update 2024-04-25 04:16:58

2024-04-25 04:16:58 +08:00 · 2024-04-25 04:16:58 +08:00 · 81b90dac75
parent f2a1f2da87
commit 81b90dac75
13 changed files with 1189 additions and 751 deletions
--- a/luci-app-passwall/Makefile
+++ b/luci-app-passwall/Makefile
@ -6,7 +6,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=4.77-3
+PKG_VERSION:=4.77-4
 PKG_RELEASE:=
 PKG_CONFIG_DEPENDS:= \
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@ -266,11 +266,8 @@ o.default = "0"
 ---- DNS Forward Mode
 dns_mode = s:taboption("DNS", ListValue, "dns_mode", translate("Filter Mode"))
-dns_mode.rmempty = false
+dns_mode:value("tcp", translatef("Requery DNS By %s", "TCP"))
-dns_mode:reset_values()
+dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
 if api.is_finded("dns2tcp") then
 	dns_mode:value("dns2tcp", translatef("Requery DNS By %s", "TCP"))
 end
 if api.is_finded("dns2socks") then
 	dns_mode:value("dns2socks", "dns2socks")
 end
@ -280,9 +277,8 @@ end
 if has_xray then
 	dns_mode:value("xray", "Xray")
 end
 dns_mode:value("udp", translatef("Requery DNS By %s", "UDP"))
-o = s:taboption("DNS", ListValue, "xray_dns_mode", " ")
+o = s:taboption("DNS", ListValue, "xray_dns_mode", translate("Request protocol"))
 o:value("tcp", "TCP")
 o:value("tcp+doh", "TCP + DoH (" .. translate("A/AAAA type") .. ")")
 o:depends("dns_mode", "xray")
@ -295,7 +291,7 @@ o.write = function(self, section, value)
 	end
 end
-o = s:taboption("DNS", ListValue, "singbox_dns_mode", " ")
+o = s:taboption("DNS", ListValue, "singbox_dns_mode", translate("Request protocol"))
 o:value("tcp", "TCP")
 o:value("doh", "DoH")
 o:depends("dns_mode", "sing-box")
@ -331,7 +327,7 @@ o:value("9.9.9.9", "9.9.9.9 (Quad9-Recommended)")
 o:value("208.67.220.220", "208.67.220.220 (OpenDNS)")
 o:value("208.67.222.222", "208.67.222.222 (OpenDNS)")
 o:depends({dns_mode = "dns2socks"})
-o:depends({dns_mode = "dns2tcp"})
+o:depends({dns_mode = "tcp"})
 o:depends({dns_mode = "udp"})
 o:depends({xray_dns_mode = "tcp"})
 o:depends({xray_dns_mode = "tcp+doh"})
@ -375,13 +371,6 @@ o.validate = function(self, value, t)
 	return value
 end
 o = s:taboption("DNS", Flag, "dns_cache", translate("Cache Resolved"))
 o.default = "1"
 o:depends({dns_mode = "dns2socks"})
 o:depends({dns_mode = "sing-box", remote_fakedns = false})
 o:depends({dns_mode = "xray"})
 o.rmempty = false
 if api.is_finded("chinadns-ng") then
 	o = s:taboption("DNS", Flag, "chinadns_ng", translate("ChinaDNS-NG"), translate("The effect is better, recommend."))
 	o.default = "0"
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@ -145,12 +145,12 @@ msgstr "请确保此Socks服务可用。"
 msgid "Format must be:"
 msgstr "格式必须为："
 msgid "Request protocol"
 msgstr "请求协议"
 msgid "Remote DNS DoH"
 msgstr "远程 DNS DoH"
 msgid "Cache Resolved"
 msgstr "缓存解析结果"
 msgid "Notify the DNS server when the DNS query is notified, the location of the client (cannot be a private IP address)."
 msgstr "用于 DNS 查询时通知 DNS 服务器，客户端所在的地理位置（不能是私有 IP 地址）。"
--- a/luci-app-passwall/root/usr/share/passwall/0_default_config
+++ b/luci-app-passwall/root/usr/share/passwall/0_default_config
@ -6,7 +6,7 @@ config global
 	option udp_node 'nil'
 	option tcp_node_socks_port '1070'
 	option filter_proxy_ipv6 '1'
-	option dns_mode 'dns2tcp'
+	option dns_mode 'tcp'
 	option remote_dns '1.1.1.1'
 	option use_default_dns 'direct'
 	option chinadns_ng '1'
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@ -493,9 +493,9 @@ run_chinadns_ng() {
 	cat <<-EOF > ${_CONF_FILE}
 		verbose
 		bind-addr 127.0.0.1
-		bind-port ${_listen_port}@udp
+		bind-port ${_listen_port}
 		china-dns ${_dns_local}
-		trust-dns udp://${_dns_trust}
+		trust-dns ${_dns_trust}
 		filter-qtype 65
 	EOF
@ -524,7 +524,7 @@ run_chinadns_ng() {
 		cat <<-EOF >> ${_CONF_FILE}
 			group proxylist
 			group-dnl ${RULES_PATH}/proxy_host
-			group-upstream udp://${_dns_trust}
+			group-upstream ${_dns_trust}
 			group-ipset ${blacklist4_set},${blacklist6_set}
 		EOF
 		[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:proxylist" >> ${_CONF_FILE}
@ -567,7 +567,7 @@ run_chinadns_ng() {
 			cat <<-EOF >> ${_CONF_FILE}
 				group chn_proxy
 				group-dnl ${RULES_PATH}/chnlist
-				group-upstream udp://${_dns_trust}
+				group-upstream ${_dns_trust}
 				group-ipset ${chnroute4_set},${chnroute6_set}
 			EOF
 			[ "${_no_ipv6_trust}" = "1" ] && echo "no-ipv6 tag:chn_proxy" >> ${_CONF_FILE}
@ -1219,17 +1219,9 @@ stop_crontab() {
 }
 start_dns() {
 	TUN_DNS="127.0.0.1#${dns_listen_port}"
 	echolog "DNS域名解析："
-	[ "$ENABLED_ACLS" == 1 ] && {
+
-		local items=$(uci show ${CONFIG} | grep "=acl_rule" | cut -d '.' -sf 2 | cut -d '=' -sf 1)
+	TUN_DNS="127.0.0.1#${dns_listen_port}"
 		[ -n "$items" ] && {
 			for item in $items; do
 				[ "$(config_n_get $item enabled)" = "1" ] || continue
 			done
 		}
 	}
 	case "$DNS_MODE" in
 	dns2socks)
@ -1303,33 +1295,44 @@ start_dns() {
 			run_xray ${_args}
 		}
 	;;
 	dns2tcp)
 		use_tcp_node_resolve_dns=1
 		ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${TUN_DNS}" -R "$(get_first_dns REMOTE_DNS 53)" -v
 		echolog "  - dns2tcp(${TUN_DNS}) -> tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')"
 	;;
 	udp)
 		use_udp_node_resolve_dns=1
-		TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
+		if [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ]; then
