v1.1. Removed separate nftsets for user entries.

luci-app-ruantiblock/Makefile

@@ -4,7 +4,7 @@
 
 include $(TOPDIR)/rules.mk
 
-PKG_VERSION:=1.0-0
+PKG_VERSION:=1.1-0
 LUCI_TITLE:=LuCI support for ruantiblock
 LUCI_DEPENDS:=+ruantiblock
 LUCI_PKGARCH:=all

luci-app-ruantiblock/htdocs/luci-static/resources/view/ruantiblock/info.js

@@ -47,7 +47,6 @@ return view.extend({
 		if(data.rules.nftables && data.rules.nftables.length > 1) {
 			for(let i of data.rules.nftables) {
 				if(!i.rule) continue;
-
 				let set, bytes;
 				i.rule.expr.forEach(e => {
 					if(e.match) {
@@ -58,7 +57,6 @@ return view.extend({
 					};
 				});
 				output.rules.push([ set, bytes ]);
-
 			};
 
 			function parseDnsmasqData(set) {
@@ -77,8 +75,7 @@ return view.extend({
 				return sArray;
 			};
 
-			output.dnsmasq   = parseDnsmasqData('dnsmasq');
+			output.dnsmasq = parseDnsmasqData('dnsmasq');
-			output.dnsmasq_u = parseDnsmasqData('dnsmasq_u');
 		};
 		return output;
 	},
@@ -185,11 +182,6 @@ return view.extend({
 					rdTableWrapper.append(this.makeDnsmasqTable(nft_data.dnsmasq));
 				};
 
-				if(nft_data.dnsmasq_u.length > 0) {
-					let rduTableWrapper = document.getElementById('rduTableWrapper');
-					rduTableWrapper.innerHTML = '';
-					rduTableWrapper.append(this.makeDnsmasqTable(nft_data.dnsmasq_u));
-				};
 			} else {
 				if(poll.active()) {
 					poll.stop();
@@ -217,8 +209,7 @@ return view.extend({
 
 		let update_status = null,
 			rules         = null,
-			dnsmasq       = null,
+			dnsmasq       = null;
-			dnsmasq_u     = null;
 		if(data) {
 			if(data.status === 'enabled') {
 				update_status = E('table', { 'class': 'table' });
@@ -278,7 +269,7 @@ return view.extend({
 								E('td',{
 									'class'     : 'td left',
 									'data-title': _('Match-set'),
-								}, set + ' (' + set.replace(/^c/, 'CIDR').replace(/^i/, 'IP').replace(/^d/, 'dnsmasq').replace(/u$/, '-user') + ')'),
+								}, set + ' (' + set.replace(/^c/, 'CIDR').replace(/^i/, 'IP').replace(/^d/, 'dnsmasq') + ')'),
 								E('td', {
 									'class'     : 'td left',
 									'id'        : 'rules.' + set,
@@ -306,18 +297,6 @@ return view.extend({
 					]);
 				};
 
-				if(nft_data.dnsmasq_u) {
-					let rduTableWrapper = E('div', {
-						'id'   : 'rduTableWrapper',
-						'style': 'width:100%'
-					}, this.makeDnsmasqTable(nft_data.dnsmasq_u));
-
-					dnsmasq_u = E([
-						E('h3', {}, _('Dnsmasq') + ' - ' + _('User entries')),
-						rduTableWrapper,
-					]);
-				};
-
 				poll.add(L.bind(this.pollInfo, this), this.pollInterval);
 			} else {
 				update_status = E('em', {}, _('Status') + ' : ' + _('disabled'));
@@ -337,9 +316,6 @@ return view.extend({
 			E('div', { 'class': 'cbi-section fade-in' },
 				E('div', { 'class': 'cbi-section-node' }, dnsmasq)
 			),
-			E('div', { 'class': 'cbi-section fade-in' },
-				E('div', { 'class': 'cbi-section-node' }, dnsmasq_u)
-			),
 		]);
 	},
 

ruantiblock-mod-lua/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ruantiblock-mod-lua
-PKG_VERSION:=1.0
+PKG_VERSION:=1.1
 PKG_RELEASE:=0
 PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
 

