From b878c313f8e232aa44af7cdc6798cb26182cd335 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 11:33:22 +0300
Subject: [PATCH 1/8] init.d: exclude ipban from tpws redirection

---
 common/ipt.sh            | 8 ++++++--
 common/nft.sh            | 8 ++++----
 init.d/openwrt/functions | 4 ----
 init.d/sysv/functions    | 4 ----
 4 files changed, 10 insertions(+), 14 deletions(-)

diff --git a/common/ipt.sh b/common/ipt.sh
index f564b5e..f170ef6 100644
--- a/common/ipt.sh
+++ b/common/ipt.sh
@@ -1,5 +1,9 @@
 std_ports
 ipt_connbytes="-m connbytes --connbytes-dir=original --connbytes-mode=packets --connbytes"
+IPSET_EXCLUDE="-m set ! --match-set nozapret"
+IPSET_EXCLUDE6="-m set ! --match-set nozapret6"
+IPBAN_EXCLUDE="-m set ! --match-set ipban"
+IPBAN_EXCLUDE6="-m set ! --match-set ipban6"
 
 ipt()
 {
@@ -132,7 +136,7 @@ _fw_tpws4()
 
 		ipt_print_op $1 "$2" "tpws (port $3)"
 
-		rule="$2 $IPSET_EXCLUDE dst -j DNAT --to $TPWS_LOCALHOST4:$3"
+		rule="$2 $IPSET_EXCLUDE dst $IPBAN_EXCLUDE dst -j DNAT --to $TPWS_LOCALHOST4:$3"
 		for i in $4 ; do
 			ipt_add_del $1 PREROUTING -t nat -i $i $rule
 	 	done
@@ -160,7 +164,7 @@ _fw_tpws6()
 
 		ipt_print_op $1 "$2" "tpws (port $3)" 6
 
-		rule="$2 $IPSET_EXCLUDE6 dst"
+		rule="$2 $IPSET_EXCLUDE6 dst $IPBAN_EXCLUDE6 dst"
 		for i in $4 ; do
 			_dnat6_target $i DNAT6
 			[ -n "$DNAT6" -a "$DNAT6" != "-" ] && ipt6_add_del $1 PREROUTING -t nat -i $i $rule -j DNAT --to [$DNAT6]:$3
diff --git a/common/nft.sh b/common/nft.sh
index 0bd764d..6d791a4 100644
--- a/common/nft.sh
+++ b/common/nft.sh
@@ -387,8 +387,8 @@ _nft_fw_tpws4()
 	[ "$DISABLE_IPV4" = "1" -o -z "$1" ] || {
 		local filter="$1" port="$2"
 		nft_print_op "$filter" "tpws (port $2)" 4
-		nft_insert_rule dnat_output skuid != $WS_USER ${3:+oifname @wanif }$filter ip daddr != @nozapret $FW_EXTRA_POST dnat ip to $TPWS_LOCALHOST4:$port
-		nft_insert_rule dnat_pre iifname @lanif $filter ip daddr != @nozapret $FW_EXTRA_POST dnat ip to $TPWS_LOCALHOST4:$port
+		nft_insert_rule dnat_output skuid != $WS_USER ${3:+oifname @wanif }$filter ip daddr != @nozapret ip daddr != @ipban $FW_EXTRA_POST dnat ip to $TPWS_LOCALHOST4:$port
+		nft_insert_rule dnat_pre iifname @lanif $filter ip daddr != @nozapret ip daddr != @ipban $FW_EXTRA_POST dnat ip to $TPWS_LOCALHOST4:$port
 		prepare_route_localnet
 	}
 }
@@ -402,9 +402,9 @@ _nft_fw_tpws6()
 	[ "$DISABLE_IPV6" = "1" -o -z "$1" ] || {
 		local filter="$1" port="$2" DNAT6 i
 		nft_print_op "$filter" "tpws (port $port)" 6
-		nft_insert_rule dnat_output skuid != $WS_USER ${4:+oifname @wanif6 }$filter ip6 daddr != @nozapret6 $FW_EXTRA_POST dnat ip6 to [::1]:$port
+		nft_insert_rule dnat_output skuid != $WS_USER ${4:+oifname @wanif6 }$filter ip6 daddr != @nozapret6 ip6 daddr != @ipban6 $FW_EXTRA_POST dnat ip6 to [::1]:$port
 		[ -n "$3" ] && {
-			nft_insert_rule dnat_pre $filter ip6 daddr != @nozapret6 $FW_EXTRA_POST dnat ip6 to iifname map @link_local:$port
+			nft_insert_rule dnat_pre $filter ip6 daddr != @nozapret6 ip6 daddr != @ipban6 $FW_EXTRA_POST dnat ip6 to iifname map @link_local:$port
 			for i in $3; do
 				_dnat6_target $i DNAT6
 				# can be multiple tpws processes on different ports
diff --git a/init.d/openwrt/functions b/init.d/openwrt/functions
index 2cd1e1f..7424723 100644
--- a/init.d/openwrt/functions
+++ b/init.d/openwrt/functions
@@ -30,10 +30,6 @@ LINKLOCAL_WAIT_SEC=5
 
