diff --git a/openmptcprouter/files/etc/firewall.gre-tunnel b/openmptcprouter/files/etc/firewall.gre-tunnel
index f287a096b..4cef768f1 100644
--- a/openmptcprouter/files/etc/firewall.gre-tunnel
+++ b/openmptcprouter/files/etc/firewall.gre-tunnel
@@ -39,7 +39,7 @@ _setup_fw() {
 	[ -n "$ifnames" ] && rule="$rule -i $(echo "${ifnames}" | sed 's/ /-i /g')"
 	if [ -n "$rule" ] && [ -n "$lookup" ]; then
 		$IPTABLESAVE --counters | grep -v "0x${lookup}" | $IPTABLERESTORE -w --counters
-		$IPTABLERESTORE -w --wait=60 --noflush <<-EOF
+		$IPTABLERESTORE --wait=60 --noflush <<-EOF
 			*mangle
 			-A omr-gre-tunnel ${rule} -j MARK --set-mark 0x${lookup}
 			COMMIT
@@ -48,7 +48,7 @@ _setup_fw() {
 }
 
 if [ -z "$($IPTABLESAVE | grep omr-gre-tunnel)" ]; then
-	$IPTABLERESTORE -w --wait=60  --noflush <<-EOF
+	$IPTABLERESTORE --wait=60  --noflush <<-EOF
 		*mangle
 		:omr-gre-tunnel -
 		-I PREROUTING 1 -m addrtype ! --dst-type LOCAL -j omr-gre-tunnel
diff --git a/shadowsocks-libev/files/ss-rules b/shadowsocks-libev/files/ss-rules
index 9e6907fab..e945d9ef9 100755
--- a/shadowsocks-libev/files/ss-rules
+++ b/shadowsocks-libev/files/ss-rules
@@ -133,7 +133,7 @@ ss_rules_parse_args() {
 ss_rules_flush() {
 	local setname
 
-	$IPTABLESSAVE --counters 2>/dev/null | grep -v ssr_ | $IPTABLESRESTORE -w --counters
+	$IPTABLESSAVE --counters 2>/dev/null | grep -v ssr_ | $IPTABLESRESTORE --counters
 	while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr_${rule}"); do
@@ -178,7 +178,7 @@ ss_rules_iptchains_init() {
 
 ss_rules_iptchains_init_mark() {
 	if [ "$($IPTABLES -w -t mangle -L PREROUTING | grep ss_rules_dst_bypass_all)" = "" ]; then
-		$IPTABLESRESTORE -w --noflush <<-EOF
+		$IPTABLESRESTORE --noflush <<-EOF
 			*mangle
 			-A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
 			COMMIT
@@ -199,7 +199,7 @@ ss_rules_iptchains_init_tcp() {
 		bypass|*) return 0;;
 	esac
 	if [ "$($IPTABLESSAVE 2>/dev/null | grep ssr_${rule}_local_out | grep ssr_${rule}_dst_bypass)" = "" ]; then
-		$IPTABLESRESTORE -w --noflush <<-EOF
+		$IPTABLESRESTORE --noflush <<-EOF
 			*nat
 			:ssr_${rule}_local_out -
 			-I OUTPUT 1 -p tcp -j ssr_${rule}_local_out
@@ -255,7 +255,7 @@ ss_rules_iptchains_init_() {
 		forward) dst_default_target=ssr_${rule}_forward ;;
 		bypass|*) dst_default_target=RETURN ;;
 	esac
-	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IPTABLESRESTORE -w --noflush
+	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IPTABLESRESTORE --noflush
 		*$table
 		:ssr_${rule}_pre_src -
 		:ssr_${rule}_src -
diff --git a/shadowsocks-libev/files/ss-rules6 b/shadowsocks-libev/files/ss-rules6
index b0e2704d8..2c2a3eddc 100755
--- a/shadowsocks-libev/files/ss-rules6
+++ b/shadowsocks-libev/files/ss-rules6
@@ -117,7 +117,7 @@ ss_rules6_parse_args() {
 ss_rules6_flush() {
 	local setname
 
-	$IP6TABLESSAVE --counters 2>/dev/null | grep -v ssr6_ | $IP6TABLESRESTORE -w --counters
+	$IP6TABLESSAVE --counters 2>/dev/null | grep -v ssr6_ | $IP6TABLESRESTORE --counters
 	while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip -f inet6 route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr6_${rule}"); do
@@ -162,7 +162,7 @@ ss_rules6_iptchains_init() {
 
 ss_rules6_iptchains_init_mark() {
 	if [ "$($IP6TABLES -w -t mangle -L PREROUTING | grep ss_rules6_dst_bypass_all)" = "" ]; then
-		$IP6TABLESRESTORE -w --noflush <<-EOF
+		$IP6TABLESRESTORE --noflush <<-EOF
 			*mangle
 			-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
 			COMMIT
@@ -184,7 +184,7 @@ ss_rules6_iptchains_init_tcp() {
 		bypass|*) return 0;;
 	esac
 
