安装 wrtbwmon ，流量统计不可用" >> ${logfile}
@@ -74,6 +74,14 @@ function serverchan_init(){
 	[ -z "$cu_version" ] && echo "`date "+%Y-%m-%d %H:%M:%S"` 【！！！】无法获取依赖项 curl 版本号，请确认插件是否正常运行" >> ${logfile}
 	[ -z "${sckey}${tg_token}${pushplus_token}${corpid}${wxpusher_apptoken}${wxpusher_uids}${wxpusher_topicIds}" -a "${jsonpath}" != "/usr/share/serverchan/api/diy.json" ] && echo "`date "+%Y-%m-%d %H:%M:%S"` 【！！！】请填写正确的 key " >> ${logfile} && return 1
 	local interfacelist=`getinterfacelist` && [ -z "$interfacelist" ] && echo "`date "+%Y-%m-%d %H:%M:%S"` 【！！！】无法获取接口在线时间等信息，可能存在多个接口或配置错误，请确认插件是否正常运行" >> ${logfile}
 	[ ! -z "$temperature_enable" ] && [ "$temperature_enable" -eq "1" ] && [ ! -z "$temperature" ] && local cpu_wendu=`soc_temp` || local cpu_wendu="null"
 	[ -z "$cpu_wendu" ] && echo "`date "+%Y-%m-%d %H:%M:%S"`  【！！！】无法读取设备温度，请检查命令" >> ${logfile}
 	[ ! -z "$cpuload_enable" ] && [ "$cpuload_enable" -eq "1" ] && [ ! -z "$cpuload" ] && local cpu_fuzai=`cat /proc/loadavg|awk '{print $1}'` 2>/dev/null || local cpu_fuzai="null"
 	[ -z "$cpu_fuzai" ] && echo "`date "+%Y-%m-%d %H:%M:%S"`  【！！！】无法读取设备负载，请检查命令" >> ${logfile}
 	set_ip_black
 	[ -n "$port_knocking" ] && [ "$port_knocking" -eq "1" ] && init_ip_white "ipv4"
 	[ -n "$port_knocking" ] && [ "$port_knocking" -eq "1" ] && init_ip_white "ipv6"
 	return 0
 }
@@ -194,7 +202,7 @@ function getip(){
 # 获取接口信息
 function getinterfacelist(){
 	[ `ubus list|grep -w -i "network.interface.wan"|wc -l` -ge "1" ] && ubus call network.interface.wan status && return
-	local ubuslist=`ubus list|grep -i "network.interface."|grep -v "loopback"|grep -v -i "wan6"|grep -v -i "lan6"|grep -v -i "ipsec_server*"|grep -v -i "VPN*"|grep -v -i "DOCKER*"`
+	local ubuslist=`ubus list|grep -i "network.interface."|grep -v "loopback"|grep -v -i "wan6"|grep -v -i "lan6"|grep -v -i "ipsec.*"|grep -v -i "VPN.*"|grep -v -i "DOCKER.*"`
 	[ `echo "${ubuslist}" |wc -l` -eq "1" ] && ubus call ${ubuslist} status && return
 }
@@ -327,7 +335,7 @@ function soc_temp(){
 	[ "$soc_code" == "pve" ] && [ ! -z "$server_host" ] && [ -z "$soctemp" ] || [ "$soctemp" == "null" ] && local soctemp=`ssh -i /root/.ssh/id_rsa root@${server_host} -p ${server_port} sensors -j 2>/dev/null|jq '."zenpower-pci-00c3"."Tctl"."temp1_input"'`
 	# PVE 应该没啥特殊设备了，懒得写了
-	[ ! -z "$soctemp" ] && echo "$soctemp" && return
+	[ ! -z "$soctemp" ] && echo "$soctemp" && return 0
 	[ ! -z "$soc_code" ] && eval `echo "$soc_code"` 2>/dev/null
 }
@@ -984,15 +992,14 @@ function cpu_load(){
 	if [ ! -z "$temperature_enable" ] && [ "$temperature_enable" -eq "1" ] && [ ! -z "$temperature" ]; then
 		[ -z "$temperature_time" ] && temperature_time=`date +%s`
 		local cpu_wendu=`soc_temp`;
 		[ -z "$cpu_wendu" ] && echo "`date "+%Y-%m-%d %H:%M:%S"`  【！！！】无法读取设备温度，请检查命令" >> ${logfile}
-		if [ `expr $cpu_wendu \> $temperature` -eq "1" ]; then
+		if [ ! -z "$cpu_wendu" ] && [ `expr $cpu_wendu \> $temperature` -eq "1" ]; then
 			echo "`date "+%Y-%m-%d %H:%M:%S"` 【！！警报！！】 CPU 温度过高: ${cpu_wendu}" >> ${logfile}