 IPSET_CR="$ZAPRET_BASE/ipset/create_ipset.sh"
 
-IPSET_EXCLUDE="-m set ! --match-set nozapret"
-IPSET_EXCLUDE6="-m set ! --match-set nozapret6"
-
-
 # can be multiple ipv6 outgoing interfaces
 # uplink from isp, tunnelbroker, vpn, ...
 # want them all. who knows what's the real one that blocks sites
diff --git a/init.d/sysv/functions b/init.d/sysv/functions
index abe6098..bfa3d99 100644
--- a/init.d/sysv/functions
+++ b/init.d/sysv/functions
@@ -93,10 +93,6 @@ TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=
 # max wait time for the link local ipv6 on the LAN interface
 LINKLOCAL_WAIT_SEC=5
 
-IPSET_EXCLUDE="-m set ! --match-set nozapret"
-IPSET_EXCLUDE6="-m set ! --match-set nozapret6"
-
-
 dnat6_target()
 {
 	_dnat6_target "$@"

From eb1cf7c15ab175c7195113bdf596e565a0709027 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 12:31:18 +0300
Subject: [PATCH 2/8] base.sh: fix national decimal separator

---
 common/base.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common/base.sh b/common/base.sh
index 0be2614..a425140 100644
--- a/common/base.sh
+++ b/common/base.sh
@@ -241,7 +241,7 @@ fix_sbin_path()
 # it can calculate floating point expr
 calc()
 {
-	awk "BEGIN { print $*}";
+	LC_ALL=C awk "BEGIN { print $*}";
 }
 
 fsleep_setup()

From 50616896c8d39536dede718aadbd26e2a8c1012b Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 12:50:36 +0300
Subject: [PATCH 3/8] ipset: scripts maintenance

---
 ipset/get_reestr_hostlist.sh  | 8 ++++----
 ipset/get_reestr_resolve.sh   | 8 ++++----
 ipset/get_refilter_domains.sh | 2 +-
 ipset/get_refilter_ipsum.sh   | 2 +-
 4 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/ipset/get_reestr_hostlist.sh b/ipset/get_reestr_hostlist.sh
index 2c7450d..afa5d9b 100755
--- a/ipset/get_reestr_hostlist.sh
+++ b/ipset/get_reestr_hostlist.sh
@@ -5,9 +5,9 @@ IPSET_DIR="$(cd "$IPSET_DIR"; pwd)"
 
 . "$IPSET_DIR/def.sh"
 