ruantiblock-mod-lua/files/usr/libexec/ruantiblock/ruab_parser.lua

@@ -58,9 +58,6 @@ local Config = Class(nil, {
         ["NFTSET_CIDR"] = true,
         ["NFTSET_IP"] = true,
         ["NFTSET_DNSMASQ"] = true,
-        ["NFTSET_CIDR_USER"] = true,
-        ["NFTSET_IP_USER"] = true,
-        ["NFTSET_DNSMASQ_USER"] = true,
         ["NFTSET_CIDR_CFG"] = true,
         ["NFTSET_IP_CFG"] = true,
         ["NFTSET_DNSMASQ"] = true,
@@ -395,25 +392,12 @@ end
 
 function BlackListParser:write_ipset_config()
     local file_handler = assert(io.open(self.IP_DATA_FILE, "w"), "Could not open nftset config")
-    for _, v in ipairs({ self.NFTSET_CIDR, self.NFTSET_IP, self.NFTSET_CIDR_USER, self.NFTSET_IP_USER }) do
+    for _, v in ipairs({ self.NFTSET_CIDR, self.NFTSET_IP }) do
         file_handler:write(string.format("flush set %s %s\n", self.NFT_TABLE, v))
     end
     file_handler:write(
-        string.format("table %s {\n%s", self.NFT_TABLE, self.NFTSET_IP_CFG)
+        string.format("table %s {\n%s", self.NFT_TABLE, self.NFTSET_CIDR_CFG)
     )
-    local i = 0
-    if next(self.ip_table) then
-        file_handler:write("elements={")
-        for ipaddr in pairs(self.ip_table) do
-            file_handler:write(string.format("%s,", ipaddr))
-            i = i + 1
-        end
-        file_handler:write("};")
-    end
-    file_handler:write(
-        string.format("}\n%s", self.NFTSET_CIDR_CFG)
-        )
-    self.ip_records_count = i
     local c = 0
     if next(self.cidr_table) then
         file_handler:write("elements={")
@@ -424,6 +408,19 @@ function BlackListParser:write_ipset_config()
         file_handler:write("};")
     end
     self.cidr_count = c
+    file_handler:write(
+        string.format("}\n%s", self.NFTSET_IP_CFG)
+    )
+    local i = 0
+    if next(self.ip_table) then
+        file_handler:write("elements={")
+        for ipaddr in pairs(self.ip_table) do
+            file_handler:write(string.format("%s,", ipaddr))
+            i = i + 1
+        end
+        file_handler:write("};")
+    end
+    self.ip_records_count = i
     file_handler:write("}\n}\n")
     file_handler:close()
 end

ruantiblock-mod-py/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ruantiblock-mod-py
-PKG_VERSION:=1.0
+PKG_VERSION:=1.1
 PKG_RELEASE:=0
 PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
 

ruantiblock-mod-py/files/usr/libexec/ruantiblock/ruab_parser.py

@@ -42,9 +42,6 @@ class Config:
         "NFTSET_CIDR",
         "NFTSET_IP",
         "NFTSET_DNSMASQ",
-        "NFTSET_CIDR_USER",
-        "NFTSET_IP_USER",
-        "NFTSET_DNSMASQ_USER",
         "NFTSET_CIDR_CFG",
         "NFTSET_IP_CFG",
         "NFTSET_DNSMASQ",
@@ -503,25 +500,24 @@ class WriteConfigFiles(Config):
 
     def write_ipset_config(self, ip_set, cidr_set):
         with open(self.IP_DATA_FILE, "wt", buffering=self.write_buffer) as file_handler:
-            for i in (self.NFTSET_CIDR, self.NFTSET_IP,
+            for i in (self.NFTSET_CIDR, self.NFTSET_IP):
-                      self.NFTSET_CIDR_USER, self.NFTSET_IP_USER):
                 file_handler.write("flush set {} {}\n".format(self.NFT_TABLE, i))
             file_handler.write(
-                "table {} {{\n{}".format(self.NFT_TABLE, self.NFTSET_IP_CFG)
+                "table {} {{\n{}".format(self.NFT_TABLE, self.NFTSET_CIDR_CFG)
-            )
-            if len(ip_set) > 0:
-                file_handler.write("elements={")
-                for i in ip_set:
-                    file_handler.write(f"{i},")
-                file_handler.write("};")
-            file_handler.write(
-                "}}\n{}".format(self.NFTSET_CIDR_CFG)
             )
             if len(cidr_set) > 0:
                 file_handler.write("elements={")
                 for i in cidr_set:
                     file_handler.write(f"{i},")
                 file_handler.write("};")
+            file_handler.write(
+                "}}\n{}".format(self.NFTSET_IP_CFG)
+            )
+            if len(ip_set) > 0:
+                file_handler.write("elements={")
+                for i in ip_set:
+                    file_handler.write(f"{i},")
+                file_handler.write("};")
             file_handler.write("}\n}\n")
 