-		echolog "  - udp://${TUN_DNS}"
+			local china_ng_listen_port=${dns_listen_port}
 			local china_ng_trust_dns="udp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
 		else
 			TUN_DNS="$(echo ${REMOTE_DNS} | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')"
 			echolog "  - udp://${TUN_DNS}"
 		fi
 	;;
 	*)
 		use_tcp_node_resolve_dns=1
 		if [ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ]; then
 			local china_ng_listen_port=${dns_listen_port}
 			local china_ng_trust_dns="tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/:/#/g')"
 		else
 			ln_run "$(first_type dns2tcp)" dns2tcp "/dev/null" -L "${TUN_DNS}" -R "$(get_first_dns REMOTE_DNS 53)" -v
 			echolog "  - dns2tcp(${TUN_DNS}) -> tcp://$(get_first_dns REMOTE_DNS 53 | sed 's/#/:/g')"
 		fi
 	;;
 	esac
-	
+
 	[ -n "${resolve_dns_log}" ] && echolog "  - ${resolve_dns_log}"
 	[ "${use_tcp_node_resolve_dns}" = "1" ] && echolog "  * 请确认上游 DNS 支持 TCP 查询，如非直连地址，确保 TCP 代理打开，并且已经正确转发！"
-	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog "  * 要求代理 DNS 请求，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发！"
+	[ "${use_udp_node_resolve_dns}" = "1" ] && echolog "  * 请确认上游 DNS 支持 UDP 查询并已使用 UDP 节点，如上游 DNS 非直连地址，确保 UDP 代理打开，并且已经正确转发！"
 	[ "$CHINADNS_NG" = "1" ] && [ -n "$(first_type chinadns-ng)" ] && {
 		[ "$FILTER_PROXY_IPV6" = "1" ] && DNSMASQ_FILTER_PROXY_IPV6=0
-		local china_ng_listen_port=$(expr $dns_listen_port + 1)
+		[ -z "${china_ng_listen_port}" ] && local china_ng_listen_port=$(expr $dns_listen_port + 1)
 		local china_ng_listen="127.0.0.1#${china_ng_listen_port}"
 		[ -z "${china_ng_trust_dns}" ] && local china_ng_trust_dns=${TUN_DNS}
 		run_chinadns_ng \
 			_flag="default" \
 			_listen_port=${china_ng_listen_port} \
 			_dns_local=$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",") \
-			_dns_trust=${TUN_DNS} \
+			_dns_trust=${china_ng_trust_dns} \
 			_no_ipv6_trust=${FILTER_PROXY_IPV6} \
 			_use_direct_list=${USE_DIRECT_LIST} \
 			_use_proxy_list=${USE_PROXY_LIST} \
@ -1338,7 +1341,7 @@ start_dns() {
 			_default_mode=${TCP_PROXY_MODE} \
 			_default_tag=$(config_t_get global chinadns_ng_default_tag smart)
-		echolog "  - ChinaDNS-NG(127.0.0.1#${china_ng_listen_port})：直连DNS：$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")，可信DNS：${TUN_DNS}"
+		echolog "  - ChinaDNS-NG(${china_ng_listen})：直连DNS：$(echo -n $(echo "${LOCAL_DNS}" | sed "s/,/\n/g" | head -n2) | tr " " ",")，可信DNS：${china_ng_trust_dns}"
 		USE_DEFAULT_DNS="chinadns_ng"
 	}
@ -1763,8 +1766,8 @@ LOCALHOST_PROXY=$(config_t_get global localhost_proxy 1)
 	LOCALHOST_UDP_PROXY_MODE=$UDP_PROXY_MODE
 }
 CLIENT_PROXY=$(config_t_get global client_proxy 1)
-DNS_MODE=$(config_t_get global dns_mode dns2tcp)
+DNS_MODE=$(config_t_get global dns_mode tcp)
-DNS_CACHE=$(config_t_get global dns_cache 0)
+DNS_CACHE=0
 REMOTE_DNS=$(config_t_get global remote_dns 1.1.1.1:53 | sed 's/#/:/g' | sed -E 's/\:([^:]+)$/#\1/g')
 CHINADNS_NG=$(config_t_get global chinadns_ng 0)
 USE_DEFAULT_DNS=$(config_t_get global use_default_dns direct)
--- a/luci-app-passwall/root/usr/share/passwall/haproxy.lua
+++ b/luci-app-passwall/root/usr/share/passwall/haproxy.lua
@ -35,8 +35,10 @@ local haproxy_dns = var["-dns"] or "119.29.29.29:53,223.5.5.5:53"
 local cpu_thread = sys.exec('echo -n $(cat /proc/cpuinfo | grep "processor" | wc -l)') or "1"
 local health_check_type = uci:get(appname, "@global_haproxy[0]", "health_check_type") or "tcp"
 local health_check_inter = uci:get(appname, "@global_haproxy[0]", "health_check_inter") or "10"
 local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
-log("HAPROXY 负载均衡...")
+log("HAPROXY 负载均衡：")
 log(string.format("  * 控制台端口：%s", console_port))
 fs.mkdir(haproxy_path)
 local haproxy_file = haproxy_path .. "/" .. haproxy_conf
@ -159,7 +161,7 @@ end
 table.sort(sortTable, function(a,b) return (a < b) end)
 for i, port in pairs(sortTable) do
-	log("  + 入口 0.0.0.0:%s..." % port)
+	log("  +  入口 0.0.0.0:%s" % port)
 	f_out:write("\n" .. string.format([[
 listen %s
@ -201,7 +203,6 @@ listen %s
 end
 --控制台配置
 local console_port = uci:get(appname, "@global_haproxy[0]", "console_port")
 local console_user = uci:get(appname, "@global_haproxy[0]", "console_user")
 local console_password = uci:get(appname, "@global_haproxy[0]", "console_password")
 local str = [[
@ -214,6 +215,5 @@ listen console
 	%s
 ]]
 f_out:write("\n" .. string.format(str, console_port, (console_user and console_user ~= "" and console_password and console_password ~= "") and "stats auth " .. console_user .. ":" .. console_password or ""))
 log(string.format("  * 控制台端口：%s", console_port))
 f_out:close()
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@ -180,9 +180,9 @@ get_wan6_ip() {
 }
 load_acl() {
 	([ "$ENABLED_ACLS" == 1 ] || ([ "$ENABLED_DEFAULT_ACL" == 1 ] && [ "$CLIENT_PROXY" == 1 ])) && echolog "  - 访问控制："
 	[ "$ENABLED_ACLS" == 1 ] && {
 		acl_app
 		echolog "访问控制："
 		for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}' | grep -v 'default'); do
 			eval $(uci -q show "${CONFIG}.${sid}" | cut -d'.' -sf 3-)
@ -255,11 +255,11 @@ load_acl() {
 					if [ "$tcp_no_redir_ports" != "1:65535" ]; then
 						$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN 2>/dev/null
 						$ipt_tmp -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -m multiport --dport $tcp_no_redir_ports -j RETURN
