install_easy: warn about --ipset

4 weeks ago · 5eaec085dd
2 changed files with 11 additions and 10 deletions
--- a/common/base.sh
+++ b/common/base.sh
@ -406,12 +406,15 @@ has_bad_ws_options()
 {
 	# $1 - nfqws/tpws opts

-	# kernel or user mode ipset usage should be wise
-	# if all traffic is already intercepted it would be OK to use ip-based specialized profiles
-	# but if all traffic is intercepted only to filter a group of ip its BAD. kernel ipset should be used.
-	# I cannot insert brain to copy-pasters, I know they will misuse. But it's their problem.
-	# zapret is not made for newbies
-	#contains "$1" "--ipset"
+	contains "$1" "--ipset" && {
+		echo
+		echo "WARNING !!! --ipset paramter is present"
+		echo "It's OK if you only specialize already redirected traffic and also process the rest."
+		echo "If you redirect port X to process several IPs from the list and do nothing with the rest - IT'S VERY INEFFECTIVE !"
+		echo "Kernel ipsets should be used instead. Write custom scripts and filter IPs in kernel."
+		echo
+	}
+	
 	return 1
 }
 check_bad_ws_options()
@ -428,8 +431,5 @@ check_bad_ws_options()
 }
 help_bad_ws_options()
 {
-	echo "WARNING ! you have specified --ipset option"
-	echo "WARNING ! it would work but on ${UNAME:-$(uname)} it's not the best option"
-	echo "WARNING ! you should use kernel mode sets. they are much more efficient."
-	echo "WARNING ! to use ipsets you have to write your own custom script"
+	echo "WARNING ! BAD options detected"
 }
--- a/docs/changes.txt
+++ b/docs/changes.txt
@ -525,3 +525,4 @@ blockcheck: display curl version and kernel version
 install_bin: stop if no binaries found. display help text.
 winws: increase buffers for port filter
 tpws: tpws no more opens /dev/pf in OpenBSD by default. requires --enable-pf like in FreeBSD. this is migration from rdr-to to divert-to redirection scheme.
+install_easy: warn if --ipset parameter is specified