     def write_dnsmasq_config(self, fqdn_set):

ruantiblock/Makefile

@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=ruantiblock
-PKG_VERSION:=1.0
+PKG_VERSION:=1.1
 PKG_RELEASE:=0
 PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
 

ruantiblock/files/etc/ruantiblock/ruantiblock.conf

@@ -58,8 +58,8 @@ VPN_PKTS_MARK=8
 NFTSET_MAXELEM_IP=1000000
 NFTSET_MAXELEM_DNSMASQ=65535
 ### Политика отбора элементов в сетах nftables. "performance" - производительность и большее потребление RAM. "memory" - хуже производительность и меньше потребление RAM
-NFTSET_POLICY_CIDR="performance"
+NFTSET_POLICY_CIDR="memory"
-NFTSET_POLICY_IP="performance"
+NFTSET_POLICY_IP="memory"
 NFTSET_POLICY_DNSMASQ="performance"
 ### Таймаут для записей в сете $NFTSET_DNSMASQ
 NFTSET_DNSMASQ_TIMEOUT="1h"
@@ -120,12 +120,12 @@ ZI_ALL_URL="https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv"
 #ZI_ALL_URL="https://app.assembla.com/spaces/z-i/git/source/master/dump.csv?_format=raw"
 AF_IP_URL="https://antifilter.download/list/allyouneed.lst"
 AF_FQDN_URL="https://antifilter.download/list/domains.lst"
-RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.ip"
+RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.ip"
-RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.dnsmasq"
+RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.dnsmasq"
-RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/update_status"
+RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/update_status"
-RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.ip"
+RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.ip"
-RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.dnsmasq"
+RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.dnsmasq"
-RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/update_status"
+RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/update_status"
 RBL_ENCODING=""
 ZI_ENCODING="CP1251"
 AF_ENCODING=""

ruantiblock/files/etc/ruantiblock/scripts/info_output

@@ -29,8 +29,6 @@ Info() {
     if [ $? -eq 0 ]; then
         printf ",\"dnsmasq\":"
         $NFT_CMD -j list set $NFT_TABLE "$NFTSET_DNSMASQ" 2> /dev/null
-        printf ",\"dnsmasq_u\":"
-        $NFT_CMD -j list set $NFT_TABLE "$NFTSET_DNSMASQ_USER" 2> /dev/null
         printf "}"
     fi
 }

ruantiblock/files/etc/ruantiblock/scripts/nft_functions

@@ -38,16 +38,16 @@ NftCmdWrapper() {
     return $_return_code
 }
 
-IptVpnRouteDel() {
+NftVpnRouteDelete() {
     $IP_CMD route flush table $VPN_ROUTE_TABLE_ID
     $IP_CMD rule del table $VPN_ROUTE_TABLE_ID
 }
 
-IptVpnRouteAdd() {
+NftVpnRouteAdd() {
     VPN_IP=`$IP_CMD addr list dev $IF_VPN 2> /dev/null | $AWK_CMD '/inet/{sub("/[0-9]{1,2}$", "", $2); print $2; exit}'`
     if [ -n "$VPN_IP" ]; then
         echo 0 > /proc/sys/net/ipv4/conf/$IF_VPN/rp_filter
-        IptVpnRouteDel 2> /dev/null
+        NftVpnRouteDelete 2> /dev/null
         $IP_CMD rule add fwmark $VPN_PKTS_MARK table $VPN_ROUTE_TABLE_ID priority 1000
         $IP_CMD route add default via $VPN_IP table $VPN_ROUTE_TABLE_ID
     fi
@@ -59,7 +59,7 @@ NftVpnRouteStatus() {
 }
 