-						echolog "  - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]"
+						echolog "     - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]"
 					else
 						#结束时会return，无需加多余的规则。
 						unset tcp_port
-						echolog "  - ${msg}不代理所有 TCP 端口"
+						echolog "     - ${msg}不代理所有 TCP 端口"
 					fi
 				}
@ -267,11 +267,11 @@ load_acl() {
 					if [ "$udp_no_redir_ports" != "1:65535" ]; then
 						$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -m multiport --dport $udp_no_redir_ports -j RETURN 2>/dev/null
 						$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -m multiport --dport $udp_no_redir_ports -j RETURN
-						echolog "  - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]"
+						echolog "     - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]"
 					else
 						#结束时会return，无需加多余的规则。
 						unset udp_port
-						echolog "  - ${msg}不代理所有 UDP 端口"
+						echolog "     - ${msg}不代理所有 UDP 端口"
 					fi
 				}
@ -298,7 +298,7 @@ load_acl() {
 						[ "${use_gfw_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
 						[ "${chn_list}" != "0" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list} "-j DROP")
 						[ "${tcp_proxy_mode}" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") -p tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "-m multiport --dport") -j DROP
-						echolog "  - ${msg}屏蔽代理 TCP 端口[${tcp_proxy_drop_ports}]"
+						echolog "     - ${msg}屏蔽代理 TCP 端口[${tcp_proxy_drop_ports}]"
 					}
 					[ "$udp_proxy_drop_ports" != "disable" ] && {
@ -315,7 +315,7 @@ load_acl() {
 						[ "${use_gfw_list}" = "1" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
 						[ "${chn_list}" != "0" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${chn_list} "-j DROP")
 						[ "${udp_proxy_mode}" != "disable" ] && $ipt_m -A PSW $(comment "$remarks") -p udp ${_ipt_source} $(factor $udp_proxy_drop_ports "-m multiport --dport") -j DROP
-						echolog "  - ${msg}屏蔽代理 UDP 端口[${udp_proxy_drop_ports}]"
+						echolog "     - ${msg}屏蔽代理 UDP 端口[${udp_proxy_drop_ports}]"
 					}
 				}
@ -374,7 +374,7 @@ load_acl() {
 					else
 						msg2="${msg}不代理 TCP"
 					fi
-					echolog "  - ${msg2}"
+					echolog "     - ${msg2}"
 				}
 				$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN 2>/dev/null
@ -404,7 +404,7 @@ load_acl() {
 					else
 						msg2="${msg}不代理 UDP"
 					fi
-					echolog "  - ${msg2}"
+					echolog "     - ${msg2}"
 				}
 				$ip6t_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
 				$ipt_m -A PSW $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
@ -424,10 +424,10 @@ load_acl() {
 			$ip6t_m -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
 			$ipt_tmp -A PSW $(comment "默认") -p tcp -m multiport --dport $TCP_NO_REDIR_PORTS -j RETURN
 			if [ "$TCP_NO_REDIR_PORTS" != "1:65535" ]; then
-				echolog "  - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]"
+				echolog "     - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]"
 			else
 				unset TCP_PROXY_MODE
-				echolog "  - ${msg}不代理所有 TCP 端口"
+				echolog "     - ${msg}不代理所有 TCP 端口"
 			fi
 		}
@ -435,10 +435,10 @@ load_acl() {
 			$ip6t_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
 			$ipt_m -A PSW $(comment "默认") -p udp -m multiport --dport $UDP_NO_REDIR_PORTS -j RETURN
 			if [ "$UDP_NO_REDIR_PORTS" != "1:65535" ]; then
-				echolog "  - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]"
+				echolog "     - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]"
 			else
 				unset UDP_PROXY_MODE
-				echolog "  - ${msg}不代理所有 UDP 端口"
+				echolog "     - ${msg}不代理所有 UDP 端口"
 			fi
 		}
@ -465,7 +465,7 @@ load_acl() {
 				[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
 				[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j DROP")
 				[ "${TCP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p tcp $(factor $TCP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
-				echolog "  - ${msg}屏蔽代理 TCP 端口[${TCP_PROXY_DROP_PORTS}]"
+				echolog "     - ${msg}屏蔽代理 TCP 端口[${TCP_PROXY_DROP_PORTS}]"
 			}
 			[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
@ -482,7 +482,7 @@ load_acl() {
 				[ "${USE_GFW_LIST}" = "1" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_GFW) -j DROP
 				[ "${CHN_LIST}" != "0" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") $(dst $IPSET_CHN) $(get_jump_ipt ${CHN_LIST} "-j DROP")
 				[ "${UDP_PROXY_MODE}" != "disable" ] && $ipt_m -A PSW $(comment "默认") -p udp $(factor $UDP_PROXY_DROP_PORTS "-m multiport --dport") -j DROP
-				echolog "  - ${msg}屏蔽代理 UDP 端口[${UDP_PROXY_DROP_PORTS}]"
+				echolog "     - ${msg}屏蔽代理 UDP 端口[${UDP_PROXY_DROP_PORTS}]"
 			}
 		}
@ -539,7 +539,7 @@ load_acl() {
 					$ip6t_m -A PSW $(comment "默认") -p tcp $(REDIRECT $TCP_REDIR_PORT TPROXY)
 				}
-				echolog "  - ${msg2}"
+				echolog "     - ${msg2}"
 			}
 		fi
 		$ipt_n -A PSW $(comment "默认") -p tcp -j RETURN
@ -568,7 +568,7 @@ load_acl() {
 					$ip6t_m -A PSW $(comment "默认") -p udp $(REDIRECT $UDP_REDIR_PORT TPROXY)
 				}
-				echolog "  - ${msg2}"
+				echolog "     - ${msg2}"
 				udp_flag=1
 			}
 		fi
@ -582,13 +582,13 @@ filter_haproxy() {
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
 		ipset -q add $IPSET_VPSLIST $ip
 	done
-	echolog "加入负载均衡的节点到ipset[$IPSET_VPSLIST]直连完成"
