diff --git a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
index 22d01ec2b..a59d7ba52 100644
--- a/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
+++ b/luci-app-passwall/luasrc/model/cbi/passwall/client/global.lua
@@ -401,7 +401,7 @@ end
 o = s:taboption("DNS", Button, "clear_ipset", translate("Clear IPSET"), translate("Try this feature if the rule modification does not take effect."))
 o.inputstyle = "remove"
 function o.write(e, e)
-	luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"gfwlist\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
+	luci.sys.call("[ -n \"$(nft list sets 2>/dev/null | grep \"passwall_\")\" ] && sh /usr/share/" .. appname .. "/nftables.sh flush_nftset || sh /usr/share/" .. appname .. "/iptables.sh flush_ipset > /dev/null 2>&1 &")
 	luci.http.redirect(api.url("log"))
 end
 
diff --git a/luci-app-passwall/root/usr/share/passwall/app.sh b/luci-app-passwall/root/usr/share/passwall/app.sh
index 6032d7769..2a89430ec 100755
--- a/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -416,11 +416,11 @@ run_chinadns_ng() {
 		[ -s "${RULES_PATH}/chnlist" ] && {
 			local _chnlist_file="${TMP_PATH}/chinadns_chnlist"
 			cp -a "${RULES_PATH}/chnlist" "${_chnlist_file}"
-			local chnroute4_set="chnroute"
-			local chnroute6_set="chnroute6"
+			local chnroute4_set="passwall_chnroute"
+			local chnroute6_set="passwall_chnroute6"
 			[ "$nftflag" = "1" ] && {
-				chnroute4_set="inet@fw4@chnroute"
-				chnroute6_set="inet@fw4@chnroute6"
+				chnroute4_set="inet@fw4@passwall_chnroute"
+				chnroute6_set="inet@fw4@passwall_chnroute6"
 			}
 			_extra_param="${_extra_param} -4 ${chnroute4_set} -6 ${chnroute6_set} -m ${_chnlist_file} -M -a"
 		}
@@ -429,8 +429,8 @@ run_chinadns_ng() {
 	([ -n "$_chnlist" ] || [ -n "$_gfwlist" ]) && [ -s "${RULES_PATH}/gfwlist" ] && {
 		local _gfwlist_file="${TMP_PATH}/chinadns_gfwlist"
 		cp -a "${RULES_PATH}/gfwlist" "${_gfwlist_file}"
-		local gfwlist_set="gfwlist,gfwlist6"
-		[ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@gfwlist,inet@fw4@gfwlist6"
+		local gfwlist_set="passwall_gfwlist,passwall_gfwlist6"
+		[ "$nftflag" = "1" ] && gfwlist_set="inet@fw4@passwall_gfwlist,inet@fw4@passwall_gfwlist6"
 		_extra_param="${_extra_param} -g ${_gfwlist_file} -A ${gfwlist_set}"
 		#当只有使用gfwlist模式时设置默认DNS为本地直连
 		[ -n "$_gfwlist" ] && [ -z "$_chnlist" ] && _default_tag="chn"
diff --git a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
index 713fab8aa..8a4c90a90 100644
--- a/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
+++ b/luci-app-passwall/root/usr/share/passwall/helper_dnsmasq_add.lua
@@ -197,7 +197,7 @@ if not fs.access(CACHE_DNS_PATH) then
 		local address = t.address
 		if datatypes.hostname(address) then
 			set_domain_dns(address, LOCAL_DNS)
-			set_domain_ipset(address, setflag_4 .. "vpsiplist," .. setflag_6 .. "vpsiplist6")
+			set_domain_ipset(address, setflag_4 .. "passwall_vpsiplist," .. setflag_6 .. "passwall_vpsiplist6")
 		end
 	end)
 	log(string.format("  - 节点列表中的域名(vpsiplist)：%s", LOCAL_DNS or "默认"))
@@ -207,7 +207,7 @@ if not fs.access(CACHE_DNS_PATH) then
 		if line ~= "" and not line:find("#") then
 			add_excluded_domain(line)
 			set_domain_dns(line, LOCAL_DNS)
-			set_domain_ipset(line, setflag_4 .. "whitelist," .. setflag_6 .. "whitelist6")
+			set_domain_ipset(line, setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6")
 		end
 	end
 	log(string.format("  - 域名白名单(whitelist)：%s", LOCAL_DNS or "默认"))
@@ -220,10 +220,10 @@ if not fs.access(CACHE_DNS_PATH) then
 	for line in io.lines("/usr/share/passwall/rules/proxy_host") do
 		if line ~= "" and not line:find("#") then
 			add_excluded_domain(line)
-			local ipset_flag = setflag_4 .. "blacklist," .. setflag_6 .. "blacklist6"
+			local ipset_flag = setflag_4 .. "passwall_blacklist," .. setflag_6 .. "passwall_blacklist6"
 			if NO_PROXY_IPV6 == "1" then
 				set_domain_address(line, "::")
-				ipset_flag = setflag_4 .. "blacklist"
+				ipset_flag = setflag_4 .. "passwall_blacklist"
 			end
 			if REMOTE_FAKEDNS == "1" then
 				ipset_flag = nil
@@ -251,12 +251,12 @@ if not fs.access(CACHE_DNS_PATH) then
 