 NftMainAdd() {
-    local _nft_sets="${NFTSET_CIDR} ${NFTSET_CIDR_USER} ${NFTSET_IP} ${NFTSET_IP_USER} ${NFTSET_DNSMASQ} ${NFTSET_DNSMASQ_USER}" _set
+    local _nft_sets="${NFTSET_CIDR} ${NFTSET_IP} ${NFTSET_DNSMASQ}" _set
     $NFT_CMD add chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" { $LOCAL_CLIENTS_CHAIN_TYPE }
     $NFT_CMD add chain $NFT_TABLE "$NFT_ACTION_CHAIN"
     $NFT_CMD add chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
@@ -84,7 +84,7 @@ NftMainAdd() {
         NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${_set}" counter goto "$NFT_ACTION_CHAIN"
     done
     if [ "$PROXY_MODE" = "2" ]; then
-        IptVpnRouteAdd
+        NftVpnRouteAdd
     fi
 }
 
@@ -97,7 +97,7 @@ NftMainDelete() {
     $NFT_CMD delete chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
     $NFT_CMD flush chain $NFT_TABLE "$NFT_ACTION_CHAIN"
     $NFT_CMD delete chain $NFT_TABLE "$NFT_ACTION_CHAIN"
-    IptVpnRouteDel 2> /dev/null
+    NftVpnRouteDelete 2> /dev/null
 }
 
 NftLocalClientsAdd() {

ruantiblock/files/usr/bin/ruantiblock

@@ -70,8 +70,8 @@ export NFTSET_MAXELEM_CIDR=65535
 export NFTSET_MAXELEM_IP=1000000
 export NFTSET_MAXELEM_DNSMASQ=65535
 ### Политика отбора элементов в сетах nftables. "performance" - производительность и большее потребление RAM. "memory" - хуже производительность и меньше потребление RAM
-export NFTSET_POLICY_CIDR="performance"
+export NFTSET_POLICY_CIDR="memory"
-export NFTSET_POLICY_IP="performance"
+export NFTSET_POLICY_IP="memory"
 export NFTSET_POLICY_DNSMASQ="performance"
 ### Таймаут для записей в сете $NFTSET_DNSMASQ
 export NFTSET_DNSMASQ_TIMEOUT="1h"
@@ -131,12 +131,12 @@ export RBL_IP_URL="https://reestr.rublacklist.net/api/v3/ips/"
 export ZI_ALL_URL="https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv"
 export AF_IP_URL="https://antifilter.download/list/allyouneed.lst"
 export AF_FQDN_URL="https://antifilter.download/list/domains.lst"
-export RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.ip"
+export RA_IP_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.ip"
-export RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/ruantiblock.dnsmasq"
+export RA_IP_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/ruantiblock.dnsmasq"
-export RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/ip/update_status"
+export RA_IP_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/ip/update_status"
-export RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.ip"
+export RA_FQDN_IPSET_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.ip"
-export RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/ruantiblock.dnsmasq"
+export RA_FQDN_DMASK_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/ruantiblock.dnsmasq"
-export RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.0/fqdn/update_status"
+export RA_FQDN_STAT_URL="https://raw.githubusercontent.com/gSpotx2f/ruantiblock_blacklist/master/blacklist-1.1/fqdn/update_status"
 export RBL_ENCODING=""
 export ZI_ENCODING="CP1251"
 export AF_ENCODING=""
@@ -182,15 +182,12 @@ export NFTSET_ONION="onion"
 export NFTSET_CIDR="c"
 export NFTSET_IP="i"
 export NFTSET_DNSMASQ="d"
-export NFTSET_CIDR_USER="cu"
-export NFTSET_IP_USER="iu"
-export NFTSET_DNSMASQ_USER="du"
 export NFTSET_ALLOWED_HOSTS_TYPE="ipv4_addr"
 export NFTSET_CIDR_TYPE="ipv4_addr"
 export NFTSET_IP_TYPE="ipv4_addr"
 export NFTSET_DNSMASQ_TYPE="ipv4_addr"
 export NFTSET_CIDR_CFG="set ${NFTSET_CIDR} {type ${NFTSET_CIDR_TYPE};size ${NFTSET_MAXELEM_CIDR};policy ${NFTSET_POLICY_CIDR};flags interval;auto-merge;"
-export NFTSET_IP_CFG="set ${NFTSET_IP} {type ${NFTSET_IP_TYPE};size ${NFTSET_MAXELEM_IP};policy ${NFTSET_POLICY_IP};"
+export NFTSET_IP_CFG="set ${NFTSET_IP} {type ${NFTSET_IP_TYPE};size ${NFTSET_MAXELEM_IP};policy ${NFTSET_POLICY_IP};flags dynamic;"
 export UPDATE_STATUS_FILE="${DATA_DIR}/update_status"
 U_PID_FILE="/var/run/${NAME}_update.pid"
 START_PID_FILE="/var/run/${NAME}_start.pid"
@@ -214,9 +211,9 @@ Help() {
 cat << EOF
  Usage: `basename $0` start|force-start|stop|destroy|restart|reload|update|force-update|data-files|status|raw-status|html-info|help
         start : Start
-        force-start : Removing the pid-file before running
+        force-start : Removing the PID-file before running
         stop : Stop
-        destroy : Stop + remove nft table and clear all data files
+        destroy : Stop, remove nft table and clear all data files
         restart : Restart
         reload : Renew nftables configuration
         update : Update blacklist
@@ -273,7 +270,7 @@ DownloadRuabBlacklist() {
     esac
 }
 
