v2.1. Refactoring, fixes & improvements.

2026-05-13 22:20:59 +00:00 · 2024-11-06 15:30:03 +03:00
parent 06219e9328
commit 0cc02a7ddd
18 changed files with 282 additions and 477 deletions
@@ -10,9 +10,9 @@ LUCI_APP=1
 HTTPS_DNS_PROXY=1
 OWRT_VERSION="current"
-RUAB_VERSION="2.0.0-r1"
+RUAB_VERSION="2.1.0-r1"
-RUAB_MOD_LUA_VERSION="2.0.0-r1"
+RUAB_MOD_LUA_VERSION="2.1.0-r1"
-RUAB_LUCI_APP_VERSION="2.0.0-1"
+RUAB_LUCI_APP_VERSION="2.1.0-1"
 BASE_URL="https://raw.githubusercontent.com/gSpotx2f/packages-openwrt/master"
 PKG_DIR="/tmp"
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=luci-app-ruantiblock
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.0
 PKG_RELEASE:=1
 LUCI_TITLE:=LuCI support for ruantiblock
 LUCI_DEPENDS:=+ruantiblock
@@ -43,97 +43,61 @@ return view.extend({
 	},
 	formatNftJson(data) {
-		let output = { 'sink': [] };
+		let output = { 'rules': [] };
-		if(data.sink.nftables && data.sink.nftables.length > 1) {
+		if(data.rules.nftables && data.rules.nftables.length > 1) {
-			let rules = [];
+			for(let i of data.rules.nftables) {
-
+				if(!i.rule) continue;
-			for(let i of data.sink.nftables) {
+				let set, bytes;
-				if(i.rule) {
+				i.rule.expr.forEach(e => {
-					let instance = (i.rule.comment === ' ') ? '-main-' : i.rule.comment;
+					if(e.match && e.match.left && e.match.left.payload) {
-					let proto, bytes;
+						set = e.match.right.replace('@', '');
-					i.rule.expr.forEach(e => {
+					}
-						if(e.match && e.match.left && e.match.left.meta && e.match.left.meta.key && e.match.left.meta.key == "l4proto") {
+					else if(e.counter) {
-							proto = e.match.right;
+						bytes = e.counter.bytes;
 						}
 						else if(e.counter) {
 							bytes = e.counter.bytes;
 						};
 					});
 					rules.push([ instance, proto, bytes ]);
 				} else {
 					continue;
 				};
 			};
 			if(rules.length > 0) {
 				output.sink = rules;
 			};
 		};
 		if(data.sink_local && data.sink_local.nftables && data.sink_local.nftables.length > 1) {
 			output.sink_local = [];
 			let rules         = [];
 			for(let i of data.sink_local.nftables) {
 				if(i.rule) {
 					let instance = (i.rule.comment === ' ') ? '-main-' : i.rule.comment;
 					let proto, bytes;
 					i.rule.expr.forEach(e => {
 						if(e.match && e.match.left && e.match.left.meta && e.match.left.meta.key && e.match.left.meta.key == "l4proto") {
 							proto = e.match.right;
 						}
 						else if(e.counter) {
 							bytes = e.counter.bytes;
 						};
 					});
 					rules.push([ instance, proto, bytes ]);
 				} else {
 					continue;
 				};
 			};
 			if(rules.length > 0) {
 				output.sink_local = rules;
 			};
 		};
 		function parseDnsmasqData(set) {
 			let sArray = [];
 			if(set.nftables && set.nftables.length > 1) {
 				set.nftables.forEach(e => {
 					if(e.set && e.set.elem) {
 						e.set.elem.forEach(i => {
 							if(i.elem) {
 								sArray.push([ i.elem.val, i.elem.expires ]);
 							};
 						});
 					};
 				});
 				output.rules.push([ set, bytes ]);
 			};
 			return sArray;
 		};
-		if(data.dnsmasq) {
+			function parseDnsmasqData(set) {
-			output.dnsmasq = parseDnsmasqData(data.dnsmasq);
+				let sArray = [];
-		};
+				if(set.nftables && set.nftables.length > 1) {
-		if(data.dnsmasq_bypass) {
+					set.nftables.forEach(e => {
-			output.dnsmasq_bypass = parseDnsmasqData(data.dnsmasq_bypass);
+						if(e.set && e.set.elem) {
-		};
+							e.set.elem.forEach(i => {
-		if(data.dnsmasq_user_instances) {
+								if(i.elem) {
-			output.dnsmasq_user_instances = [];
+									sArray.push([ i.elem.val, i.elem.expires ]);
-			if(data.dnsmasq_user_instances && data.dnsmasq_user_instances.length > 1) {
+								};
-				for(let i of data.dnsmasq_user_instances) {
+							});
-					if(i.nftables) {
+						};
-						let name;
+					});
-						i.nftables.forEach(e => {
+				};
-							if(e.set) {
+				return sArray;
-								name = e.set.name;
+			};
-							};
+
-						});
+			if(data.dnsmasq) {
-						output.dnsmasq_user_instances.push([ name, parseDnsmasqData(i) ]);
+				output.dnsmasq = parseDnsmasqData(data.dnsmasq);
 			};
 			if(data.dnsmasq_bypass) {
 				output.dnsmasq_bypass = parseDnsmasqData(data.dnsmasq_bypass);
 			};
 			if(data.dnsmasq_user_instances) {
 				output.dnsmasq_user_instances = [];
 				if(data.dnsmasq_user_instances && data.dnsmasq_user_instances.length > 1) {
 					for(let i of data.dnsmasq_user_instances) {
 						if(i.nftables) {
 							let name;
 							i.nftables.forEach(e => {
 								if(e.set) {
 									name = e.set.name;
 								};
 							});
 							output.dnsmasq_user_instances.push([ name, parseDnsmasqData(i) ]);
 						};
 					};
 				};
 			};
 		};
 		return output;
 	},
@@ -228,20 +192,11 @@ return view.extend({
 				let nft_data = this.formatNftJson(data);
-				if(nft_data.sink.length > 0) {
+				if(nft_data.rules.length > 0) {
-					for(let i of nft_data.sink) {
+					for(let [set, bytes] of nft_data.rules) {
-						let elem = document.getElementById('sink.' + i[0] + '.' + (i[1] || 'all'));
+						let elem = document.getElementById('rules.' + set);
 						if(elem) {
-							elem.textContent = i[2];
+							elem.textContent = bytes;
 						};
 					};
 				};
 				if(nft_data.sink_local && nft_data.sink_local.length > 0) {
 					for(let i of nft_data.sink_local) {
 						let elem = document.getElementById('sink_local.' + i[0] + '.' + (i[1] || 'all'));
 						if(elem) {
 							elem.textContent = i[2];
 						};
 					};
 				};
@@ -267,6 +222,14 @@ return view.extend({
 		});
 	},
 	formatRuleDescription(s) {
 		return (s.length >= 1) ? (
 			s.replace(/^c\.?(.*)/, '$1 CIDR').replace(/^i\.?(.*)/, '$1 IP')
 			.replace(/^d\.?(.*)/, '$1 dnsmasq').replace(/^onion\.?(.*)/, '$1 onion')
 			.replace(/^bi/, 'bypass IP').replace(/^bd/, 'bypass dnsmasq')
 		) : '';
 	},
 	load() {
 		return fs.exec_direct(tools.execPath, [ 'html-info' ], 'json').catch(e => {
 			ui.addNotification(null, E('p', _('Unable to execute or read contents')
@@ -286,10 +249,10 @@ return view.extend({
 		let update_status        = null,
 			user_entries         = null,
-			sink                 = null,
+			rules                = null,
 			sink_local           = null,
 			dnsmasq              = null,
-			dnsmasqUserInstances = null;
+			dnsmasqUserInstances = null,
 			dnsmasqBypass        = null;
 		if(data) {
 			if(data.status === 'enabled') {
@@ -350,87 +313,42 @@ return view.extend({
 				let nft_data = this.formatNftJson(data);
-				if(nft_data.sink) {
+				if(nft_data.rules) {
-					let table = E('table', { 'class': 'table' }, [
+					let table_rules = E('table', { 'class': 'table' }, [
 						E('tr', { 'class': 'tr table-titles' }, [
 							E('th', { 'class': 'th left', 'style': 'min-width:33%' },
-								_('Instance')),
+								_('Match-set')),
-							E('th', { 'class': 'th left' }, _('Protocol')),
+							E('th', { 'class': 'th left' }, _('Description')),
 							E('th', { 'class': 'th left' }, _('Bytes')),
 						]),
 					]);
 					for(let i of nft_data.sink) {
 						let instance = i[0];
 						let proto    = (i[1] === undefined) ? _('all') : i[1];
 						let bytes    = i[2];
-						if(!instance) {
+					for(let [set, bytes] of nft_data.rules) {
 						if(!set) {
 							continue;
 						};
-						table.append(
+						table_rules.append(
 							E('tr', { 'class': 'tr' }, [
 								E('td',{
 									'class'     : 'td left',
 									'data-title': _('Match-set'),
 								}, set),
 								E('td', {
 									'class'     : 'td left',
-									'data-title': _('Instance'),
+									'data-title': _('Description'),
-								}, instance),
+								}, this.formatRuleDescription(set)),
 								E('td', {
 									'class'     : 'td left',
-									'data-title': _('Protocol'),
+									'id'        : 'rules.' + set,
 								}, proto),
 								E('td', {
 									'class'     : 'td left',
 									'id'        : 'sink.' + instance + '.' + (i[1] || 'all'),
