Update On Fri Nov 14 19:38:20 CET 2025

2025-12-24 13:28:37 +08:00 · 2025-11-14 19:38:21 +01:00
parent 3642b6d22d
commit a9ffe0eb91
639 changed files with 51959 additions and 24193 deletions
--- a/openwrt-passwall2/.github/workflows/Auto
+++ b/openwrt-passwall2/.github/workflows/Auto
@@ -129,6 +129,13 @@ jobs:
          fi
          cd sdk

+          # Update feeds to github source
+          sed -i \
+              -e 's|git\.openwrt\.org/feed|github.com/openwrt|g' \
+              -e 's|git\.openwrt\.org/project|github.com/openwrt|g' \
+              -e 's|git\.openwrt\.org/openwrt|github.com/openwrt|g' \
+              "feeds.conf.default"
+
          cat > feeds.tmp <<'EOF'
          src-git passwall_packages https://github.com/xiaorouji/openwrt-passwall-packages.git;main
          src-git passwall2 https://github.com/${{ env.passwall2 }}.git;${{ github.ref_name }}
@@ -385,6 +392,14 @@ jobs:
      - name: ${{ matrix.platform }} feeds configuration packages
        run: |
          cd sdk
+
+          # Update feeds to github source
+          sed -i \
+              -e 's|git\.openwrt\.org/feed|github.com/openwrt|g' \
+              -e 's|git\.openwrt\.org/project|github.com/openwrt|g' \
+              -e 's|git\.openwrt\.org/openwrt|github.com/openwrt|g' \
+              "feeds.conf.default"
+
          cat > feeds.tmp <<'EOF'
          src-git passwall_packages https://github.com/xiaorouji/openwrt-passwall-packages.git;main
          src-git passwall2 https://github.com/${{ env.passwall2 }}.git;${{ github.ref_name }}
--- a/openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua
+++ b/openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_config.lua
@@ -36,6 +36,21 @@ end)
 for k, v in pairs(groups) do
 	o:value(k)
 end
+o.write = function(self, section, value)
+	value = api.trim(value)
+	local lower = value:lower()
+
+	if lower == "" or lower == "default" then
+		return m:del(section, self.option)
+	end
+
+	for _, v in ipairs(self.keylist or {}) do
+		if v:lower() == lower then
+			return m:set(section, self.option, v)
+		end
+	end
+	m:set(section, self.option, value)
+end

 local fs = require "nixio.fs"
 local types_dir = "/usr/lib/lua/luci/model/cbi/passwall2/client/type/"
--- a/openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_subscribe.lua
+++ b/openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_subscribe.lua
@@ -168,19 +168,33 @@ end
 o = s:option(Value, "remark", translate("Remarks"))
 o.width = "auto"
 o.rmempty = false
-o.validate = function(self, value, t)
-	if value then
-		local count = 0
-		m.uci:foreach(appname, "subscribe_list", function(e)
-			if e[".name"] ~= t and e["remark"] == value then
-				count = count + 1
+o.validate = function(self, value, section)
+	value = api.trim(value)
+	if value == "" then
+		return nil, translate("Remark cannot be empty.")
+	end
+	local duplicate = false
+	m.uci:foreach(appname, "subscribe_list", function(e)
+		if e[".name"] ~= section and e["remark"] and e["remark"]:lower() == value:lower() then
+			duplicate = true
+			return false
+		end
+	end)
+	if duplicate or value:lower() == "default" then
+		return nil, translate("This remark already exists, please change a new remark.")
+	end
+	return value
+end
+o.write = function(self, section, value)
+	local old = m:get(section, self.option) or ""
+	if old:lower() ~= value:lower() then
+		m.uci:foreach(appname, "nodes", function(e)
+			if e["group"] and e["group"]:lower() == old:lower() then
+				m.uci:set(appname, e[".name"], "group", value)
 			end
 		end)
-		if count > 0 then
-			return nil, translate("This remark already exists, please change a new remark.")
-		end
-		return value
 	end
+	return Value.write(self, section, value)
 end

 o = s:option(DummyValue, "_node_count", translate("Subscribe Info"))
--- a/openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_subscribe_config.lua
+++ b/openwrt-passwall2/luci-app-passwall2/luasrc/model/cbi/passwall2/client/node_subscribe_config.lua
@@ -74,13 +74,41 @@ end

 o = s:option(Value, "remark", translate("Subscribe Remark"))
 o.rmempty = false
+o.validate = function(self, value, section)
+	value = api.trim(value)
+	if value == "" then
+		return nil, translate("Remark cannot be empty.")
+	end
+	local duplicate = false
+	m.uci:foreach(appname, "subscribe_list", function(e)
+		if e[".name"] ~= section and e["remark"] and e["remark"]:lower() == value:lower() then
+			duplicate = true
+			return false
+		end
+	end)
+	if duplicate or value:lower() == "default" then
+		return nil, translate("This remark already exists, please change a new remark.")
+	end
+	return value
+end
+o.write = function(self, section, value)
+	local old = m:get(section, self.option) or ""
+	if old:lower() ~= value:lower() then
+		m.uci:foreach(appname, "nodes", function(e)
+			if e["group"] and e["group"]:lower() == old:lower() then
+				m.uci:set(appname, e[".name"], "group", value)
+			end
+		end)
+	end
+	return Value.write(self, section, value)
+end

 o = s:option(TextValue, "url", translate("Subscribe URL"))
 o.rows = 5
 o.rmempty = false
 o.validate = function(self, value)
 	if not value or value == "" then
-		return nil, translate("URL cannot be empty")
+		return nil, translate("URL cannot be empty.")
 	end
 	return value:gsub("%s+", ""):gsub("%z", "")
 end
--- a/openwrt-passwall2/luci-app-passwall2/luasrc/passwall2/api.lua
+++ b/openwrt-passwall2/luci-app-passwall2/luasrc/passwall2/api.lua
@@ -1149,7 +1149,7 @@ end
 function to_check_self()
 	local url = "https://raw.githubusercontent.com/xiaorouji/openwrt-passwall2/main/luci-app-passwall2/Makefile"
 	local tmp_file = "/tmp/passwall2_makefile"
-	local return_code, result = curl_logic(url, tmp_file, curl_args)
+	local return_code, result = curl_auto(url, tmp_file, curl_args)
 	result = return_code == 0
 	if not result then
 		exec("/bin/rm", {"-f", tmp_file})
@@ -1159,8 +1159,8 @@ function to_check_self()
 		}
 	end
 	local local_version  = get_version()
-	local remote_version = sys.exec("echo -n $(grep 'PKG_VERSION' /tmp/passwall2_makefile|awk -F '=' '{print $2}')")
-				.. "-" ..  sys.exec("echo -n $(grep 'PKG_RELEASE' /tmp/passwall2_makefile|awk -F '=' '{print $2}')")
+	local remote_version = sys.exec("echo -n $(grep '^PKG_VERSION' /tmp/passwall2_makefile | head -n 1 | awk -F '=' '{print $2}')")
+	exec("/bin/rm", {"-f", tmp_file})

 	local has_update = compare_versions(local_version, "<", remote_version)
 	if not has_update then
--- a/openwrt-passwall2/luci-app-passwall2/luasrc/view/passwall2/node_list/link_add_node.htm
+++ b/openwrt-passwall2/luci-app-passwall2/luasrc/view/passwall2/node_list/link_add_node.htm
@@ -127,8 +127,16 @@ local api = require "luci.passwall2.api"
 			var val = input.value.trim();
 			if (!val) return;

+			if (val.toLowerCase() === "default") {
+				var emptyLi = Array.from(list.querySelectorAll(".dropdown-item"))
+					.find(function(el){ return !el.dataset.value; });
+				if (emptyLi) selectItem(emptyLi);
+				input.value = "";
+				return;
+			}
+
 			var li = Array.from(list.querySelectorAll(".dropdown-item")).find(function(el){
-				return el.dataset.value === val;
+				return el.dataset.value.toLowerCase() === val.toLowerCase();
 			});
 			if (!li) {
 				li = document.createElement("li");
--- a/openwrt-passwall2/luci-app-passwall2/po/zh-cn/passwall2.po
+++ b/openwrt-passwall2/luci-app-passwall2/po/zh-cn/passwall2.po
@@ -1,6 +1,3 @@
-msgid "PassWall 2"
-msgstr "PassWall 2"
-
 msgid "Auto"
 msgstr "自动"

@@ -979,6 +976,12 @@ msgstr "手动订阅全部"
 msgid "This remark already exists, please change a new remark."
 msgstr "此备注已存在，请改一个新的备注。"

+msgid "Remark cannot be empty."
+msgstr "备注不能为空。"
+
+msgid "URL cannot be empty."
+msgstr "网址不能为空。"
+
 msgid "Filter keyword Mode"
 msgstr "过滤关键字模式"

@@ -2035,8 +2038,8 @@ msgstr "清除 %s。"
 msgid "Delete %s rules is complete."
 msgstr "删除 %s 规则完成。"

-msgid "Firewall rules load complete!"
-msgstr "防火墙规则加载完成！"
+msgid "%s firewall rules load complete!"
+msgstr "%s 防火墙规则加载完成！"

 msgid "Socks switch detection: Unknown error."
 msgstr "Socks切换检测：未知错误。"
--- a/openwrt-passwall2/luci-app-passwall2/po/zh-tw/passwall2.po
+++ b/openwrt-passwall2/luci-app-passwall2/po/zh-tw/passwall2.po
@@ -1,6 +1,3 @@
-msgid "PassWall 2"
-msgstr "PassWall 2"
-
 msgid "Auto"
 msgstr "自動"

@@ -979,6 +976,12 @@ msgstr "手動订阅全部"
 msgid "This remark already exists, please change a new remark."
 msgstr "此備注已存在，请改一个新的備注。"

+msgid "Remark cannot be empty."
+msgstr "備注不能爲空。"
+
+msgid "URL cannot be empty."
+msgstr "網址不能爲空。"
+
 msgid "Filter keyword Mode"
 msgstr "过滤關键字模式"

@@ -2035,8 +2038,8 @@ msgstr "清除 %s。"
 msgid "Delete %s rules is complete."
 msgstr "删除 %s 規則完成。"

