install_easy: warn about --ipset

common/base.sh

@@ -406,12 +406,15 @@ has_bad_ws_options()
 {
 	# $1 - nfqws/tpws opts
 
-	# kernel or user mode ipset usage should be wise
+	contains "$1" "--ipset" && {
-	# if all traffic is already intercepted it would be OK to use ip-based specialized profiles
+		echo
-	# but if all traffic is intercepted only to filter a group of ip its BAD. kernel ipset should be used.
+		echo "WARNING !!! --ipset paramter is present"
-	# I cannot insert brain to copy-pasters, I know they will misuse. But it's their problem.
+		echo "It's OK if you only specialize already redirected traffic and also process the rest."
-	# zapret is not made for newbies
+		echo "If you redirect port X to process several IPs from the list and do nothing with the rest - IT'S VERY INEFFECTIVE !"
-	#contains "$1" "--ipset"
+		echo "Kernel ipsets should be used instead. Write custom scripts and filter IPs in kernel."
+		echo
+	}
+	
 	return 1
 }
 check_bad_ws_options()
@@ -428,8 +431,5 @@ check_bad_ws_options()
 }
 help_bad_ws_options()
 {
-	echo "WARNING ! you have specified --ipset option"
+	echo "WARNING ! BAD options detected"
-	echo "WARNING ! it would work but on ${UNAME:-$(uname)} it's not the best option"
-	echo "WARNING ! you should use kernel mode sets. they are much more efficient."
-	echo "WARNING ! to use ipsets you have to write your own custom script"
 }

docs/changes.txt

@@ -525,3 +525,4 @@ blockcheck: display curl version and kernel version
 install_bin: stop if no binaries found. display help text.
 winws: increase buffers for port filter
 tpws: tpws no more opens /dev/pf in OpenBSD by default. requires --enable-pf like in FreeBSD. this is migration from rdr-to to divert-to redirection scheme.
+install_easy: warn if --ipset parameter is specified