 									'data-title': _('Bytes'),
 								}, bytes),
 							])
 						);
 					};
 					sink = E([
 						E('h3', {}, _('Transit traffic')),
 						table,
 					]);
 				};
-				if(nft_data.sink_local) {
+					rules = E([
-					let table = E('table', { 'class': 'table' }, [
+						E('h3', {}, _('Nftables rules')),
-						E('tr', { 'class': 'tr table-titles' }, [
+						table_rules,
 							E('th', { 'class': 'th left', 'style': 'min-width:33%' },
 								_('Instance')),
 							E('th', { 'class': 'th left' }, _('Protocol')),
 							E('th', { 'class': 'th left' }, _('Bytes')),
 						]),
 					]);
 					for(let i of nft_data.sink_local) {
 						let instance = i[0];
 						let proto    = (i[1] === undefined) ? _('all') : i[1];
 						let bytes    = i[2];
 						if(!instance) {
 							continue;
 						};
 						table.append(
 							E('tr', { 'class': 'tr' }, [
 								E('td', {
 									'class'     : 'td left',
 									'data-title': _('Instance'),
 								}, instance),
 								E('td', {
 									'class'     : 'td left',
 									'data-title': _('Protocol'),
 								}, proto),
 								E('td', {
 									'class'     : 'td left',
 									'id'        : 'sink_local.' + instance + '.' + (i[1] || 'all'),
 									'data-title': _('Bytes'),
 								}, bytes),
 							])
 						);
 					};
 					sink_local = E([
 						E('h3', {}, _('Local traffic')),
 						table,
 					]);
 				};
@@ -462,6 +380,17 @@ return view.extend({
 					};
 				};
 				if(nft_data.dnsmasq_bypass) {
 					let rdbTableWrapper = E('div', {
 						'id'   : 'rdbTableWrapper',
 						'style': 'width:100%'
 					}, this.makeDnsmasqTable(nft_data.dnsmasq_bypass, _('Dnsmasq bypass')));
 					dnsmasqBypass = E([
 						rdbTableWrapper,
 					]);
 				};
 				poll.add(L.bind(this.pollInfo, this), this.pollInterval);
 			} else {
 				update_status = E('em', {}, _('Status') + ' : ' + _('disabled'));
@@ -477,7 +406,7 @@ return view.extend({
 				E('div', { 'class': 'cbi-section-node' }, update_status)
 			),
 			E('div', { 'class': 'cbi-section fade-in' },
-				E('div', { 'class': 'cbi-section-node' }, sink)
+				E('div', { 'class': 'cbi-section-node' }, rules)
 			),
 		];
@@ -490,10 +419,10 @@ return view.extend({
 			);
 		}
-		if(sink_local) {
+		if(dnsmasqBypass) {
 			layout.splice(5, 0,
 				E('div', { 'class': 'cbi-section fade-in' },
-					E('div', { 'class': 'cbi-section-node' }, sink_local)
+					E('div', { 'class': 'cbi-section-node' }, dnsmasqBypass)
 				)
 			);
 		};
@@ -248,12 +248,14 @@ return view.extend({
 		o = s.taboption('tor_tab', form.Value, 'tor_trans_port',
 			_('Transparent proxy port'));
 		o.rmempty  = false;
 		o.default  = tools.defaultConfig.tor_trans_port;
 		o.datatype = 'port';
 		// ONION_DNS_ADDR
 		o = s.taboption('tor_tab', form.Value, 'onion_dns_addr',
 			_("Optional DNS resolver for '.onion' zone"), '<code>ipaddress#port</code>');
 		o.rmempty  = false;
 		o.default  = tools.defaultConfig.onion_dns_addr;
 		o.validate = this.validateIpPort;
 		// Torrc edit dialog
@@ -274,7 +276,7 @@ return view.extend({
 		o.multiple  = false;
 		o.noaliases = true;
 		o.rmempty   = false;
-		o.default   = 'tun0';
+		o.default  = tools.defaultConfig.if_vpn;
 		// VPN_GW_IP
 		o = s.taboption('vpn_tab', form.Value, 'vpn_gw_ip',
@@ -307,17 +309,20 @@ return view.extend({
 		o = s.taboption('tproxy_tab', form.Value, 't_proxy_port_tcp',
 			_('Transparent proxy TCP port'));
 		o.rmempty  = false;
 		o.default  = tools.defaultConfig.t_proxy_port_tcp;
 		o.datatype = 'port';
 		// T_PROXY_ALLOW_UDP
 		o = s.taboption('tproxy_tab', form.Flag, 't_proxy_allow_udp',
 			_('Send UDP traffic to transparent proxy'));
 		o.rmempty = false;
 		o.default = 0;
 		// T_PROXY_PORT_UDP
 		o = s.taboption('tproxy_tab', form.Value, 't_proxy_port_udp',
 			_('Transparent proxy UDP port'));
 		o.rmempty  = false;
 		o.default  = tools.defaultConfig.t_proxy_port_udp;
 		o.datatype = 'port';
@@ -331,6 +336,7 @@ return view.extend({
 		o.value('1', 'Tor');
 		o.value('2', 'VPN');
 		o.value('3', _('Transparent proxy'));
 		o.default = tools.defaultConfig.proxy_mode;
 		// BLLIST_PRESET
 		let bllist_preset = s.taboption('blacklist_tab', form.ListValue,
@@ -375,6 +381,7 @@ return view.extend({
 			_('Enable full proxy mode'));
 		o.description = _('All traffic of the specified hosts passes through the proxy, without a blacklist');
 		o.rmempty = false;
 		o.default = 0;
 		// FPROXY_LIST
 		o = s.taboption('blacklist_tab', form.DynamicList, 'fproxy_list',
@@ -531,7 +538,7 @@ return view.extend({
 			_('Enabled'),
 		);
 		o.rmempty   = false;
-		o.default   = '1';
+		o.default   = 1;
 		o.editable  = true;
 		o.modalonly = false;
@@ -547,14 +554,7 @@ return view.extend({
 		o.value('1', 'Tor');
 		o.value('2', 'VPN');
 		o.value('3', _('Transparent proxy'));
-		o.default   = '2';
+		o.default   = tools.defaultConfig.proxy_mode;
 		o.modalonly = true;
 		// U_SKIP_MARKED_PACKETS
 		o = ss.taboption('u_main_tab', form.Flag, 'u_skip_marked_packets',
 			_('Lowest priority'));
 		o.description = _('This proxy will receive traffic last, even after the main blacklist');
 		o.rmempty   = false;
 		o.modalonly = true;
 		// U_ENABLE_FPROXY
@@ -562,6 +562,7 @@ return view.extend({
 			_('Enable full proxy mode'));
 		o.description = _('All traffic of the specified hosts passes through the proxy, without a blacklist');
 		o.rmempty   = false;
 		o.default   = 0;
 		o.modalonly = true;
 		// U_FPROXY_LIST
@@ -579,6 +580,7 @@ return view.extend({
 		o = ss.taboption('u_tor_tab', form.Value, 'u_tor_trans_port',
 			_('Transparent proxy port'));
 		o.rmempty   = false;
 		o.default   = tools.defaultConfig.tor_trans_port;
 		o.datatype  = 'port';
 		o.modalonly = true;
@@ -586,6 +588,7 @@ return view.extend({
 		o = ss.taboption('u_tor_tab', form.Value, 'u_onion_dns_addr',
 			_("Optional DNS resolver for '.onion' zone"), '<code>ipaddress#port</code>');
 		o.rmempty   = false;
 		o.default   = tools.defaultConfig.onion_dns_addr;
 		o.validate  = this.validateIpPort;
 		o.modalonly = true;
@@ -599,7 +602,7 @@ return view.extend({
 		o.multiple  = false;
 		o.noaliases = true;
 		o.rmempty   = false;
-		o.default   = 'tun0';
+		o.default   = tools.defaultConfig.if_vpn;
 		o.modalonly = true;
 		// U_VPN_GW_IP
@@ -625,19 +628,22 @@ return view.extend({
 		o = ss.taboption('u_tproxy_tab', form.Value, 'u_t_proxy_port_tcp',
 			_('Transparent proxy TCP port'));
 		o.rmempty   = false;
 		o.default   = tools.defaultConfig.t_proxy_port_tcp;
 		o.datatype  = 'port';
 		o.modalonly = true;
 		// U_T_PROXY_ALLOW_UDP
 		o = ss.taboption('u_tproxy_tab', form.Flag, 'u_t_proxy_allow_udp',
 			_('Send UDP traffic to transparent proxy'));
-		o.rmempty = false;
+		o.rmempty   = false;
 		o.default   = 0;
 		o.modalonly = true;
 		// U_T_PROXY_PORT_UDP
 		o = ss.taboption('u_tproxy_tab', form.Value, 'u_t_proxy_port_udp',
 			_('Transparent proxy UDP port'));
 		o.rmempty   = false;
 		o.default   = tools.defaultConfig.t_proxy_port_udp;
 		o.datatype  = 'port';
 		o.modalonly = true;
@@ -34,25 +34,25 @@ document.head.append(E('style', {'type': 'text/css'},
 `));
 return baseclass.extend({
-	appName           : 'ruantiblock',
+	appName             : 'ruantiblock',
-	execPath          : '/usr/bin/ruantiblock',
+	execPath            : '/usr/bin/ruantiblock',
-	tokenFile         : '/var/run/ruantiblock.token',
+	tokenFile           : '/var/run/ruantiblock.token',
-	parsersDir        : '/usr/libexec/ruantiblock',
+	parsersDir          : '/usr/libexec/ruantiblock',
-	dnsmasqCfgDirsRoot: '/tmp',
+	dnsmasqCfgDirsRoot  : '/tmp',
-	torrcFile         : '/etc/tor/torrc',
+	torrcFile           : '/etc/tor/torrc',
-	userEntriesFile   : '/etc/ruantiblock/user_entries',
+	userEntriesFile     : '/etc/ruantiblock/user_entries',
-	userListsDir      : '/etc/ruantiblock/user_lists',
+	userListsDir        : '/etc/ruantiblock/user_lists',