+	echolog "  - [$?]加入负载均衡的节点到ipset[$IPSET_VPSLIST]"
 }
 filter_vpsip() {
 	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	echolog "加入所有节点到ipset[$IPSET_VPSLIST]直连完成"
+	echolog "  - [$?]加入所有节点到ipset[$IPSET_VPSLIST]"
 }
 filter_node() {
@ -1108,19 +1108,19 @@ add_firewall_rule() {
 		$ip6t_m -I OUTPUT $(comment "mangle-OUTPUT-PSW") -o lo -j RETURN
 		insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW) -m mark --mark 1 -j RETURN"
 		$ipt_m -A PSW -p udp --dport 53 -j RETURN
 		$ip6t_m -A PSW -p udp --dport 53 -j RETURN
 	}
 	#  加载ACLS
 	load_acl
-		
+
 	for iface in $(ls ${TMP_IFACE_PATH}); do
 		$ipt_n -I PSW_OUTPUT -o $iface -j RETURN
 		$ipt_m -I PSW_OUTPUT -o $iface -j RETURN
 	done
 	$ipt_n -I PREROUTING $(comment "PSW") -m mark --mark 1 -j RETURN
 	$ip6t_n -I PREROUTING $(comment "PSW") -m mark --mark 1 -j RETURN
 	[ -n "${is_tproxy}" -o -n "${udp_flag}" ] && {
 		bridge_nf_ipt=$(sysctl -e -n net.bridge.bridge-nf-call-iptables)
 		echo -n $bridge_nf_ipt > $TMP_PATH/bridge_nf_ipt
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@ -213,9 +213,9 @@ get_wan6_ip() {
 }
 load_acl() {
 	([ "$ENABLED_ACLS" == 1 ] || ([ "$ENABLED_DEFAULT_ACL" == 1 ] && [ "$CLIENT_PROXY" == 1 ])) && echolog "  - 访问控制："
 	[ "$ENABLED_ACLS" == 1 ] && {
 		acl_app
 		echolog "访问控制："
 		for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}' | grep -v 'default'); do
 			eval $(uci -q show "${CONFIG}.${sid}" | cut -d'.' -sf 3-)
@ -285,11 +285,11 @@ load_acl() {
 					if [ "$tcp_no_redir_ports" != "1:65535" ]; then
 						nft "add rule inet fw4 $nft_prerouting_chain ${_ipt_source} ip protocol tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
 						nft "add rule inet fw4 PSW_MANGLE_V6 ${_ipt_source} meta l4proto tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
-						echolog "  - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]"
+						echolog "     - ${msg}不代理 TCP 端口[${tcp_no_redir_ports}]"
 					else
 						#结束时会return，无需加多余的规则。
 						unset tcp_port
-						echolog "  - ${msg}不代理所有 TCP 端口"
+						echolog "     - ${msg}不代理所有 TCP 端口"
 					fi
 				}
@ -297,11 +297,11 @@ load_acl() {
 					if [ "$udp_no_redir_ports" != "1:65535" ]; then
 						nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\""
 						nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\"" 2>/dev/null
-						echolog "  - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]"
+						echolog "     - ${msg}不代理 UDP 端口[${udp_no_redir_ports}]"
 					else
 						#结束时会return，无需加多余的规则。
 						unset udp_port
-						echolog "  - ${msg}不代理所有 UDP 端口"
+						echolog "     - ${msg}不代理所有 UDP 端口"
 					fi
 				}
@ -329,7 +329,7 @@ load_acl() {
 						[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr @$NFTSET_GFW counter drop comment \"$remarks\""
 						[ "${chn_list}" != "0" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list} "counter drop") comment \"$remarks\""
 						[ "${tcp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} $(factor $tcp_proxy_drop_ports "tcp dport") counter drop comment \"$remarks\""
-						echolog "  - ${msg}屏蔽代理 TCP 端口[${tcp_proxy_drop_ports}]"
+						echolog "     - ${msg}屏蔽代理 TCP 端口[${tcp_proxy_drop_ports}]"
 					}
 					[ "$udp_proxy_drop_ports" != "disable" ] && {
@ -346,7 +346,7 @@ load_acl() {
 						[ "${use_gfw_list}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr @$NFTSET_GFW counter drop comment \"$remarks\"" 2>/dev/null
 						[ "${chn_list}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${chn_list} "counter drop") comment \"$remarks\"" 2>/dev/null
 						[ "${udp_proxy_mode}" != "disable" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_proxy_drop_ports "udp dport") counter drop comment \"$remarks\"" 2>/dev/null
-						echolog "  - ${msg}屏蔽代理 UDP 端口[${udp_proxy_drop_ports}]"
+						echolog "     - ${msg}屏蔽代理 UDP 端口[${udp_proxy_drop_ports}]"
 					}
 				}
@ -409,7 +409,7 @@ load_acl() {
 					else
 						msg2="${msg}不代理 TCP"
 					fi
-					echolog "  - ${msg2}"
+					echolog "     - ${msg2}"
 				}
 				nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp ${_ipt_source} counter return comment \"$remarks\""
@ -439,7 +439,7 @@ load_acl() {
 					else
 						msg2="${msg}不代理 UDP"
 					fi
-					echolog "  - ${msg2}"
+					echolog "     - ${msg2}"
 				}
 				nft "add rule inet fw4 PSW_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
 				nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
@ -456,10 +456,10 @@ load_acl() {
 			nft "add rule inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"默认\""
 			nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"默认\""
 			if [ "$TCP_NO_REDIR_PORTS" != "1:65535" ]; then
-				echolog "  - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]"
+				echolog "     - ${msg}不代理 TCP 端口[${TCP_NO_REDIR_PORTS}]"
 			else
 				unset TCP_PROXY_MODE
-				echolog "  - ${msg}不代理所有 TCP 端口"
+				echolog "     - ${msg}不代理所有 TCP 端口"
 			fi
 		}
@ -467,10 +467,10 @@ load_acl() {
 			nft "add inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"默认\""
 			nft "add inet fw4 PSW_MANGLE_V6 counter meta l4proto udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"默认\""
 			if [ "$UDP_NO_REDIR_PORTS" != "1:65535" ]; then
-				echolog "  - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]"