-msgid "Firewall rules load complete!"
-msgstr "防火墙規則加载完成！"
+msgid "%s firewall rules load complete!"
+msgstr "%s 防火墙規則加载完成！"

 msgid "Socks switch detection: Unknown error."
 msgstr "Socks切换检測：未知错误。"
--- a/openwrt-passwall2/luci-app-passwall2/root/etc/init.d/passwall2
+++ b/openwrt-passwall2/luci-app-passwall2/root/etc/init.d/passwall2
@@ -35,7 +35,7 @@ unlock() {
 boot_func() {
 	local delay=$(uci -q get ${CONFIG}.@global_delay[0].start_delay || echo 1)
 	if [ "$delay" -gt 0 ]; then
-		$APP_FILE echolog_i18n "Start after a delay of %s seconds!" "${delay}"
+		$APP_FILE log_i18n 0 "Start after a delay of %s seconds!" "${delay}"
 		sleep $delay
 	fi
 	restart
@@ -48,7 +48,7 @@ boot() {

 start() {
 	set_lock
-	[ $? == 1 ] && $APP_FILE echolog_i18n "The script is already running, do not run it again. Exit." && exit 0
+	[ $? == 1 ] && $APP_FILE log_i18n 0 "The script is already running, do not run it again. Exit." && exit 0
 	$APP_FILE start
 	unset_lock
 }
@@ -56,14 +56,14 @@ start() {
 stop() {
 	unlock
 	set_lock
-	[ $? == 1 ] && $APP_FILE echolog_i18n "Stop the script and wait for a timeout, then exit without repeating the process." && exit 0
+	[ $? == 1 ] && $APP_FILE log_i18n 0 "Stop the script and wait for a timeout, then exit without repeating the process." && exit 0
 	$APP_FILE stop
 	unset_lock
 }

 restart() {
 	set_lock
-	[ $? == 1 ] && $APP_FILE echolog_i18n "The script is already running, do not run it again. Exit." && exit 0
+	[ $? == 1 ] && $APP_FILE log_i18n 0 "The script is already running, do not run it again. Exit." && exit 0
 	$APP_FILE stop
 	$APP_FILE start
 	unset_lock
--- a/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/app.sh
+++ b/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/app.sh
@@ -24,21 +24,38 @@ UTIL_NAIVE=$LUA_UTIL_PATH/util_naiveproxy.lua
 UTIL_HYSTERIA2=$LUA_UTIL_PATH/util_hysteria2.lua
 UTIL_TUIC=$LUA_UTIL_PATH/util_tuic.lua

-echolog() {
-	local d="$(date "+%Y-%m-%d %H:%M:%S")"
-	echo -e "$d: $*" >>$LOG_FILE
+i18n() {
+	echo "$(lua ${APP_PATH}/i18n.lua "$@")"
 }

-echolog_nodate() {
+echolog() {
 	echo -e "$*" >>$LOG_FILE
 }

-echolog_i18n() {
-	echolog "$(i18n "$@")"
+echolog_date() {
+	local d="$(date "+%Y-%m-%d %H:%M:%S")"
+	echolog "$d: $*"
 }

-i18n() {
-	echo "$(lua ${APP_PATH}/i18n.lua "$@")"
+log() {
+	local num="$1"
+	shift
+	local content="$@"
+	local indent=""
+	if [ "$num" -ge 1 ]; then
+		for i in $(seq 1 ${num}); do
+			indent="${indent}  "
+		done
+		echolog_date "${indent}- ${content}"
+	else
+		echolog_date "${content}"
+	fi
+}
+
+log_i18n() {
+	local num="$1"
+	shift
+	log ${num} "$(i18n "$@")"
 }

 config_get_type() {
@@ -228,11 +245,11 @@ check_depends() {
 	[ -d "/lib/apk/packages" ] && file_path="/lib/apk/packages" && file_ext=".list"
 	if [ "$tables" == "iptables" ]; then
 		for depends in "iptables-mod-tproxy" "iptables-mod-socket" "iptables-mod-iprange" "iptables-mod-conntrack-extra" "kmod-ipt-nat"; do
-			[ -s "${file_path}/${depends}${file_ext}" ] || echolog_i18n "%s Transparent proxy base dependencies %s Not installed..." "${tables}" "${depends}"
+			[ -s "${file_path}/${depends}${file_ext}" ] || log_i18n 0 "%s Transparent proxy base dependencies %s Not installed..." "${tables}" "${depends}"
 		done
 	else
 		for depends in "kmod-nft-socket" "kmod-nft-tproxy" "kmod-nft-nat"; do
-			[ -s "${file_path}/${depends}${file_ext}" ] || echolog_i18n "%s Transparent proxy base dependencies %s Not installed..." "${tables}" "${depends}"
+			[ -s "${file_path}/${depends}${file_ext}" ] || log_i18n 0 "%s Transparent proxy base dependencies %s Not installed..." "${tables}" "${depends}"
 		done
 	fi
 }
@@ -269,14 +286,14 @@ ln_run() {
 			ln -s "${file_func}" "${TMP_BIN_PATH}/${ln_name}" >/dev/null 2>&1
 			file_func="${TMP_BIN_PATH}/${ln_name}"
 		}
-		[ -x "${file_func}" ] || echolog "  - $(i18n "%s does not have execute permissions and cannot be started: %s %s" "$(readlink ${file_func})" "${file_func}" "$*")"
+		[ -x "${file_func}" ] || log 1 "$(i18n "%s does not have execute permissions and cannot be started: %s %s" "$(readlink ${file_func})" "${file_func}" "$*")"
 	fi
 	#echo "${file_func} $*" >&2
-	[ -n "${file_func}" ] || echolog "  - $(i18n "%s not found, unable to start..." "${ln_name}")"
-	${file_func:-echolog "  - ${ln_name}"} "$@" >${output} 2>&1 &
+	[ -n "${file_func}" ] || log 1 "$(i18n "%s not found, unable to start..." "${ln_name}")"
+	${file_func:-log 1 "${ln_name}"} "$@" >${output} 2>&1 &
 	process_count=$(ls $TMP_SCRIPT_FUNC_PATH | grep -v "^_" | wc -l)
 	process_count=$((process_count + 1))
-	echo "${file_func:-echolog "  - ${ln_name}"} $@ >${output}" > $TMP_SCRIPT_FUNC_PATH/$process_count
+	echo "${file_func:-log 1 "${ln_name}"} $@ >${output}" > $TMP_SCRIPT_FUNC_PATH/$process_count
 }

 lua_api() {
@@ -600,7 +617,7 @@ run_socks() {
 	if [ -n "$server_host" ] && [ -n "$server_port" ]; then
 		check_host $server_host
 		[ $? != 0 ] && {
-			echolog "  - $(i18n "Socks node: [%s]%s is an invalid server address and cannot be started!" "${$remarks}" "${server_host}")"
+			log 1 "$(i18n "Socks node: [%s]%s is an invalid server address and cannot be started!" "${$remarks}" "${server_host}")"
 			return 1
 		}
 		tmp="${server_host}:${server_port}"
@@ -616,10 +633,10 @@ run_socks() {
 	fi

 	[ -n "${error_msg}" ] && {
-		[ "$bind" != "127.0.0.1" ] && echolog "  - $(i18n "Socks node: [%s]%s, start failed %s:%s %s" "${remarks}" "${tmp}" "${bind}" "${socks_port}" "${error_msg}")"
+		[ "$bind" != "127.0.0.1" ] && log 1 "$(i18n "Socks node: [%s]%s, start failed %s:%s %s" "${remarks}" "${tmp}" "${bind}" "${socks_port}" "${error_msg}")"
 		return 1
 	}
-	[ "$bind" != "127.0.0.1" ] && echolog "  - $(i18n "Socks node: [%s]%s, starting %s:%s" "${remarks}" "${tmp}" "${bind}" "${socks_port}")"
+	[ "$bind" != "127.0.0.1" ] && log 1 "$(i18n "Socks node: [%s]%s, starting %s:%s" "${remarks}" "${tmp}" "${bind}" "${socks_port}")"

 	case "$type" in
 	sing-box)
@@ -759,7 +776,7 @@ run_global() {
 	mkdir -p ${GLOBAL_ACL_PATH}

 	if [ $PROXY_IPV6 == "1" ]; then
-		echolog_i18n "To enable experimental IPv6 transparent proxy (TProxy), please ensure your node and type support IPv6!"
+		log_i18n 0 "To enable experimental IPv6 transparent proxy (TProxy), please ensure your node and type support IPv6!"
 	fi

 	TUN_DNS_PORT=15353
@@ -767,7 +784,7 @@ run_global() {

 	V2RAY_ARGS="flag=global node=$NODE redir_port=$REDIR_PORT tcp_proxy_way=${TCP_PROXY_WAY}"
 	V2RAY_ARGS="${V2RAY_ARGS} dns_listen_port=${TUN_DNS_PORT} direct_dns_query_strategy=${DIRECT_DNS_QUERY_STRATEGY} remote_dns_query_strategy=${REMOTE_DNS_QUERY_STRATEGY} dns_cache=${DNS_CACHE}"
-	local msg="${TUN_DNS} （$(i18n "Direct DNS: %s" "${AUTO_DNS}")"
+	local msg="DNS: ${TUN_DNS} （$(i18n "Direct DNS: %s" "${AUTO_DNS}")"

 	[ -n "$REMOTE_DNS_PROTOCOL" ] && {
 		V2RAY_ARGS="${V2RAY_ARGS} remote_dns_protocol=${REMOTE_DNS_PROTOCOL} remote_dns_detour=${REMOTE_DNS_DETOUR}"
@@ -795,7 +812,7 @@ run_global() {
 		[ -n "${_remote_dns_client_ip}" ] && V2RAY_ARGS="${V2RAY_ARGS} remote_dns_client_ip=${_remote_dns_client_ip}"
 	}
 	msg="${msg}）"
-	echolog ${msg}
+	log 0 ${msg}

 	V2RAY_CONFIG=${GLOBAL_ACL_PATH}/global.json
 	V2RAY_LOG=${GLOBAL_ACL_PATH}/global.log
@@ -867,7 +884,7 @@ start_socks() {
 	[ "$SOCKS_ENABLED" = "1" ] && {
 		local ids=$(uci show $CONFIG | grep "=socks" | awk -F '.' '{print $2}' | awk -F '=' '{print $1}')
 		[ -n "$ids" ] && {
-			echolog_i18n "Analyzing the node configuration of the Socks service..."
+			log_i18n 0 "Analyzing the node configuration of the Socks service..."
 			for id in $ids; do
 				local enabled=$(config_n_get $id enabled 0)
 				[ "$enabled" == "0" ] && continue
@@ -898,7 +915,7 @@ clean_log() {
 	logsnum=$(cat $LOG_FILE 2>/dev/null | wc -l)
 	[ "$logsnum" -gt 1000 ] && {
 		echo "" > $LOG_FILE
-		echolog_i18n "Log file is too long, clear it!"
+		log_i18n 0 "Log file is too long, clear it!"
 	}
 }

@@ -922,7 +939,7 @@ start_crontab() {

 	[ -f "/tmp/lock/${CONFIG}_cron.lock" ] && {
 		rm -rf "/tmp/lock/${CONFIG}_cron.lock"
-		echolog_i18n "The task is currently running automatically as a scheduled task; no reconfiguration of the scheduled task is required."
+		log_i18n 0 "The task is currently running automatically as a scheduled task; no reconfiguration of the scheduled task is required."
 		return
 	}