-ZREESTR="$TMPDIR/zapret.txt"
+ZREESTR="$TMPDIR/zapret.txt.gz"
 IPB="$TMPDIR/ipb.txt"
-ZURL_REESTR=https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv
+ZURL_REESTR=https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv.gz
 
 dl_checked()
 {
@@ -31,11 +31,11 @@ dl_checked()
 
 reestr_list()
 {
- LANG=C cut -s -f2 -d';' "$ZREESTR" | LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p' | $AWK '{ print tolower($0) }'
+ LANG=C gunzip -c "$ZREESTR" | cut -s -f2 -d';' | LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p' | $AWK '{ print tolower($0) }'
 }
 reestr_extract_ip()
 {
- LANG=C nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' "$ZREESTR" | LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
+ LANG=C gunzip -c | nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' | LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
 }
 
 ipban_fin()
diff --git a/ipset/get_reestr_resolve.sh b/ipset/get_reestr_resolve.sh
index 924a073..41adb72 100755
--- a/ipset/get_reestr_resolve.sh
+++ b/ipset/get_reestr_resolve.sh
@@ -5,12 +5,12 @@ IPSET_DIR="$(cd "$IPSET_DIR"; pwd)"
 
 . "$IPSET_DIR/def.sh"
 
-ZREESTR="$TMPDIR/zapret.txt"
+ZREESTR="$TMPDIR/zapret.txt.gz"
 ZDIG="$TMPDIR/zapret-dig.txt"
 IPB="$TMPDIR/ipb.txt"
 ZIPLISTTMP="$TMPDIR/zapret-ip.txt"
 #ZURL=https://reestr.rublacklist.net/api/current
-ZURL_REESTR=https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv
+ZURL_REESTR=https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv.gz
 
 dl_checked()
 {
@@ -34,11 +34,11 @@ dl_checked()
 
 reestr_list()
 {
- LANG=C cut -s -f2 -d';' "$ZREESTR" | LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p'
+ LANG=C gunzip -c "$ZREESTR" | cut -s -f2 -d';' | LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p' | $AWK '{ print tolower($0) }'
 }
 reestr_extract_ip()
 {
- LANG=C nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' "$ZREESTR" | LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
+ LANG=C gunzip -c | nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' | LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
 }
 
 getuser && {
diff --git a/ipset/get_refilter_domains.sh b/ipset/get_refilter_domains.sh
index 88cb7fd..807c025 100755
--- a/ipset/get_refilter_domains.sh
+++ b/ipset/get_refilter_domains.sh
@@ -25,7 +25,7 @@ dl()
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
   fi
-  zzcat "$TMPLIST" | tr -d '\015' | zz "$2"
+  zzcat "$TMPLIST" | zz "$2"
   rm -f "$TMPLIST"
 }
 
diff --git a/ipset/get_refilter_ipsum.sh b/ipset/get_refilter_ipsum.sh
index 811d9ba..f5dd192 100755
--- a/ipset/get_refilter_ipsum.sh
+++ b/ipset/get_refilter_ipsum.sh
@@ -26,7 +26,7 @@ dl()
    exit 2
   fi
   # remove DOS EOL \r
-  zzcat "$TMPLIST" | tr -d '\015' | zz "$2"
+  zzcat "$TMPLIST" | zz "$2"
   rm -f "$TMPLIST"
 }
 

From 5df9b5d109312e8b9f2079a43038a8755e446363 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 13:10:06 +0300
Subject: [PATCH 4/8] ipset: script maintenance

---
 ipset/def.sh                           | 12 ++++++++++++
 ipset/get_reestr_preresolved.sh        |  2 +-
 ipset/get_reestr_preresolved_smart.sh  |  2 +-
 ipset/get_reestr_resolvable_domains.sh |  2 +-
 ipset/get_refilter_domains.sh          |  2 +-
 ipset/get_refilter_ipsum.sh            |  3 +--
 6 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/ipset/def.sh b/ipset/def.sh
index 4d8b7c1..9c9667f 100644
--- a/ipset/def.sh
+++ b/ipset/def.sh
@@ -141,6 +141,18 @@ zzsize()
   printf 0
  fi
 }
+zzcopy()
+{
+ local is_gz=0
+ zztest "$1" && is_gz=1
+ if [ "$GZIP_LISTS" = 1 -a $is_gz = 1 ]; then
+  cp "$1" "${2}.gz"
+ elif [ "$GZIP_LISTS" != 1 -a $is_gz != 1 ]; then
+  cp "$1" "$2"
+ else
+  zzcat "$1" | zz "$2"
+ fi
+}
 