 		else
 			temperature_time=`date +%s`
 		fi
-		if [ "$((`date +%s`-$temperature_time))" -ge "300" ] && [ -z "$temperaturecd_time" ]; then
+		if [ ! -z "$cpu_wendu" ] && [ "$((`date +%s`-$temperature_time))" -ge "300" ] && [ -z "$temperaturecd_time" ]; then
 			title="CPU 温度过高！"
 			temperaturecd_time=`date +%s`
 			echo "`date "+%Y-%m-%d %H:%M:%S"` ${disturb_text} CPU 温 度过高: ${cpu_wendu}" >> ${logfile}
@@ -1005,16 +1012,15 @@ function cpu_load(){
 	if [ ! -z "$cpuload_enable" ] && [ "$cpuload_enable" -eq "1" ] && [ ! -z "$cpuload" ]; then
 		[ -z "$cpuload_time" ] && cpuload_time=`date +%s`
 		local cpu_fuzai=`cat /proc/loadavg|awk '{print $1}'` 2>/dev/null
 		[ -z "$cpu_fuzai" ] && echo "`date "+%Y-%m-%d %H:%M:%S"`  【！！！】无法读取设备负载，请检查命令" >> ${logfile}
-		if [ `expr $cpu_fuzai \> $cpuload` -eq "1" ]; then
+		if [ ! -z "$cpu_fuzai" ] && [ `expr $cpu_fuzai \> $cpuload` -eq "1" ]; then
 			echo "`date "+%Y-%m-%d %H:%M:%S"` 【！！警报！！】 CPU 负载过高: ${cpu_fuzai}" >> ${logfile}
 			cputop log
-		else
+		elif [ ! -z "$cpu_fuzai" ]; then
 			cpuload_time=`date +%s`
 		fi
-		if [ "$((`date +%s`-$cpuload_time))" -ge "300" ] && [ -z "$cpucd_time" ]; then
+		if [ ! -z "$cpu_fuzai" ] && [ "$((`date +%s`-$cpuload_time))" -ge "300" ] && [ -z "$cpucd_time" ]; then
 			unset getlogtop
 			if [ ! -z "$title" ] && ( echo "$title"|grep -q "过高" ); then
 				title="设备报警！"
@@ -1175,43 +1181,80 @@ function login_send(){
 	unset login_ip login_sum
 }
-# 添加白名单，懒得写删除项和信息显示了，感觉没啥必要
+# 添加白名单，懒得写删除项和信息显示了，纯粹就是懒
 function add_ip_white() {
-  local ip=$1
+	[ -n "$port_knocking" ] && [ "$port_knocking" -eq "1" ] || return
-  [ -n "$port_knocking" ] && [ "$port_knocking" -eq "1" ] || return
+	# 检查 IP 版本
-  # 检查 IP 版本
+	( echo "$1"|grep -Eq '^([0-9]{1,3}\.){3}[0-9]{1,3}$' ) && local ipset_name="ip_whitelist"
-  if ( echo "$ip" | grep -Eq '^([0-9]{1,3}\.){3}[0-9]{1,3}$' ); then
+	( echo "$1"|grep -Eq '^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' ) && local ipset_name="ip_whitelistv6"
-    local ipset_name="ip_whitelist"
+	[ -z $ipset_name ] && echo "`date "+%Y-%m-%d %H:%M:%S"` 【!!!】白名单添加失败，IP 格式错误" >> ${logfile} && return
-    local iptables_cmd="iptables"
+
-    local nat_table_cmd=""
+	( opkg list-installed|grep -w -q ^firewall4 ) && nft list set inet fw4 $ipset_name >/dev/null 2>&1|grep $1 >/dev/null 2>&1 && nft delete element inet fw4 $ipset_name { $1 } >/dev/null 2>&1
-  elif ( echo "$ip" | grep -Eq '^([0-9a-fA-F]{1,4}:){7}[0-9a-fA-F]{1,4}$' ); then
+	( opkg list-installed|grep -w -q ^firewall4 ) && nft add element inet fw4 $ipset_name { $1 } && return #没找到刷新时间的命令，删除再添加
-    local ipset_name="ip_whitelistv6"
+	ipset -exist add $ipset_name $1 timeout $ip_white_timeout
    local iptables_cmd="ip6tables"
    local nat_table_cmd="family inet6"
  else
    echo "`date "+%Y-%m-%d %H:%M:%S"` 【!!!】白名单添加失败，IP 格式错误" >> ${logfile} && return
  fi
  ipset list $ipset_name >/dev/null 2>&1 || ipset create $ipset_name hash:ip timeout ${ip_white_timeout} >/dev/null 2>&1