@@ -943,7 +960,7 @@ start_crontab() {
 		else
 			echo "$t /etc/init.d/$CONFIG stop > /dev/null 2>&1 &" >>/etc/crontabs/root
 		fi
-		echolog_i18n "Scheduled tasks: Auto stop service."
+		log_i18n 0 "Scheduled tasks: Auto stop service."
 	fi

 	start_week_mode=$(config_t_get global_delay start_week_mode)
@@ -956,7 +973,7 @@ start_crontab() {
 		else
 			echo "$t /etc/init.d/$CONFIG start > /dev/null 2>&1 &" >>/etc/crontabs/root
 		fi
-		echolog_i18n "Scheduled tasks: Auto start service."
+		log_i18n 0 "Scheduled tasks: Auto start service."
 	fi

 	restart_week_mode=$(config_t_get global_delay restart_week_mode)
@@ -969,7 +986,7 @@ start_crontab() {
 		else
 			echo "$t /etc/init.d/$CONFIG restart > /dev/null 2>&1 &" >>/etc/crontabs/root
 		fi
-		echolog_i18n "Scheduled tasks: Auto restart service."
+		log_i18n 0 "Scheduled tasks: Auto restart service."
 	fi

 	autoupdate=$(config_t_get global_rules auto_update)
@@ -983,7 +1000,7 @@ start_crontab() {
 		else
 			echo "$t lua $APP_PATH/rule_update.lua log all cron > /dev/null 2>&1 &" >>/etc/crontabs/root
 		fi
-		echolog_i18n "Scheduled tasks: Auto update rules."
+		log_i18n 0 "Scheduled tasks: Auto update rules."
 	fi

 	TMP_SUB_PATH=$TMP_PATH/sub_crontabs
@@ -995,7 +1012,7 @@ start_crontab() {
 			week_update=$(config_n_get $item week_update)
 			time_update=$(config_n_get $item time_update)
 			echo "$cfgid" >> $TMP_SUB_PATH/${week_update}_${time_update}
-			echolog_i18n "Scheduled tasks: Auto update [%s] subscription." "${remark}"
+			log_i18n 0 "Scheduled tasks: Auto update [%s] subscription." "${remark}"
 		fi
 	done

@@ -1018,10 +1035,10 @@ start_crontab() {
 	if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
 		[ "$update_loop" = "1" ] && {
 			$APP_PATH/tasks.sh > /dev/null 2>&1 &
-			echolog_i18n "Auto updates: Starts a cyclical update process."
+			log_i18n 0 "Auto updates: Starts a cyclical update process."
 		}
 	else
-		echolog_i18n "Running in no proxy mode, it only allows scheduled tasks for starting and stopping services."
+		log_i18n 0 "Running in no proxy mode, it only allows scheduled tasks for starting and stopping services."
 	fi

 	/etc/init.d/cron restart
@@ -1031,13 +1048,13 @@ stop_crontab() {
 	[ -f "/tmp/lock/${CONFIG}_cron.lock" ] && return
 	clean_crontab
 	/etc/init.d/cron restart
-	#echolog_i18n "Clear scheduled commands."
+	#log_i18n 0 "Clear scheduled commands."
 }

 add_ip2route() {
 	local ip=$(get_host_ip "ipv4" $1)
 	[ -z "$ip" ] && {
-		echolog "  - $(i18n "Unable to resolve [%s], route table addition failed!" "${1}")"
+		log 1 "$(i18n "Unable to resolve [%s], route table addition failed!" "${1}")"
 		return 1
 	}
 	local remarks="${1}"
@@ -1052,9 +1069,9 @@ add_ip2route() {
 	if [ -n "${gateway}" ]; then
 		route add -host ${ip} gw ${gateway} dev ${device} >/dev/null 2>&1
 		echo "$ip" >> $TMP_ROUTE_PATH/${device}
-		echolog "  - $(i18n "[%s] was successfully added to the routing table of interface [%s]!" "${remarks}" "${device}")"
+		log 1 "$(i18n "[%s] was successfully added to the routing table of interface [%s]!" "${remarks}" "${device}")"
 	else
-		echolog "  - $(i18n "Adding [%s] to the [%s] routing table failed! The reason is that the [%s] gateway cannot be found." "${remarks}" "${device}" "${device}")"
+		log 1 "$(i18n "Adding [%s] to the [%s] routing table failed! The reason is that the [%s] gateway cannot be found." "${remarks}" "${device}" "${device}")"
 	fi
 }

@@ -1230,7 +1247,7 @@ acl_app() {
 						set_cache_var "ACL_${sid}_dns_port" "${GLOBAL_DNSMASQ_PORT}"
 						set_cache_var "ACL_${sid}_default" "1"
 					else
-						echolog "  - $(i18n "Global nodes are not enabled, skip [%s]." "${remarks}")"
+						log 1 "$(i18n "Global nodes are not enabled, skip [%s]." "${remarks}")"
 					fi
 				else
 					[ "$(config_get_type $node)" = "nodes" ] && {
@@ -1277,7 +1294,7 @@ acl_app() {

 start() {
 	pgrep -f /tmp/etc/passwall2/bin > /dev/null 2>&1 && {
-		#echolog_i18n "The program has started. Please stop it and then restart it!"
+		#log_i18n 0 "The program has started. Please stop it and then restart it!"
 		stop
 	}
 	mkdir -p /tmp/etc /tmp/log $TMP_PATH $TMP_BIN_PATH $TMP_SCRIPT_FUNC_PATH $TMP_ROUTE_PATH $TMP_ACL_PATH $TMP_PATH2
@@ -1296,9 +1313,9 @@ start() {
 		if [ -n "$(command -v iptables-legacy || command -v iptables)" ] && [ -n "$(command -v ipset)" ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* ipset')" ]; then
 			USE_TABLES="iptables"
 		else
-			echolog_i18n "The system does not have iptables or ipset installed, or Dnsmasq does not have ipset support enabled, so iptables+ipset transparent proxy cannot be used!"
+			log_i18n 0 "The system does not have iptables or ipset installed, or Dnsmasq does not have ipset support enabled, so iptables+ipset transparent proxy cannot be used!"
 			if [ -n "$(command -v fw4)" ] && [ -n "$(command -v nft)" ] && [ -n "$(dnsmasq --version | grep 'Compile time options:.* nftset')" ]; then
-				echolog_i18n "fw4 detected, use nftables to transparent proxy."
+				log_i18n 0 "fw4 detected, use nftables to transparent proxy."
 				USE_TABLES="nftables"
 				nftflag=1
 				config_t_set global_forwarding use_nft 1
@@ -1310,7 +1327,7 @@ start() {
 			USE_TABLES="nftables"
 			nftflag=1
 		else
-			echolog_i18n "The Dnsmasq package does not meet the requirements for transparent proxy in nftables. If you need to use it, please ensure that the dnsmasq version is 2.87 or higher and that nftset support is enabled."
+			log_i18n 0 "The Dnsmasq package does not meet the requirements for transparent proxy in nftables. If you need to use it, please ensure that the dnsmasq version is 2.87 or higher and that nftset support is enabled."
 		fi
 	fi

@@ -1318,7 +1335,7 @@ start() {
 	
 	[ "$USE_TABLES" = "nftables" ] && {
 		dnsmasq_version=$(dnsmasq -v | grep -i "Dnsmasq version " | awk '{print $3}')
-		[ "$(expr $dnsmasq_version \>= 2.90)" == 0 ] && echolog_i18n "If your Dnsmasq version is lower than 2.90, it is recommended to upgrade to version 2.90 or higher to avoid Dnsmasq crashing in some cases!"
+		[ "$(expr $dnsmasq_version \>= 2.90)" == 0 ] && log_i18n 0 "If your Dnsmasq version is lower than 2.90, it is recommended to upgrade to version 2.90 or higher to avoid Dnsmasq crashing in some cases!"
 	}

 	if [ "$ENABLED_DEFAULT_ACL" == 1 ] || [ "$ENABLED_ACLS" == 1 ]; then
@@ -1344,8 +1361,8 @@ start() {
 		}
 	fi
 	start_crontab
-	echolog_i18n "Running complete!"
-	echolog_nodate "\n"
+	log_i18n 0 "Running complete!"
+	echolog "\n"
 }

 stop() {
@@ -1389,7 +1406,7 @@ stop() {
 	rm -rf $TMP_PATH
 	rm -rf /tmp/lock/${CONFIG}_socks_auto_switch*
 	rm -rf /tmp/lock/${CONFIG}_lease2hosts*
-	echolog_i18n "Clearing and closing related programs and cache complete."
+	log_i18n 0 "Clearing and closing related programs and cache complete."
 	exit 0
 }

@@ -1460,11 +1477,11 @@ case $arg1 in
 add_ip2route)
 	add_ip2route $@
 	;;
-echolog)
-	echolog $@
+log)
+	log $@
 	;;
-echolog_i18n)
-	echolog_i18n "$@"
+log_i18n)
+	log_i18n "$@"
 	;;
 i18n)
 	i18n "$@"
--- a/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
+++ b/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/iptables.sh
@@ -136,7 +136,7 @@ insert_rule_after() {

 RULE_LAST_INDEX() {
 	[ $# -ge 3 ] || {
-		echolog_i18n "Incorrect index listing method (%s), execution terminated!" "iptables"
+		log_i18n 1 "Incorrect index listing method (%s), execution terminated!" "iptables"
 		return 1
 	}
 	local ipt_tmp="${1}"; shift
@@ -271,7 +271,7 @@ gen_shunt_list() {
 								get_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}" | sed -e "s/^/add $ipset_v4 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 								get_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "s/^/add $ipset_v6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
 							fi
-							echolog "  - $(i18n "parse the traffic splitting rules[%s]-[geoip:%s] add to %s to complete." "${shunt_id}" "${_geoip_code}" "IPSET")"
+							log 1 "$(i18n "parse the traffic splitting rules[%s]-[geoip:%s] add to %s to complete." "${shunt_id}" "${_geoip_code}" "IPSET")"
 						}
 					}
 				}
@@ -317,8 +317,8 @@ add_shunt_t_rule() {
 }

 load_acl() {
+	log_i18n 1 "Access Control:"
 	[ "$ENABLED_ACLS" == 1 ] && {
-		echolog_i18n "Access Control:"
 		acl_app
 		for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}' | grep -v 'default'); do
 			eval $(uci -q show "${CONFIG}.${sid}" | cut -d'.' -sf 3-)
@@ -388,7 +388,7 @@ load_acl() {
 						_ipt_source="${_ipt_source}-m set --match-set ${_ipset} src"
 						unset _ipset
 					else
-						echolog "  - $(i18n "[%s]," "${remarks}")${msg}$(i18n "Does not exist, ignore.")"
+						log 2 "$(i18n "[%s]," "${remarks}")${msg}$(i18n "Does not exist, ignore.")"
 						unset _ipset
 						continue
 					fi
@@ -417,11 +417,11 @@ load_acl() {
 					if ! has_1_65535 "$tcp_no_redir_ports"; then
 						[ "$_ipv4" != "1" ] && add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp" $tcp_no_redir_ports "-j RETURN" 2>/dev/null
 						add_port_rules "$ipt_tmp -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp" $tcp_no_redir_ports "-j RETURN"
-						echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "TCP" "${tcp_no_redir_ports}")"
+						log 2 "${msg}$(i18n "not proxy %s port [%s]" "TCP" "${tcp_no_redir_ports}")"
 					else
 						# It will return when it ends, so no extra rules are needed.
 						tcp_proxy_mode="disable"
-						echolog "  - ${msg}$(i18n "not proxy all %s" "TCP")"
+						log 2 "${msg}$(i18n "not proxy all %s" "TCP")"
 					fi
 				}
 				