 digger()
 {
diff --git a/ipset/get_reestr_preresolved.sh b/ipset/get_reestr_preresolved.sh
index 6e530e7..4bdee95 100755
--- a/ipset/get_reestr_preresolved.sh
+++ b/ipset/get_reestr_preresolved.sh
@@ -29,7 +29,7 @@ dl()
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
   fi
-  zzcat "$TMPLIST" | zz "$2"
+  zzcopy "$TMPLIST" "$2"
   rm -f "$TMPLIST"
 }
 
diff --git a/ipset/get_reestr_preresolved_smart.sh b/ipset/get_reestr_preresolved_smart.sh
index d31c0b3..3507bb9 100755
--- a/ipset/get_reestr_preresolved_smart.sh
+++ b/ipset/get_reestr_preresolved_smart.sh
@@ -29,7 +29,7 @@ dl()
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
   fi
-  zzcat "$TMPLIST" | zz "$2"
+  zzcopy "$TMPLIST" "$2"
   rm -f "$TMPLIST"
 }
 
diff --git a/ipset/get_reestr_resolvable_domains.sh b/ipset/get_reestr_resolvable_domains.sh
index 3a213ff..2821446 100755
--- a/ipset/get_reestr_resolvable_domains.sh
+++ b/ipset/get_reestr_resolvable_domains.sh
@@ -28,7 +28,7 @@ dl()
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
   fi
-  zzcat "$TMPLIST" | zz "$2"
+  zzcopy "$TMPLIST" "$2"
   rm -f "$TMPLIST"
 }
 
diff --git a/ipset/get_refilter_domains.sh b/ipset/get_refilter_domains.sh
index 807c025..c61c867 100755
--- a/ipset/get_refilter_domains.sh
+++ b/ipset/get_refilter_domains.sh
@@ -25,7 +25,7 @@ dl()
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
   fi
-  zzcat "$TMPLIST" | zz "$2"
+  zzcopy "$TMPLIST" "$2"
   rm -f "$TMPLIST"
 }
 
diff --git a/ipset/get_refilter_ipsum.sh b/ipset/get_refilter_ipsum.sh
index f5dd192..5f15ed0 100755
--- a/ipset/get_refilter_ipsum.sh
+++ b/ipset/get_refilter_ipsum.sh
@@ -25,8 +25,7 @@ dl()
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
   fi
-  # remove DOS EOL \r
-  zzcat "$TMPLIST" | zz "$2"
+  zzcopy "$TMPLIST" "$2"
   rm -f "$TMPLIST"
 }
 

From 8aabc8b7439be18bf2163b3885eeee82542a9881 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 13:20:06 +0300
Subject: [PATCH 5/8] init.d: small optimize

---
 common/linux_iphelper.sh | 2 ++
 init.d/openwrt/functions | 3 ---
 init.d/sysv/functions    | 3 ---
 3 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/common/linux_iphelper.sh b/common/linux_iphelper.sh
index a392083..b7dc0db 100644
--- a/common/linux_iphelper.sh
+++ b/common/linux_iphelper.sh
@@ -4,6 +4,8 @@
 # PREROUTING - can't DNAT to ::1. can DNAT to link local of -i interface or to any global addr
 # not a good idea to expose tpws to the world (bind to ::)
 
+# max wait time for the link local ipv6 on the LAN interface
+LINKLOCAL_WAIT_SEC=${LINKLOCAL_WAIT_SEC:-5}
 
 get_ipv6_linklocal()
 {
diff --git a/init.d/openwrt/functions b/init.d/openwrt/functions
index 7424723..cb0f0c1 100644
--- a/init.d/openwrt/functions
+++ b/init.d/openwrt/functions
@@ -25,9 +25,6 @@ CUSTOM_DIR="$ZAPRET_RW/init.d/openwrt"
 