-	bypassEntriesFile : '/etc/ruantiblock/bypass_entries',
+	bypassEntriesFile   : '/etc/ruantiblock/bypass_entries',
-	fqdnFilterFile    : '/etc/ruantiblock/fqdn_filter',
+	fqdnFilterFile      : '/etc/ruantiblock/fqdn_filter',
-	ipFilterFile      : '/etc/ruantiblock/ip_filter',
+	ipFilterFile        : '/etc/ruantiblock/ip_filter',
-	grExcludedNetsFile: '/etc/ruantiblock/gr_excluded_nets',
+	grExcludedNetsFile  : '/etc/ruantiblock/gr_excluded_nets',
-	grExcludedSldFile : '/etc/ruantiblock/gr_excluded_sld',
+	grExcludedSldFile   : '/etc/ruantiblock/gr_excluded_sld',
-	crontabFile       : '/etc/crontabs/root',
+	crontabFile         : '/etc/crontabs/root',
-	infoLabelStarting : '<span class="label-status starting">' + _('Starting') + '</span>',
+	infoLabelStarting   : '<span class="label-status starting">' + _('Starting') + '</span>',
-	infoLabelRunning  : '<span class="label-status running">' + _('Enabled') + '</span>',
+	infoLabelRunning    : '<span class="label-status running">' + _('Enabled') + '</span>',
-	infoLabelUpdating : '<span class="label-status updating">' + _('Updating') + '</span>',
+	infoLabelUpdating   : '<span class="label-status updating">' + _('Updating') + '</span>',
-	infoLabelStopped  : '<span class="label-status stopped">' + _('Disabled') + '</span>',
+	infoLabelStopped    : '<span class="label-status stopped">' + _('Disabled') + '</span>',
-	infoLabelError    : '<span class="label-status error">' + _('Error') + '</span>',
+	infoLabelError      : '<span class="label-status error">' + _('Error') + '</span>',
 	blacklistPresets: {
 		'ruantiblock-fqdn': [ 'ruantiblock', 'fqdn', 'https://github.com/gSpotx2f/ruantiblock_blacklist' ],
@@ -64,6 +64,15 @@ return baseclass.extend({
 		'antifilter-ip'   : [ '*antifilter', 'ip', 'https://antifilter.download' ],
 	},
 	defaultConfig: {
 		'proxy_mode'      : '2',
 		'tor_trans_port'  : '9040',
 		'onion_dns_addr'  : '127.0.0.1#9053',
 		'if_vpn'          : 'tun0',
 		't_proxy_port_tcp': '1100',
 		't_proxy_port_udp': '1100',
 	},
 	callInitStatus: rpc.declare({
 		object: 'luci',
 		method: 'getInitList',
@@ -107,11 +116,11 @@ return baseclass.extend({
 		return (v && typeof(v) === 'string') ? v.trim().replace(/\r?\n/g, '') : v;
 	},
-	makeStatusString: function(
+	makeStatusString(
-								app_status_code,
+					app_status_code,
-								bllist_preset,
+					bllist_preset,
-								bllist_module,
+					bllist_module,
-								vpn_route_status_code) {
+					vpn_route_status_code) {
 		let app_status_label;
 		let spinning = '';
@@ -226,7 +235,7 @@ return baseclass.extend({
 			let textarea = document.getElementById('widget.modal_content');
 			let value    = textarea.value.trim().replace(/\r\n/g, '\n') + '\n';
-			return fs.write(this.file, value).then(async rc => {
+			return fs.write(this.file, value).then(rc => {
 				textarea.value = value;
 				ui.addNotification(null, E('p', _('Contents have been saved.')),
 					'info');
@@ -272,9 +272,6 @@ msgstr "Список хостов, которые исключаются из о
 msgid "Loading"
 msgstr "Загрузка"
 msgid "Local traffic"
 msgstr "Локальный трафик"
 msgid "Log"
 msgstr "Лог"
@@ -287,14 +284,11 @@ msgstr "Уровни логирования"
 msgid "Logread not found"
 msgstr "Logread не найден"
 msgid "Lowest priority"
 msgstr "Самый низкий приоритет"
 msgid "Main settings"
 msgstr "Основные настройки"
 msgid "Match-set"
-msgstr "Правило"
+msgstr "Сет"
 msgid "Message"
 msgstr "Сообщение"
@@ -314,6 +308,9 @@ msgstr "Настройки модуля"
 msgid "Name"
 msgstr "Имя"
 msgid "Nftables rules"
 msgstr "Правила Nftables"
 msgid "No Sсhedule"
 msgstr "Нет расписания"
@@ -502,9 +499,6 @@ msgid ""
 msgstr ""
 "Служба будет выключена и все данные блэклиста будут удалены. Продолжить?"
 msgid "This proxy will receive traffic last, even after the main blacklist"
 msgstr "В этот прокси трафик будет попадать в последнюю очередь, даже после основного блэклиста"
 msgid "Time"
 msgstr "Время"
@@ -523,9 +517,6 @@ msgstr "Конфигурационный файл Tor"
 msgid "Tor mode"
 msgstr "Режим Tor"
 msgid "Transit traffic"
 msgstr "Транзитный трафик"
 msgid "Transparent proxy"
 msgstr "Прозрачный прокси"
@@ -253,9 +253,6 @@ msgstr ""
 msgid "Loading"
 msgstr ""
 msgid "Local traffic"
 msgstr ""
 msgid "Log"
 msgstr ""
@@ -268,9 +265,6 @@ msgstr ""
 msgid "Logread not found"
 msgstr ""
 msgid "Lowest priority"
 msgstr ""
 msgid "Main settings"
 msgstr ""
@@ -295,6 +289,9 @@ msgstr ""
 msgid "Name"
 msgstr ""
 msgid "Nftables rules"
 msgstr ""
 msgid "No Sсhedule"
 msgstr ""
@@ -457,9 +454,6 @@ msgid ""
 "Continue?"
 msgstr ""
 msgid "This proxy will receive traffic last, even after the main blacklist"
 msgstr ""
 msgid "Time"
 msgstr ""
@@ -478,9 +472,6 @@ msgstr ""
 msgid "Tor mode"
 msgstr ""
 msgid "Transit traffic"
 msgstr ""
 msgid "Transparent proxy"
 msgstr ""
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=ruantiblock-mod-lua
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.0
 PKG_RELEASE:=1
 PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=ruantiblock-mod-py
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.0
 PKG_RELEASE:=1
 PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
@@ -5,7 +5,7 @@
 include $(TOPDIR)/rules.mk
 PKG_NAME:=ruantiblock
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.0
 PKG_RELEASE:=1
 PKG_MAINTAINER:=gSpot <https://github.com/gSpotx2f/ruantiblock_openwrt>
@@ -44,7 +44,6 @@ config user_instance 'list1'
 	option u_enable_entries_remote_proxy '0'
 	option u_entries_dns ''
 	option u_enable_fproxy '0'
 	option u_skip_marked_packets '0'
 config user_instance 'list2'
 	option u_enabled '0'
@@ -59,7 +58,6 @@ config user_instance 'list2'
 	option u_enable_entries_remote_proxy '0'
 	option u_entries_dns ''
 	option u_enable_fproxy '0'
 	option u_skip_marked_packets '0'
 config user_instance 'list3'
 	option u_enabled '0'
@@ -74,7 +72,6 @@ config user_instance 'list3'
 	option u_enable_entries_remote_proxy '0'
 	option u_entries_dns ''
 	option u_enable_fproxy '0'
 	option u_skip_marked_packets '0'
 config user_instance 'list4'
 	option u_enabled '0'
@@ -89,7 +86,6 @@ config user_instance 'list4'
 	option u_enable_entries_remote_proxy '0'
 	option u_entries_dns ''
 	option u_enable_fproxy '0'
 	option u_skip_marked_packets '0'
 config user_instance 'list5'
 	option u_enabled '0'
@@ -104,4 +100,3 @@ config user_instance 'list5'
 	option u_enable_entries_remote_proxy '0'
 	option u_entries_dns ''
 	option u_enable_fproxy '0'
 	option u_skip_marked_packets '0'
@@ -7,7 +7,7 @@ if [ "$ACTION" = "ifup" ]; then
    USER_INSTANCES_COMMON="/usr/share/ruantiblock/user_instances_common"
    CONFIG_SCRIPT_USER_INSTANCES="/usr/share/ruantiblock/config_script_user_instances"
    USER_INSTANCES_DIR="/etc/ruantiblock/user_instances"
-    USER_INSTANCE_VARS="U_ENABLED U_NAME U_PROXY_MODE U_TOR_TRANS_PORT U_ONION_DNS_ADDR U_IF_VPN U_VPN_GW_IP U_T_PROXY_TYPE U_T_PROXY_PORT_TCP U_T_PROXY_PORT_UDP U_T_PROXY_ALLOW_UDP U_USER_ENTRIES_DNS U_USER_ENTRIES_REMOTE U_ENABLE_ENTRIES_REMOTE_PROXY U_ENABLE_FPROXY U_FPROXY_LIST U_SKIP_MARKED_PACKETS"
+    USER_INSTANCE_VARS="U_ENABLED U_NAME U_PROXY_MODE U_TOR_TRANS_PORT U_ONION_DNS_ADDR U_IF_VPN U_VPN_GW_IP U_T_PROXY_TYPE U_T_PROXY_PORT_TCP U_T_PROXY_PORT_UDP U_T_PROXY_ALLOW_UDP U_USER_ENTRIES_DNS U_USER_ENTRIES_REMOTE U_ENABLE_ENTRIES_REMOTE_PROXY U_ENABLE_FPROXY U_FPROXY_LIST"
    USER_INSTANCES_MAX=10
    DEBUG=0
    IF_VPN_CURRENT=""
@@ -2,13 +2,13 @@
 ### Настройки ruantiblock ###
 ### Директория данных (генерируемые конфиги dnsmasq, nftset и пр.)
-DATA_DIR="/tmp/ruantiblock"
+DATA_DIR="/var/ruantiblock"
 ### Директория модулей
 MODULES_DIR="/usr/libexec/ruantiblock"
 ### Директория PID-файлов и файлов статуса
-RUN_FILES_DIR="/tmp/run"
+RUN_FILES_DIR="/var/run"
 ### Директория доп. конфигов dnsmasq
-DNSMASQ_CFG_DIR="/tmp/dnsmasq.d"
+DNSMASQ_CFG_DIR="/var/dnsmasq.d"
 ### Команда для перезапуска dnsmasq
 DNSMASQ_RESTART_CMD="/etc/init.d/dnsmasq restart"