@@ -429,11 +429,11 @@ load_acl() {
 					if ! has_1_65535 "$udp_no_redir_ports"; then
 						[ "$_ipv4" != "1" ] && add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp" $udp_no_redir_ports "-j RETURN" 2>/dev/null
 						add_port_rules "$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp" $udp_no_redir_ports "-j RETURN"
-						echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "UDP" "${udp_no_redir_ports}")"
+						log 2 "${msg}$(i18n "not proxy %s port [%s]" "UDP" "${udp_no_redir_ports}")"
 					else
 						# It will return when it ends, so no extra rules are needed.
 						udp_proxy_mode="disable"
-						echolog "  - ${msg}$(i18n "not proxy all %s" "UDP")"
+						log 2 "${msg}$(i18n "not proxy all %s" "UDP")"
 					fi
 				}
 				
@@ -442,7 +442,7 @@ load_acl() {
 					$ip6t_n -A PSW2_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port 2>/dev/null
 					$ipt_n -A PSW2_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port
 					$ip6t_n -A PSW2_DNS $(comment "$remarks") -p tcp ${_ipt_source} --dport 53 -j REDIRECT --to-ports $dns_redirect_port 2>/dev/null
-					[ -z "$(get_cache_var "ACL_${sid}_default")" ] && echolog "  - ${msg}$(i18n "Using a node that is different from the global configuration, DNS has been forcibly redirected to a dedicated DNS server.")"
+					[ -z "$(get_cache_var "ACL_${sid}_default")" ] && log 2 "${msg}$(i18n "Using a node that is different from the global configuration, DNS has been forcibly redirected to a dedicated DNS server.")"
 				else
 					$ipt_n -A PSW2_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j RETURN
 					$ip6t_n -A PSW2_DNS $(comment "$remarks") -p udp ${_ipt_source} --dport 53 -j RETURN 2>/dev/null
@@ -483,7 +483,7 @@ load_acl() {
 						add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source}" $tcp_redir_ports "-j PSW2_RULE" 2>/dev/null
 						$ip6t_m -A PSW2 $(comment "$remarks") -p tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null
 					}
-					echolog "  - ${msg2}"
+					log 2 "${msg2}"
 				}
 				$ipt_tmp -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN
 				[ "$_ipv4" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p tcp -j RETURN 2>/dev/null
@@ -502,7 +502,7 @@ load_acl() {
 						add_port_rules "$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source}" $udp_redir_ports "-j PSW2_RULE" 2>/dev/null
 						$ip6t_m -A PSW2 $(comment "$remarks") -p udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) 2>/dev/null
 					}
-					echolog "  - ${msg2}"
+					log 2 "${msg2}"
 				}
 				$ipt_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN
 				[ "$_ipv4" != "1" ] && $ip6t_m -A PSW2 $(comment "$remarks") ${_ipt_source} -p udp -j RETURN 2>/dev/null
@@ -514,38 +514,39 @@ load_acl() {
 	}
 	
 	[ "$ENABLED_DEFAULT_ACL" == 1 ] && [ "$CLIENT_PROXY" == 1 ] && {
-		msg="$(i18n "[%s]," "$(i18n "Default")")"
+		local comment_d="$(i18n "Default")"
+		msg="$(i18n "[%s]," ${comment_d})"
 		local ipt_tmp=$ipt_n
 		[ -n "${is_tproxy}" ] && ipt_tmp=$ipt_m

 		[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
-			add_port_rules "$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN"
-			add_port_rules "$ipt_tmp -A PSW2 $(comment $(i18n "Default")) -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN"
+			add_port_rules "$ip6t_m -A PSW2 $(comment "${comment_d}") -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN"
+			add_port_rules "$ipt_tmp -A PSW2 $(comment "${comment_d}") -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN"
 			if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
+				log 2 "${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
 			else
 				TCP_PROXY_MODE="disable"
-				echolog "  - ${msg}$(i18n "not proxy all %s" "TCP")"
+				log 2 "${msg}$(i18n "not proxy all %s" "TCP")"
 			fi
 		}

 		[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
-			add_port_rules "$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p udp" $UDP_NO_REDIR_PORTS "-j RETURN"
-			add_port_rules "$ipt_tmp -A PSW2 $(comment $(i18n "Default")) -p udp" $UDP_NO_REDIR_PORTS "-j RETURN"
+			add_port_rules "$ip6t_m -A PSW2 $(comment "${comment_d}") -p udp" $UDP_NO_REDIR_PORTS "-j RETURN"
+			add_port_rules "$ipt_tmp -A PSW2 $(comment "${comment_d}") -p udp" $UDP_NO_REDIR_PORTS "-j RETURN"
 			if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
+				log 2 "${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
 			else
 				UDP_PROXY_MODE="disable"
-				echolog "  - ${msg}$(i18n "not proxy all %s" "UDP")"
+				log 2 "${msg}$(i18n "not proxy all %s" "UDP")"
 			fi
 		}

 		if ([ "$TCP_PROXY_MODE" != "disable" ] || [ "$UDP_PROXY_MODE" != "disable" ]) && [ -n "$NODE" ]; then
 			[ -n "$DNS_REDIRECT_PORT" ] && {
-				$ipt_n -A PSW2_DNS $(comment $(i18n "Default")) -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
-				$ip6t_n -A PSW2_DNS $(comment $(i18n "Default")) -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
-				$ipt_n -A PSW2_DNS $(comment $(i18n "Default")) -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
-				$ip6t_n -A PSW2_DNS $(comment $(i18n "Default")) -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
+				$ipt_n -A PSW2_DNS $(comment "${comment_d}") -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
+				$ip6t_n -A PSW2_DNS $(comment "${comment_d}") -p udp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
+				$ipt_n -A PSW2_DNS $(comment "${comment_d}") -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT
+				$ip6t_n -A PSW2_DNS $(comment "${comment_d}") -p tcp --dport 53 -j REDIRECT --to-ports $DNS_REDIRECT_PORT 2>/dev/null
 			}
 		fi

@@ -560,48 +561,48 @@ load_acl() {
 			fi

 			[ "$accept_icmp" = "1" ] && {
-				$ipt_n -A PSW2 $(comment $(i18n "Default")) -p icmp -d $FAKE_IP $(REDIRECT)
-				add_shunt_t_rule "${SHUNT_LIST4}" "$ipt_n -A PSW2 $(comment $(i18n "Default")) -p icmp" "$(REDIRECT)"
-				$ipt_n -A PSW2 $(comment $(i18n "Default")) -p icmp $(REDIRECT)
+				$ipt_n -A PSW2 $(comment "${comment_d}") -p icmp -d $FAKE_IP $(REDIRECT)
+				add_shunt_t_rule "${SHUNT_LIST4}" "$ipt_n -A PSW2 $(comment "${comment_d}") -p icmp" "$(REDIRECT)"
+				$ipt_n -A PSW2 $(comment "${comment_d}") -p icmp $(REDIRECT)
 			}
 			
 			[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
-				$ip6t_n -A PSW2 $(comment $(i18n "Default")) -p ipv6-icmp -d $FAKE_IP_6 $(REDIRECT)
-				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_n -A PSW2 $(comment $(i18n "Default")) -p ipv6-icmp" "$(REDIRECT)"
-				$ip6t_n -A PSW2 $(comment $(i18n "Default")) -p ipv6-icmp $(REDIRECT)
+				$ip6t_n -A PSW2 $(comment "${comment_d}") -p ipv6-icmp -d $FAKE_IP_6 $(REDIRECT)
+				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_n -A PSW2 $(comment "${comment_d}") -p ipv6-icmp" "$(REDIRECT)"
+				$ip6t_n -A PSW2 $(comment "${comment_d}") -p ipv6-icmp $(REDIRECT)
 			}

-			$ipt_tmp -A PSW2 $(comment $(i18n "Default")) -p tcp -d $FAKE_IP ${ipt_j}
-			add_shunt_t_rule "${SHUNT_LIST4}" "$ipt_tmp -A PSW2 $(comment $(i18n "Default")) -p tcp" "${ipt_j}" $TCP_REDIR_PORTS
-			add_port_rules "$ipt_tmp -A PSW2 $(comment $(i18n "Default")) -p tcp" $TCP_REDIR_PORTS "${ipt_j}"
-			[ -n "${is_tproxy}" ] && $ipt_m -A PSW2 $(comment $(i18n "Default")) -p tcp $(REDIRECT $REDIR_PORT TPROXY)
+			$ipt_tmp -A PSW2 $(comment "${comment_d}") -p tcp -d $FAKE_IP ${ipt_j}
+			add_shunt_t_rule "${SHUNT_LIST4}" "$ipt_tmp -A PSW2 $(comment "${comment_d}") -p tcp" "${ipt_j}" $TCP_REDIR_PORTS
+			add_port_rules "$ipt_tmp -A PSW2 $(comment "${comment_d}") -p tcp" $TCP_REDIR_PORTS "${ipt_j}"
+			[ -n "${is_tproxy}" ] && $ipt_m -A PSW2 $(comment "${comment_d}") -p tcp $(REDIRECT $REDIR_PORT TPROXY)

 			[ "$PROXY_IPV6" == "1" ] && {
-				$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p tcp -d $FAKE_IP_6 -j PSW2_RULE
-				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p tcp" "-j PSW2_RULE" $TCP_REDIR_PORTS
-				add_port_rules "$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p tcp" $TCP_REDIR_PORTS "-j PSW2_RULE"
-				$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p tcp $(REDIRECT $REDIR_PORT TPROXY)
+				$ip6t_m -A PSW2 $(comment "${comment_d}") -p tcp -d $FAKE_IP_6 -j PSW2_RULE
+				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment "${comment_d}") -p tcp" "-j PSW2_RULE" $TCP_REDIR_PORTS
+				add_port_rules "$ip6t_m -A PSW2 $(comment "${comment_d}") -p tcp" $TCP_REDIR_PORTS "-j PSW2_RULE"
+				$ip6t_m -A PSW2 $(comment "${comment_d}") -p tcp $(REDIRECT $REDIR_PORT TPROXY)
 			}