-DnsmasqRestart() {
+RestartDnsmasq() {
     eval `echo "$DNSMASQ_RESTART_CMD"`
 }
 
@@ -288,13 +285,10 @@ FlushNftSets() {
 AddNftSets() {
     local _hosts
     $NFT_CMD add set $NFT_TABLE "$NFTSET_CIDR" { type "$NFTSET_CIDR_TYPE"\; size $NFTSET_MAXELEM_CIDR\; policy "$NFTSET_POLICY_CIDR"\; flags interval\; auto-merge\; }
-    $NFT_CMD add set $NFT_TABLE "$NFTSET_CIDR_USER" { type "$NFTSET_CIDR_TYPE"\; size $NFTSET_MAXELEM_CIDR\; policy "$NFTSET_POLICY_CIDR"\; flags interval\; auto-merge\; }
+    $NFT_CMD add set $NFT_TABLE "$NFTSET_IP" { type "$NFTSET_IP_TYPE"\; size $NFTSET_MAXELEM_IP\; policy "$NFTSET_POLICY_IP"\; flags dynamic\; }
-    $NFT_CMD add set $NFT_TABLE "$NFTSET_IP" { type "$NFTSET_IP_TYPE"\; size $NFTSET_MAXELEM_IP\; policy "$NFTSET_POLICY_IP"\; }
+    $NFT_CMD add set $NFT_TABLE "$NFTSET_DNSMASQ" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags dynamic,timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
-    $NFT_CMD add set $NFT_TABLE "$NFTSET_IP_USER" { type "$NFTSET_IP_TYPE"\; size $NFTSET_MAXELEM_IP\; policy "$NFTSET_POLICY_IP"\; }
+    $NFT_CMD add set $NFT_TABLE "$NFTSET_ONION" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags dynamic,timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
-    $NFT_CMD add set $NFT_TABLE "$NFTSET_DNSMASQ" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
+    $NFT_CMD add set $NFT_TABLE "$NFTSET_ALLOWED_HOSTS" { type "$NFTSET_ALLOWED_HOSTS_TYPE"\; policy "$NFTSET_POLICY_IP"\; flags dynamic\; }
-    $NFT_CMD add set $NFT_TABLE "$NFTSET_DNSMASQ_USER" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
-    $NFT_CMD add set $NFT_TABLE "$NFTSET_ONION" { type "$NFTSET_DNSMASQ_TYPE"\; size $NFTSET_MAXELEM_DNSMASQ\; policy "$NFTSET_POLICY_DNSMASQ"\; flags timeout\; timeout "$NFTSET_DNSMASQ_TIMEOUT"\; }
-    $NFT_CMD add set $NFT_TABLE "$NFTSET_ALLOWED_HOSTS" { type "$NFTSET_ALLOWED_HOSTS_TYPE"\; policy "$NFTSET_POLICY_IP"\; }
     _hosts=`printf "$ALLOWED_HOSTS_LIST" | $AWK_CMD '{gsub(/[ ]+/, ",", $0); printf $0;}'`
     if [ -n "$_hosts" ]; then
         $NFT_CMD add element $NFT_TABLE "$NFTSET_ALLOWED_HOSTS" { "$_hosts" }
@@ -336,7 +330,7 @@ SetNetConfig() {
 