 TPWS_LOCALHOST4=127.0.0.127
 
-# max wait time for the link local ipv6 on the LAN interface
-LINKLOCAL_WAIT_SEC=5
-
 IPSET_CR="$ZAPRET_BASE/ipset/create_ipset.sh"
 
 # can be multiple ipv6 outgoing interfaces
diff --git a/init.d/sysv/functions b/init.d/sysv/functions
index bfa3d99..59e488e 100644
--- a/init.d/sysv/functions
+++ b/init.d/sysv/functions
@@ -90,9 +90,6 @@ TPWS_WAIT_SOCKS6="$TPWS_WAIT --bind-wait-ip-linklocal=30"
 # first wait for lan to ifup, then wait for bind-wait-ip-linklocal seconds for link local address and bind-wait-ip for any ipv6 as the worst case
 TPWS_OPT_BASE6_PRE="--bind-linklocal=prefer $TPWS_WAIT --bind-wait-ip-linklocal=3"
 
-# max wait time for the link local ipv6 on the LAN interface
-LINKLOCAL_WAIT_SEC=5
-
 dnat6_target()
 {
 	_dnat6_target "$@"

From 42c52014ee1c7fb3d0ae0c39c2f95df32fbe322a Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 13:38:36 +0300
Subject: [PATCH 6/8] ipset: scripts maintenance

---
 ipset/antifilter.helper                | 2 +-
 ipset/get_antizapret_domains.sh        | 2 +-
 ipset/get_reestr_hostlist.sh           | 6 +++---
 ipset/get_reestr_preresolved.sh        | 2 +-
 ipset/get_reestr_preresolved_smart.sh  | 2 +-
 ipset/get_reestr_resolvable_domains.sh | 2 +-
 ipset/get_reestr_resolve.sh            | 6 +++---
 ipset/get_refilter_domains.sh          | 2 +-
 ipset/get_refilter_ipsum.sh            | 2 +-
 9 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/ipset/antifilter.helper b/ipset/antifilter.helper
index 0508209..16b2903 100644
--- a/ipset/antifilter.helper
+++ b/ipset/antifilter.helper
@@ -7,7 +7,7 @@ get_antifilter()
  [ "$DISABLE_IPV4" != "1" ] && {
   curl --fail --max-time 150 --connect-timeout 20 --max-filesize 41943040 -k -L "$1" | cut_local >"$ZIPLISTTMP" &&
   {
-   dlsize=$(LANG=C wc -c "$ZIPLISTTMP" | xargs | cut -f 1 -d ' ')
+   dlsize=$(LC_ALL=C LANG=C wc -c "$ZIPLISTTMP" | xargs | cut -f 1 -d ' ')
    if [ $dlsize -lt 102400 ]; then
     echo list file is too small. can be bad.
     exit 2
diff --git a/ipset/get_antizapret_domains.sh b/ipset/get_antizapret_domains.sh
index 1561257..1bbbdc4 100755
--- a/ipset/get_antizapret_domains.sh
+++ b/ipset/get_antizapret_domains.sh
@@ -21,7 +21,7 @@ curl -H "Accept-Encoding: gzip" -k --fail --max-time 600 --connect-timeout 5 --r
  exit 2
 }
 
-dlsize=$(LANG=C wc -c "$ZDOM" | xargs | cut -f 1 -d ' ')
+dlsize=$(LC_ALL=C LANG=C wc -c "$ZDOM" | xargs | cut -f 1 -d ' ')
 if test $dlsize -lt 102400; then
  echo list file is too small. can be bad.
  exit 2
diff --git a/ipset/get_reestr_hostlist.sh b/ipset/get_reestr_hostlist.sh
index afa5d9b..9c3ee95 100755
--- a/ipset/get_reestr_hostlist.sh
+++ b/ipset/get_reestr_hostlist.sh
@@ -21,7 +21,7 @@ dl_checked()
    echo list download failed : $1
    return 2
   }
-  dlsize=$(LANG=C wc -c "$2" | xargs | cut -f 1 -d ' ')
+  dlsize=$(LC_ALL=C LANG=C wc -c "$2" | xargs | cut -f 1 -d ' ')
   if test $dlsize -lt $3; then
    echo list is too small : $dlsize bytes. can be bad.
    return 2
@@ -31,11 +31,11 @@ dl_checked()
 