 ### Директория для html-страницы статуса (не используется в OpenWrt)
@@ -70,8 +70,6 @@ USER_ENTRIES_REMOTE_DOWNLOAD_ATTEMPTS=3
 USER_ENTRIES_REMOTE_DOWNLOAD_TIMEOUT=60
 ### Кол-во экземпляров записей пользователя (не более 50!)
 USER_INSTANCES_MAX=5
 ### Пропускать мимо фильтра пакеты уже помеченные в записях пользователя (0 - выкл, 1 - вкл)
 SKIP_MARKED_PACKETS=0
 ### Режим списка записей, исключаемых из обхода блокировок (0 - выкл, 1 - вкл)
 BYPASS_MODE=0
 ### DNS-сервер для исключаемых записей (пустая строка - без DNS-сервера). Можно с портом: 8.8.8.8#53. Если в записи указан свой DNS-сервер - он имеет приоритет
@@ -88,14 +88,10 @@ export NFTSET_POLICY_DNSMASQ="performance"
 export NFTSET_DNSMASQ_TIMEOUT="150m"
 ### Динамическое обновление таймаута записей в сете $NFTSET_DNSMASQ (0 - выкл, 1 - вкл)
 export NFTSET_DNSMASQ_TIMEOUT_UPDATE=1
-### Приоритет правила отбора пакетов nftables для конфигупации Tor или прозрачного прокси
+### Приоритет правил отбора пакетов nftables
-export NFT_PRIO_NAT=-140          # dstnat - 10 (-110)
+export NFT_PRIO=-140
-### Приоритет правила отбора пакетов nftables для трафика локальных клиентов в конфигупации Tor или прозрачного прокси
+### Приоритет правил отбора пакетов nftables для трафика локальных клиентов
-export NFT_PRIO_NAT_LOCAL=-140    # dstnat - 10 (-110)
+export NFT_PRIO_LOCAL=-140
 ### Приоритет правила отбора пакетов nftables для VPN-конфигурации
 export NFT_PRIO_ROUTE=-140        # mangle + 10
 ### Приоритет правила отбора пакетов nftables для трафика локальных клиентов в VPN-конфигурации
 export NFT_PRIO_ROUTE_LOCAL=-140  # mangle + 10
 ### Кол-во попыток скачивания удаленного файла записей пользователя (в случае неудачи)
 export USER_ENTRIES_REMOTE_DOWNLOAD_ATTEMPTS=3
 ### Таймаут между попытками скачивания
@@ -105,11 +101,9 @@ export USER_INSTANCES_DIR="${CONFIG_DIR}/user_instances"
 ### Директория списков записей пользователя
 export USER_LISTS_DIR="${CONFIG_DIR}/user_lists"
 ### Переменные экземпляров записей пользователя
-export USER_INSTANCE_VARS="U_ENABLED U_NAME U_PROXY_MODE U_TOR_TRANS_PORT U_ONION_DNS_ADDR U_IF_VPN U_VPN_GW_IP U_T_PROXY_TYPE U_T_PROXY_PORT_TCP U_T_PROXY_PORT_UDP U_T_PROXY_ALLOW_UDP U_USER_ENTRIES_DNS U_USER_ENTRIES_REMOTE U_ENABLE_ENTRIES_REMOTE_PROXY U_ENABLE_FPROXY U_FPROXY_LIST U_SKIP_MARKED_PACKETS"
+export USER_INSTANCE_VARS="U_ENABLED U_NAME U_PROXY_MODE U_TOR_TRANS_PORT U_ONION_DNS_ADDR U_IF_VPN U_VPN_GW_IP U_T_PROXY_TYPE U_T_PROXY_PORT_TCP U_T_PROXY_PORT_UDP U_T_PROXY_ALLOW_UDP U_USER_ENTRIES_DNS U_USER_ENTRIES_REMOTE U_ENABLE_ENTRIES_REMOTE_PROXY U_ENABLE_FPROXY U_FPROXY_LIST"
 ### Кол-во экземпляров записей пользователя (не более 50!)
 export USER_INSTANCES_MAX=5
 ### Пропускать мимо фильтра пакеты уже помеченные в записях пользователя (0 - выкл, 1 - вкл)
 export SKIP_MARKED_PACKETS=0
 ### Режим списка IP адресов исключаемых из обхода блокировок (0 - выкл, 1 - вкл)
 export BYPASS_MODE=0
 ### DNS-сервер для исключаемых записей (пустая строка - без DNS-сервера). Можно с портом: 8.8.8.8#53. Если в записи указан свой DNS-сервер - он имеет приоритет
@@ -250,7 +244,6 @@ export NFTSET_ONION="onion"
 export NFTSET_CIDR="c"
 export NFTSET_IP="i"
 export NFTSET_DNSMASQ="d"
 export NFTSET_MARK_SET="mark_set"
 export NFTSET_ALLOWED_HOSTS_TYPE="ipv4_addr"
 export NFTSET_BYPASS_IP_TYPE="ipv4_addr"
 export NFTSET_BYPASS_FQDN_TYPE="ipv4_addr"
@@ -260,7 +253,6 @@ export NFTSET_BLLIST_PROXY_TYPE="ipv4_addr"
 export NFTSET_CIDR_TYPE="ipv4_addr"
 export NFTSET_IP_TYPE="ipv4_addr"
 export NFTSET_DNSMASQ_TYPE="ipv4_addr"
 export NFTSET_MARK_SET_TYPE="mark"
 export NFTSET_CIDR_PATTERN="set %s {type ${NFTSET_CIDR_TYPE};size ${NFTSET_MAXELEM_CIDR};policy ${NFTSET_POLICY_CIDR};flags interval;auto-merge;"
 export NFTSET_IP_PATTERN="set %s {type ${NFTSET_IP_TYPE};size ${NFTSET_MAXELEM_IP};policy ${NFTSET_POLICY_IP};flags dynamic;"
 export NFTSET_CIDR_STRING_MAIN=`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}"`
@@ -318,7 +310,7 @@ cat << EOF
        reload : Renew nftables configuration
        update : Update blacklist
        force-update : Force update blacklist
-        blacklist-files : Create ${IP_DATA_FILE}, ${DNSMASQ_DATA_FILE}, ${DNSMASQ_DATA_FILE_BYPASS} (without network functions)
+        blacklist-files : Create ${IP_DATA_FILE}, ${IP_DATA_FILE_USER_INSTANCES}, ${DNSMASQ_DATA_FILE}, ${DNSMASQ_DATA_FILE_USER_INSTANCES}, ${IP_DATA_FILE_BYPASS}, ${DNSMASQ_DATA_FILE_BYPASS} (without network functions)
        status : Status & some info
        raw-status : Return code: 0 - enabled, 1 - error, 2 - disabled, 3 - starting, 4 - updating
        html-info : Return the html-info output
@@ -422,7 +414,7 @@ FlushInstancesNftSets() {
        if [ "$_name" = " " ]; then
            _name=""
        else
-            _name="-${_name}"
+            _name=".${_name}"
        fi
        case "$_arg" in
            fqdn)
@@ -456,7 +448,6 @@ AddBaseNftSets() {
    if [ -n "$_fproxy_private" ]; then
        $NFT_CMD add element $NFT_TABLE "$NFTSET_FPROXY_PRIVATE" { "$_fproxy_private" }
    fi
    $NFT_CMD add set $NFT_TABLE "$NFTSET_MARK_SET" { type "$NFTSET_MARK_SET_TYPE"\; }
 }
 MakeInstanceNftSets() {
@@ -464,7 +455,7 @@ MakeInstanceNftSets() {
    if [ "$_name" = " " ]; then
        _name=""
    else
-        _name="-${_name}"
+        _name=".${_name}"
    fi
    $NFT_CMD add set $NFT_TABLE "${NFTSET_CIDR}${_name}" { type "$NFTSET_CIDR_TYPE"\; size $NFTSET_MAXELEM_CIDR\; policy "$NFTSET_POLICY_CIDR"\; flags interval\; auto-merge\; }
    $NFT_CMD add set $NFT_TABLE "${NFTSET_IP}${_name}" { type "$NFTSET_IP_TYPE"\; size $NFTSET_MAXELEM_IP\; policy "$NFTSET_POLICY_IP"\; flags dynamic\; }
@@ -494,7 +485,7 @@ UpdateBllistProxySet() {
    if [ "$_name" = " " ]; then
        _name=""
    else
-        _name="-${_name}"
+        _name=".${_name}"
    fi
    FlushNftSets "${NFTSET_BLLIST_PROXY}${_name}"
    for _host in `echo "$_urls" | $AWK_CMD '
@@ -564,21 +555,16 @@ AddUserInstancesNftRules() {
    do
        IncludeUserInstanceVars "$_inst"
        if [ "$U_PROXY_MODE" = "2" ]; then
            _chain_prio_first=$(($NFT_PRIO_ROUTE + $USER_INSTANCES_MAX + $_prio_offset))
            _chain_prio_local=$(($NFT_PRIO_ROUTE_LOCAL + $USER_INSTANCES_MAX + $_prio_offset))
            _vpn_route_table_id=$(($_vpn_route_table_id + 1))
            _route_table_id=$_vpn_route_table_id
        else
            _chain_prio_first=$(($NFT_PRIO_NAT + $USER_INSTANCES_MAX + $_prio_offset))
            _chain_prio_local=$(($NFT_PRIO_NAT_LOCAL + $USER_INSTANCES_MAX + $_prio_offset))
            if [ "$U_PROXY_MODE" = "3" -a "$U_T_PROXY_TYPE" = "1" ]; then
                _tproxy_route_table_id=$(($_tproxy_route_table_id + 1))
            fi
            _route_table_id=$_tproxy_route_table_id
        fi
        _pkts_mark=$(($_pkts_mark + 1))
-        NftInstanceAdd "\"$U_NAME\"" $_pkts_mark $_chain_prio_first $_chain_prio_local $U_PROXY_MODE $U_TOR_TRANS_PORT $_route_table_id "\"$U_IF_VPN\"" $U_T_PROXY_TYPE $U_T_PROXY_PORT_TCP $U_T_PROXY_PORT_UDP $U_T_PROXY_ALLOW_UDP $U_ENABLE_ENTRIES_REMOTE_PROXY $U_ENABLE_FPROXY $U_SKIP_MARKED_PACKETS "\"$U_VPN_GW_IP\""
+        NftInstanceAdd "\"$U_NAME\"" $_pkts_mark $U_PROXY_MODE $U_TOR_TRANS_PORT $_route_table_id "\"$U_IF_VPN\"" $U_T_PROXY_TYPE $U_T_PROXY_PORT_TCP $U_T_PROXY_PORT_UDP $U_T_PROXY_ALLOW_UDP $U_ENABLE_ENTRIES_REMOTE_PROXY $U_ENABLE_FPROXY "\"$U_VPN_GW_IP\""
        $NFT_CMD add element $NFT_TABLE "$NFTSET_MARK_SET" { $_pkts_mark }
        ClearUserInstanceVars
        _prio_offset=$(($_prio_offset - 1))
    done
@@ -602,32 +588,26 @@ DeleteUserInstancesNftRules() {
 }
 AddNftRules() {
-    local _chain_prio_first _chain_prio_local _route_table_id
+    local _chain_prio_first _chain_prio_local _chain_prio_fproxy _chain_prio_action _route_table_id
-    if [ "$PROXY_MODE" = "2" ]; then
+    _chain_prio_first=$NFT_PRIO