 				if _node_id == "_direct" then
 					fwd_dns = LOCAL_DNS
-					ipset_flag = setflag_4 .. "whitelist," .. setflag_6 .. "whitelist6"
+					ipset_flag = setflag_4 .. "passwall_whitelist," .. setflag_6 .. "passwall_whitelist6"
 				else
 					fwd_dns = TUN_DNS
-					ipset_flag = setflag_4 .. "shuntlist," .. setflag_6 .. "shuntlist6"
+					ipset_flag = setflag_4 .. "passwall_shuntlist," .. setflag_6 .. "passwall_shuntlist6"
 					if NO_PROXY_IPV6 == "1" then
-						ipset_flag = setflag_4 .. "shuntlist"
+						ipset_flag = setflag_4 .. "passwall_shuntlist"
 						no_ipv6 = true
 					end
 					if not only_global then
@@ -295,9 +295,9 @@ if not fs.access(CACHE_DNS_PATH) then
 			if CHNROUTE_MODE_DEFAULT_DNS == "chinadns_ng" and CHINADNS_DNS ~= "0" then
 				fwd_dns = nil
 			else
-				local ipset_flag = setflag_4 .. "gfwlist," .. setflag_6 .. "gfwlist6"
+				local ipset_flag = setflag_4 .. "passwall_gfwlist," .. setflag_6 .. "passwall_gfwlist6"
 				if NO_PROXY_IPV6 == "1" then
-					ipset_flag = setflag_4 .. "gfwlist"
+					ipset_flag = setflag_4 .. "passwall_gfwlist"
 				end
 				if not only_global then
 					if REMOTE_FAKEDNS == "1" then
@@ -329,7 +329,7 @@ if not fs.access(CACHE_DNS_PATH) then
 				for line in string.gmatch(chnlist_str, "[^\r\n]+") do
 					if line ~= "" then
 						set_domain_dns(line, fwd_dns)
-						set_domain_ipset(line, setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6")
+						set_domain_ipset(line, setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6")
 					end
 				end
 			end
@@ -340,9 +340,9 @@ if not fs.access(CACHE_DNS_PATH) then
 			local chnlist_str = sys.exec('cat /usr/share/passwall/rules/chnlist | grep -v -E "^#" | grep -v -E "' .. excluded_domain_str .. '"')
 			for line in string.gmatch(chnlist_str, "[^\r\n]+") do
 				if line ~= "" then
-					local ipset_flag = setflag_4 .. "chnroute," .. setflag_6 .. "chnroute6"
+					local ipset_flag = setflag_4 .. "passwall_chnroute," .. setflag_6 .. "passwall_chnroute6"
 					if NO_PROXY_IPV6 == "1" then
-						ipset_flag = setflag_4 .. "chnroute"
+						ipset_flag = setflag_4 .. "passwall_chnroute"
 						set_domain_address(line, "::")
 					end
 					if not only_global then
diff --git a/luci-app-passwall/root/usr/share/passwall/iptables.sh b/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 65f85123e..e95a1ff1d 100755
--- a/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -2,23 +2,23 @@
 
 DIR="$(cd "$(dirname "$0")" && pwd)"
 MY_PATH=$DIR/iptables.sh
-IPSET_LANIPLIST="laniplist"
-IPSET_VPSIPLIST="vpsiplist"
-IPSET_SHUNTLIST="shuntlist"
-IPSET_GFW="gfwlist"
-IPSET_CHN="chnroute"
-IPSET_BLACKLIST="blacklist"
-IPSET_WHITELIST="whitelist"
-IPSET_BLOCKLIST="blocklist"
+IPSET_LANLIST="passwall_lanlist"
+IPSET_VPSLIST="passwall_vpslist"
+IPSET_SHUNTLIST="passwall_shuntlist"
+IPSET_GFW="passwall_gfwlist"
+IPSET_CHN="passwall_chnroute"
+IPSET_BLACKLIST="passwall_blacklist"
+IPSET_WHITELIST="passwall_whitelist"
+IPSET_BLOCKLIST="passwall_blocklist"
 
