From 1a5a89393351f4e72da9da54d6bf31f4aef6eea6 Mon Sep 17 00:00:00 2001
From: zjcqoo <zjcqoo@gmail.com>
Date: Mon, 29 Apr 2019 17:49:31 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=A4=87=E6=B3=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 setup-ipset.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/setup-ipset.sh b/setup-ipset.sh
index 4e7667e..f34c3d5 100755
--- a/setup-ipset.sh
+++ b/setup-ipset.sh
@@ -1,6 +1,7 @@
-# run as root
+# 需要 root 运行
 ipset create ngx-ban-dstip hash:net
 
+# 该策略对 jsproxy 用户的所有程序都生效
 iptables \
   -A OUTPUT \
   -p tcp --syn \
@@ -31,3 +32,6 @@ REV_NET=(
 for v in ${REV_NET[@]}; do
   ipset add ngx-ban-dstip $v
 done
+
+# 可屏蔽更多的网段：
+# ipset add ngx-ban-dstip xxx
\ No newline at end of file