-			echolog "  - ${msg2}"
+			log 2 "${msg2}"
 		fi

 		if [ "$UDP_PROXY_MODE" != "disable" ] && [ -n "$NODE" ]; then
 			msg2="${msg}$(i18n "Use the %s node [%s]" "UDP" "$(config_n_get $NODE remarks)")(TPROXY:${REDIR_PORT})"

-			$ipt_m -A PSW2 $(comment $(i18n "Default")) -p udp -d $FAKE_IP -j PSW2_RULE
-			add_shunt_t_rule "${SHUNT_LIST4}" "$ipt_m -A PSW2 $(comment $(i18n "Default")) -p udp" "-j PSW2_RULE" $UDP_REDIR_PORTS
-			add_port_rules "$ipt_m -A PSW2 $(comment $(i18n "Default")) -p udp" $UDP_REDIR_PORTS "-j PSW2_RULE"
-			$ipt_m -A PSW2 $(comment $(i18n "Default")) -p udp $(REDIRECT $REDIR_PORT TPROXY)
+			$ipt_m -A PSW2 $(comment "${comment_d}") -p udp -d $FAKE_IP -j PSW2_RULE
+			add_shunt_t_rule "${SHUNT_LIST4}" "$ipt_m -A PSW2 $(comment "${comment_d}") -p udp" "-j PSW2_RULE" $UDP_REDIR_PORTS
+			add_port_rules "$ipt_m -A PSW2 $(comment "${comment_d}") -p udp" $UDP_REDIR_PORTS "-j PSW2_RULE"
+			$ipt_m -A PSW2 $(comment "${comment_d}") -p udp $(REDIRECT $REDIR_PORT TPROXY)

 			[ "$PROXY_IPV6" == "1" ] && {
-				$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p udp -d $FAKE_IP_6 -j PSW2_RULE
-				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p udp" "-j PSW2_RULE" $UDP_REDIR_PORTS
-				add_port_rules "$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p udp" $UDP_REDIR_PORTS "-j PSW2_RULE"
-				$ip6t_m -A PSW2 $(comment $(i18n "Default")) -p udp $(REDIRECT $REDIR_PORT TPROXY)
+				$ip6t_m -A PSW2 $(comment "${comment_d}") -p udp -d $FAKE_IP_6 -j PSW2_RULE
+				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2 $(comment "${comment_d}") -p udp" "-j PSW2_RULE" $UDP_REDIR_PORTS
+				add_port_rules "$ip6t_m -A PSW2 $(comment "${comment_d}") -p udp" $UDP_REDIR_PORTS "-j PSW2_RULE"
+				$ip6t_m -A PSW2 $(comment "${comment_d}") -p udp $(REDIRECT $REDIR_PORT TPROXY)
 			}

-			echolog "  - ${msg2}"
+			log 2 "${msg2}"
 		fi
 	}
 }
@@ -611,14 +612,14 @@ filter_haproxy() {
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
 		[ -n "$ip" ] && ipset -q add $IPSET_VPS $ip
 	done
-	echolog_i18n "Add node to the load balancer is directly connected to %s[%s]." "ipset" "${IPSET_VPS}"
+	log_i18n 1 "Add node to the load balancer is directly connected to %s[%s]." "ipset" "${IPSET_VPS}"
 }

 filter_vpsip() {
 	uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPS &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	#echolog "  - $(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv4" "ipset" "${$IPSET_VPS}")"
+	#log 1 "$(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv4" "ipset" "${$IPSET_VPS}")"
 	uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPS6 &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	#echolog "  - $(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv6" "ipset" "${$IPSET_VPS6}")"
+	#log 1 "$(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv6" "ipset" "${$IPSET_VPS6}")"
 }

 filter_server_port() {
@@ -666,7 +667,8 @@ filter_direct_node_list() {
 }

 add_firewall_rule() {
-	echolog_i18n "Starting to load %s firewall rules..." "iptables"
+	log_i18n 0 "Starting to load %s firewall rules..." "iptables"
+	
 	ipset -! create $IPSET_LOCAL nethash maxelem 1048576
 	ipset -! create $IPSET_LAN nethash maxelem 1048576
 	ipset -! create $IPSET_VPS nethash maxelem 1048576
@@ -696,8 +698,8 @@ add_firewall_rule() {
 	[ -n "$lan_ifname" ] && {
 		lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}')
 		lan_ip6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}')
-		#echolog_i18n "local network segments (%s) direct connection: %s" "IPv4" "${lan_ip}"
-		#echolog_i18n "local network segments (%s) direct connection: %s" "IPv6" "${lan_ip6}"
+		#log_i18n 1 "local network segments (%s) direct connection: %s" "IPv4" "${lan_ip}"
+		#log_i18n 1 "local network segments (%s) direct connection: %s" "IPv6" "${lan_ip6}"

 		[ -n "$lan_ip" ] && ipset -! -R <<-EOF
 			$(echo $lan_ip | sed -e "s/ /\n/g" | sed -e "s/^/add $IPSET_LAN /")
@@ -711,14 +713,14 @@ add_firewall_rule() {
 	[ -n "$ISP_DNS" ] && {
 		for ispip in $ISP_DNS; do
 			ipset -! add $IPSET_LAN $ispip
-			echolog "  - $(i18n "Add ISP %s DNS to the whitelist: %s" "IPv4" "${ispip}")"
+			log_i18n 1 "$(i18n "Add ISP %s DNS to the whitelist: %s" "IPv4" "${ispip}")"
 		done
 	}

 	[ -n "$ISP_DNS6" ] && {
 		for ispip6 in $ISP_DNS6; do
 			ipset -! add $IPSET_LAN6 $ispip6
-			echolog "  - $(i18n "Add ISP %s DNS to the whitelist: %s" "IPv6" "${ispip6}")"
+			log_i18n 1 "$(i18n "Add ISP %s DNS to the whitelist: %s" "IPv6" "${ispip6}")"
 		done
 	}
 	
@@ -793,7 +795,7 @@ add_firewall_rule() {
 			local dns_address=$(echo $auto_dns | awk -F '#' '{print $1}')
 			local dns_port=$(echo $auto_dns | awk -F '#' '{print $2}')
 			$ipt_m -A PSW2_OUTPUT -p udp -d ${dns_address} --dport ${dns_port:-53} -j RETURN
-			echolog "  - $(i18n "Add direct DNS to %s: %s" "iptables" "${dns_address}:${dns_port:-53}")"
+			log_i18n 1 "$(i18n "Add direct DNS to %s: %s" "iptables" "${dns_address}:${dns_port:-53}")"
 		done
 	}
 	$ipt_m -A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
@@ -860,10 +862,10 @@ add_firewall_rule() {
 			add_port_rules "$ipt_tmp -A PSW2_OUTPUT -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN"
 			add_port_rules "$ip6t_m -A PSW2_OUTPUT -p tcp" $TCP_NO_REDIR_PORTS "-j RETURN"
 			if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
+				log 1 "${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
 			else
 				unset TCP_LOCALHOST_PROXY
-				echolog "  - ${msg}$(i18n "not proxy all %s" "TCP")"
+				log 1 "${msg}$(i18n "not proxy all %s" "TCP")"
 			fi
 		}
 		
@@ -871,10 +873,10 @@ add_firewall_rule() {
 			add_port_rules "$ipt_m -A PSW2_OUTPUT -p udp" $UDP_NO_REDIR_PORTS "-j RETURN"
 			add_port_rules "$ip6t_m -A PSW2_OUTPUT -p udp" $UDP_NO_REDIR_PORTS "-j RETURN"
 			if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
+				log 1 "${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
 			else
 				unset UDP_LOCALHOST_PROXY
-				echolog "  - ${msg}$(i18n "not proxy all %s" "UDP")"
+				log 1 "${msg}$(i18n "not proxy all %s" "UDP")"
 			fi
 		}
 		
@@ -887,6 +889,8 @@ add_firewall_rule() {
 			}
 		fi

+		local comment_l="$(i18n "Local")"
+
 		# Loading local router proxy TCP
 		if [ -n "$NODE" ] && [ "$TCP_LOCALHOST_PROXY" = "1" ]; then
 			[ "$accept_icmp" = "1" ] && {
@@ -914,8 +918,8 @@ add_firewall_rule() {
 			add_port_rules "$ipt_tmp -A PSW2_OUTPUT -p tcp" $TCP_REDIR_PORTS "${ipt_j}"
 			[ -z "${is_tproxy}" ] && $ipt_n -A OUTPUT -p tcp -j PSW2_OUTPUT
 			[ -n "${is_tproxy}" ] && {
-				$ipt_m -A PSW2 $(comment "$(i18n "Local")") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
-				$ipt_m -A PSW2 $(comment "$(i18n "Local")") -p tcp -i lo -j RETURN
+				$ipt_m -A PSW2 $(comment "${comment_l}") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
+				$ipt_m -A PSW2 $(comment "${comment_l}") -p tcp -i lo -j RETURN
 				insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
 			}

@@ -923,8 +927,8 @@ add_firewall_rule() {
 				$ip6t_m -A PSW2_OUTPUT -p tcp -d $FAKE_IP_6 -j PSW2_RULE
 				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p tcp" "-j PSW2_RULE" $TCP_REDIR_PORTS
 				add_port_rules "$ip6t_m -A PSW2_OUTPUT -p tcp" $TCP_REDIR_PORTS "-j PSW2_RULE"
-				$ip6t_m -A PSW2 $(comment "$(i18n "Local")") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
-				$ip6t_m -A PSW2 $(comment "$(i18n "Local")") -p tcp -i lo -j RETURN
+				$ip6t_m -A PSW2 $(comment "${comment_l}") -p tcp -i lo $(REDIRECT $REDIR_PORT TPROXY)
+				$ip6t_m -A PSW2 $(comment "${comment_l}") -p tcp -i lo -j RETURN
 				insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p tcp -j PSW2_OUTPUT"
 			}

@@ -941,16 +945,16 @@ add_firewall_rule() {
 			$ipt_m -A PSW2_OUTPUT -p udp -d $FAKE_IP -j PSW2_RULE
 			add_shunt_t_rule "${SHUNT_LIST4}" "$ipt_m -A PSW2_OUTPUT -p udp" "-j PSW2_RULE" $UDP_REDIR_PORTS
 			add_port_rules "$ipt_m -A PSW2_OUTPUT -p udp" $UDP_REDIR_PORTS "-j PSW2_RULE"
-			$ipt_m -A PSW2 $(comment "$(i18n "Local")") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
-			$ipt_m -A PSW2 $(comment "$(i18n "Local")") -p udp -i lo -j RETURN
+			$ipt_m -A PSW2 $(comment "${comment_l}") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
+			$ipt_m -A PSW2 $(comment "${comment_l}") -p udp -i lo -j RETURN
 			insert_rule_before "$ipt_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"