-IPSET_LANIPLIST6="laniplist6"
-IPSET_VPSIPLIST6="vpsiplist6"
-IPSET_SHUNTLIST6="shuntlist6"
-IPSET_GFW6="gfwlist6"
-IPSET_CHN6="chnroute6"
-IPSET_BLACKLIST6="blacklist6"
-IPSET_WHITELIST6="whitelist6"
-IPSET_BLOCKLIST6="blocklist6"
+IPSET_LANLIST6="passwall_lanlist6"
+IPSET_VPSLIST6="passwall_vpslist6"
+IPSET_SHUNTLIST6="passwall_shuntlist6"
+IPSET_GFW6="passwall_gfwlist6"
+IPSET_CHN6="passwall_chnroute6"
+IPSET_BLACKLIST6="passwall_blacklist6"
+IPSET_WHITELIST6="passwall_whitelist6"
+IPSET_BLOCKLIST6="passwall_blocklist6"
 
 FORCE_INDEX=2
 
@@ -223,11 +223,11 @@ get_action_chain_name() {
 	esac
 }
 
-gen_laniplist() {
+gen_lanlist() {
 	cat $RULES_PATH/lanlist_ipv4 | tr -s '\n' | grep -v "^#"
 }
 
-gen_laniplist_6() {
+gen_lanlist_6() {
 	cat $RULES_PATH/lanlist_ipv6 | tr -s '\n' | grep -v "^#"
 }
 
@@ -557,15 +557,15 @@ load_acl() {
 filter_haproxy() {
 	for item in ${haproxy_items}; do
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
-		ipset -q add $IPSET_VPSIPLIST $ip
+		ipset -q add $IPSET_VPSLIST $ip
 	done
-	echolog "加入负载均衡的节点到ipset[$IPSET_VPSIPLIST]直连完成"
+	echolog "加入负载均衡的节点到ipset[$IPSET_VPSLIST]直连完成"
 }
 
 filter_vpsip() {
-	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	echolog "加入所有节点到ipset[$IPSET_VPSIPLIST]直连完成"
+	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
+	echolog "加入所有节点到ipset[$IPSET_VPSLIST]直连完成"
 }
 
 filter_node() {
@@ -600,8 +600,8 @@ filter_node() {
 
 		local ADD_INDEX=$FORCE_INDEX
 		for _ipt in 4 6; do
-			[ "$_ipt" == "4" ] && _ipt=$ipt_tmp && _set_name=$IPSET_VPSIPLIST
-			[ "$_ipt" == "6" ] && _ipt=$ip6t_m && _set_name=$IPSET_VPSIPLIST6
+			[ "$_ipt" == "4" ] && _ipt=$ipt_tmp && _set_name=$IPSET_VPSLIST
+			[ "$_ipt" == "6" ] && _ipt=$ip6t_m && _set_name=$IPSET_VPSLIST6
 			$_ipt -n -L PSW_OUTPUT | grep -q "${address}:${port}"
 			if [ $? -ne 0 ]; then
 				unset dst_rule
@@ -679,8 +679,8 @@ dns_hijack() {
 
 add_firewall_rule() {
 	echolog "开始加载防火墙规则..."
-	ipset -! create $IPSET_LANIPLIST nethash maxelem 1048576
-	ipset -! create $IPSET_VPSIPLIST nethash maxelem 1048576
+	ipset -! create $IPSET_LANLIST nethash maxelem 1048576
+	ipset -! create $IPSET_VPSLIST nethash maxelem 1048576
 	ipset -! create $IPSET_SHUNTLIST nethash maxelem 1048576
 	ipset -! create $IPSET_GFW nethash maxelem 1048576
 	ipset -! create $IPSET_CHN nethash maxelem 1048576
@@ -688,8 +688,8 @@ add_firewall_rule() {
 	ipset -! create $IPSET_WHITELIST nethash maxelem 1048576
 	ipset -! create $IPSET_BLOCKLIST nethash maxelem 1048576
 
-	ipset -! create $IPSET_LANIPLIST6 nethash family inet6 maxelem 1048576
-	ipset -! create $IPSET_VPSIPLIST6 nethash family inet6 maxelem 1048576
+	ipset -! create $IPSET_LANLIST6 nethash family inet6 maxelem 1048576
+	ipset -! create $IPSET_VPSLIST6 nethash family inet6 maxelem 1048576
 	ipset -! create $IPSET_SHUNTLIST6 nethash family inet6 maxelem 1048576
 	ipset -! create $IPSET_GFW6 nethash family inet6 maxelem 1048576
 	ipset -! create $IPSET_CHN6 nethash family inet6 maxelem 1048576
@@ -718,11 +718,11 @@ add_firewall_rule() {
 	cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_BLOCKLIST6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 
 	ipset -! -R <<-EOF
-		$(gen_laniplist | sed -e "s/^/add $IPSET_LANIPLIST /")
+		$(gen_lanlist | sed -e "s/^/add $IPSET_LANLIST /")
 	EOF
 
 	ipset -! -R <<-EOF
-		$(gen_laniplist_6 | sed -e "s/^/add $IPSET_LANIPLIST6 /")
+		$(gen_lanlist_6 | sed -e "s/^/add $IPSET_LANLIST6 /")
 	EOF
 