-        _chain_prio_first=$NFT_PRIO_ROUTE
+    _chain_prio_local=$NFT_PRIO_LOCAL
-        _chain_prio_local=$NFT_PRIO_ROUTE_LOCAL
+    _chain_prio_fproxy=$(($NFT_PRIO + 1))
-        _chain_prio_sink=$(($NFT_PRIO_ROUTE + $USER_INSTANCES_MAX + 1))
+    _chain_prio_action=$(($NFT_PRIO + 2))
-        _chain_prio_action=$(($NFT_PRIO_ROUTE + $USER_INSTANCES_MAX + 2))
+    _route_table_id=$VPN_ROUTE_TABLE_ID_START
-        _route_table_id=$VPN_ROUTE_TABLE_ID_START
+    NftAddBaseChains $_chain_prio_first $_chain_prio_local $_chain_prio_fproxy
    else
        _chain_prio_first=$NFT_PRIO_NAT
        _chain_prio_local=$NFT_PRIO_NAT_LOCAL
        _chain_prio_sink=$(($NFT_PRIO_NAT + $USER_INSTANCES_MAX + 1))
        _chain_prio_action=$(($NFT_PRIO_NAT + $USER_INSTANCES_MAX + 2))
        _route_table_id=$TPROXY_ROUTE_TABLE_ID_START
    fi
    NftAddActionChains $_chain_prio_action
    NftAddSinkChains $_chain_prio_sink
    AddUserInstancesNftRules
-    NftInstanceAdd "\" \"" $PKTS_MARK_START $_chain_prio_first $_chain_prio_local $PROXY_MODE $TOR_TRANS_PORT $_route_table_id "\"$IF_VPN\"" $T_PROXY_TYPE $T_PROXY_PORT_TCP $T_PROXY_PORT_UDP $T_PROXY_ALLOW_UDP $ENABLE_BLLIST_PROXY $ENABLE_FPROXY $SKIP_MARKED_PACKETS "\"$VPN_GW_IP\""
+    NftInstanceAdd "\" \"" $PKTS_MARK_START $PROXY_MODE $TOR_TRANS_PORT $_route_table_id "\"$IF_VPN\"" $T_PROXY_TYPE $T_PROXY_PORT_TCP $T_PROXY_PORT_UDP $T_PROXY_ALLOW_UDP $ENABLE_BLLIST_PROXY $ENABLE_FPROXY "\"$VPN_GW_IP\""
-    $NFT_CMD add element $NFT_TABLE "$NFTSET_MARK_SET" { $PKTS_MARK_START }
+    if [ "$PROXY_LOCAL_CLIENTS" = "1" ]; then
        NftAddLocalClientsRule
    fi
 }
 DeleteNftRules() {
    NftInstanceDelete " "
    DeleteUserInstancesNftRules
    NftDeleteSinkChains
    NftDeleteActionChains
    NftDeleteBaseChains
    if [ "$PROXY_MODE" = "2" ]; then
        NftRouteDelete $VPN_ROUTE_TABLE_ID_START 2> /dev/null
    elif [ "$PROXY_MODE" = "3" -a "$T_PROXY_TYPE" = "1" ]; then
@@ -645,7 +625,7 @@ SetNetConfig() {
 DropNetConfig() {
    DeleteNftRules
    FlushInstancesNftSets
-    FlushNftSets "$NFTSET_ALLOWED_HOSTS" "$NFTSET_FPROXY_PRIVATE" "$NFTSET_BLLIST_PROXY" "$NFTSET_BYPASS_IP" "$NFTSET_BYPASS_FQDN" "$NFTSET_MARK_SET"
+    FlushNftSets "$NFTSET_ALLOWED_HOSTS" "$NFTSET_FPROXY_PRIVATE" "$NFTSET_BLLIST_PROXY" "$NFTSET_BYPASS_IP" "$NFTSET_BYPASS_FQDN"
 }
 DestroyNetConfig() {
@@ -654,7 +634,7 @@ DestroyNetConfig() {
 }
 CheckStatus() {
-    NftReturnInstanceStatus " "
+    NftReturnStatus
    return $?
 }
@@ -675,22 +655,6 @@ GetVpnRouteStatus() {
    return $_ret_val
 }
 GetBllistChains() {
    local _inst
    for _inst in $USER_INSTANCES_ALL " "
    do
        NftListBllistChain "$_inst"
    done
 }
 GetBllistChainsJson() {
    local _inst
    for _inst in $USER_INSTANCES_ALL " "
    do
        NftListBllistChainJson "$_inst"
    done
 }
 ClearDataFiles() {
    local _arg="$1"
    if [ -d "$DATA_DIR" ]; then
@@ -781,8 +745,8 @@ AddBypassEntries() {
 ParseUserEntries() {
    $AWK_CMD -v NFTSET_IP_STRING="$1" -v NFTSET_CIDR_STRING="$2" -v NFTSET_DNSMASQ="$3" \
-         -v IP_DATA_FILE="$4" -v DNSMASQ_DATA_FILE="$5" -v USER_ENTRIES_STATUS_FILE="$6" \
+        -v IP_DATA_FILE="$4" -v DNSMASQ_DATA_FILE="$5" -v USER_ENTRIES_STATUS_FILE="$6" \
-         -v ID="$7" -v USER_ENTRIES_DNS="$8" '
+        -v ID="$7" -v USER_ENTRIES_DNS="$8" '
        BEGIN {
            null = "";
            ip_array[0] = null;
@@ -880,14 +844,14 @@ AddUserEntries() {
            MakeLogRecord "debug" "ruantiblock.AddUserEntries._instance_entries_file=${_instance_entries_file}"
        fi
-        printf "flush set %s %s\nflush set %s %s\n" "$NFT_TABLE" "${NFTSET_CIDR}-${_inst}" "$NFT_TABLE" "${NFTSET_IP}-${_inst}" >> "$_ip_data_file_user_instances"
+        printf "flush set %s %s\nflush set %s %s\n" "$NFT_TABLE" "${NFTSET_CIDR}.${_inst}" "$NFT_TABLE" "${NFTSET_IP}.${_inst}" >> "$_ip_data_file_user_instances"
        if [ "$U_PROXY_MODE" != "2" -a "$U_PROXY_MODE" != "3" ]; then
            ### Запись для .onion
-            printf "server=/onion/%s\nnftset=/onion/%s#%s\n" "$U_ONION_DNS_ADDR" "$NFT_TABLE_DNSMASQ" "${NFTSET_ONION}-${_inst}" >> "$_dnsmasq_data_file_user_instances"
+            printf "server=/onion/%s\nnftset=/onion/%s#%s\n" "$U_ONION_DNS_ADDR" "$NFT_TABLE_DNSMASQ" "${NFTSET_ONION}.${_inst}" >> "$_dnsmasq_data_file_user_instances"
        fi
        if [ -f "$_instance_entries_file" ]; then
-            { cat "$_instance_entries_file"; printf "\n0\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}-${_inst}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}-${_inst}"`" "${NFTSET_DNSMASQ}-${_inst}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${_inst}:local" "$U_ENTRIES_DNS"
+            { cat "$_instance_entries_file"; printf "\n0\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}.${_inst}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}.${_inst}"`" "${NFTSET_DNSMASQ}.${_inst}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${_inst}:local" "$U_ENTRIES_DNS"
        fi
        if [ -n "$U_ENTRIES_REMOTE" ]; then
            for _url in $U_ENTRIES_REMOTE
@@ -899,7 +863,7 @@ AddUserEntries() {
                    if [ "$U_ENABLE_ENTRIES_REMOTE_PROXY" = "1" ]; then
                        UpdateBllistProxySet "$_inst" "$_url"
                    fi
-                    { Download - "$_url"; printf "\n$?\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}-${_inst}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}-${_inst}"`" "${NFTSET_DNSMASQ}-${_inst}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${_inst}:${_url}" "$U_ENTRIES_DNS"
+                    { Download - "$_url"; printf "\n$?\n"; } | ParseUserEntries "`printf "$NFTSET_IP_PATTERN" "${NFTSET_IP}.${_inst}"`" "`printf "$NFTSET_CIDR_PATTERN" "${NFTSET_CIDR}.${_inst}"`" "${NFTSET_DNSMASQ}.${_inst}" "$_ip_data_file_user_instances" "$_dnsmasq_data_file_user_instances" "$_user_entries_status_file" "${_inst}:${_url}" "$U_ENTRIES_DNS"
                    if [ $? -eq 0 ]; then
                        _instance_return_code=0
                        break
@@ -921,7 +885,7 @@ AddUserEntries() {
                fi
            done
            if [ "$U_ENABLE_ENTRIES_REMOTE_PROXY" = "1" ]; then
-                FlushNftSets "${NFTSET_BLLIST_PROXY}-${_inst}"
+                FlushNftSets "${NFTSET_BLLIST_PROXY}.${_inst}"
            fi
        fi
        ClearUserInstanceVars
@@ -1193,7 +1157,7 @@ Reload() {
 }
 Status() {
-    local _inst _update_status _user_entries_status _vpn_error
+    local _update_status _user_entries_status _vpn_error
    if [ -f "$UPDATE_STATUS_FILE" ]; then
        _update_status=`$AWK_CMD '{
            update_string=(NF < 4) ? "No data" : $4" (CIDR: "$1" | IP: "$2" | FQDN: "$3")";
@@ -1214,29 +1178,27 @@ Status() {
    if ! GetVpnRouteStatus; then
        _vpn_error="\033[1;31mVPN ROUTING ERROR! (NEED THE RESTART)\033[m"
    fi
-    NftListSinkChain 2> /dev/null | $AWK_CMD -v UPDATE_STATUS="$_update_status" -v USER_ENTRIES_STATUS="$_user_entries_status" -v VPN_ERROR="$_vpn_error" '
+    NftListBllistChain 2> /dev/null | $AWK_CMD -v UPDATE_STATUS="$_update_status" -v USER_ENTRIES_STATUS="$_user_entries_status" -v VPN_ERROR="$_vpn_error" '
        BEGIN {
-             rules_str = "";
+            rules_str = "";
            nftset = "";
            bytes = "";
        }
-        {
+        /@/ {
-            if($0 ~ /(table|chain|type|return|\{|\})/) {
+            if(match($0, /@[^ ]+/) != 0) {
-                next;
+                nftset = substr($0, RSTART+1, RLENGTH-1);
                if(match($0, /bytes [^ ]+/) != 0) {
                    bytes = substr($0, RSTART+6, RLENGTH-6);
                };
                rules_str = rules_str "   Match-set:  " nftset "\n   Bytes:  " bytes "\n\n";
            };
            instance = $NF;
            if(instance == "\"") {