+				echolog "     - ${msg}不代理 UDP 端口[${UDP_NO_REDIR_PORTS}]"
 			else
 				unset UDP_PROXY_MODE
-				echolog "  - ${msg}不代理所有 UDP 端口"
+				echolog "     - ${msg}不代理所有 UDP 端口"
 			fi
 		}
@ -499,7 +499,7 @@ load_acl() {
 				[ "${USE_GFW_LIST}" = "1" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr @$NFTSET_GFW counter drop comment \"默认\""
 				[ "${CHN_LIST}" != "0" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} "counter drop") comment \"默认\""
 				[ "${TCP_PROXY_MODE}" != "disable" ] && nft "add inet fw4 $nft_prerouting_chain ip protocol tcp $(factor $TCP_PROXY_DROP_PORTS "tcp dport") counter drop comment \"默认\""
-				echolog "  - ${msg}屏蔽代理 TCP 端口[${TCP_PROXY_DROP_PORTS}]"
+				echolog "     - ${msg}屏蔽代理 TCP 端口[${TCP_PROXY_DROP_PORTS}]"
 			}
 			[ "$UDP_PROXY_DROP_PORTS" != "disable" ] && {
@ -516,7 +516,7 @@ load_acl() {
 				[ "${USE_GFW_LIST}" = "1" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr @$NFTSET_GFW counter drop comment \"默认\""
 				[ "${CHN_LIST}" != "0" ] && nft "add rule inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") ip daddr @$NFTSET_CHN $(get_jump_ipt ${CHN_LIST} "counter drop") comment \"默认\""
 				[ "${UDP_PROXY_MODE}" != "disable" ] && nft "add inet fw4 PSW_MANGLE ip protocol udp $(factor $UDP_PROXY_DROP_PORTS "udp dport") counter drop comment \"默认\""
-				echolog "  - ${msg}屏蔽代理 UDP 端口[${UDP_PROXY_DROP_PORTS}]"
+				echolog "     - ${msg}屏蔽代理 UDP 端口[${UDP_PROXY_DROP_PORTS}]"
 			}
 		}
@ -580,7 +580,7 @@ load_acl() {
 					nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto tcp counter return comment \"默认\""
 				}
-				echolog "  - ${msg2}"
+				echolog "     - ${msg2}"
 			}
 		fi
@ -608,7 +608,7 @@ load_acl() {
 					nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp counter return comment \"默认\""
 				}
-				echolog "  - ${msg2}"
+				echolog "     - ${msg2}"
 				udp_flag=1
 			}
 		fi
@ -620,7 +620,7 @@ filter_haproxy() {
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
 		insert_nftset $NFTSET_VPSLIST "-1" $ip
 	done
-	echolog "加入负载均衡的节点到nftset[$NFTSET_VPSLIST]直连完成"
+	echolog "  - [$?]加入负载均衡的节点到nftset[$NFTSET_VPSLIST]直连完成"
 }
 filter_vps_addr() {
@ -635,7 +635,7 @@ filter_vps_addr() {
 filter_vpsip() {
 	insert_nftset $NFTSET_VPSLIST "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d")
 	insert_nftset $NFTSET_VPSLIST6 "-1" $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
-	echolog "加入所有节点到nftset[$NFTSET_VPSLIST]直连完成"
+	echolog "  - [$?]加入所有节点到nftset[$NFTSET_VPSLIST]直连完成"
 }
 filter_node() {
@ -1149,14 +1149,11 @@ add_firewall_rule() {
 		nft "add rule inet fw4 mangle_output oif lo counter return comment \"PSW_OUTPUT_MANGLE\""
 		nft "add rule inet fw4 mangle_output meta mark 1 counter return comment \"PSW_OUTPUT_MANGLE\""
 		nft "add rule inet fw4 PSW_MANGLE ip protocol udp udp dport 53 counter return"
 		nft "add rule inet fw4 PSW_MANGLE_V6 meta l4proto udp udp dport 53 counter return"
 	}
 	#  加载ACLS
 	load_acl
-	
+
 	for iface in $(ls ${TMP_IFACE_PATH}); do
 		nft "insert rule inet fw4 $nft_output_chain oif $iface counter return"
 		nft "insert rule inet fw4 PSW_OUTPUT_MANGLE_V6 oif $iface counter return"
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnlist
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnlist
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnroute
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnroute
@ -206,6 +206,7 @@
 101.52.112.0/21
 101.52.124.0/22
 101.52.128.0/20
 101.52.200.0/21
 101.52.212.0/22
 101.52.216.0/21
 101.52.236.0/22
@ -264,7 +265,6 @@
 103.101.148.0/22
 103.101.180.0/22
 103.101.184.0/22
 103.101.204.0/23
 103.101.4.0/22
 103.101.60.0/22
 103.101.8.0/22
@ -273,7 +273,6 @@
 103.102.180.0/22
 103.102.184.0/22
 103.102.188.0/22
 103.102.192.0/21
 103.102.192.0/22
 103.102.196.0/22
 103.102.200.0/22
@ -325,7 +324,6 @@
 103.106.196.0/22
 103.106.202.0/23
 103.106.212.0/22
 103.106.244.0/22
 103.106.252.0/22
 103.106.36.0/22
 103.106.40.0/22
@ -588,6 +586,7 @@
 103.132.80.0/23
 103.133.12.0/22
 103.133.128.0/22
 103.133.128.0/24
 103.133.136.0/22
 103.133.136.0/23
 103.133.176.0/22
@ -1303,6 +1302,7 @@
 103.204.236.0/22
 103.204.24.0/22
 103.204.72.0/22
 103.204.74.0/23
 103.204.88.0/22
 103.205.108.0/22
 103.205.116.0/22
@ -1409,14 +1409,7 @@
 103.213.148.0/22
 103.213.152.0/22
 103.213.156.0/22
-103.213.160.0/22
+103.213.160.0/19
 103.213.164.0/22
 103.213.168.0/22
 103.213.172.0/22
 103.213.176.0/22
 103.213.180.0/22
 103.213.184.0/22
 103.213.188.0/22
 103.213.196.0/23
 103.213.198.0/23
 103.213.226.0/23
@ -1427,14 +1420,7 @@
 103.213.52.0/22
 103.213.56.0/22
 103.213.60.0/22
-103.213.64.0/22
+103.213.64.0/19
 103.213.68.0/22
 103.213.72.0/22
 103.213.76.0/22
 103.213.80.0/22
 103.213.84.0/22
 103.213.88.0/22
 103.213.92.0/22
 103.213.96.0/22
 103.214.212.0/22
 103.214.240.0/22
@ -3294,7 +3280,6 @@
 103.73.28.0/22
 103.73.4.0/22
 103.73.48.0/22
 103.73.48.0/24
 103.73.8.0/22
 103.74.124.0/22
 103.74.148.0/22
@ -3935,6 +3920,7 @@
 112.122.0.0/15
 112.124.0.0/14
 112.128.0.0/14
 112.128.0.0/23
 112.132.0.0/16
 112.137.48.0/21
 112.192.0.0/14
@ -4107,7 +4093,6 @@
 114.28.224.0/22
 114.28.228.0/23
 114.28.235.0/24
 114.28.236.0/22
 114.28.248.0/21
 114.28.68.0/22
 114.28.72.0/21
@ -4363,6 +4348,7 @@
 117.72.255.0/24
 117.72.32.0/20
 117.72.64.0/21
 117.72.72.0/22
 117.72.8.0/21
 117.73.0.0/20