 	# 忽略特殊IP段
@@ -735,11 +735,11 @@ add_firewall_rule() {
 		#echolog "本机IPv6网段互访直连：${lan_ip6}"
 
 		[ -n "$lan_ip" ] && ipset -! -R <<-EOF
-			$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST /")
+			$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANLIST /")
 		EOF
 
 		[ -n "$lan_ip6" ] && ipset -! -R <<-EOF
-			$(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANIPLIST6 /")
+			$(echo $lan_ip6 | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LANLIST6 /")
 		EOF
 	}
 
@@ -774,8 +774,8 @@ add_firewall_rule() {
 	fi
 
 	$ipt_n -N PSW
-	$ipt_n -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
-	$ipt_n -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_n -A PSW $(dst $IPSET_LANLIST) -j RETURN
+	$ipt_n -A PSW $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_n -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 
 	WAN_IP=$(get_wan_ip)
@@ -785,8 +785,8 @@ add_firewall_rule() {
 	[ -z "${is_tproxy}" ] && insert_rule_after "$ipt_n" "PREROUTING" "prerouting_rule" "-p tcp -j PSW"
 
 	$ipt_n -N PSW_OUTPUT
-	$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
-	$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_n -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
+	$ipt_n -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
 
@@ -805,8 +805,8 @@ add_firewall_rule() {
 	$ipt_m -A PSW_RULE -j CONNMARK --save-mark
 
 	$ipt_m -N PSW
-	$ipt_m -A PSW $(dst $IPSET_LANIPLIST) -j RETURN
-	$ipt_m -A PSW $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_m -A PSW $(dst $IPSET_LANLIST) -j RETURN
+	$ipt_m -A PSW $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_m -A PSW $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_m -A PSW $(dst $IPSET_BLOCKLIST) -j DROP
 	
@@ -817,8 +817,8 @@ add_firewall_rule() {
 	insert_rule_before "$ipt_m" "PREROUTING" "PSW" "-p tcp -m socket -j PSW_DIVERT"
 
 	$ipt_m -N PSW_OUTPUT
-	$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST) -j RETURN
-	$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST) -j RETURN
+	$ipt_m -A PSW_OUTPUT $(dst $IPSET_LANLIST) -j RETURN
+	$ipt_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST) -j RETURN
 	$ipt_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST) -j RETURN
 	$ipt_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
 	$ipt_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST) -j DROP
@@ -828,14 +828,14 @@ add_firewall_rule() {
 
 	[ "$accept_icmpv6" = "1" ] && {
 		$ip6t_n -N PSW
-		$ip6t_n -A PSW $(dst $IPSET_LANIPLIST6) -j RETURN
-		$ip6t_n -A PSW $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_LANLIST6) -j RETURN
+		$ip6t_n -A PSW $(dst $IPSET_VPSLIST6) -j RETURN
 		$ip6t_n -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
 		$ip6t_n -A PREROUTING -p ipv6-icmp -j PSW
 
 		$ip6t_n -N PSW_OUTPUT
-		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
-		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
+		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
 		$ip6t_n -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
 		$ip6t_n -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
 	}
@@ -852,8 +852,8 @@ add_firewall_rule() {
 	$ip6t_m -A PSW_RULE -j CONNMARK --save-mark
 
 	$ip6t_m -N PSW
-	$ip6t_m -A PSW $(dst $IPSET_LANIPLIST6) -j RETURN
-	$ip6t_m -A PSW $(dst $IPSET_VPSIPLIST6) -j RETURN
+	$ip6t_m -A PSW $(dst $IPSET_LANLIST6) -j RETURN
+	$ip6t_m -A PSW $(dst $IPSET_VPSLIST6) -j RETURN
 	$ip6t_m -A PSW $(dst $IPSET_WHITELIST6) -j RETURN
 	$ip6t_m -A PSW $(dst $IPSET_BLOCKLIST6) -j DROP
 	
@@ -866,8 +866,8 @@ add_firewall_rule() {
 
 	$ip6t_m -N PSW_OUTPUT
 	$ip6t_m -A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANIPLIST6) -j RETURN
-	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSIPLIST6) -j RETURN
+	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_LANLIST6) -j RETURN
+	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_VPSLIST6) -j RETURN
 	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_WHITELIST6) -j RETURN
 	$ip6t_m -A PSW_OUTPUT $(dst $IPSET_BLOCKLIST6) -j DROP
 