                instance = "-main-";
            };
            gsub("\"", "", instance);
            proto = ($3 ~ /(tcp|udp)/) ? $3 : "all";
            bytes = (match($0, /bytes [^ ]+/) != 0) ? substr($0, RSTART+6, RLENGTH-6) : "";
            rules_str = rules_str "   Instance:\t" instance "\n   Protocol:\t" proto "\n   Bytes:\t" bytes "\n\n";
        }
        END {
            if(NR == 0) {
                printf "\n \033[1m" ENVIRON["NAME"] " status\033[m: \033[1mDisabled\033[m\n\n";
                exit 2;
            };
-            printf "\n \033[1m" ENVIRON["NAME"] " status\033[m: \033[1;32mEnabled\033[m\n\n  DNSMASQ_CFG_DIR: " ENVIRON["DNSMASQ_CFG_DIR"] "\n\n  PROXY_LOCAL_CLIENTS: " ENVIRON["PROXY_LOCAL_CLIENTS"] "\n\n  Main Instance: \n   PROXY_MODE: " ENVIRON["PROXY_MODE"] "\n   BLLIST_PRESET: " ENVIRON["BLLIST_PRESET"] "\n   BLLIST_MODULE: " ENVIRON["BLLIST_MODULE"] "\n";
+            printf "\n \033[1m" ENVIRON["NAME"] " status\033[m: \033[1;32mEnabled\033[m\n\n  PROXY_MODE: " ENVIRON["PROXY_MODE"] "\n  PROXY_LOCAL_CLIENTS: " ENVIRON["PROXY_LOCAL_CLIENTS"] "\n  BLLIST_PRESET: " ENVIRON["BLLIST_PRESET"] "\n  BLLIST_MODULE: " ENVIRON["BLLIST_MODULE"] "\n";
            printf "\n  "UPDATE_STATUS"\n";
            if(length(USER_ENTRIES_STATUS) > 0) {
                printf "\n"USER_ENTRIES_STATUS"\n";
@@ -1244,37 +1206,9 @@ Status() {
            if(length(VPN_ERROR) > 0) {
                printf "\n  "VPN_ERROR"\n";
            };
-            printf "\n  Transit traffic:\n\n";
+            printf "\n  \033[4mNftables rules\033[m:\n\n";
            printf rules_str;
        }'
    if [ $? -eq 0 -a "$PROXY_LOCAL_CLIENTS" = "1" ]; then
        NftListSinkLocalChain 2> /dev/null | $AWK_CMD -v UPDATE_STATUS="$_update_status" -v USER_ENTRIES_STATUS="$_user_entries_status" '
            BEGIN {
                rules_str = "";
            }
            {
                if($0 ~ /(table|chain|type|return|\{|\})/) {
                    next;
                };
                instance = $NF;
                if(instance == "\"") {
                    instance = "-main-";
                };
                gsub("\"", "", instance);
                proto = ($3 ~ /(tcp|udp)/) ? $3 : "all";
                bytes = (match($0, /bytes [^ ]+/) != 0) ? substr($0, RSTART+6, RLENGTH-6) : "";
                rules_str = rules_str "   Instance:\t" instance "\n   Protocol:\t" proto "\n   Bytes:\t" bytes "\n\n";
            }
            END {
                if(NR == 0) {
                    exit 2;
                };
                printf "  Local traffic:\n\n";
                printf rules_str;
            }'
    else
        return 2
    fi
 }
 StatusOutput() {
@@ -1,4 +1,4 @@
-UCI_VARS="u_enabled u_proxy_mode u_tor_trans_port u_onion_dns_addr u_if_vpn u_vpn_gw_ip u_t_proxy_type u_t_proxy_port_tcp u_t_proxy_port_udp u_t_proxy_allow_udp u_entries_dns u_entries_remote u_enable_entries_remote_proxy u_enable_fproxy u_fproxy_list u_skip_marked_packets"
+UCI_VARS="u_enabled u_proxy_mode u_tor_trans_port u_onion_dns_addr u_if_vpn u_vpn_gw_ip u_t_proxy_type u_t_proxy_port_tcp u_t_proxy_port_udp u_t_proxy_allow_udp u_entries_dns u_entries_remote u_enable_entries_remote_proxy u_enable_fproxy u_fproxy_list"
 UCI_CMD=`which uci`
 if [ $? -ne 0 ]; then
    echo " Error! UCI doesn't exists" >&2
@@ -7,7 +7,7 @@ fi
 AWK_CMD="awk"
 ListUserInstances() {
-    $UCI_CMD export "$NAME" | $AWK_CMD -v TYPE="user_instance" '
+    $UCI_CMD -n export "$NAME" | $AWK_CMD -v TYPE="user_instance" '
    BEGIN {
        instances="";
    }
@@ -33,30 +33,36 @@ Info() {
    else
        _user_entries_status="[]"
    fi
-    NftListSinkChainJson 2> /dev/null | $AWK_CMD -v UPDATE_STATUS="$_update_status" -v USER_ENTRIES_STATUS="$_user_entries_status" '
+    NftListBllistChainJson 2> /dev/null | $AWK_CMD -v UPDATE_STATUS="$_update_status" -v USER_ENTRIES_STATUS="$_user_entries_status" '
        BEGIN {
            rules_str = "";
        }
        {
            rules_str = rules_str $0;
        }
        END {
            if(NR == 0) {
                printf "{\"status\": \"disabled\"}";
                exit 1;
            } else {
-                printf "{\"status\": \"enabled\",\"last_blacklist_update\": %s,\"user_entries\" :%s,\"sink\": %s", UPDATE_STATUS, USER_ENTRIES_STATUS, $0;
+                printf "{\"status\":\"enabled\",\"last_blacklist_update\":%s,\"user_entries\":%s,\"rules\":%s", UPDATE_STATUS, USER_ENTRIES_STATUS, rules_str;
                exit 0;
            };
        }'
    if [ $? -eq 0 ]; then
        if [ "$PROXY_LOCAL_CLIENTS" = "1" ]; then
            printf ",\"sink_local\":"
            NftListSinkLocalChainJson 2> /dev/null
        fi
        printf ",\"dnsmasq\":"
        $NFT_CMD -j list set $NFT_TABLE "$NFTSET_DNSMASQ" 2> /dev/null
        printf ",\"dnsmasq_user_instances\":["
        for _inst in $USER_INSTANCES_ALL
        do
-            $NFT_CMD -j list set $NFT_TABLE "${NFTSET_DNSMASQ}-${_inst}" 2> /dev/null
+            $NFT_CMD -j list set $NFT_TABLE "${NFTSET_DNSMASQ}.${_inst}" 2> /dev/null
            printf ","
        done
        printf "{\"dummy\": {}}]"
        if [ "$BYPASS_MODE" = "1" ]; then
            printf ",\"dnsmasq_bypass\":"
            $NFT_CMD -j list set $NFT_TABLE "$NFTSET_BYPASS_FQDN" 2> /dev/null
        fi
        printf "}"
    fi
 }
@@ -1,24 +1,22 @@
 NFT_ALLOWED_HOSTS_CHAIN="allowed_hosts"
 NFT_BLLIST_CHAIN="blacklist"
 NFT_FPROXY_FILTER="fproxy_filter"
 NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN="dnsmasq_timeout_update"
 NFT_MARK_CHAIN="mark_chain"
 NFT_LOCAL_CLIENTS_CHAIN="local_clients"
-NFT_SINK_CHAIN="sink"
+NFT_FPROXY_CHAIN="fproxy_chain"
 NFT_SINK_LOCAL_CHAIN="sink_local"
 NFT_ACTION_FILTER_CHAIN="action_filter"
 NFT_ACTION_NAT_CHAIN="action_nat"
 NFT_ACTION_NAT_LOCAL_CHAIN="action_nat_local"
 case "$ALLOWED_HOSTS_MODE" in
    "1")
-        NFT_ALLOWED_HOSTS_PATTERN="ip saddr @${NFTSET_ALLOWED_HOSTS} jump ${NFT_BLLIST_CHAIN}%s"
+        NFT_ALLOWED_HOSTS_PATTERN="ip saddr @${NFTSET_ALLOWED_HOSTS} jump ${NFT_BLLIST_CHAIN}"
    ;;
    "2")
-        NFT_ALLOWED_HOSTS_PATTERN="ip saddr != @${NFTSET_ALLOWED_HOSTS} jump ${NFT_BLLIST_CHAIN}%s"
+        NFT_ALLOWED_HOSTS_PATTERN="ip saddr != @${NFTSET_ALLOWED_HOSTS} jump ${NFT_BLLIST_CHAIN}"
    ;;
    *)
-        NFT_ALLOWED_HOSTS_PATTERN="jump ${NFT_BLLIST_CHAIN}%s"
+        NFT_ALLOWED_HOSTS_PATTERN="jump ${NFT_BLLIST_CHAIN}"
    ;;
 esac
@@ -86,35 +84,52 @@ NftRouteStatus() {
    return 1
 }
-NftAddSinkChains() {
+NftAddBaseChains() {
-    local _chain_prio_sink=$1
+    local _chain_prio_first=$1 _chain_prio_local=$2 _chain_prio_fproxy=$3
-    $NFT_CMD add chain $NFT_TABLE "${NFT_SINK_CHAIN}" { type filter hook prerouting priority ${_chain_prio_sink}\; policy accept\; }
+    $NFT_CMD add chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" { type route hook output priority ${_chain_prio_local}\; policy accept\; }
-    $NFT_CMD add chain $NFT_TABLE "${NFT_SINK_LOCAL_CHAIN}" { type route hook output priority ${_chain_prio_sink}\; policy accept\; }
+    $NFT_CMD add chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
-    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_CHAIN}" meta iif lo return
+    $NFT_CMD add chain $NFT_TABLE "$NFT_FPROXY_CHAIN"  { type filter hook prerouting priority ${_chain_prio_fproxy}\; policy accept\; }
    $NFT_CMD add chain $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN" { type filter hook prerouting priority ${_chain_prio_first}\; policy accept\; }
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_FPROXY_CHAIN" meta iif lo return
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_FPROXY_CHAIN" ip daddr "@${NFTSET_FPROXY_PRIVATE}" return
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN" meta iif lo return
