Remove not needed iptables-save output

https-dns-proxy/files/https-dns-proxy.init

@@ -91,7 +91,7 @@ start_instance() {
 	p="$((p+1))"
 }
 
-is_force_dns_active() { iptables-save | grep -q -w -- '--dport 53'; }
+is_force_dns_active() { iptables-save 2>/dev/null | grep -q -w -- '--dport 53'; }
 
 start_service() {
 	local p=5053 c

luci-app-omr-bypass/root/etc/firewall.omr-bypass

@@ -1,2 +1,2 @@
 #!/bin/sh
-[ -z "$(pgrep -f omr-bypass)" ] && /etc/init.d/omr-bypass reload_rules
+[ -z "$(pgrep -f omr-bypass)" ] && logger -t "firewall.omr-bypass" "reloal omr-bypass rules" && /etc/init.d/omr-bypass reload_rules

luci-app-omr-bypass/root/etc/init.d/omr-bypass

@@ -425,7 +425,7 @@ _bypass_proto() {
 _intf_rule_ss_rules() {
 	rule_name=$1
 	[ "$rule_name" = "ss_rules" ] && rule_name="def"
-	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_dst)" != "" ] && [ "$(iptables-save | grep ssr_${rule_name}_dst | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_dst)" != "" ] && [ "$(iptables-save 2>/dev/null | grep ssr_${rule_name}_dst | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*nat
 		-I ssr_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@@ -433,7 +433,7 @@ _intf_rule_ss_rules() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_local_out)" != "" ] && [ "$(iptables-save | grep ssr_${rule_name}_local_out | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_local_out)" != "" ] && [ "$(iptables-save 2>/dev/null | grep ssr_${rule_name}_local_out | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*nat
 		-I ssr_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@@ -441,7 +441,7 @@ _intf_rule_ss_rules() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables-save | grep ssr_${rule_name}_pre_src | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables --wait=40 -t nat -L -n | grep ssr_${rule_name}_pre_src)" != "" ] && [ "$(iptables-save 2>/dev/null | grep ssr_${rule_name}_pre_src | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*nat
 		-I ssr_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@@ -457,7 +457,7 @@ _intf_rule_ss_rules() {
 			COMMIT
 			EOF
 		fi
-		if [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables-save | grep ssr6 | grep omr6_dst_bypass_$intf)" = "" ]; then
+		if [ "$(ip6tables --wait=40 -t nat -L -n | grep ssr6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables-save 2>/dev/null | grep ssr6 | grep omr6_dst_bypass_$intf)" = "" ]; then
 			ip6tables-restore -w --wait=60 --noflush <<-EOF
 			*nat
 			-I ssr6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
@@ -476,7 +476,7 @@ _intf_rule_v2ray_rules() {
 	#rule_name=$1
 	#[ "$rule_name" = "ss_rules" ] && rule_name="def"
 	rule_name="def"
-	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_dst)" != "" ] && [ "$(iptables-save | grep v2r_${rule_name}_dst | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_dst)" != "" ] && [ "$(iptables-save 2>/dev/null | grep v2r_${rule_name}_dst | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*nat
 		-I v2r_${rule_name}_dst 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@@ -484,7 +484,7 @@ _intf_rule_v2ray_rules() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_local_out)" != "" ] && [ "$(iptables-save | grep v2r_${rule_name}_local_out | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_local_out)" != "" ] && [ "$(iptables-save 2>/dev/null | grep v2r_${rule_name}_local_out | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*nat
 		-I v2r_${rule_name}_local_out 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@@ -492,7 +492,7 @@ _intf_rule_v2ray_rules() {
 		COMMIT
 		EOF
 	fi
-	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_pre_src)" != "" ] && [ "$(iptables-save | grep v2r_${rule_name}_pre_src | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables --wait=40 -t nat -L -n | grep v2r_${rule_name}_pre_src)" != "" ] && [ "$(iptables-save 2</dev/null | grep v2r_${rule_name}_pre_src | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*nat
 		-I v2r_${rule_name}_pre_src 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@@ -510,7 +510,7 @@ _intf_rule_v2ray_rules() {
 			COMMIT
 			EOF
 		fi
-		if [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables-save | grep v2r6 | grep omr6_dst_bypass_$intf)" = "" ]; then
+		if [ "$(ip6tables --wait=40 -t nat -L -n | grep v2r6_${rule_name}_pre_src)" != "" ] && [ "$(ip6tables-save 2>/dev/null | grep v2r6 | grep omr6_dst_bypass_$intf)" = "" ]; then
 			ip6tables-restore -w --wait=60 --noflush <<-EOF
 			*nat
 			-I v2r6_${rule_name}_dst 1 -m set --match-set omr6_dst_bypass_$intf dst -j MARK --set-mark 0x6539$count
@@ -567,7 +567,7 @@ _intf_rule() {
 			ip -6 rule add prio 1 fwmark 0x6539$count lookup 6$count pref 1 > /dev/null 2>&1
 		fi
 	}
-	if [ "$(iptables-save | grep omr-bypass | grep omr_dst_bypass_$intf)" = "" ]; then
+	if [ "$(iptables-save 2>/dev/null | grep omr-bypass | grep omr_dst_bypass_$intf)" = "" ]; then
 		iptables-restore -w --wait=60 --noflush <<-EOF
 		*mangle
 		-I omr-bypass 1 -m set --match-set omr_dst_bypass_$intf dst -j MARK --set-mark 0x539$count
@@ -725,7 +725,7 @@ start_service() {
 		create omr6_dst_bypass_all hash:net family inet6 hashsize 64
 		EOF
 	}
-	iptables-save --counters | grep -v omr-bypass | iptables-restore -w --counters
+	iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
 	iptables-restore -w --wait=60  --noflush <<-EOF
 	*mangle
 	:omr-bypass -
@@ -739,7 +739,7 @@ start_service() {
 	COMMIT
 	EOF
 	if [ "$disableipv6" = "0" ]; then
-		ip6tables-save --counters | grep -v omr-bypass6 | ip6tables-restore -w --counters
+		ip6tables-save --counters 2>/dev/null | grep -v omr-bypass6 | ip6tables-restore -w --counters 2>/dev/null
 		ip6tables-restore -w --wait=60  --noflush <<-EOF
 		*mangle
 		:omr-bypass6 -
@@ -805,7 +805,7 @@ start_service() {
 	config_foreach _ss_rules_config
 	_v2ray_rules_config
 