 			[ "$PROXY_IPV6" == "1" ] && {
 				$ip6t_m -A PSW2_OUTPUT -p udp -d $FAKE_IP_6 -j PSW2_RULE
 				add_shunt_t_rule "${SHUNT_LIST6}" "$ip6t_m -A PSW2_OUTPUT -p udp" "-j PSW2_RULE" $UDP_REDIR_PORTS
 				add_port_rules "$ip6t_m -A PSW2_OUTPUT -p udp" $UDP_REDIR_PORTS "-j PSW2_RULE"
-				$ip6t_m -A PSW2 $(comment "$(i18n "Local")") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
-				$ip6t_m -A PSW2 $(comment "$(i18n "Local")") -p udp -i lo -j RETURN
+				$ip6t_m -A PSW2 $(comment "${comment_l}") -p udp -i lo $(REDIRECT $REDIR_PORT TPROXY)
+				$ip6t_m -A PSW2 $(comment "${comment_l}") -p udp -i lo -j RETURN
 				insert_rule_before "$ip6t_m" "OUTPUT" "mwan3" "$(comment mangle-OUTPUT-PSW2) -p udp -j PSW2_OUTPUT"
 			}

@@ -976,7 +980,7 @@ add_firewall_rule() {

 	filter_direct_node_list > /dev/null 2>&1 &

-	echolog_i18n "Firewall rules load complete!"
+	log_i18n 0 "%s firewall rules load complete!" "iptables"
 }

 del_firewall_rule() {
@@ -999,11 +1003,11 @@ del_firewall_rule() {
 	ip -6 rule del fwmark 1 table 100 2>/dev/null
 	ip -6 route del local ::/0 dev lo table 100 2>/dev/null

-	$DIR/app.sh echolog_i18n "Delete %s rules is complete." "iptables"
+	$DIR/app.sh log_i18n 0 "Delete %s rules is complete." "iptables"
 }

 flush_ipset() {
-	$DIR/app.sh echolog_i18n "Clear %s." "IPSet"
+	$DIR/app.sh log_i18n 0 "Clear %s." "IPSet"
 	for _name in $(ipset list | grep "Name: " | grep "passwall2_" | awk '{print $2}'); do
 		destroy_ipset ${_name}
 	done
--- a/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
+++ b/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/nftables.sh
@@ -89,7 +89,7 @@ insert_rule_after() {

 RULE_LAST_INDEX() {
 	[ $# -ge 3 ] || {
-		echolog_i18n "Incorrect index listing method (%s), execution terminated!" "nftables"
+		log_i18n 1 "Incorrect index listing method (%s), execution terminated!" "nftables"
 		return 1
 	}
 	local table_name="${1}"; shift
@@ -298,7 +298,7 @@ gen_shunt_list() {
 								insert_nftset $nftset_v4 "0" $(get_geoip $_geoip_code ipv4 | grep -E "(\.((2(5[0-5]|[0-4][0-9]))|[0-1]?[0-9]{1,2})){3}")
 								insert_nftset $nftset_v6 "0" $(get_geoip $_geoip_code ipv6 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}")
 							fi
-							echolog "  - $(i18n "parse the traffic splitting rules[%s]-[geoip:%s] add to %s to complete." "${shunt_id}" "${_geoip_code}" "NFTSET")"
+							log 1 "$(i18n "parse the traffic splitting rules[%s]-[geoip:%s] add to %s to complete." "${shunt_id}" "${_geoip_code}" "NFTSET")"
 						}
 					}
 				}
@@ -342,7 +342,7 @@ add_shunt_t_rule() {

 load_acl() {
 	[ "$ENABLED_ACLS" == 1 ] && {
-		echolog_i18n "Access Control:"
+		log_i18n 1 "Access Control:"
 		acl_app
 		for sid in $(ls -F ${TMP_ACL_PATH} | grep '/$' | awk -F '/' '{print $1}' | grep -v 'default'); do
 			eval $(uci -q show "${CONFIG}.${sid}" | cut -d'.' -sf 3-)
@@ -431,11 +431,11 @@ load_acl() {
 					if ! has_1_65535 "$tcp_no_redir_ports"; then
 						nft "add rule $NFTABLE_NAME $nft_prerouting_chain ${_ipt_source} ip protocol tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
 						[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 ${_ipt_source} meta l4proto tcp $(factor $tcp_no_redir_ports "tcp dport") counter return comment \"$remarks\""
-						echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "TCP" "${tcp_no_redir_ports}")"
+						log 2 "${msg}$(i18n "not proxy %s port [%s]" "TCP" "${tcp_no_redir_ports}")"
 					else
 						# It will return when it ends, so no extra rules are needed.
 						tcp_proxy_mode="disable"
-						echolog "  - ${msg}$(i18n "not proxy all %s" "TCP")"
+						log 2 "${msg}$(i18n "not proxy all %s" "TCP")"
 					fi
 				}
 				
@@ -443,11 +443,11 @@ load_acl() {
 					if ! has_1_65535 "$udp_no_redir_ports"; then
 						nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\""
 						[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_no_redir_ports "udp dport") counter return comment \"$remarks\"" 2>/dev/null
-						echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "UDP" "${udp_no_redir_ports}")"
+						log 2 "${msg}$(i18n "not proxy %s port [%s]" "UDP" "${udp_no_redir_ports}")"
 					else
 						# It will return when it ends, so no extra rules are needed.
 						udp_proxy_mode="disable"
-						echolog "  - ${msg}$(i18n "not proxy all %s" "UDP")"
+						log 2 "${msg}$(i18n "not proxy all %s" "UDP")"
 					fi
 				}

@@ -457,7 +457,7 @@ load_acl() {
 						nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol tcp ${_ipt_source} tcp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
 						nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto udp ${_ipt_source} udp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
 						nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto tcp ${_ipt_source} tcp dport 53 counter redirect to :$dns_redirect_port comment \"$remarks\""
-						[ -z "$(get_cache_var "ACL_${sid}_default")" ] && echolog "  - ${msg}$(i18n "Using a node that is different from the global configuration, DNS has been forcibly redirected to a dedicated DNS server.")"
+						[ -z "$(get_cache_var "ACL_${sid}_default")" ] && log 2 "${msg}$(i18n "Using a node that is different from the global configuration, DNS has been forcibly redirected to a dedicated DNS server.")"
 					}
 				else
 					nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol udp ${_ipt_source} udp dport 53 counter return comment \"$remarks\""
@@ -503,7 +503,7 @@ load_acl() {
 						nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(factor $tcp_redir_ports "tcp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null
 						nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} $(REDIRECT $redir_port TPROXY) comment \"$remarks\"" 2>/dev/null
 					}
-					echolog "  - ${msg2}"
+					log 2 "${msg2}"
 				}
 				nft "add rule $NFTABLE_NAME $nft_prerouting_chain ip protocol tcp ${_ipt_source} counter return comment \"$remarks\""
 				[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
@@ -522,7 +522,7 @@ load_acl() {
 						nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(factor $udp_redir_ports "udp dport") counter jump PSW2_RULE comment \"$remarks\"" 2>/dev/null
 						nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} $(REDIRECT $redir_port TPROXY) comment \"$remarks\"" 2>/dev/null
 					}
-					echolog "  - ${msg2}"
+					log 2 "${msg2}"
 				}
 				nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ${_ipt_source} counter return comment \"$remarks\""
 				[ "$_ipv4" != "1" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ${_ipt_source} counter return comment \"$remarks\"" 2>/dev/null
@@ -534,36 +534,37 @@ load_acl() {
 	}

 	[ "$ENABLED_DEFAULT_ACL" == 1 ] && [ "$CLIENT_PROXY" == 1 ] && {
-		msg="$(i18n "[%s]," "$(i18n "Default")")"
+		local comment="$(i18n "Default")"
+		msg="$(i18n "[%s]," ${comment})"

 		[ "$TCP_NO_REDIR_PORTS" != "disable" ] && {
-			nft "add rule $NFTABLE_NAME $nft_prerouting_chain ip protocol tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"$(i18n "Default")\""
-			nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"$(i18n "Default")\""
+			nft "add rule $NFTABLE_NAME $nft_prerouting_chain ip protocol tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"${comment}\""
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return comment \"${comment}\""
 			if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
+				log 2 "${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
 			else
 				TCP_PROXY_MODE="disable"
-				echolog "  - ${msg}$(i18n "not proxy all %s" "TCP")"
+				log 2 "${msg}$(i18n "not proxy all %s" "TCP")"
 			fi
 		}

 		[ "$UDP_NO_REDIR_PORTS" != "disable" ] && {
-			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"$(i18n "Default")\""
-			nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 counter meta l4proto udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"$(i18n "Default")\""
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"${comment}\""
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 counter meta l4proto udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return comment \"${comment}\""
 			if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
+				log 2 "${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
 			else
 				UDP_PROXY_MODE="disable"
-				echolog "  - ${msg}$(i18n "not proxy all %s" "UDP")"
+				log 2 "${msg}$(i18n "not proxy all %s" "UDP")"
 			fi
 		}

 		if ([ "$TCP_PROXY_MODE" != "disable" ] || [ "$UDP_PROXY_MODE" != "disable" ]) && [ -n "$NODE" ]; then
 			[ -n "$DNS_REDIRECT_PORT" ] && {
-				nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"$(i18n "Default")\""
-				nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"$(i18n "Default")\""
-				nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"$(i18n "Default")\""
-				nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"$(i18n "Default")\""
+				nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"${comment}\""
+				nft "add rule $NFTABLE_NAME PSW2_DNS ip protocol tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"${comment}\""
+				nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto udp udp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"${comment}\""
+				nft "add rule $NFTABLE_NAME PSW2_DNS meta l4proto tcp tcp dport 53 counter redirect to :$DNS_REDIRECT_PORT comment \"${comment}\""
 			}
 		fi

@@ -580,50 +581,50 @@ load_acl() {
 			fi

 			[ "$accept_icmp" = "1" ] && {
-				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp ip daddr $FAKE_IP $(REDIRECT) comment \"$(i18n "Default")\""
-				add_shunt_t_rule "${SHUNT_LIST4}" "nft add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp ip daddr" "$(REDIRECT)" "$(i18n "Default")"
-				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp $(REDIRECT) comment \"$(i18n "Default")\""
-				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp return comment \"$(i18n "Default")\""
+				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp ip daddr $FAKE_IP $(REDIRECT) comment \"${comment}\""
+				add_shunt_t_rule "${SHUNT_LIST4}" "nft add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp ip daddr" "$(REDIRECT)" "${comment}"
+				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp $(REDIRECT) comment \"${comment}\""
+				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT ip protocol icmp return comment \"${comment}\""
 			}