@@ -938,7 +938,7 @@ add_firewall_rule() {
 
 			_proxy_tcp_access() {
 				[ -n "${2}" ] || return 0
-				ipset -q test $IPSET_LANIPLIST ${2}
+				ipset -q test $IPSET_LANLIST ${2}
 				[ $? -eq 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 TCP 代理转发对该服务器 TCP/${3} 端口的访问"
 					return 0
@@ -1010,7 +1010,7 @@ add_firewall_rule() {
 			echolog "加载路由器自身 UDP 代理..."
 			_proxy_udp_access() {
 				[ -n "${2}" ] || return 0
-				ipset -q test $IPSET_LANIPLIST ${2}
+				ipset -q test $IPSET_LANLIST ${2}
 				[ $? == 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 UDP 代理转发对该服务器 UDP/${3} 端口的访问"
 					return 0
@@ -1099,8 +1099,8 @@ del_firewall_rule() {
 	ip -6 rule del fwmark 1 table 100 2>/dev/null
 	ip -6 route del local ::/0 dev lo table 100 2>/dev/null
 
-	destroy_ipset $IPSET_LANIPLIST
-	destroy_ipset $IPSET_VPSIPLIST
+	destroy_ipset $IPSET_LANLIST
+	destroy_ipset $IPSET_VPSLIST
 	#destroy_ipset $IPSET_SHUNTLIST
 	#destroy_ipset $IPSET_GFW
 	#destroy_ipset $IPSET_CHN
@@ -1108,8 +1108,8 @@ del_firewall_rule() {
 	destroy_ipset $IPSET_BLOCKLIST
 	destroy_ipset $IPSET_WHITELIST
 
-	destroy_ipset $IPSET_LANIPLIST6
-	destroy_ipset $IPSET_VPSIPLIST6
+	destroy_ipset $IPSET_LANLIST6
+	destroy_ipset $IPSET_VPSLIST6
 	#destroy_ipset $IPSET_SHUNTLIST6
 	#destroy_ipset $IPSET_GFW6
 	#destroy_ipset $IPSET_CHN6
@@ -1122,8 +1122,9 @@ del_firewall_rule() {
 
 flush_ipset() {
 	del_firewall_rule
-	destroy_ipset $IPSET_VPSIPLIST $IPSET_SHUNTLIST $IPSET_GFW $IPSET_CHN $IPSET_BLACKLIST $IPSET_BLOCKLIST $IPSET_WHITELIST $IPSET_LANIPLIST
-	destroy_ipset $IPSET_VPSIPLIST6 $IPSET_SHUNTLIST6 $IPSET_GFW6 $IPSET_CHN6 $IPSET_BLACKLIST6 $IPSET_BLOCKLIST6 $IPSET_WHITELIST6 $IPSET_LANIPLIST6
+	for _name in $(ipset list | grep "Name: " | grep "passwall_" | awk '{print $2}'); do
+		destroy_ipset ${_name}
+	done
 	rm -rf /tmp/etc/passwall_tmp/dnsmasq*
 	/etc/init.d/passwall reload
 }
diff --git a/luci-app-passwall/root/usr/share/passwall/nftables.sh b/luci-app-passwall/root/usr/share/passwall/nftables.sh
index 04a260d61..a727a8652 100755
--- a/luci-app-passwall/root/usr/share/passwall/nftables.sh
+++ b/luci-app-passwall/root/usr/share/passwall/nftables.sh
@@ -2,23 +2,23 @@
 
 DIR="$(cd "$(dirname "$0")" && pwd)"
 MY_PATH=$DIR/nftables.sh
-NFTSET_LANIPLIST="laniplist"
-NFTSET_VPSIPLIST="vpsiplist"
-NFTSET_SHUNTLIST="shuntlist"
-NFTSET_GFW="gfwlist"
-NFTSET_CHN="chnroute"
-NFTSET_BLACKLIST="blacklist"
-NFTSET_WHITELIST="whitelist"
-NFTSET_BLOCKLIST="blocklist"
+NFTSET_LANLIST="passwall_lanlist"
+NFTSET_VPSLIST="passwall_vpslist"
+NFTSET_SHUNTLIST="passwall_shuntlist"
+NFTSET_GFW="passwall_gfwlist"
+NFTSET_CHN="passwall_chnroute"
+NFTSET_BLACKLIST="passwall_blacklist"
+NFTSET_WHITELIST="passwall_whitelist"
+NFTSET_BLOCKLIST="passwall_blocklist"
 
-NFTSET_LANIPLIST6="laniplist6"
-NFTSET_VPSIPLIST6="vpsiplist6"
-NFTSET_SHUNTLIST6="shuntlist6"
-NFTSET_GFW6="gfwlist6"
-NFTSET_CHN6="chnroute6"
-NFTSET_BLACKLIST6="blacklist6"
-NFTSET_WHITELIST6="whitelist6"
-NFTSET_BLOCKLIST6="blocklist6"
+NFTSET_LANLIST6="passwall_lanlist6"
+NFTSET_VPSLIST6="passwall_vpslist6"
+NFTSET_SHUNTLIST6="passwall_shuntlist6"
+NFTSET_GFW6="passwall_gfwlist6"
+NFTSET_CHN6="passwall_chnroute6"
+NFTSET_BLACKLIST6="passwall_blacklist6"
+NFTSET_WHITELIST6="passwall_whitelist6"
+NFTSET_BLOCKLIST6="passwall_blocklist6"
 