 117.73.16.0/21
@ -4512,7 +4498,6 @@
 118.242.0.0/16
 118.242.0.0/22
 118.242.16.0/22
 118.242.200.0/24
 118.242.236.0/22
 118.242.24.0/22
 118.242.32.0/22
@ -4684,7 +4669,6 @@
 119.42.224.0/19
 119.44.0.0/15
 119.44.0.0/22
 119.44.10.0/23
 119.44.12.0/24
 119.44.16.0/22
 119.44.192.0/24
@ -4705,7 +4689,7 @@
 119.44.46.0/24
 119.44.56.0/21
 119.44.7.0/24
-119.44.9.0/24
+119.44.8.0/22
 119.45.0.0/16
 119.48.0.0/13
 119.57.0.0/16
@ -4937,6 +4921,8 @@
 122.119.180.0/22
 122.119.190.0/24
 122.119.20.0/22
 122.119.232.0/23
 122.119.236.0/24
 122.119.24.0/23
 122.119.32.0/24
 122.119.4.0/23
@ -5057,6 +5043,7 @@
 123.254.96.0/22
 123.4.0.0/14
 123.49.128.0/17
 123.49.192.0/23
 123.49.240.0/22
 123.50.160.0/19
 123.52.0.0/14
@ -5404,8 +5391,6 @@
 140.224.0.0/16
 140.237.0.0/16
 140.240.0.0/16
 140.242.223.0/24
 140.242.224.0/24
 140.243.0.0/16
 140.246.0.0/16
 140.249.0.0/16
@ -5528,7 +5513,6 @@
 154.203.4.0/22
 154.203.8.0/21
 154.204.16.0/21
 154.204.181.0/24
 154.208.144.0/20
 154.209.230.0/23
 154.209.24.0/21
@ -5548,7 +5532,7 @@
 154.48.224.0/24
 154.48.227.0/24
 154.48.237.0/24
-154.48.252.0/23
+154.48.252.0/24
 154.72.41.0/24
 154.72.42.0/24
 154.72.44.0/24
@ -5563,7 +5547,6 @@
 156.107.170.0/24
 156.107.178.0/23
 156.107.180.0/23
 156.224.27.0/24
 156.224.8.0/21
 156.225.130.0/24
 156.227.1.0/24
@ -5635,6 +5618,10 @@
 157.61.0.0/16
 157.66.42.0/23
 157.66.70.0/23
 157.66.88.0/23
 157.66.90.0/23
 157.66.92.0/23
 157.66.94.0/23
 158.140.252.0/22
 158.60.0.0/16
 158.79.0.0/16
@ -5701,9 +5688,8 @@
 163.181.16.0/22
 163.181.160.0/24
 163.181.162.0/23
-163.181.164.0/24
+163.181.164.0/22
-163.181.166.0/23
+163.181.168.0/23
 163.181.169.0/24
 163.181.171.0/24
 163.181.176.0/21
 163.181.184.0/22
@ -5759,7 +5745,7 @@
 163.53.188.0/22
 163.53.19.0/24
 163.53.240.0/22
-163.53.244.0/23
+163.53.244.0/24
 163.53.247.0/24
 163.53.36.0/22
 163.53.4.0/22
@ -5880,7 +5866,6 @@
 180.178.252.0/22
 180.184.0.0/15
 180.184.0.0/21
 180.184.12.0/23
 180.184.128.0/20
 180.184.14.0/24
 180.184.144.0/21
@ -5894,7 +5879,7 @@
 180.184.24.0/21
 180.184.32.0/19
 180.184.64.0/18
-180.184.8.0/22
+180.184.8.0/23
 180.186.0.0/16
 180.186.38.0/23
 180.186.40.0/22
@ -6551,7 +6536,7 @@
 202.46.41.0/24
 202.46.42.0/23
 202.46.45.0/24
-202.46.46.0/23
+202.46.46.0/24
 202.46.48.0/20
 202.47.100.0/22
 202.47.104.0/21
@ -8581,7 +8566,6 @@
 219.232.160.0/19
 219.232.192.0/19
 219.233.0.0/16
 219.234.0.0/21
 219.234.128.0/17
 219.234.64.0/18
 219.235.128.0/19
@ -8870,7 +8854,7 @@
 222.90.0.0/15
 222.92.0.0/14
 223.0.0.0/15
-223.0.1.0/24
+223.0.0.0/23
 223.0.10.0/24
 223.0.12.0/23
 223.0.126.0/24
@ -9023,15 +9007,11 @@
 36.206.0.0/16
 36.212.0.0/17
 36.212.128.0/18
-36.212.192.0/24
+36.212.192.0/22
-36.212.202.0/23
+36.212.200.0/21
 36.212.204.0/22
 36.212.208.0/20
-36.212.225.0/24
+36.212.224.0/19
-36.212.226.0/23
+36.213.0.0/20
 36.212.228.0/22
 36.212.232.0/21
 36.212.240.0/22
 36.248.0.0/14
 36.254.0.0/16
 36.255.116.0/22
@ -9070,7 +9050,6 @@
 38.249.0.0/16
 38.60.149.0/24
 38.60.34.0/24
 38.60.40.0/24
 38.60.45.0/24
 39.0.0.0/24
 39.0.128.0/17
@ -9148,7 +9127,8 @@
 42.201.0.0/17
 42.201.32.0/19
 42.201.64.0/21
-42.201.72.0/24
+42.201.72.0/22
 42.201.76.0/24
 42.202.0.0/15
 42.204.0.0/14
 42.208.0.0/12
@ -9420,8 +9400,6 @@
 43.230.10.0/23
 43.230.124.0/22
 43.230.136.0/22
 43.230.136.0/24
 43.230.138.0/23
 43.230.182.0/24
 43.230.20.0/22
 43.230.220.0/22
@ -10008,6 +9986,7 @@
 43.255.0.0/22
 43.255.116.0/23
 43.255.144.0/22
 43.255.156.0/24
 43.255.16.0/22
 43.255.176.0/22
 43.255.184.0/22
@ -10038,9 +10017,8 @@
 44.31.165.0/24
 44.31.212.0/24
 44.31.216.0/24
 44.31.231.0/24
 44.31.28.0/24
-44.31.42.0/23
+44.31.43.0/24
 44.31.81.0/24
 44.31.96.0/24
 44.32.69.0/24
@ -10277,9 +10255,8 @@
 45.147.6.0/24
 45.151.47.0/24
 45.154.104.0/24
-45.157.88.0/24
+45.172.164.0/22
 45.192.160.0/20
 45.192.182.0/23
 45.192.184.0/24
 45.192.187.0/24
 45.192.189.0/24
@ -10289,6 +10266,8 @@
 45.207.176.0/20
 45.207.192.0/19
 45.207.26.0/23
 45.227.248.0/23
 45.227.250.0/24
 45.248.100.0/22
 45.248.104.0/22
 45.248.108.0/22
@ -10751,6 +10730,7 @@
 54.222.57.0/24
 54.222.59.0/24
 54.222.60.0/22
 54.222.64.0/24
 54.222.70.0/23
 54.222.72.0/21
 54.222.80.0/21
@ -10840,7 +10820,7 @@
 59.153.152.0/22
 59.153.164.0/22
 59.153.168.0/22
-59.153.168.0/23
+59.153.168.0/24
 59.153.172.0/22
 59.153.176.0/22
 59.153.180.0/22
@ -10942,7 +10922,7 @@
 60.218.0.0/15
 60.220.0.0/14
 60.232.0.0/15
-60.232.128.0/17
+60.232.0.0/16
 60.235.0.0/16
 60.24.0.0/14
 60.245.128.0/17
--- a/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
+++ b/luci-app-passwall/root/usr/share/passwall/rules/chnroute6
@ -21,6 +21,9 @@
 2001:cc0::/32
 2001:da8::/32
 2001:da9::/32
 2001:daa:1::/48
 2001:daa:2::/48
 2001:daa:4::/47
 2001:daa::/32
 2001:dc7::/32
 2001:dd8:1::/48
@ -97,7 +100,6 @@
 2001:df4:c180::/48
 2001:df4:c580::/48
 2001:df4:c780::/48
 2001:df4:cf00::/48
 2001:df4:d80::/48
 2001:df4:de80::/48
 2001:df5:2080::/48
@ -251,7 +253,6 @@
 2400:6fc0::/32
 2400:7040::/32
 2400:70a0::/32
 2400:70e0:bed::/48
 2400:7100::/32
 2400:7140::/32
 2400:71c0::/32
@ -532,8 +533,10 @@
 2401:3480:3000::/36
 2401:3480::/32
 2401:3480::/36
 2401:34a0::/31
 2401:34a0::/32
 2401:34a1::/32
 2401:34a2::/31
 2401:34c0::/32
 2401:3640::/32
 2401:3780::/32
@ -631,10 +634,16 @@
 2401:8f40::/32
 2401:8fc0::/32