 			[ "$accept_icmpv6" = "1" ] && [ "$PROXY_IPV6" == "1" ] && {
-				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr $FAKE_IP_6 $(REDIRECT) comment \"$(i18n "Default")\""
-				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr" "$(REDIRECT)" "$(i18n "Default")"
-				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 $(REDIRECT) comment \"$(i18n "Default")\""
-				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 return comment \"$(i18n "Default")\""
+				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr $FAKE_IP_6 $(REDIRECT) comment \"${comment}\""
+				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 ip6 daddr" "$(REDIRECT)" "${comment}"
+				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 $(REDIRECT) comment \"${comment}\""
+				nft "add rule $NFTABLE_NAME PSW2_ICMP_REDIRECT meta l4proto icmpv6 return comment \"${comment}\""
 			}

-			nft "add rule $NFTABLE_NAME $nft_chain ip protocol tcp ip daddr $FAKE_IP ${nft_j} comment \"$(i18n "Default")\""
-			add_shunt_t_rule "${SHUNT_LIST4}" "nft add rule $NFTABLE_NAME $nft_chain ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr" "${nft_j}" "$(i18n "Default")"
-			nft "add rule $NFTABLE_NAME $nft_chain ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ${nft_j} comment \"$(i18n "Default")\""
-			[ -n "${is_tproxy}" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol tcp $(REDIRECT $REDIR_PORT TPROXY4) comment \"$(i18n "Default")\""
+			nft "add rule $NFTABLE_NAME $nft_chain ip protocol tcp ip daddr $FAKE_IP ${nft_j} comment \"${comment}\""
+			add_shunt_t_rule "${SHUNT_LIST4}" "nft add rule $NFTABLE_NAME $nft_chain ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip daddr" "${nft_j}" "${comment}"
+			nft "add rule $NFTABLE_NAME $nft_chain ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ${nft_j} comment \"${comment}\""
+			[ -n "${is_tproxy}" ] && nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol tcp $(REDIRECT $REDIR_PORT TPROXY4) comment \"${comment}\""

 			[ "$PROXY_IPV6" == "1" ] && {
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"$(i18n "Default")\""
-				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr" "${nft_j}" "$(i18n "Default")"
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW2_RULE comment \"$(i18n "Default")\""
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(REDIRECT $REDIR_PORT TPROXY) comment \"$(i18n "Default")\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"${comment}\""
+				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr" "${nft_j}" "${comment}"
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW2_RULE comment \"${comment}\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp $(REDIRECT $REDIR_PORT TPROXY) comment \"${comment}\""
 			}

-			echolog "  - ${msg2}"
+			log 2 "${msg2}"
 		fi

 		if [ "$UDP_PROXY_MODE" != "disable" ] && [ -n "$NODE" ]; then
 			msg2="${msg}$(i18n "Use the %s node [%s]" "UDP" "$(config_n_get $NODE remarks)")(TPROXY:${REDIR_PORT})"

-			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ip daddr $FAKE_IP counter jump PSW2_RULE comment \"$(i18n "Default")\""
-			add_shunt_t_rule "${SHUNT_LIST4}" "nft add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr" "counter jump PSW2_RULE" "$(i18n "Default")"
-			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"$(i18n "Default")\""
-			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(REDIRECT $REDIR_PORT TPROXY4) comment \"$(i18n "Default")\""
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp ip daddr $FAKE_IP counter jump PSW2_RULE comment \"${comment}\""
+			add_shunt_t_rule "${SHUNT_LIST4}" "nft add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr" "counter jump PSW2_RULE" "${comment}"
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"${comment}\""
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp $(REDIRECT $REDIR_PORT TPROXY4) comment \"${comment}\""

 			[ "$PROXY_IPV6" == "1" ] && {
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"$(i18n "Default")\""
-				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE" "$(i18n "Default")"
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"$(i18n "Default")\""
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(REDIRECT $REDIR_PORT TPROXY) comment \"$(i18n "Default")\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE comment \"${comment}\""
+				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE" "${comment}"
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE comment \"${comment}\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp $(REDIRECT $REDIR_PORT TPROXY) comment \"${comment}\""
 			}

-			echolog "  - ${msg2}"
+			log 2 "${msg2}"
 			udp_flag=1
 		fi
 	}
@@ -634,7 +635,7 @@ filter_haproxy() {
 		local ip=$(get_host_ip ipv4 $(echo $item | awk -F ":" '{print $1}') 1)
 		[ -n "$ip" ] && insert_nftset $NFTSET_VPS "-1" $ip
 	done
-	echolog_i18n "Add node to the load balancer is directly connected to %s[%s]." "nftset" "${NFTSET_VPS}"
+	log_i18n 1 "Add node to the load balancer is directly connected to %s[%s]." "nftset" "${NFTSET_VPS}"
 }

 filter_vps_addr() {
@@ -648,9 +649,9 @@ filter_vps_addr() {

 filter_vpsip() {
 	insert_nftset $NFTSET_VPS "-1" $(uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | grep -v "^127\.0\.0\.1$" | sed -e "/^$/d")
-	#echolog "  - $(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv4" "nftset" "${$NFTSET_VPS}")"
+	#log 1 "$(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv4" "nftset" "${$NFTSET_VPS}")"
 	insert_nftset $NFTSET_VPS6 "-1" $(uci show $CONFIG | grep -E "(.address=|.download_address=)" | cut -d "'" -f 2 | grep -E "([A-Fa-f0-9]{1,4}::?){1,7}[A-Fa-f0-9]{1,4}" | sed -e "/^$/d")
-	#echolog "  - $(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv6" "nftset" "${$NFTSET_VPS6}")"
+	#log 1 "$(i18n "Add all %s nodes to %s[%s] direct connection complete." "IPv6" "nftset" "${$NFTSET_VPS6}")"
 }

 filter_server_port() {
@@ -696,7 +697,7 @@ filter_direct_node_list() {
 }

 add_firewall_rule() {
-	echolog_i18n "Starting to load %s firewall rules..." "nftables"
+	log_i18n 0 "Starting to load %s firewall rules..." "nftables"
 	gen_nft_tables
 	gen_nftset $NFTSET_LOCAL ipv4_addr 0 "-1"
 	gen_nftset $NFTSET_LAN ipv4_addr 0 "-1" $(gen_lanlist)
@@ -715,8 +716,8 @@ add_firewall_rule() {
 	[ -n "$lan_ifname" ] && {
 		lan_ip=$(ip address show $lan_ifname | grep -w "inet" | awk '{print $2}')
 		lan_ip6=$(ip address show $lan_ifname | grep -w "inet6" | awk '{print $2}')
-		#echolog_i18n "local network segments (%s) direct connection: %s" "IPv4" "${lan_ip}"
-		#echolog_i18n "local network segments (%s) direct connection: %s" "IPv6" "${lan_ip6}"
+		#log_i18n 1 "local network segments (%s) direct connection: %s" "IPv4" "${lan_ip}"
+		#log_i18n 1 "local network segments (%s) direct connection: %s" "IPv6" "${lan_ip6}"

 		[ -n "$lan_ip" ] && insert_nftset $NFTSET_LAN "-1" $(echo $lan_ip | sed -e "s/ /\n/g")
 		[ -n "$lan_ip6" ] && insert_nftset $NFTSET_LAN6 "-1" $(echo $lan_ip6 | sed -e "s/ /\n/g")
@@ -725,14 +726,14 @@ add_firewall_rule() {
 	[ -n "$ISP_DNS" ] && {
 		for ispip in $ISP_DNS; do
 			insert_nftset $NFTSET_LAN "-1" $ispip
-			echolog "  - $(i18n "Add ISP %s DNS to the whitelist: %s" "IPv4" "${ispip}")"
+			log_i18n 1 "$(i18n "Add ISP %s DNS to the whitelist: %s" "IPv4" "${ispip}")"
 		done
 	}

 	[ -n "$ISP_DNS6" ] && {
 		for ispip6 in $ISP_DNS6; do
 			insert_nftset $NFTSET_LAN6 "-1" $ispip6
-			echolog "  - $(i18n "Add ISP %s DNS to the whitelist: %s" "IPv6" "${ispip6}")"
+			log_i18n 1 "$(i18n "Add ISP %s DNS to the whitelist: %s" "IPv6" "${ispip6}")"
 		done
 	}
 	
@@ -800,7 +801,7 @@ add_firewall_rule() {
 			local dns_address=$(echo $auto_dns | awk -F '#' '{print $1}')
 			local dns_port=$(echo $auto_dns | awk -F '#' '{print $2}')
 			nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE ip protocol udp ip daddr ${dns_address} $(factor ${dns_port:-53} "udp dport") counter return"
-			echolog "  - $(i18n "Add direct DNS to %s: %s" "nftables" "${dns_address}:${dns_port:-53}")"
+			log_i18n 1 "$(i18n "Add direct DNS to %s: %s" "nftables" "${dns_address}:${dns_port:-53}")"
 		done
 	}
 	nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE meta mark 0xff counter return"
@@ -886,10 +887,10 @@ add_firewall_rule() {
 			nft "add rule $NFTABLE_NAME $nft_output_chain ip protocol tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return"
 			nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_NO_REDIR_PORTS "tcp dport") counter return"
 			if ! has_1_65535 "$TCP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
+				log 1 "${msg}$(i18n "not proxy %s port [%s]" "TCP" "${TCP_NO_REDIR_PORTS}")"
 			else
 				unset TCP_LOCALHOST_PROXY
-				echolog "  - ${msg}$(i18n "not proxy all %s" "TCP")"
+				log 1 "${msg}$(i18n "not proxy all %s" "TCP")"
 			fi
 		}
 		
@@ -897,10 +898,10 @@ add_firewall_rule() {
 			nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE ip protocol udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return"
 			nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_NO_REDIR_PORTS "udp dport") counter return"
 			if ! has_1_65535 "$UDP_NO_REDIR_PORTS"; then
-				echolog "  - ${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
+				log 1 "${msg}$(i18n "not proxy %s port [%s]" "UDP" "${UDP_NO_REDIR_PORTS}")"
 			else
 				unset UDP_LOCALHOST_PROXY
-				echolog "  - ${msg}$(i18n "not proxy all %s" "UDP")"
+				log 1 "${msg}$(i18n "not proxy all %s" "UDP")"
 			fi
 		}

@@ -913,6 +914,8 @@ add_firewall_rule() {
 			}
 		fi

+		local comment_l="$(i18n "Local")"
+
 		# Loading local router proxy TCP
 		if [ -n "$NODE" ] && [ "$TCP_LOCALHOST_PROXY" = "1" ]; then
 			[ "$accept_icmp" = "1" ] && {
@@ -942,8 +945,8 @@ add_firewall_rule() {
 			nft "add rule $NFTABLE_NAME $nft_chain ip protocol tcp $(factor $TCP_REDIR_PORTS "tcp dport") ${nft_j}"
 			[ -z "${is_tproxy}" ] && nft "add rule $NFTABLE_NAME nat_output ip protocol tcp counter jump PSW2_OUTPUT_NAT"
 			[ -n "${is_tproxy}" ] && {
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol tcp iif lo $(REDIRECT $REDIR_PORT TPROXY4) comment \"$(i18n "Local")\""
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol tcp iif lo counter return comment \"$(i18n "Local")\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol tcp iif lo $(REDIRECT $REDIR_PORT TPROXY4) comment \"${comment_l}\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol tcp iif lo counter return comment \"${comment_l}\""
 				nft "add rule $NFTABLE_NAME mangle_output ip protocol tcp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""
 			}

