diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
index d4edf538f..22d4b6fdb 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/acl_config.lua
@@ -250,6 +250,13 @@ o.validate = port_validate
o:depends({ use_global_config = true })
o:depends({ _udp_node_bool = "1" })
+o = s:option(DummyValue, "tips", " ")
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+ return string.format('%s',
+ translate("The port settings support single ports and ranges.
Separate multiple ports with commas (,).
Example: 21,80,443,1000:2000."))
+end
+
o = s:option(Flag, "use_direct_list", translatef("Use %s", translate("Direct List")))
o.default = "1"
o:depends({ _tcp_node_bool = "1" })
diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
index 37e2d3bf3..f28af509e 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/other.lua
@@ -107,6 +107,13 @@ o:value("1:65535", translate("All"))
o:value("53", "DNS")
o.validate = port_validate
+o = s:option(DummyValue, "tips", " ")
+o.rawhtml = true
+o.cfgvalue = function(t, n)
+ return string.format('%s',
+ translate("The port settings support single ports and ranges.
Separate multiple ports with commas (,).
Example: 21,80,443,1000:2000."))
+end
+
---- Use nftables
o = s:option(ListValue, "use_nft", translate("Firewall tools"))
o.default = "0"
diff --git a/luci-app-passwall/po/zh-cn/passwall.po b/luci-app-passwall/po/zh-cn/passwall.po
index cee07d886..a93efa444 100644
--- a/luci-app-passwall/po/zh-cn/passwall.po
+++ b/luci-app-passwall/po/zh-cn/passwall.po
@@ -709,6 +709,9 @@ msgstr "UDP 不转发端口"
msgid "Fill in the ports you don't want to be forwarded by the agent, with the highest priority."
msgstr "填写你不希望被代理转发的端口,优先级最高。"
+msgid "The port settings support single ports and ranges.
Separate multiple ports with commas (,).
Example: 21,80,443,1000:2000."
+msgstr "以上端口设置支持单端口和端口范围。
多个端口用英文逗号(,)隔开。
例:21,80,443,1000:2000。"
+
msgid "TCP Proxy Drop Ports"
msgstr "TCP 转发屏蔽端口"
diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh
index 8ab728a39..6f7d3728f 100755
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -41,12 +41,19 @@ factor() {
elif echo "$1" | grep -qE '([A-Fa-f0-9]{2}:){5}[A-Fa-f0-9]{2}'; then
echo "$2 {$1}"
else
- ports=$(echo "$ports" | tr -d ' ' | sed 's/:/-/g')
- if echo "$ports" | grep -qE '(^|,)1-65535($|,)'; then
+ ports=$(echo "$ports" | tr -d ' ' | sed 's/:/-/g' | tr ',' '\n' | awk '!a[$0]++' | grep -v '^$')
+ [ -z "$ports" ] && { echo ""; return; }
+ if echo "$ports" | grep -q '^1-65535$'; then
echo ""
return
fi
- echo "$2 {$ports}"
+ local port
+ local port_list=""
+ for port in $ports; do
+ port_list="${port_list},$port"
+ done
+ port_list="${port_list#,}"
+ echo "$2 {$port_list}"
fi
}