 2401:90a0::/32
 2401:9260::/32
 2401:92a0::/32
 2401:92e0::/32
 2401:9340::/32
 2401:95c0:f001::/48
 2401:95e0::/32
 2401:9600::/32
 2401:96c0::/32
 2401:96e0::/32
 2401:9720::/32
 2401:9740::/32
 2401:98c0::/32
 2401:9a00::/32
@ -1331,6 +1340,7 @@
 2404:1e80::/32
 2404:1f40::/32
 2404:21c0::/32
 2404:2280:103::/48
 2404:2280:106::/47
 2404:2280:10c::/47
 2404:2280:112::/47
@ -1343,6 +1353,7 @@
 2404:2280:13b::/48
 2404:2280:13c::/47
 2404:2280:147::/48
 2404:2280:152::/48
 2404:2280:193::/48
 2404:2280:196::/48
 2404:2280:199::/48
@ -1350,9 +1361,9 @@
 2404:2280:19c::/47
 2404:2280:19e::/48
 2404:2280:1a4::/47
 2404:2280:1b0::/48
 2404:2280:1b2::/48
-2404:2280:1b4::/48
+2404:2280:1b4::/46
 2404:2280:1b6::/47
 2404:2280:1b8::/47
 2404:2280:1ba::/48
 2404:2280:1bf::/48
@ -1373,6 +1384,7 @@
 2404:2280:1e4::/46
 2404:2280:1e8::/48
 2404:2280:1ea::/48
 2404:2280:1ec::/48
 2404:2280:1ee::/48
 2404:2280:1f0::/45
 2404:2280:1f8::/46
@ -1672,6 +1684,8 @@
 2405:6d80::/32
 2405:6e80::/32
 2405:6f00::/32
 2405:6f00:c101::/48
 2405:6f00:c102::/48
 2405:6f00:c170::/47
 2405:6f00:c602::/48
 2405:6f80::/32
@ -1969,7 +1983,10 @@
 2406:840:9801::/48
 2406:840:9810::/48
 2406:840:981c::/46
-2406:840:9960::/44
+2406:840:9960::/47
 2406:840:9962::/48
 2406:840:9969::/48
 2406:840:996f::/48
 2406:840:9980::/48
 2406:840:9984::/48
 2406:840:9ef0::/44
@ -1991,12 +2008,11 @@
 2406:840:e20f::/48
 2406:840:e230::/48
 2406:840:e270::/44
 2406:840:e280::/48
 2406:840:e300::/47
 2406:840:e302::/48
 2406:840:e340::/44
 2406:840:e36f::/48
-2406:840:e500::/47
+2406:840:e501::/48
 2406:840:e57b::/48
 2406:840:e57f::/48
 2406:840:e666::/47
@ -2010,35 +2026,32 @@
 2406:840:e84c::/47
 2406:840:e84f::/48
 2406:840:e880::/44
-2406:840:eab0::/48
+2406:840:eab0::/46
 2406:840:eab2::/47
 2406:840:eab4::/48
 2406:840:eab6::/48
 2406:840:eb00::/46
 2406:840:eb04::/47
 2406:840:eb07::/48
 2406:840:eb08::/47
 2406:840:eb0b::/48
 2406:840:eb0f::/48
 2406:840:eb80::/42
 2406:840:eef0::/44
 2406:840:efa0::/44
 2406:840:f0a1::/48
 2406:840:f0aa::/48
 2406:840:f100::/47
 2406:840:f200::/44
 2406:840:f230::/44
 2406:840:f380::/44
 2406:840:f440::/47
 2406:840:f44f::/48
 2406:840:f48f::/48
 2406:840:f660::/44
 2406:840:f681::/48
 2406:840:f990::/44
 2406:840:fa01::/48
 2406:840:fa02::/48
 2406:840:fd00::/47
 2406:840:fd03::/48
 2406:840:fd1f::/48
 2406:840:fde0::/48
 2406:840:fe27::/48
 2406:840:fe50::/48
 2406:840:fe60::/48
@ -2058,7 +2071,9 @@
 2406:840:fef0::/46
 2406:840:fef5::/48
 2406:840:fef7::/48
-2406:840:fef8::/45
+2406:840:fef8::/47
 2406:840:fefb::/48
 2406:840:fefc::/46
 2406:8480::/32
 2406:8500::/32
 2406:8580::/32
@ -2155,8 +2170,6 @@
 2406:d440:100::/44
 2406:d440:200::/44
 2406:d440:300::/44
 2406:d440:500::/48
 2406:d440:600::/48
 2406:d440::/32
 2406:d480::/32
 2406:d580::/32
@ -2966,16 +2979,14 @@
 2602:f9df:400::/47
 2602:f9df:500::/48
 2602:f9df:505::/48
 2602:f9df:510::/47
 2602:f9df:515::/48
 2602:f9df:516::/48
-2602:f9f6:400::/44
+2602:f9f6:400::/47
 2602:fab0:11::/48
 2602:fbda:600::/48
 2602:fbda:660::/48
 2602:fbda:666::/48
 2602:fc52:311::/48
 2602:fc52:312::/48
 2602:fc52:315::/48
 2602:fd92:800::/40
 2602:fe69:f26::/47
@ -3017,6 +3028,7 @@
 2605:9d80:9071::/48
 2605:9d80:9092::/48
 2605:f440:cafe::/48
 2620:57:4004::/47
 2804:1e48::/32
 2a03:5840:290::/48
 2a03:5840:f3::/48
@ -3053,12 +3065,8 @@
 2a05:1086:f000::/48
 2a05:1087::/32
 2a05:dfc1:1602::/48
 2a05:dfc1:5a00::/40
 2a05:dfc1:6607::/48
 2a05:dfc1:7100::/47
 2a05:dfc1:7103::/48
 2a05:dfc1:7108::/47
 2a05:dfc1:8c00::/48
 2a05:dfc1:8c02::/48
 2a05:dfc1:8c05::/48
 2a05:dfc1:8c09::/48
@ -3069,13 +3077,12 @@
 2a05:dfc1:8c1d::/48
 2a05:dfc1:8c22::/48
 2a05:dfc1:8c24::/48
 2a05:dfc1:8c30::/48
 2a05:dfc1:8c3a::/48
 2a05:dfc1:8c40::/48
 2a05:dfc1:8c42::/48
 2a05:dfc1:8c90::/46
 2a05:dfc1:8c94::/47
 2a05:dfc1:8d00::/48
 2a05:dfc1:8d02::/48
 2a05:dfc1:9198::/48
 2a06:3600::/29
 2a06:a005:1340::/43
@ -3095,7 +3102,7 @@
 2a06:a005:2100::/44
 2a06:a005:2510::/48
 2a06:a005:260::/43
-2a06:a005:280::/42
+2a06:a005:280::/43
 2a06:a005:28f3::/48
 2a06:a005:28f4::/48
 2a06:a005:2910::/44
@ -3105,10 +3112,10 @@
 2a06:a005:2940::/43
 2a06:a005:2980::/44
 2a06:a005:29d1::/48
 2a06:a005:2a0::/44
 2a06:a005:486::/48
 2a06:a005:8d0::/47
 2a06:a005:8da::/48
 2a06:a005:910::/44
 2a06:a005:9c0::/48
 2a06:a005:a13::/48
 2a06:a005:b69::/48
@ -3117,24 +3124,23 @@
 2a06:a005:f80::/44
 2a06:de00:de04::/48
 2a06:de00:de0e::/48
-2a06:de01:812::/48
+2a06:de01:806::/48
-2a06:de01:831::/48
+2a06:de01:837::/48
-2a06:de01:846::/48
+2a06:de01:844::/48
-2a06:de01:84b::/48
+2a06:de01:851::/48
-2a06:de01:888::/48
+2a06:de01:886::/48
-2a06:de01:8bc::/48
+2a06:de01:8ab::/48
-2a06:de01:8c5::/48
+2a06:de01:8ca::/48
-2a06:de01:8ea::/48
+2a06:de01:907::/48
-2a06:de01:90d::/48
+2a06:de01:92e::/48
-2a06:de01:91e::/48
+2a06:de01:942::/48
-2a06:de01:95f::/48
+2a06:de01:95c::/48
 2a06:de01:96f::/48
 2a06:de01:9a4::/48
 2a06:de01:9a7::/48
-2a06:de01:ac0::/48
+2a06:de01:ac6::/48
-2a06:de01:ac3::/48
+2a06:de01:ace::/48
-2a06:de01:b1a::/48
+2a06:de01:b0a::/48
-2a06:de01:b32::/48
+2a06:de01:b36::/48
 2a06:e881:2509::/48
 2a06:e881:5501::/48
 2a06:e881:5502::/48
@ -3143,7 +3149,7 @@
 2a06:e881:6602::/47
 2a06:e881:6606::/48
 2a07:54c1:2200::/48
-2a09:b280:ff80::/47
+2a09:b280:ff80::/48
 2a09:b280:ff83::/48
 2a09:b280:ff84::/47