 DropNetConfig() {
     DeleteNftRules
-    FlushNftSets "$NFTSET_ALLOWED_HOSTS" "$NFTSET_CIDR" "$NFTSET_CIDR_USER" "$NFTSET_IP" "$NFTSET_IP_USER" "$NFTSET_DNSMASQ" "$NFTSET_DNSMASQ_USER" "$NFTSET_ONION"
+    FlushNftSets "$NFTSET_ALLOWED_HOSTS" "$NFTSET_CIDR" "$NFTSET_IP" "$NFTSET_DNSMASQ" "$NFTSET_ONION"
 }
 
 DestroyNetConfig() {
@@ -387,7 +381,7 @@ AddUserEntries() {
                         if(length(dns) > 0) {
                             printf "server=/%s/%s\n", val, dns >> ENVIRON["DNSMASQ_DATA_FILE"];
                         };
-                        printf "nftset=/%s/%s#%s\n", val, ENVIRON["NFT_TABLE_DNSMASQ"], ENVIRON["NFTSET_DNSMASQ_USER"] >> ENVIRON["DNSMASQ_DATA_FILE"];
+                        printf "nftset=/%s/%s#%s\n", val, ENVIRON["NFT_TABLE_DNSMASQ"], ENVIRON["NFTSET_DNSMASQ"] >> ENVIRON["DNSMASQ_DATA_FILE"];
                     };
                     function writeFqdnEntries() {
                         delete fqdn_array[0];
@@ -408,12 +402,12 @@ AddUserEntries() {
                         };
                     }
                     END {
-                        printf "table %s {\nset %s {type %s;size %s;flags interval;auto-merge;", ENVIRON["NFT_TABLE"], ENVIRON["NFTSET_CIDR_USER"], ENVIRON["NFTSET_CIDR_TYPE"], ENVIRON["NFTSET_MAXELEM_CIDR"] >> ENVIRON["IP_DATA_FILE"];
+                        printf "table %s {\n%s", ENVIRON["NFT_TABLE"], ENVIRON["NFTSET_CIDR_CFG"] >> ENVIRON["IP_DATA_FILE"];
                         delete cidr_array[0];
                         if(length(cidr_array) > 0) {
                             printf "elements={%s};", writeIpList(cidr_array) >> ENVIRON["IP_DATA_FILE"];
                         };
-                        printf "}\nset %s {type %s;size %s;", ENVIRON["NFTSET_IP_USER"],  ENVIRON["NFTSET_IP_TYPE"], ENVIRON["NFTSET_MAXELEM_IP"] >> ENVIRON["IP_DATA_FILE"];
+                        printf "}\n%s", ENVIRON["NFTSET_IP_CFG"] >> ENVIRON["IP_DATA_FILE"];
                         delete ip_array[0];
                         if(length(ip_array) > 0) {
                             printf "elements={%s};", writeIpList(ip_array) >> ENVIRON["IP_DATA_FILE"];
@@ -502,7 +496,7 @@ Update() {
         echo " ${NAME} ${1}..."
         MakeLogRecord "notice" "${1}..."
         if [ "$NFTSET_CLEAR_SETS" = "1" ]; then
-            FlushNftSets "$NFTSET_CIDR" "$NFTSET_CIDR_USER" "$NFTSET_IP" "$NFTSET_IP_USER" "$NFTSET_DNSMASQ" "$NFTSET_DNSMASQ_USER"
+            FlushNftSets "$NFTSET_CIDR" "$NFTSET_IP" "$NFTSET_DNSMASQ"
         elif [ -z "$BLLIST_PRESET" -a -z "$BLLIST_MODULE" ]; then
             FlushNftSets "$NFTSET_IP" "$NFTSET_CIDR"
         fi
@@ -523,13 +517,10 @@ Update() {
                 _return_code=1
             ;;
         esac
-        FlushNftSets "$NFTSET_DNSMASQ" "$NFTSET_ONION" "$NFTSET_DNSMASQ_USER"
+        FlushNftSets "$NFTSET_DNSMASQ" "$NFTSET_ONION"
-        if [ "$ADD_USER_ENTRIES" != "1" ]; then
-            FlushNftSets "$NFTSET_CIDR_USER" "$NFTSET_IP_USER"
-        fi
         UpdateBllistSets
         _return_code=$?
-        DnsmasqRestart
+        RestartDnsmasq
         ToggleUPIDFile del
     fi
     MakeToken
@@ -722,7 +713,7 @@ case "$1" in
         ClearDataFiles
         return_code=$?
         ToggleUPIDFile del
-        DnsmasqRestart
+        RestartDnsmasq
         StatusOutput
     ;;
     update|force-update)