From 5eaec085ddfc20bb921937c3a6f54a379dde477a Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Mon, 7 Jul 2025 15:53:46 +0300
Subject: [PATCH] install_easy: warn about --ipset

---
 common/base.sh   | 20 ++++++++++----------
 docs/changes.txt |  1 +
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/common/base.sh b/common/base.sh
index 20b04b6..b84f5cb 100644
--- a/common/base.sh
+++ b/common/base.sh
@@ -406,12 +406,15 @@ has_bad_ws_options()
 {
 	# $1 - nfqws/tpws opts
 
-	# kernel or user mode ipset usage should be wise
-	# if all traffic is already intercepted it would be OK to use ip-based specialized profiles
-	# but if all traffic is intercepted only to filter a group of ip its BAD. kernel ipset should be used.
-	# I cannot insert brain to copy-pasters, I know they will misuse. But it's their problem.
-	# zapret is not made for newbies
-	#contains "$1" "--ipset"
+	contains "$1" "--ipset" && {
+		echo
+		echo "WARNING !!! --ipset paramter is present"
+		echo "It's OK if you only specialize already redirected traffic and also process the rest."
+		echo "If you redirect port X to process several IPs from the list and do nothing with the rest - IT'S VERY INEFFECTIVE !"
+		echo "Kernel ipsets should be used instead. Write custom scripts and filter IPs in kernel."
+		echo
+	}
+	
 	return 1
 }
 check_bad_ws_options()
@@ -428,8 +431,5 @@ check_bad_ws_options()
 }
 help_bad_ws_options()
 {
-	echo "WARNING ! you have specified --ipset option"
-	echo "WARNING ! it would work but on ${UNAME:-$(uname)} it's not the best option"
-	echo "WARNING ! you should use kernel mode sets. they are much more efficient."
-	echo "WARNING ! to use ipsets you have to write your own custom script"
+	echo "WARNING ! BAD options detected"
 }
diff --git a/docs/changes.txt b/docs/changes.txt
index 5beea0a..4044d6d 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -525,3 +525,4 @@ blockcheck: display curl version and kernel version
 install_bin: stop if no binaries found. display help text.
 winws: increase buffers for port filter
 tpws: tpws no more opens /dev/pf in OpenBSD by default. requires --enable-pf like in FreeBSD. this is migration from rdr-to to divert-to redirection scheme.
+install_easy: warn if --ipset parameter is specified