  # 端口放行
  if [ ! -z $ip_port_white ]; then
 	$iptables_cmd -C INPUT -m set --match-set $ipset_name src -p tcp -m multiport --dport $ip_port_white -j ACCEPT >/dev/null 2>&1 || $iptables_cmd -I INPUT -m set --match-set $ipset_name src -p tcp -m multiport --dport $ip_port_white -j ACCEPT >/dev/null 2>&1
  fi
  # 端口转发
  for port_forward in "$port_forward_list"; do
 	port_forward=`echo "$port_forward"|sed 's/,/ /g'` 2>/dev/null
 	[ `echo $port_forward| awk -F" " '{print NF}'` -ne "4" ] && continue
    local src_ip=`echo ${port_forward}|awk '{print $1}'`
    local src_port=`echo ${port_forward}|awk '{print $2}'`
    local dst_ip=`echo ${port_forward}|awk '{print $3}'`
    local dst_port=`echo ${port_forward}|awk '{print $4}'`
    $iptables_cmd -t nat -C PREROUTING -m set --match-set $ipset_name src -p tcp --dport $src_port -j DNAT --to-destination "$dst_ip:$dst_port" >/dev/null 2>&1 || $iptables_cmd -t nat -I PREROUTING -m set --match-set $ipset_name src -p tcp --dport $src_port -j DNAT --to-destination "$dst_ip:$dst_port" >/dev/null 2>&1		
    $iptables_cmd -t nat -C POSTROUTING -m set --match-set $ipset_name src -p tcp -d $dst_ip --dport $dst_port -j SNAT --to-source $src_ip >/dev/null 2>&1 || $iptables_cmd -t nat -I POSTROUTING  -m set --match-set $ipset_name src -p tcp -d $dst_ip --dport $dst_port -j SNAT --to-source $src_ip >/dev/null 2>&1
  done
  unset port_forward
  ipset -exist add $ipset_name $ip timeout $ip_white_timeout
 }
 # 初始化白名单
 function init_ip_white() {
 	[ -z $web_login_black ] && [ -z $port_knocking ] && return
 	# 设置 IP 版本变量
 	if [ $1=="ipv4" ]; then
 		local ipset_name="ip_whitelist"
 		local ip_version="ip"
 	elif [ $1=="ipv6" ]; then
 		local ipset_name="ip_whitelistv6"
 		local ip_version="ip6"
 		local nat_table_cmd="family inet6"
 	fi
 	if ( opkg list-installed|grep -w -q ^firewall4 ); then
 		! nft list set inet fw4 $ipset_name >/dev/null 2>&1 && nft add set inet fw4 $ipset_name { type ${1}_addr\; flags timeout\; timeout ${ip_white_timeout}s\; }
 		nft add chain inet fw4 serverchan_dstnat { type nat hook prerouting priority -100 \; }
 		nft add chain inet fw4 serverchan_srcnat { type nat hook postrouting priority 100 \; }
 	else
 		! ipset list $ipset_name >/dev/null 2>&1 && ipset create $ipset_name hash:ip timeout $ip_white_timeout $nat_table_cmd >/dev/null 2>&1
 	fi
 	# 端口放行
 	if [ ! -z $ip_port_white ]; then
 		local ip_port_white=`echo "$ip_port_white"|sed 's/ //g'|sed 's/,/, /g'` 2>/dev/null
 		if ( opkg list-installed|grep -w -q ^firewall4 ); then
 			local count_accept_rules=`nft list ruleset | grep -c "tcp dport.* ${ip_port_white}.* $ip_version saddr @${ipset_name} counter packets .* accept comment \"!serverchan Accept rule\""`
 			if [ $count_accept_rules -eq 0 ]; then
 				nft insert rule inet fw4 input tcp dport { $ip_port_white } $ip_version saddr @$ipset_name counter accept comment "!serverchan Accept rule" >/dev/null 2>&1
 			elif [ $count_accept_rules -ne 1 ]; then
 				local i=0