-	$IP6TABLESRESTORE -w --noflush <<-EOF
+	$IP6TABLESRESTORE --noflush <<-EOF
 		*nat
 		:ssr6_${rule}_local_out -
 		-I OUTPUT 1 -p tcp -j ssr6_${rule}_local_out
@@ -239,7 +239,7 @@ ss_rules6_iptchains_init_() {
 		forward) dst_default_target=ssr6_${rule}_forward ;;
 		bypass|*) dst_default_target=RETURN ;;
 	esac
-	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IP6TABLESRESTORE -w --noflush
+	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IP6TABLESRESTORE --noflush
 		*$table
 		:ssr6_${rule}_pre_src -
 		:ssr6_${rule}_src -
diff --git a/v2ray-core/files/usr/bin/v2ray-rules b/v2ray-core/files/usr/bin/v2ray-rules
index 1424e52e1..c65682622 100755
--- a/v2ray-core/files/usr/bin/v2ray-rules
+++ b/v2ray-core/files/usr/bin/v2ray-rules
@@ -134,7 +134,7 @@ v2r_rules_parse_args() {
 v2r_rules_flush() {
 	local setname
 
-	$IPTABLESSAVE --counters 2>/dev/null | grep -v v2r_ | $IPTABLESRESTORE -w --counters
+	$IPTABLESSAVE --counters 2>/dev/null | grep -v v2r_ | $IPTABLESRESTORE --counters
 	while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr_${rule}"); do
@@ -179,7 +179,7 @@ v2r_rules_iptchains_init() {
 
 v2r_rules_iptchains_init_mark() {
 	if [ "$($IPTABLES -w -t mangle -L PREROUTING | grep ss_rules_dst_bypass_all)" = "" ]; then
-		$IPTABLESRESTORE -w --noflush <<-EOF
+		$IPTABLESRESTORE --noflush <<-EOF
 			*mangle
 			-A PREROUTING -m set --match-set ss_rules_dst_bypass_all dst -j MARK --set-mark 0x539
 			COMMIT
@@ -200,7 +200,7 @@ v2r_rules_iptchains_init_tcp() {
 		bypass|*) return 0;;
 	esac
 
-	$IPTABLESRESTORE -w --noflush <<-EOF
+	$IPTABLESRESTORE --noflush <<-EOF
 		*nat
 		:v2r_${rule}_local_out -
 		-I OUTPUT 1 -p tcp -j v2r_${rule}_local_out
@@ -255,7 +255,7 @@ v2r_rules_iptchains_init_() {
 		forward) dst_default_target=v2r_${rule}_forward ;;
 		bypass|*) dst_default_target=RETURN ;;
 	esac
-	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IPTABLESRESTORE -w --noflush
+	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IPTABLESRESTORE --noflush
 		*$table
 		:v2r_${rule}_pre_src -
 		:v2r_${rule}_src -
diff --git a/v2ray-core/files/usr/bin/v2ray-rules6 b/v2ray-core/files/usr/bin/v2ray-rules6
index ed9ad2e1a..0f9cfeb35 100755
--- a/v2ray-core/files/usr/bin/v2ray-rules6
+++ b/v2ray-core/files/usr/bin/v2ray-rules6
@@ -117,7 +117,7 @@ v2ray_rules6_parse_args() {
 v2ray_rules6_flush() {
 	local setname
 
-	$IP6TABLESSAVE --counters 2>/dev/null | grep -v v2r6_ | $IP6TABLESRESTORE -w --counters
+	$IP6TABLESSAVE --counters 2>/dev/null | grep -v v2r6_ | $IP6TABLESRESTORE --counters
 	while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip -f inet6 route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr6_${rule}"); do
@@ -161,7 +161,7 @@ v2ray_rules6_iptchains_init() {
 }
 
 v2ray_rules6_iptchains_init_mark() {
-	$IP6TABLESRESTORE -w --noflush <<-EOF
+	$IP6TABLESRESTORE --noflush <<-EOF
 		*mangle
 		-A PREROUTING -m set --match-set ss_rules6_dst_bypass_all dst -j MARK --set-mark 0x6539
 		COMMIT
@@ -184,7 +184,7 @@ v2ray_rules6_iptchains_init_tcp() {
 	esac
 
 #	echo "tcp mangle"
-#	$IP6TABLESRESTORE -w --noflush <<-EOF
+#	$IP6TABLESRESTORE --noflush <<-EOF
 #		*mangle
 #		:v2r6_${rule}_local_out -
 #		-I OUTPUT 1 -p tcp -j v2r6_${rule}_local_out
@@ -244,7 +244,7 @@ v2ray_rules6_iptchains_init_() {
 		forward) dst_default_target=v2r6_${rule}_forward ;;
 		bypass|*) dst_default_target=RETURN ;;
 	esac
-	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IP6TABLESRESTORE -w --noflush
+	sed -e '/^\s*$/d' -e 's/^\s\+//' <<-EOF | $IP6TABLESRESTORE --noflush
 		*$table
 		:v2r6_${rule}_pre_src -
 		:v2r6_${rule}_src -