diff --git a/omr-bypass/files/etc/init.d/omr-bypass-nft b/omr-bypass/files/etc/init.d/omr-bypass-nft
index 014e1dabc..e7982eddf 100755
--- a/omr-bypass/files/etc/init.d/omr-bypass-nft
+++ b/omr-bypass/files/etc/init.d/omr-bypass-nft
@@ -536,12 +536,16 @@ _bypass_proto_without_ndpi() {
 _intf_rule_ss_rules() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
 		nft insert rule inet fw4 ss_rules_pre_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 ss_rules_pre_tcp meta mark 0x4539${count} accept
 		nft insert rule inet fw4 ss_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 ss_rules_local_out meta mark 0x4539${count} accept
 	EOF
 	if [ "$disableipv6" = "0" ]; then
 		cat >> /etc/firewall.omr-bypass <<-EOF
 			nft insert rule inet fw4 ss_rules_pre_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 ss_rules_pre_tcp meta mark 0x6539${count} accept
 			nft insert rule inet fw4 ss_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 ss_rules_local_out meta mark 0x6539${count} accept
 		EOF
 	fi
 }
@@ -549,12 +553,16 @@ _intf_rule_ss_rules() {
 _intf_rule_v2ray_rules() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
 		nft insert rule inet fw4 v2r_rules_pre_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 v2r_rules_pre_tcp meta mark 0x4539${count} accept
 		nft insert rule inet fw4 v2r_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 v2r_rules_local_out meta mark 0x4539${count} accept
 	EOF
 	if [ "$disableipv6" = "0" ]; then
 		cat >> /etc/firewall.omr-bypass <<-EOF
 			nft insert rule inet fw4 v2r_rules_pre_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 v2r_rules_pre_tcp meta mark 0x6539${count} accept
 			nft insert rule inet fw4 v2r_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 v2r_rules_local_out meta mark 0x6539${count} accept
 		EOF
 	fi
 }
@@ -562,12 +570,16 @@ _intf_rule_v2ray_rules() {
 _intf_rule_xray_rules() {
 	cat >> /etc/firewall.omr-bypass <<-EOF
 		nft insert rule inet fw4 xr_rules_pre_tcp ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 xr_rules_pre_tcp meta mark 0x4539${count} accept
 		nft insert rule inet fw4 xr_rules_local_out ip daddr @omr_dst_bypass_${intf}_4 accept
+		nft insert rule inet fw4 xr_rules_local_out meta mark 0x4539${count} accept
 	EOF
 	if [ "$disableipv6" = "0" ]; then
 		cat >> /etc/firewall.omr-bypass <<-EOF
 			nft insert rule inet fw4 xr_rules_pre_tcp ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 xr_rules_pre_tcp meta mark 0x6539${count} accept
 			nft insert rule inet fw4 xr_rules_local_out ip6 daddr @omr_dst_bypass_${intf}_6 accept
+			nft insert rule inet fw4 xr_rules_local_out meta mark 0x6539${count} accept
 		EOF
 	fi
 }
@@ -714,11 +726,13 @@ _intf_rule() {
 		EOF
 
 	if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ] && [ "$(uci -q get shadowsocks-libev.sss0.disabled)" != "1" ]; then
-		config_load shadowsocks-libev
-		config_foreach _intf_rule_ss_rules ss_rules
+		#config_load shadowsocks-libev
+		#config_foreach _intf_rule_ss_rules ss_rules
+		_intf_rule_ss_rules
 	elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks-rust" ] && [ "$(uci -q get shadowsocks-rust.sss0.disabled)" != "1" ]; then
-		config_load shadowsocks-rust
-		config_foreach _intf_rule_ss_rules ss_rules
+		#config_load shadowsocks-rust
+		#config_foreach _intf_rule_ss_rules ss_rules
+		_intf_rule_ss_rules
 	elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "v2ray" ] && [ "$(uci -q get v2ray.main.enabled)" = "1" ]; then
 		_intf_rule_v2ray_rules
 	elif [ "$(uci -q get openmptcprouter.settings.proxy)" = "xray" ] && [ "$(uci -q get xray.main.enabled)" = "1" ]; then