 				local handles=`nft --handle list ruleset | grep "!serverchan Accept rule" | grep -v "tcp dport.* ${ip_port_white}.* $ip_version saddr @${ipset_name} counter packets .* accept comment \"!serverchan Accept rule\"" | awk '{print $NF}'`
 				for handle in $handles; do
 					[ $i -eq 0 ] && i=1 && continue
 					nft delete rule $handle
 				done
 			fi
 		else
 			${ip_version}tables -C INPUT -m set --match-set $ipset_name src -p tcp -m multiport --dport $ip_port_white -j ACCEPT >/dev/null 2>&1 || ${ip_version}tables -I INPUT -m set --match-set $ipset_name src -p tcp -m multiport --dport $ip_port_white -j ACCEPT >/dev/null 2>&1
 		fi
 	fi
 	unset handle
 	# 端口转发
 	for port_forward in `echo "$port_forward_list"`; do
 		port_forward=`echo "$port_forward"|sed 's/,/ /g'` 2>/dev/null
 		[ `echo $port_forward| awk -F" " '{print NF}'` -ne "4" ] && continue
 		local src_ip=`echo ${port_forward}|awk '{print $1}'`
 		local src_port=`echo ${port_forward}|awk '{print $2}'`
 		local dst_ip=`echo ${port_forward}|awk '{print $3}'`
 		local dst_port=`echo ${port_forward}|awk '{print $4}'`
 		if ( opkg list-installed|grep -w -q ^firewall4 ); then
 			! nft list ruleset|grep "$ip_version saddr @${ipset_name} tcp dport $src_port counter .* dnat $ip_version to $dst_ip:$dst_port comment \"!serverchan DNAT rule\"" >/dev/null 2>&1 && nft insert rule inet fw4 serverchan_dstnat meta nfproto $1 $ip_version saddr @${ipset_name} tcp dport $src_port counter dnat to "$dst_ip:$dst_port" comment \"!serverchan DNAT rule\" >/dev/null 2>&1
 			! nft list ruleset|grep "$ip_version saddr $dst_ip tcp dport $dst_port counter .* snat $ip_version to $src_ip comment \"!serverchan SNAT rule\"" >/dev/null 2>&1 && nft insert rule inet fw4 serverchan_srcnat $ip_version saddr $dst_ip tcp dport $dst_port counter snat to $src_ip comment \"!serverchan SNAT rule\" >/dev/null 2>&1
 		else
 			${ip_version}tables -t nat -C PREROUTING -m set --match-set $ipset_name src -p tcp --dport $src_port -j DNAT --to-destination "$dst_ip:$dst_port" >/dev/null 2>&1 || ${ip_version}tables -t nat -I PREROUTING -m set --match-set $ipset_name src -p tcp --dport $src_port -j DNAT --to-destination "$dst_ip:$dst_port" >/dev/null 2>&1		
 			${ip_version}tables -t nat -C POSTROUTING -m set --match-set $ipset_name src -p tcp -d $dst_ip --dport $dst_port -j SNAT --to-source $src_ip >/dev/null 2>&1 || ${ip_version}tables -t nat -I POSTROUTING -m set --match-set $ipset_name src -p tcp -d $dst_ip --dport $dst_port -j SNAT --to-source $src_ip >/dev/null 2>&1
 		fi
 	done
 	unset port_forward
 }
 # 封禁 iptables 暂时还可以使用，以后再说吧
 # 添加黑名单
 function add_ip_black(){
 	[ ! "$1" ] && return
@@ -1372,7 +1415,7 @@ fi
 # 载入在线设备
 serverchan_init;[ $? -eq 1 ] && echo "`date "+%Y-%m-%d %H:%M:%S"` 【！！！】读取设置出错，请检查设置项 " >> ${logfile} && exit
-echo "`date "+%Y-%m-%d %H:%M:%S"` 【初始化】载入在线设备" >> ${logfile}
+echo "`date "+%Y-%m-%d %H:%M:%S"` 【初始化】载入在线设备..." >> ${logfile}
 > ${dir}send_enable.lock && serverchan_first && deltemp
 echo "`date "+%Y-%m-%d %H:%M:%S"` 【初始化】初始化完成" >> ${logfile}