diff --git a/setup-ipset.sh b/setup-ipset.sh
index 4e7667e..f34c3d5 100755
--- a/setup-ipset.sh
+++ b/setup-ipset.sh
@@ -1,6 +1,7 @@
-# run as root
+# 需要 root 运行
 ipset create ngx-ban-dstip hash:net
 
+# 该策略对 jsproxy 用户的所有程序都生效
 iptables \
   -A OUTPUT \
   -p tcp --syn \
@@ -31,3 +32,6 @@ REV_NET=(
 for v in ${REV_NET[@]}; do
   ipset add ngx-ban-dstip $v
 done
+
+# 可屏蔽更多的网段：
+# ipset add ngx-ban-dstip xxx
\ No newline at end of file