 reestr_list()
 {
- LANG=C gunzip -c "$ZREESTR" | cut -s -f2 -d';' | LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p' | $AWK '{ print tolower($0) }'
+ LC_ALL=C LANG=C gunzip -c "$ZREESTR" | cut -s -f2 -d';' | LC_ALL=C  LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p' | $AWK '{ print tolower($0) }'
 }
 reestr_extract_ip()
 {
- LANG=C gunzip -c | nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' | LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
+ LC_ALL=C LANG=C gunzip -c | nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' | LC_ALL=C  LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
 }
 
 ipban_fin()
diff --git a/ipset/get_reestr_preresolved.sh b/ipset/get_reestr_preresolved.sh
index 4bdee95..e6ff585 100755
--- a/ipset/get_reestr_preresolved.sh
+++ b/ipset/get_reestr_preresolved.sh
@@ -24,7 +24,7 @@ dl()
    echo list download failed : $1
    exit 2
   }
-  dlsize=$(LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
+  dlsize=$(LC_ALL=C LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
   if test $dlsize -lt $3; then
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
diff --git a/ipset/get_reestr_preresolved_smart.sh b/ipset/get_reestr_preresolved_smart.sh
index 3507bb9..0310556 100755
--- a/ipset/get_reestr_preresolved_smart.sh
+++ b/ipset/get_reestr_preresolved_smart.sh
@@ -24,7 +24,7 @@ dl()
    echo list download failed : $1
    exit 2
   }
-  dlsize=$(LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
+  dlsize=$(LC_ALL=C LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
   if test $dlsize -lt $3; then
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
diff --git a/ipset/get_reestr_resolvable_domains.sh b/ipset/get_reestr_resolvable_domains.sh
index 2821446..6785916 100755
--- a/ipset/get_reestr_resolvable_domains.sh
+++ b/ipset/get_reestr_resolvable_domains.sh
@@ -23,7 +23,7 @@ dl()
    echo list download failed : $1
    exit 2
   }
-  dlsize=$(LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
+  dlsize=$(LC_ALL=C LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
   if test $dlsize -lt $3; then
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
diff --git a/ipset/get_reestr_resolve.sh b/ipset/get_reestr_resolve.sh
index 41adb72..c94e15f 100755
--- a/ipset/get_reestr_resolve.sh
+++ b/ipset/get_reestr_resolve.sh
@@ -24,7 +24,7 @@ dl_checked()
    echo list download failed : $1
    return 2
   }
-  dlsize=$(LANG=C wc -c "$2" | xargs | cut -f 1 -d ' ')
+  dlsize=$(LC_ALL=C LANG=C wc -c "$2" | xargs | cut -f 1 -d ' ')
   if test $dlsize -lt $3; then
    echo list is too small : $dlsize bytes. can be bad.
    return 2
@@ -34,11 +34,11 @@ dl_checked()
 
 reestr_list()
 {
- LANG=C gunzip -c "$ZREESTR" | cut -s -f2 -d';' | LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p' | $AWK '{ print tolower($0) }'
+ LC_ALL=C LANG=C gunzip -c "$ZREESTR" | cut -s -f2 -d';' | LC_ALL=C LANG=C nice -n 5 sed -Ee 's/^\*\.(.+)$/\1/' -ne 's/^[a-z0-9A-Z._-]+$/&/p' | $AWK '{ print tolower($0) }'
 }
 reestr_extract_ip()
 {
- LANG=C gunzip -c | nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' | LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
+ LC_ALL=C LANG=C gunzip -c | nice -n 5 $AWK -F ';' '($1 ~ /^([0-9]{1,3}\.){3}[0-9]{1,3}/) && (($2 == "" && $3 == "") || ($1 == $2)) {gsub(/ \| /, RS); print $1}' | LC_ALL=C LANG=C $AWK '{split($1, a, /\|/); for (i in a) {print a[i]}}'
 }
 