@@ -951,8 +954,8 @@ add_firewall_rule() {
 				nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto tcp ip6 daddr $FAKE_IP_6 jump PSW2_RULE"
 				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") ip6 daddr" "counter jump PSW2_RULE"
 				nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto tcp $(factor $TCP_REDIR_PORTS "tcp dport") counter jump PSW2_RULE"
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"$(i18n "Local")\""
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp iif lo counter return comment \"$(i18n "Local")\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"${comment_l}\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto tcp iif lo counter return comment \"${comment_l}\""
 			}

 			[ -d "${TMP_IFACE_PATH}" ] && {
@@ -968,16 +971,16 @@ add_firewall_rule() {
 			nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE ip protocol udp ip daddr $FAKE_IP counter jump PSW2_RULE"
 			add_shunt_t_rule "${SHUNT_LIST4}" "nft add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") ip daddr" "counter jump PSW2_RULE"
 			nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE ip protocol udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE"
-			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo $(REDIRECT $REDIR_PORT TPROXY4) comment \"$(i18n "Local")\""
-			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo counter return comment \"$(i18n "Local")\""
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo $(REDIRECT $REDIR_PORT TPROXY4) comment \"${comment_l}\""
+			nft "add rule $NFTABLE_NAME PSW2_MANGLE ip protocol udp iif lo counter return comment \"${comment_l}\""
 			nft "add rule $NFTABLE_NAME mangle_output ip protocol udp counter jump PSW2_OUTPUT_MANGLE comment \"PSW2_OUTPUT_MANGLE\""

 			[ "$PROXY_IPV6" == "1" ] && {
 				nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp ip6 daddr $FAKE_IP_6 jump PSW2_RULE"
 				add_shunt_t_rule "${SHUNT_LIST6}" "nft add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") ip6 daddr" "counter jump PSW2_RULE"
 				nft "add rule $NFTABLE_NAME PSW2_OUTPUT_MANGLE_V6 meta l4proto udp $(factor $UDP_REDIR_PORTS "udp dport") counter jump PSW2_RULE"
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"$(i18n "Local")\""
-				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"$(i18n "Local")\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo $(REDIRECT $REDIR_PORT TPROXY) comment \"${comment_l}\""
+				nft "add rule $NFTABLE_NAME PSW2_MANGLE_V6 meta l4proto udp iif lo counter return comment \"${comment_l}\""
 			}

 			[ -d "${TMP_IFACE_PATH}" ] && {
@@ -999,7 +1002,7 @@ add_firewall_rule() {

 	filter_direct_node_list > /dev/null 2>&1 &

-	echolog_i18n "Firewall rules load complete!"
+	log_i18n 0 "%s firewall rules load complete!" "nftables"
 }

 del_firewall_rule() {
@@ -1031,11 +1034,11 @@ del_firewall_rule() {
 	destroy_nftset $NFTSET_LAN6
 	destroy_nftset $NFTSET_VPS6

-	$DIR/app.sh echolog_i18n "Delete %s rules is complete." "nftables"
+	$DIR/app.sh log_i18n 0 "Delete %s rules is complete." "nftables"
 }

 flush_nftset() {
-	$DIR/app.sh echolog_i18n "Clear %s." "NFTSet"
+	$DIR/app.sh log_i18n 0 "Clear %s." "NFTSet"
 	for _name in $(nft -a list sets | grep -E "passwall2" | awk -F 'set ' '{print $2}' | awk '{print $1}'); do
 		destroy_nftset ${_name}
 	done
--- a/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/socks_auto_switch.sh
+++ b/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/socks_auto_switch.sh
@@ -79,7 +79,7 @@ test_auto_switch() {
 		if [ -n "$($APP_FILE get_cache_var "socks_${id}")" ]; then
 			now_node=$($APP_FILE get_cache_var "socks_${id}")
 		else
-			$APP_FILE echolog_i18n "Socks switch detection: Unknown error."
+			#$APP_FILE log_i18n 0 "Socks switch detection: Unknown error."
 			return 1
 		fi
 	}
@@ -90,7 +90,7 @@ test_auto_switch() {

 	local status=$(test_proxy)
 	if [ "$status" = "2" ]; then
-		$APP_FILE echolog_i18n "Socks switch detection: Unable to connect to the network. Please check if the network is working properly!"
+		$APP_FILE log_i18n 0 "Socks switch detection: Unable to connect to the network. Please check if the network is working properly!"
 		return 2
 	fi

@@ -99,17 +99,17 @@ test_auto_switch() {
 		test_node ${main_node}
 		[ $? -eq 0 ] && {
 			# The main node is working properly; switch to the main node.
-			$APP_FILE echolog_i18n "Socks switch detection: Primary node 【%s: [%s]】 is normal. Switch to the primary node!" "${id}" "$(config_n_get $main_node type)" "$(config_n_get $main_node remarks)"
+			$APP_FILE log_i18n 0 "Socks switch detection: Primary node 【%s: [%s]】 is normal. Switch to the primary node!" "${id}" "$(config_n_get $main_node type)" "$(config_n_get $main_node remarks)"
 			$APP_FILE socks_node_switch flag=${id} new_node=${main_node}
 			[ $? -eq 0 ] && {
-				$APP_FILE echolog_i18n "Socks switch detection: %s node switch complete!" "${id}"
+				$APP_FILE log_i18n 0 "Socks switch detection: %s node switch complete!" "${id}"
 			}
 			return 0
 		}
 	fi

 	if [ "$status" = "0" ]; then
-		$APP_FILE echolog_i18n "Socks switch detection: %s 【%s:[%s]】 normal." "${id}" "$(config_n_get $now_node type)" "$(config_n_get $now_node remarks)"
+		#$APP_FILE log_i18n 0 "Socks switch detection: %s 【%s:[%s]】 normal." "${id}" "$(config_n_get $now_node type)" "$(config_n_get $now_node remarks)"
 		return 0
 	elif [ "$status" = "1" ]; then
 		local new_node msg
@@ -133,7 +133,7 @@ test_auto_switch() {
 			[ "$now_node" = "$main_node" ] && msg2="$($APP_FILE i18n "backup node")"
 			msg="$($APP_FILE i18n "switch to %s test detect!" "${msg2}")"
 		fi
-		$APP_FILE echolog_i18n "Socks switch detection: %s 【%s:[%s]】 abnormal, %s" "${id}" "$(config_n_get $now_node type)" "$(config_n_get $now_node remarks)" "${msg}"
+		$APP_FILE log_i18n 0 "Socks switch detection: %s 【%s:[%s]】 abnormal, %s" "${id}" "$(config_n_get $now_node type)" "$(config_n_get $now_node remarks)" "${msg}"
 		test_node ${new_node}
 		if [ $? -eq 0 ]; then
 #			[ "$restore_switch" = "0" ] && {
@@ -141,10 +141,10 @@ test_auto_switch() {
 #				[ -z "$(echo $b_nodes | grep $main_node)" ] && uci add_list $CONFIG.${id}.autoswitch_backup_node=$main_node
 #				uci commit $CONFIG
 #			}
-			$APP_FILE echolog_i18n "Socks switch detection: %s 【%s:[%s]】 normal, switch to this node!" "${id}" "$(config_n_get $new_node type)" "$(config_n_get $new_node remarks)"
+			$APP_FILE log_i18n 0 "Socks switch detection: %s 【%s:[%s]】 normal, switch to this node!" "${id}" "$(config_n_get $new_node type)" "$(config_n_get $new_node remarks)"
 			$APP_FILE socks_node_switch flag=${id} new_node=${new_node}
 			[ $? -eq 0 ] && {
-				$APP_FILE echolog_i18n "Socks switch detection: %s node switch complete!" "${id}"
+				$APP_FILE log_i18n 0 "Socks switch detection: %s node switch complete!" "${id}"
 			}
 			return 0
 		else
--- a/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
+++ b/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/subscribe.lua
@@ -1556,7 +1556,7 @@ local function truncate_nodes(group)
 			local removeNodesSet = {}
 			for k, v in pairs(config.currentNodes) do
 				if v.currentNode and v.currentNode.add_mode == "2" then
-					if (not group) or (group and group == v.currentNode.group) then
+					if (not group) or (group:lower() == (v.currentNode.group or ""):lower()) then
 						removeNodesSet[v.currentNode[".name"]] = true
 					end
 				end
@@ -1571,7 +1571,7 @@ local function truncate_nodes(group)
 			end
 		else
 			if config.currentNode and config.currentNode.add_mode == "2" then
-				if (not group) or (group and group == config.currentNode.group) then
+				if (not group) or (group:lower() == (config.currentNode.group or ""):lower()) then
 					if config.delete then
 						config.delete(config)
 					elseif config.set then
@@ -1583,13 +1583,13 @@ local function truncate_nodes(group)
 	end
 	uci:foreach(appname, "nodes", function(node)
 		if node.add_mode == "2" then
-			if (not group) or (group and group == node.group) then
+			if (not group) or (group:lower() == (node.group or ""):lower()) then
 				uci:delete(appname, node['.name'])
 			end
 		end
 	end)
 	uci:foreach(appname, "subscribe_list", function(o)
-		if (not group) or group == o.remark then
+		if (not group) or (group:lower() == (o.remark or ""):lower()) then
 			uci:delete(appname, o['.name'], "md5")
 		end
 	end)
@@ -1724,13 +1724,13 @@ local function update_node(manual)

 	local group = {}
 	for _, v in ipairs(nodeResult) do
-		group[v["remark"]] = true
+		group[v["remark"]:lower()] = true
 	end

 	if manual == 0 and next(group) then
 		uci:foreach(appname, "nodes", function(node)
 			-- Do not delete nodes if no new nodes are found or nodes were manually imported...
-			if node.add_mode == "2" and (node.group and group[node.group] == true) then
+			if node.add_mode == "2" and (node.group and group[node.group:lower()] == true) then
 				uci:delete(appname, node['.name'])
 			end
 		end)
--- a/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/test.sh
+++ b/openwrt-passwall2/luci-app-passwall2/root/usr/share/passwall2/test.sh
@@ -1,13 +1,6 @@
 #!/bin/sh

 CONFIG=passwall2
-LOG_FILE=/tmp/log/$CONFIG.log
-
-echolog() {
-	local d="$(date "+%Y-%m-%d %H:%M:%S")"
-	#echo -e "$d: $1"
-	echo -e "$d: $1" >> $LOG_FILE
-}

 config_n_get() {
 	local ret=$(uci -q get "${CONFIG}.${1}.${2}" 2>/dev/null)