 FORCE_INDEX=2
 
@@ -233,11 +233,11 @@ get_action_chain_name() {
 	esac
 }
 
-gen_laniplist() {
+gen_lanlist() {
 	cat $RULES_PATH/lanlist_ipv4 | tr -s '\n' | grep -v "^#"
 }
 
-gen_laniplist_6() {
+gen_lanlist_6() {
 	cat $RULES_PATH/lanlist_ipv6 | tr -s '\n' | grep -v "^#"
 }
 
@@ -563,24 +563,24 @@ load_acl() {
 filter_haproxy() {
 	for item in ${haproxy_items}; do
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
-		insert_nftset $NFTSET_VPSIPLIST $ip
+		insert_nftset $NFTSET_VPSLIST $ip
 	done
-	echolog "加入负载均衡的节点到nftset[$NFTSET_VPSIPLIST]直连完成"
+	echolog "加入负载均衡的节点到nftset[$NFTSET_VPSLIST]直连完成"
 }
 
 filter_vps_addr() {
 	for server_host in $@; do
 		local vps_ip4=$(get_host_ip "ipv4" ${server_host})
 		local vps_ip6=$(get_host_ip "ipv6" ${server_host})
-		[ -n "$vps_ip4" ] && insert_nftset $NFTSET_VPSIPLIST $vps_ip4
-		[ -n "$vps_ip6" ] && insert_nftset $NFTSET_VPSIPLIST6 $vps_ip6
+		[ -n "$vps_ip4" ] && insert_nftset $NFTSET_VPSLIST $vps_ip4
+		[ -n "$vps_ip6" ] && insert_nftset $NFTSET_VPSLIST6 $vps_ip6
 	done
 }
 
 filter_vpsip() {
-	insert_nftset $NFTSET_VPSIPLIST $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d")
-	insert_nftset $NFTSET_VPSIPLIST6 $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
-	echolog "加入所有节点到nftset[$NFTSET_VPSIPLIST]直连完成"
+	insert_nftset $NFTSET_VPSLIST $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d")
+	insert_nftset $NFTSET_VPSLIST6 $(uci show $CONFIG | grep ".address=" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
+	echolog "加入所有节点到nftset[$NFTSET_VPSLIST]直连完成"
 }
 
 filter_node() {
@@ -613,8 +613,8 @@ filter_node() {
 
 		local ADD_INDEX=$FORCE_INDEX
 		for _ipt in 4 6; do
-			[ "$_ipt" == "4" ] && _ip_type=ip4 && _set_name=$NFTSET_VPSIPLIST
-			[ "$_ipt" == "6" ] && _ip_type=ip6 && _set_name=$NFTSET_VPSIPLIST6
+			[ "$_ipt" == "4" ] && _ip_type=ip4 && _set_name=$NFTSET_VPSLIST
+			[ "$_ipt" == "6" ] && _ip_type=ip6 && _set_name=$NFTSET_VPSLIST6
 			nft "list chain inet fw4 $nft_output_chain" | grep -q "${address}:${port}"
 			if [ $? -ne 0 ]; then
 				unset dst_rule
@@ -693,18 +693,18 @@ dns_hijack() {
 
 add_firewall_rule() {
 	echolog "开始加载防火墙规则..."
-	gen_nftset $NFTSET_VPSIPLIST ipv4_addr
+	gen_nftset $NFTSET_VPSLIST ipv4_addr
 	gen_nftset $NFTSET_GFW ipv4_addr
-	gen_nftset $NFTSET_LANIPLIST ipv4_addr $(gen_laniplist)
+	gen_nftset $NFTSET_LANLIST ipv4_addr $(gen_lanlist)
 	gen_nftset $NFTSET_CHN ipv4_addr $(cat $RULES_PATH/chnroute | tr -s '\n' | grep -v "^#")
 	gen_nftset $NFTSET_BLACKLIST ipv4_addr $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 	gen_nftset $NFTSET_WHITELIST ipv4_addr $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 	gen_nftset $NFTSET_BLOCKLIST ipv4_addr $(cat $RULES_PATH/block_ip | tr -s '\n' | grep -v "^#" | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 	gen_nftset $NFTSET_SHUNTLIST ipv4_addr
 