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN" "$NFT_ALLOWED_HOSTS_PATTERN"
    if [ "$BYPASS_MODE" = "1" ]; then
        for _set in "$NFTSET_BYPASS_IP" "$NFTSET_BYPASS_FQDN"
        do
            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${_set}" counter accept
        done
    fi
 }
-NftDeleteSinkChains() {
+NftAddLocalClientsRule() {
-    $NFT_CMD delete chain $NFT_TABLE "${NFT_SINK_CHAIN}"
+    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" jump "$NFT_BLLIST_CHAIN"
-    $NFT_CMD delete chain $NFT_TABLE "${NFT_SINK_LOCAL_CHAIN}"
+}
 NftDeleteBaseChains() {
    $NFT_CMD delete chain $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN"
    $NFT_CMD delete chain $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN"
    $NFT_CMD delete chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
    $NFT_CMD delete chain $NFT_TABLE "$NFT_FPROXY_CHAIN"
 }
 NftAddActionChains() {
    local _chain_prio_action=$1
-    $NFT_CMD add chain $NFT_TABLE "${NFT_ACTION_FILTER_CHAIN}" { type filter hook prerouting priority ${_chain_prio_action}\; policy accept\; }
+    $NFT_CMD add chain $NFT_TABLE "$NFT_ACTION_FILTER_CHAIN" { type filter hook prerouting priority ${_chain_prio_action}\; policy accept\; }
-    $NFT_CMD add chain $NFT_TABLE "${NFT_ACTION_NAT_CHAIN}" { type nat hook prerouting priority ${_chain_prio_action}\; policy accept\; }
+    $NFT_CMD add chain $NFT_TABLE "$NFT_ACTION_NAT_CHAIN" { type nat hook prerouting priority ${_chain_prio_action}\; policy accept\; }
-    $NFT_CMD add chain $NFT_TABLE "${NFT_ACTION_NAT_LOCAL_CHAIN}" { type nat hook output priority ${_chain_prio_action}\; policy accept\; }
+    $NFT_CMD add chain $NFT_TABLE "$NFT_ACTION_NAT_LOCAL_CHAIN" { type nat hook output priority ${_chain_prio_action}\; policy accept\; }
 }
 NftDeleteActionChains() {
-    $NFT_CMD delete chain $NFT_TABLE "${NFT_ACTION_FILTER_CHAIN}"
+    $NFT_CMD delete chain $NFT_TABLE "$NFT_ACTION_FILTER_CHAIN"
-    $NFT_CMD delete chain $NFT_TABLE "${NFT_ACTION_NAT_CHAIN}"
+    $NFT_CMD delete chain $NFT_TABLE "$NFT_ACTION_NAT_CHAIN"
-    $NFT_CMD delete chain $NFT_TABLE "${NFT_ACTION_NAT_LOCAL_CHAIN}"
+    $NFT_CMD delete chain $NFT_TABLE "$NFT_ACTION_NAT_LOCAL_CHAIN"
 }
 NftInstanceAdd() {
    local _i _inst _first_chain_type _t_proxy_statement _chain_action_type _set
-    for _i in "_name" "_pkts_mark" "_chain_prio_first" "_chain_prio_local" "_proxy_mode" "_tor_trans_port" "_route_table_id" "_if_vpn" "_t_proxy_type" "_t_proxy_port_tcp" "_t_proxy_port_udp" "_t_proxy_allow_udp" "_enable_bllist_proxy" "_enable_fproxy" "_skip_marked_packets" "_vpn_gw_ip"
+    for _i in "_name" "_pkts_mark" "_proxy_mode" "_tor_trans_port" "_route_table_id" "_if_vpn" "_t_proxy_type" "_t_proxy_port_tcp" "_t_proxy_port_udp" "_t_proxy_allow_udp" "_enable_bllist_proxy" "_enable_fproxy" "_vpn_gw_ip"
    do
        eval "local $_i=$1"
        shift
@@ -124,12 +139,12 @@ NftInstanceAdd() {
    if [ "$_name" = " " ]; then
        _name=""
    else
-        _name="-${_name}"
+        _name=".${_name}"
    fi
    if [ $DEBUG -ge 1 ]; then
-        echo "  nft_functions.NftInstanceAdd.args: _name=${_name} _pkts_mark=${_pkts_mark} _chain_prio_first=${_chain_prio_first} _chain_prio_local=${_chain_prio_local} _proxy_mode=${_proxy_mode} _tor_trans_port=${_tor_trans_port} _route_table_id=${_route_table_id} _if_vpn=${_if_vpn} _t_proxy_type=${_t_proxy_type} _t_proxy_port_tcp=${_t_proxy_port_tcp} _t_proxy_port_udp=${_t_proxy_port_udp} _t_proxy_allow_udp=${_t_proxy_allow_udp} _enable_bllist_proxy=${_enable_bllist_proxy} _enable_fproxy=${_enable_fproxy} _skip_marked_packets=${_skip_marked_packets} _vpn_gw_ip=${_vpn_gw_ip}" >&2
+        echo "  nft_functions.NftInstanceAdd.args: _name=${_name} _pkts_mark=${_pkts_mark} _proxy_mode=${_proxy_mode} _tor_trans_port=${_tor_trans_port} _route_table_id=${_route_table_id} _if_vpn=${_if_vpn} _t_proxy_type=${_t_proxy_type} _t_proxy_port_tcp=${_t_proxy_port_tcp} _t_proxy_port_udp=${_t_proxy_port_udp} _t_proxy_allow_udp=${_t_proxy_allow_udp} _enable_bllist_proxy=${_enable_bllist_proxy} _enable_fproxy=${_enable_fproxy} _vpn_gw_ip=${_vpn_gw_ip}" >&2
-        MakeLogRecord "debug" "nft_functions.NftInstanceAdd.args: _name=${_name} _pkts_mark=${_pkts_mark} _chain_prio_first=${_chain_prio_first} _chain_prio_local=${_chain_prio_local} _proxy_mode=${_proxy_mode} _tor_trans_port=${_tor_trans_port} _route_table_id=${_route_table_id} _if_vpn=${_if_vpn} _t_proxy_type=${_t_proxy_type} _t_proxy_port_tcp=${_t_proxy_port_tcp} _t_proxy_port_udp=${_t_proxy_port_udp} _t_proxy_allow_udp=${_t_proxy_allow_udp} _enable_bllist_proxy=${_enable_bllist_proxy} _enable_fproxy=${_enable_fproxy} _skip_marked_packets=${_skip_marked_packets} _vpn_gw_ip=${_vpn_gw_ip}"
+        MakeLogRecord "debug" "nft_functions.NftInstanceAdd.args: _name=${_name} _pkts_mark=${_pkts_mark} _proxy_mode=${_proxy_mode} _tor_trans_port=${_tor_trans_port} _route_table_id=${_route_table_id} _if_vpn=${_if_vpn} _t_proxy_type=${_t_proxy_type} _t_proxy_port_tcp=${_t_proxy_port_tcp} _t_proxy_port_udp=${_t_proxy_port_udp} _t_proxy_allow_udp=${_t_proxy_allow_udp} _enable_bllist_proxy=${_enable_bllist_proxy} _enable_fproxy=${_enable_fproxy} _vpn_gw_ip=${_vpn_gw_ip}"
    fi
    if [ "$NFTSET_DNSMASQ_TIMEOUT_UPDATE" = "1" ]; then
@@ -138,71 +153,43 @@ NftInstanceAdd() {
        _nft_dnsmasq_rule_target="${NFT_MARK_CHAIN}${_name}"
    fi
    $NFT_CMD add chain $NFT_TABLE "${NFT_LOCAL_CLIENTS_CHAIN}${_name}" { type route hook output priority ${_chain_prio_local}\; policy accept\; }
    $NFT_CMD add chain $NFT_TABLE "${NFT_MARK_CHAIN}${_name}"
    $NFT_CMD add chain $NFT_TABLE "${NFT_FPROXY_FILTER}${_name}"
    $NFT_CMD add chain $NFT_TABLE "${NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN}${_name}"
    $NFT_CMD add chain $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}"
    $NFT_CMD add chain $NFT_TABLE "${NFT_ALLOWED_HOSTS_CHAIN}${_name}" { type filter hook prerouting priority ${_chain_prio_first}\; policy accept\; }
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_FPROXY_FILTER}${_name}" ip daddr "@${NFTSET_FPROXY_PRIVATE}" return
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_FPROXY_FILTER}${_name}" jump "${NFT_MARK_CHAIN}${_name}"
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN}${_name}" ct state new set update ip daddr "@${NFTSET_DNSMASQ}${_name}"
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN}${_name}" jump "${NFT_MARK_CHAIN}${_name}"
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ALLOWED_HOSTS_CHAIN}${_name}" "`printf "$NFT_ALLOWED_HOSTS_PATTERN" "$_name"`"
-    if [ "$_proxy_mode" = "2" ]; then
+    if [ "$_proxy_mode" = "3" ]; then
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_CHAIN}" meta mark $_pkts_mark counter comment \""$_inst"\"
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_LOCAL_CHAIN}" meta mark $_pkts_mark counter comment \""$_inst"\"
    elif [ "$_proxy_mode" = "3" ]; then
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_CHAIN}" meta l4proto tcp meta mark $_pkts_mark counter comment \""$_inst"\"
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_LOCAL_CHAIN}" meta l4proto tcp meta mark $_pkts_mark counter comment \""$_inst"\"
        if [ "$_t_proxy_type" = "1" ]; then
-            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_FILTER_CHAIN}" meta l4proto tcp meta mark $_pkts_mark tproxy to ":${_t_proxy_port_tcp}" comment \""$_inst"\"
+            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_FILTER_CHAIN" meta l4proto tcp meta mark $_pkts_mark tproxy to ":${_t_proxy_port_tcp}" comment \""$_inst"\"
            if [ "$_t_proxy_allow_udp" = "1" ]; then
-                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_FILTER_CHAIN}" meta l4proto udp meta mark $_pkts_mark tproxy to ":${_t_proxy_port_udp}" comment \""$_inst"\"