 getuser && {
diff --git a/ipset/get_refilter_domains.sh b/ipset/get_refilter_domains.sh
index c61c867..f329ad6 100755
--- a/ipset/get_refilter_domains.sh
+++ b/ipset/get_refilter_domains.sh
@@ -20,7 +20,7 @@ dl()
    echo list download failed : $1
    exit 2
   }
-  dlsize=$(LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
+  dlsize=$(LC_ALL=C LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
   if test $dlsize -lt $3; then
    echo list is too small : $dlsize bytes. can be bad.
    exit 2
diff --git a/ipset/get_refilter_ipsum.sh b/ipset/get_refilter_ipsum.sh
index 5f15ed0..58c646f 100755
--- a/ipset/get_refilter_ipsum.sh
+++ b/ipset/get_refilter_ipsum.sh
@@ -20,7 +20,7 @@ dl()
    echo list download failed : $1
    exit 2
   }
-  dlsize=$(LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
+  dlsize=$(LC_ALL=C LANG=C wc -c "$TMPLIST" | xargs | cut -f 1 -d ' ')
   if test $dlsize -lt $3; then
    echo list is too small : $dlsize bytes. can be bad.
    exit 2

From 3fe46ffb82826140a45e3a0f91ca5eddd5789482 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 13:48:36 +0300
Subject: [PATCH 7/8] ipset: do not fail if config is absent

---
 ipset/def.sh        | 2 +-
 ipset/get_config.sh | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ipset/def.sh b/ipset/def.sh
index 9c9667f..078c097 100644
--- a/ipset/def.sh
+++ b/ipset/def.sh
@@ -5,7 +5,7 @@ ZAPRET_RW=${ZAPRET_RW:-"$ZAPRET_BASE"}
 ZAPRET_CONFIG=${ZAPRET_CONFIG:-"$ZAPRET_RW/config"}
 IPSET_RW_DIR="$ZAPRET_RW/ipset"
 
-. "$ZAPRET_CONFIG"
+[ -f "$ZAPRET_CONFIG" ] && . "$ZAPRET_CONFIG"
 . "$ZAPRET_BASE/common/base.sh"
 
 [ -z "$TMPDIR" ] && TMPDIR=/tmp
diff --git a/ipset/get_config.sh b/ipset/get_config.sh
index f751f18..8c665a9 100755
--- a/ipset/get_config.sh
+++ b/ipset/get_config.sh
@@ -4,7 +4,7 @@
 IPSET_DIR="$(dirname "$0")"
 IPSET_DIR="$(cd "$IPSET_DIR"; pwd)"
 
-. "$IPSET_DIR/../config"
+[ -f "$IPSET_DIR/../config" ] && . "$IPSET_DIR/../config"
 
 [ -z "$GETLIST" ] && GETLIST=get_ipban.sh
 [ -x "$IPSET_DIR/$GETLIST" ] && exec "$IPSET_DIR/$GETLIST"

From 80bf409615ebc74b87626c6ca00aff929405ed52 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Sun, 22 Dec 2024 21:01:07 +0300
Subject: [PATCH 8/8] doc works

---
 docs/readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/readme.md b/docs/readme.md
index 11d5075..07ef1ad 100644
--- a/docs/readme.md
+++ b/docs/readme.md
@@ -1439,6 +1439,7 @@ PKTWS_EXTRA_1 .. PKTWS_EXTRA_9, TPWS_EXTRA_1 .. TPWS_EXTRA_9 - отдельно
 SECURE_DNS=0|1 - принудительно выключить или включить DoH
 DOH_SERVERS - список URL DoH через пробел для автоматического выбора работающего сервера
 DOH_SERVER - конкретный DoH URL, отказ от поиска
+UNBLOCKED_DOM - незаблокированный домен, который используется для тестов IP block
 ```
 
 Пример запуска с переменными:\