-	gen_nftset $NFTSET_VPSIPLIST6 ipv6_addr
+	gen_nftset $NFTSET_VPSLIST6 ipv6_addr
 	gen_nftset $NFTSET_GFW6 ipv6_addr
-	gen_nftset $NFTSET_LANIPLIST6 ipv6_addr $(gen_laniplist_6)
+	gen_nftset $NFTSET_LANLIST6 ipv6_addr $(gen_lanlist_6)
 	gen_nftset $NFTSET_CHN6 ipv6_addr $(cat $RULES_PATH/chnroute6 | tr -s '\n' | grep -v "^#")
 	gen_nftset $NFTSET_BLACKLIST6 ipv6_addr $(cat $RULES_PATH/proxy_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
 	gen_nftset $NFTSET_WHITELIST6 ipv6_addr $(cat $RULES_PATH/direct_ip | tr -s '\n' | grep -v "^#" | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
@@ -730,8 +730,8 @@ add_firewall_rule() {
 		#echolog "本机IPv4网段互访直连：${lan_ip}"
 		#echolog "本机IPv6网段互访直连：${lan_ip6}"
 
-		[ -n "$lan_ip" ] && insert_nftset $NFTSET_LANIPLIST $(echo $lan_ip | sed -e "s/ /\n/g")
-		[ -n "$lan_ip6" ] && insert_nftset $NFTSET_LANIPLIST6 $(echo $lan_ip6 | sed -e "s/ /\n/g")
+		[ -n "$lan_ip" ] && insert_nftset $NFTSET_LANLIST $(echo $lan_ip | sed -e "s/ /\n/g")
+		[ -n "$lan_ip6" ] && insert_nftset $NFTSET_LANLIST6 $(echo $lan_ip6 | sed -e "s/ /\n/g")
 	}
 
 	[ -n "$ISP_DNS" ] && {
@@ -792,15 +792,15 @@ add_firewall_rule() {
 	#ipv4 tproxy mode and udp
 	nft "add chain inet fw4 PSW_MANGLE"
 	nft "flush chain inet fw4 PSW_MANGLE"
-	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_LANIPLIST counter return"
-	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_VPSIPLIST counter return"
+	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_LANLIST counter return"
+	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
 	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
 	nft "add rule inet fw4 PSW_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
 
 	nft "add chain inet fw4 PSW_OUTPUT_MANGLE"
 	nft "flush chain inet fw4 PSW_OUTPUT_MANGLE"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANIPLIST counter return"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSIPLIST counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_LANLIST counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_VPSLIST counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_WHITELIST counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE meta mark 0xff counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE ip daddr @$NFTSET_BLOCKLIST counter drop"
@@ -813,16 +813,16 @@ add_firewall_rule() {
 	[ -z "${is_tproxy}" ] && {
 		nft "add chain inet fw4 PSW"
 		nft "flush chain inet fw4 PSW"
-		nft "add rule inet fw4 PSW ip daddr @$NFTSET_LANIPLIST counter return"
-		nft "add rule inet fw4 PSW ip daddr @$NFTSET_VPSIPLIST counter return"
+		nft "add rule inet fw4 PSW ip daddr @$NFTSET_LANLIST counter return"
+		nft "add rule inet fw4 PSW ip daddr @$NFTSET_VPSLIST counter return"
 		nft "add rule inet fw4 PSW ip daddr @$NFTSET_WHITELIST counter return"
 		nft "add rule inet fw4 PSW ip daddr @$NFTSET_BLOCKLIST counter drop"
 		nft "add rule inet fw4 dstnat ip protocol tcp counter jump PSW"
 
 		nft "add chain inet fw4 PSW_OUTPUT"
 		nft "flush chain inet fw4 PSW_OUTPUT"
-		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_LANIPLIST counter return"
-		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_VPSIPLIST counter return"
+		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_LANLIST counter return"
+		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_VPSLIST counter return"
 		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_WHITELIST counter return"
 		nft "add rule inet fw4 PSW_OUTPUT meta mark 0xff counter return"
 		nft "add rule inet fw4 PSW_OUTPUT ip daddr @$NFTSET_BLOCKLIST counter drop"
@@ -832,13 +832,13 @@ add_firewall_rule() {
 	if [ "$accept_icmp" = "1" ]; then
 		nft "add chain inet fw4 PSW_ICMP_REDIRECT"
 		nft "flush chain inet fw4 PSW_ICMP_REDIRECT"
-		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_LANIPLIST counter return"
-		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_VPSIPLIST counter return"
+		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_LANLIST counter return"
+		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_VPSLIST counter return"
 		nft "add rule inet fw4 PSW_ICMP_REDIRECT ip daddr @$NFTSET_WHITELIST counter return"
 
 		[ "$accept_icmpv6" = "1" ] && {
-			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_LANIPLIST6 counter return"
-			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_VPSIPLIST6 counter return"
+			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_LANLIST6 counter return"
+			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_VPSLIST6 counter return"
 			nft "add rule inet fw4 PSW_ICMP_REDIRECT ip6 daddr @$NFTSET_WHITELIST6 counter return"
 		}
 