 2a0a:2840:20::/43
@ -3159,7 +3165,6 @@
 2a0a:6040:3410::/48
 2a0a:6040:3420::/48
 2a0a:6040:3430::/48
 2a0a:6040:3441::/48
 2a0a:6040:34ff::/48
 2a0a:6040:5555::/48
 2a0a:6040:6607::/48
@ -3180,18 +3185,18 @@
 2a0a:6040:ce00::/48
 2a0a:6040:ce10::/48
 2a0a:6040:d0fe::/48
 2a0a:6040:d300::/48
 2a0a:6040:d310::/48
 2a0a:6040:d600::/44
 2a0a:6040:d610::/47
 2a0a:6040:d612::/48
 2a0a:6040:d614::/46
 2a0a:6040:d710::/44
 2a0a:6040:e01::/48
-2a0a:6040:e02::/47
+2a0a:6040:e02::/48
 2a0a:6040:e541::/48
 2a0a:6040:e543::/48
 2a0a:6040:e544::/47
 2a0a:6040:e546::/48
 2a0a:6040:e54b::/48
 2a0a:6040:e54c::/48
 2a0a:6040:e900::/40
 2a0a:6040:ea0::/48
@ -3221,20 +3226,16 @@
 2a0b:4340:c0::/44
 2a0b:4340:d8::/48
 2a0b:b86:ffe0::/48
 2a0b:b87:ffb5::/48
 2a0c:9a40:8cf0::/48
 2a0c:9a40:9e00::/43
 2a0c:b641:210::/47
 2a0c:b641:24f::/48
 2a0c:b641:312::/48
 2a0c:b641:510::/48
 2a0c:b641:570::/47
 2a0c:b641:730::/44
 2a0c:b641:a11::/48
 2a0c:b641:a60::/44
 2a0c:b641:b21::/48
 2a0c:b642:4101::/48
 2a0c:b642:4102::/47
 2a0c:b642:4104::/47
 2a0d:2146:8040::/48
 2a0d:2406:510::/46
 2a0d:2580:ff00::/45
@ -3243,7 +3244,6 @@
 2a0d:2581:fffe::/47
 2a0d:2687::/32
 2a0d:2904::/44
 2a0d:2906:f000::/44
 2a0d:c7c7::/32
 2a0e:15c0:6::/48
 2a0e:800:ff00::/48
@ -3258,7 +3258,6 @@
 2a0e:97c0:220::/44
 2a0e:97c0:550::/44
 2a0e:97c0:5ef::/48
 2a0e:97c0:83f::/48
 2a0e:aa01:1fff::/48
 2a0e:aa06:400::/44
 2a0e:aa06:440::/48
@ -3268,10 +3267,12 @@
 2a0e:aa06::/40
 2a0e:aa07:e00e::/48
 2a0e:aa07:e01b::/48
-2a0e:aa07:e024::/46
+2a0e:aa07:e024::/47
 2a0e:aa07:e027::/48
 2a0e:aa07:e030::/48
 2a0e:aa07:e035::/48
 2a0e:aa07:e039::/48
 2a0e:aa07:e03a::/48
 2a0e:aa07:e043::/48
 2a0e:aa07:e050::/44
 2a0e:aa07:e060::/48
@ -3280,7 +3281,8 @@
 2a0e:aa07:e0f7::/48
 2a0e:aa07:e120::/44
 2a0e:aa07:e130::/47
-2a0e:aa07:e140::/46
+2a0e:aa07:e140::/47
 2a0e:aa07:e143::/48
 2a0e:aa07:e145::/48
 2a0e:aa07:e146::/47
 2a0e:aa07:e16a::/48
@ -3310,21 +3312,18 @@
 2a0e:b107:32::/47
 2a0e:b107:790::/44
 2a0e:b107:a0::/44
 2a0e:b107:bd0::/48
 2a0e:b107:c10::/48
 2a0e:b107:da0::/44
 2a0e:b107:dce::/48
 2a0f:1440::/29
 2a0f:2100::/29
 2a0f:3d86:1::/48
 2a0f:5707:fe01::/48
 2a0f:5707:fff5::/48
 2a0f:7803:fafa::/48
 2a0f:7803:fc00::/44
-2a0f:7803:fc30::/44
+2a0f:7803:fc20::/43
 2a0f:7803:fc70::/44
 2a0f:7803:fc80::/44
 2a0f:7803:fcc0::/44
 2a0f:7803:fd10::/48
 2a0f:7803:fe21::/48
 2a0f:7803:fe23::/48
 2a0f:7803:fe80::/47
@ -3333,6 +3332,7 @@
 2a0f:7803:ffd1::/48
 2a0f:7980::/44
 2a0f:85c1:100::/47
 2a0f:85c1:3b5::/48
 2a0f:9400:6110::/48
 2a0f:9400:7700::/48
 2a10:2f00:13a::/48
@ -3349,7 +3349,6 @@
 2a10:ccc0:ccc6::/48
 2a10:ccc0:ccc::/48
 2a10:ccc0:cccc::/46
 2a10:ccc1:105::/48
 2a11:f2c0:ffc4::/48
 2a12:3fc2:6600::/48
 2a12:3fc2:6666::/48
@ -3373,7 +3372,13 @@
 2a13:1801:180::/43
 2a13:1802::/43
 2a13:a5c3:f000::/40
 2a13:a5c3:f100::/48
 2a13:a5c3:f120::/44
 2a13:a5c3:f140::/44
 2a13:a5c3:f160::/44
 2a13:a5c3:f1c0::/44
 2a13:a5c4:1000::/38
 2a13:a5c7:1200::/40
 2a13:a5c7:1500::/40
 2a13:a5c7:1600::/45
 2a13:a5c7:1608::/47
@ -3389,20 +3394,22 @@
 2a13:b487:1b00::/44
 2a13:b487:1b10::/47
 2a13:b487:1b86::/47
 2a13:b487:1b88::/47
 2a13:b487:1ba0::/47
 2a13:b487:1ba4::/47
 2a13:b487:1bb2::/47
 2a13:b487:1bb6::/47
 2a13:b487:1bb8::/46
-2a13:b487:1f00::/45
+2a13:b487:1f02::/47
-2a13:b487:4200::/47
+2a13:b487:1f04::/46
 2a13:b487:4210::/44
 2a13:b487:4220::/43
 2a13:b487:4240::/43
 2a13:b487:42d0::/44
 2a13:df80:3b10::/48
 2a13:df80:6808::/48
-2a13:df85:a200::/40
+2a13:df80:7d21::/48
 2a13:df80:7d22::/47
 2a13:df80:7d24::/48
 2a13:df85:a201::/48
 2a13:df85:a202::/47
 2a13:df85:a204::/48
 2a13:df85:a2ff::/48
 2a13:df85:be00::/48
 2a13:df85:be0e::/48
 2a13:df85:be10::/48
--- a/luci-app-passwall/root/usr/share/passwall/rules/direct_host
+++ b/luci-app-passwall/root/usr/share/passwall/rules/direct_host
@ -1,3 +1,4 @@
 cn
 apple.com
 microsoft.com
 dyndns.com
--- a/luci-app-passwall/root/usr/share/passwall/rules/gfwlist
+++ b/luci-app-passwall/root/usr/share/passwall/rules/gfwlist
@ -635,7 +635,6 @@ blogger.com
 blogimg.jp
 bloglines.com
 bloglovin.com
 blogs.icerocket.com
 blogs.libraryinformationtechnology.com
 blogs.tampabay.com
 blogs.yahoo.co.jp
@ -898,6 +897,7 @@ cdn-images.mailchimp.com
 cdn-telegram.org
 cdn.assets.lfpcontent.com
 cdn.helixstudios.net
 cdn.jwplayer.com
 cdn.printfriendly.com
 cdn.seatguru.com
 cdn.softlayer.net
@ -1610,6 +1610,7 @@ etaa.org.au
 etadult.com
 etaiwannews.com
 etherdelta.com
 ethermine.org
 etherscan.io
 etizer.org
 etokki.com
@ -1646,6 +1647,7 @@ eyny.com
 ezpc.tk
 ezpeer.com
 ezua.com
 f2pool.com
 f8.com
 fa.gov.tw
 facebook.br
@ -2648,6 +2650,7 @@ hrcchina.org
 hrcir.com
 hrea.org
 hrichina.org
 hrntt.org
 hrtsea.com
 hrw.org
 hrweb.org
@ -2733,6 +2736,7 @@ ibros.org
 ibvpn.com
 icams.com
 ice.audionow.com
 icedrive.net
 icij.org
 icl-fi.org
 icoco.com
@ -3753,6 +3757,7 @@ noxinfluencer.com
 noypf.com
 npa.go.jp
 npa.gov.tw
 npm.gov.tw
 npnt.me
 nps.gov
 npsboost.com
@ -4130,6 +4135,7 @@ postimg.org
 posts.careerengine.us
 potato.im
 potvpn.com
 pourquoi.tw
 power.com
 powercx.com
 powerphoto.org
@ -4367,6 +4373,7 @@ ronjoneswriter.com
 roodo.com
 rosechina.net
 rotten.com
 rou.video
 rsdlmonitor.com
 rsf-chinese.org
 rsf.org
@ -6076,6 +6083,7 @@ yzzk.com
 z-lib.org
 zacebook.com
 zalmos.com
 zamimg.com
 zannel.com
 zaobao.com
 zaobao.com.sg