+                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_FILTER_CHAIN" meta l4proto udp meta mark $_pkts_mark tproxy to ":${_t_proxy_port_udp}" comment \""$_inst"\"
                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_CHAIN}" meta l4proto udp meta mark $_pkts_mark counter comment \""$_inst"\"
                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_LOCAL_CHAIN}" meta l4proto udp meta mark $_pkts_mark counter comment \""$_inst"\"
            fi
        else
-            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_NAT_CHAIN}" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_t_proxy_port_tcp}" comment \""$_inst"\"
+            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_NAT_CHAIN" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_t_proxy_port_tcp}" comment \""$_inst"\"
-            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_NAT_LOCAL_CHAIN}" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_t_proxy_port_tcp}" comment \""$_inst"\"
+            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_NAT_LOCAL_CHAIN" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_t_proxy_port_tcp}" comment \""$_inst"\"
            if [ "$_t_proxy_allow_udp" = "1" ]; then
-                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_NAT_CHAIN}" meta l4proto udp meta mark $_pkts_mark redirect to ":${_t_proxy_port_udp}" comment \""$_inst"\"
+                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_NAT_CHAIN" meta l4proto udp meta mark $_pkts_mark redirect to ":${_t_proxy_port_udp}" comment \""$_inst"\"
-                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_NAT_LOCAL_CHAIN}" meta l4proto udp meta mark $_pkts_mark redirect to ":${_t_proxy_port_udp}" comment \""$_inst"\"
+                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_NAT_LOCAL_CHAIN" meta l4proto udp meta mark $_pkts_mark redirect to ":${_t_proxy_port_udp}" comment \""$_inst"\"
                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_CHAIN}" meta l4proto udp meta mark $_pkts_mark counter comment \""$_inst"\"
                NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_LOCAL_CHAIN}" meta l4proto udp meta mark $_pkts_mark counter comment \""$_inst"\"
            fi
        fi
    elif [ "$_proxy_mode" != "2" ]; then
-        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_NAT_CHAIN}" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_tor_trans_port}" comment \""$_inst"\"
+        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_NAT_CHAIN" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_tor_trans_port}" comment \""$_inst"\"
-        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_ACTION_NAT_LOCAL_CHAIN}" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_tor_trans_port}" comment \""$_inst"\"
+        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_ACTION_NAT_LOCAL_CHAIN" meta l4proto tcp meta mark $_pkts_mark redirect to ":${_tor_trans_port}" comment \""$_inst"\"
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_CHAIN}" meta l4proto tcp meta mark $_pkts_mark counter comment \""$_inst"\"
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_SINK_LOCAL_CHAIN}" meta l4proto tcp meta mark $_pkts_mark counter comment \""$_inst"\"
    fi
    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_MARK_CHAIN}${_name}" mark set $_pkts_mark
    if [ "$_proxy_mode" != "2" -a "$_proxy_mode" != "3" ]; then
-        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}" ip daddr "@${NFTSET_ONION}${_name}" counter goto "${NFT_MARK_CHAIN}${_name}"
+        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${NFTSET_ONION}${_name}" counter goto "${NFT_MARK_CHAIN}${_name}" comment \""$_inst"\"
    fi
    if [ "$_skip_marked_packets" = "1" ]; then
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}" meta mark "@${NFTSET_MARK_SET}" return
    fi
    if [ "$_enable_fproxy" = "1" ]; then
-        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}" ip saddr "@${NFTSET_FPROXY}${_name}" goto "${NFT_FPROXY_FILTER}${_name}"
+        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_FPROXY_CHAIN" ip saddr "@${NFTSET_FPROXY}${_name}" goto "${NFT_MARK_CHAIN}${_name}" comment \""$_inst"\"
    fi
    if [ "$BYPASS_MODE" = "1" ]; then
        for _set in "$NFTSET_BYPASS_IP" "$NFTSET_BYPASS_FQDN"
        do
            NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}" ip daddr "@${_set}" accept
        done
    fi
    for _set in "${NFTSET_CIDR}${_name}" "${NFTSET_IP}${_name}"
    do
-        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}" ip daddr "@${_set}" counter goto "${NFT_MARK_CHAIN}${_name}"
+        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${_set}" counter goto "${NFT_MARK_CHAIN}${_name}" comment \""$_inst"\"
    done
-    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}" ip daddr "@${NFTSET_DNSMASQ}${_name}" counter goto "$_nft_dnsmasq_rule_target"
+    NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_BLLIST_CHAIN" ip daddr "@${NFTSET_DNSMASQ}${_name}" counter goto "$_nft_dnsmasq_rule_target" comment \""$_inst"\"
    if [ "$_proxy_mode" = "2" ]; then
        NftRouteAdd vpn $_route_table_id $_pkts_mark "$_if_vpn" "$_vpn_gw_ip"
@@ -211,10 +198,7 @@ NftInstanceAdd() {
    fi
    if [ "$_enable_bllist_proxy" = "1" ]; then
-        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_LOCAL_CLIENTS_CHAIN}${_name}" ip daddr "@${NFTSET_BLLIST_PROXY}${_name}" counter goto "${NFT_MARK_CHAIN}${_name}"
+        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "$NFT_LOCAL_CLIENTS_CHAIN" ip daddr "@${NFTSET_BLLIST_PROXY}${_name}" counter goto "${NFT_MARK_CHAIN}${_name}" comment \""$_inst"\"
    fi
    if [ "$PROXY_LOCAL_CLIENTS" = "1" ]; then
        NftCmdWrapper $NFT_CMD add rule $NFT_TABLE "${NFT_LOCAL_CLIENTS_CHAIN}${_name}" jump "${NFT_BLLIST_CHAIN}${_name}"
    fi
 }
@@ -223,59 +207,21 @@ NftInstanceDelete() {
    if [ -z "$_name" -o "$_name" = " " ]; then
        _name=""
    else
-        _name="-${_name}"
+        _name=".${_name}"
    fi
    $NFT_CMD delete chain $NFT_TABLE "${NFT_ALLOWED_HOSTS_CHAIN}${_name}"
    $NFT_CMD delete chain $NFT_TABLE "${NFT_LOCAL_CLIENTS_CHAIN}${_name}"
    $NFT_CMD delete chain $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}"
    $NFT_CMD delete chain $NFT_TABLE "${NFT_DNSMASQ_TIMEOUT_UPDATE_CHAIN}${_name}"
    $NFT_CMD delete chain $NFT_TABLE "${NFT_FPROXY_FILTER}${_name}"
    $NFT_CMD delete chain $NFT_TABLE "${NFT_MARK_CHAIN}${_name}"
 }
 NftListBllistChain() {
-    local _name="$1"
+    $NFT_CMD -t list chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
    if [ -z "$_name" -o "$_name" = " " ]; then
        _name=""
    else
        _name="-${_name}"
    fi
    $NFT_CMD -t list chain $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}"
 }
 NftListBllistChainJson() {
-    local _name="$1"
+    $NFT_CMD -t -j list chain $NFT_TABLE "$NFT_BLLIST_CHAIN"
    if [ -z "$_name" -o "$_name" = " " ]; then
        _name=""
    else
        _name="-${_name}"
    fi
    $NFT_CMD -t -j list chain $NFT_TABLE "${NFT_BLLIST_CHAIN}${_name}"
 }
-NftListSinkChain() {
+NftReturnStatus() {
-    $NFT_CMD -t list chain $NFT_TABLE "$NFT_SINK_CHAIN"
+    $NFT_CMD -c add rule $NFT_TABLE "$NFT_ALLOWED_HOSTS_CHAIN" continue &> /dev/null
 }
 NftListSinkChainJson() {
    $NFT_CMD -t -j list chain $NFT_TABLE "$NFT_SINK_CHAIN"
 }
 NftListSinkLocalChain() {
    $NFT_CMD -t list chain $NFT_TABLE "$NFT_SINK_LOCAL_CHAIN"
 }
 NftListSinkLocalChainJson() {
    $NFT_CMD -t -j list chain $NFT_TABLE "$NFT_SINK_LOCAL_CHAIN"
 }
 NftReturnInstanceStatus() {
    local _name="$1"
    if [ -z "$_name" -o "$_name" = " " ]; then
        _name=""
    else
        _name="-${_name}"
    fi
    $NFT_CMD -c add rule $NFT_TABLE "${NFT_ALLOWED_HOSTS_CHAIN}${_name}" continue &> /dev/null
    return $?
 }