@@ -858,15 +858,15 @@ add_firewall_rule() {
 	#ipv6 tproxy mode and udp
 	nft "add chain inet fw4 PSW_MANGLE_V6"
 	nft "flush chain inet fw4 PSW_MANGLE_V6"
-	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_LANIPLIST6 counter return"
-	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_VPSIPLIST6 counter return"
+	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_LANLIST6 counter return"
+	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_VPSLIST6 counter return"
 	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return"
 	nft "add rule inet fw4 PSW_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop"
 
 	nft "add chain inet fw4 PSW_OUTPUT_MANGLE_V6"
 	nft "flush chain inet fw4 PSW_OUTPUT_MANGLE_V6"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_LANIPLIST6 counter return"
-	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_VPSIPLIST6 counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_LANLIST6 counter return"
+	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_VPSLIST6 counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_WHITELIST6 counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 meta mark 0xff counter return"
 	nft "add rule inet fw4 PSW_OUTPUT_MANGLE_V6 ip6 daddr @$NFTSET_BLOCKLIST6 counter drop"
@@ -944,7 +944,7 @@ add_firewall_rule() {
 
 			_proxy_tcp_access() {
 				[ -n "${2}" ] || return 0
-				nft "get element inet fw4 $NFTSET_LANIPLIST {${2}}" &>/dev/null
+				nft "get element inet fw4 $NFTSET_LANLIST {${2}}" &>/dev/null
 				[ $? -eq 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 TCP 代理转发对该服务器 TCP/${3} 端口的访问"
 					return 0
@@ -1015,7 +1015,7 @@ add_firewall_rule() {
 			echolog "加载路由器自身 UDP 代理..."
 			_proxy_udp_access() {
 				[ -n "${2}" ] || return 0
-				nft "get element inet fw4 $NFTSET_LANIPLIST {${2}}" &>/dev/null
+				nft "get element inet fw4 $NFTSET_LANLIST {${2}}" &>/dev/null
 				[ $? == 0 ] && {
 					echolog "  - 上游 DNS 服务器 ${2} 已在直接访问的列表中，不强制向 UDP 代理转发对该服务器 UDP/${3} 端口的访问"
 					return 0
@@ -1101,8 +1101,8 @@ del_firewall_rule() {
 	ip -6 rule del fwmark 1 table 100 2>/dev/null
 	ip -6 route del local ::/0 dev lo table 100 2>/dev/null
 
-	destroy_nftset $NFTSET_LANIPLIST
-	destroy_nftset $NFTSET_VPSIPLIST
+	destroy_nftset $NFTSET_LANLIST
+	destroy_nftset $NFTSET_VPSLIST
 	#destroy_nftset $NFTSET_SHUNTLIST
 	#destroy_nftset $NFTSET_GFW
 	#destroy_nftset $NFTSET_CHN
@@ -1110,8 +1110,8 @@ del_firewall_rule() {
 	destroy_nftset $NFTSET_BLOCKLIST
 	destroy_nftset $NFTSET_WHITELIST
 
-	destroy_nftset $NFTSET_LANIPLIST6
-	destroy_nftset $NFTSET_VPSIPLIST6
+	destroy_nftset $NFTSET_LANLIST6
+	destroy_nftset $NFTSET_VPSLIST6
 	#destroy_nftset $NFTSET_SHUNTLIST6
 	#destroy_nftset $NFTSET_GFW6
 	#destroy_nftset $NFTSET_CHN6
@@ -1124,8 +1124,8 @@ del_firewall_rule() {
 
 flush_nftset() {
 	del_firewall_rule
-	destroy_nftset $NFTSET_VPSIPLIST $NFTSET_SHUNTLIST $NFTSET_GFW $NFTSET_CHN $NFTSET_BLACKLIST $NFTSET_BLOCKLIST $NFTSET_WHITELIST $NFTSET_LANIPLIST
-	destroy_nftset $NFTSET_VPSIPLIST6 $NFTSET_SHUNTLIST6 $NFTSET_GFW6 $NFTSET_CHN6 $NFTSET_BLACKLIST6 $NFTSET_BLOCKLIST6 $NFTSET_WHITELIST6 $NFTSET_LANIPLIST6
+	destroy_nftset $NFTSET_VPSLIST $NFTSET_SHUNTLIST $NFTSET_GFW $NFTSET_CHN $NFTSET_BLACKLIST $NFTSET_BLOCKLIST $NFTSET_WHITELIST $NFTSET_LANLIST
+	destroy_nftset $NFTSET_VPSLIST6 $NFTSET_SHUNTLIST6 $NFTSET_GFW6 $NFTSET_CHN6 $NFTSET_BLACKLIST6 $NFTSET_BLOCKLIST6 $NFTSET_WHITELIST6 $NFTSET_LANLIST6
 	rm -rf /tmp/etc/passwall_tmp/dnsmasq*
 	/etc/init.d/passwall reload
 }