-	iptables-save --counters | grep -v omr-bypass-dpi | iptables-restore -w --counters
+	iptables-save --counters 2>/dev/null | grep -v omr-bypass-dpi | iptables-restore -w --counters 2>/dev/null
 	iptables-restore -w --wait=60  --noflush <<-EOF
 	*mangle
 	:omr-bypass-dpi -
@@ -814,7 +814,7 @@ start_service() {
 	COMMIT
 	EOF
 	if [ "$disableipv6" = "0" ]; then
-		ip6tables-save --counters | grep -v omr-bypass6-dpi | ip6tables-restore -w --counters
+		ip6tables-save --counters | grep -v omr-bypass6-dpi | ip6tables-restore -w --counters 2>/dev/null
 		ip6tables-restore -w --wait=60  --noflush <<-EOF
 		*mangle
 		:omr-bypass6-dpi -
@@ -839,10 +839,10 @@ start_service() {
 }
 
 stop_service() {
-	iptables-save --counters | grep -v omr-bypass | iptables-restore -w --counters
-	iptables-save --counters | grep -v omr_dst | iptables-restore -w --counters
-	ip6tables-save --counters | grep -v omr-bypass6 | ip6tables-restore -w --counters
-	ip6tables-save --counters | grep -v omr6_dst | ip6tables-restore -w --counters
+	iptables-save --counters 2>/dev/null | grep -v omr-bypass | iptables-restore -w --counters 2>/dev/null
+	iptables-save --counters 2>/dev/null | grep -v omr_dst | iptables-restore -w --counters 2>/dev/null
+	ip6tables-save --counters 2>/dev/null | grep -v omr-bypass6 | ip6tables-restore -w --counters 2>/dev/null
+	ip6tables-save --counters 2>/dev/null | grep -v omr6_dst | ip6tables-restore -w --counters 2>/dev/null
 	for setname in $(ipset -n list | grep "omr_"); do
 		ipset -q destroy "$setname" 2>/dev/null || true
 	done
@@ -853,6 +853,7 @@ service_triggers() {
 }
 
 reload_service() {
+	RELOAD=1
 	start
 }
 

omr-tracker/files/bin/omr-tracker-ss

@@ -76,7 +76,7 @@ while true; do
 			uci -q set openmptcprouter.omr.ss_${server}="up"
 			uci -q commit openmptcprouter.omr
 		}
-		if [ -z "$(iptables-save | grep :ssr)" ] && [ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" != "1" ]; then
+		if [ -z "$(iptables-save 2>/dev/null | grep :ssr)" ] && [ "$(uci -q get shadowsocks-libev.ss_rules.disabled)" != "1" ]; then
 			_log "Reload Shadowsocks rules"
 			/etc/init.d/shadowsocks-libev rules_up 2> /dev/null
 			_get_ip

openmptcprouter/files/bin/blocklanfw

@@ -3,7 +3,7 @@ ss_rules_fw_drop() {
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
@@ -11,7 +11,7 @@ ss_rules_fw_drop() {
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
@@ -22,7 +22,7 @@ ss_rules6_fw_drop() {
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
@@ -30,7 +30,7 @@ ss_rules6_fw_drop() {
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "ip6tables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
@@ -41,7 +41,7 @@ v2r_rules_fw_drop() {
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
@@ -49,7 +49,7 @@ v2r_rules_fw_drop() {
 	timeout 1 fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "iptables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 			fw=$((fw+1))
 		fi
@@ -60,21 +60,21 @@ v2ray_rules6_fw_drop() {
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
 	timeout 1 fw3 -6 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j DROP/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/DROP/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "ip6tables -w -t nat -I zone_lan_prerouting 1 ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
 }
 
 [ -n "$(pgrep blocklanfw)" ] && exit 0
-[ -z "$(iptables-save | grep zone_lan)" ] && exit 0
+[ -z "$(iptables-save 2>/dev/null | grep zone_lan)" ] && exit 0
 fw=0
 if [ "$(uci -q get openmptcprouter.settings.proxy)" = "shadowsocks" ]; then
 	ss_rules6_fw_drop

openmptcprouter/files/etc/firewall.ttl

@@ -5,7 +5,7 @@
 _set_ttl() {
 	device=$(uci -q get network.$1.name)
 	ttl=$(uci -q get network.$1.ttl)
-	if [ -n "$ttl" ] && [ -z "$(iptables-save | grep TTL | grep $device)" ]; then
+	if [ -n "$ttl" ] && [ -z "$(iptables-save 2>/dev/null | grep TTL | grep $device)" ]; then
 		iptables -w -t mangle -I POSTROUTING -o $device -j TTL --ttl-set $ttl 2>&1 >/dev/null
 	fi
 }

shadowsocks-libev/files/shadowsocks-libev.init

@@ -326,7 +326,7 @@ reload_service() {
 }
 
 rules_exist() {
-	[ -n "$(iptables-save | grep 'A ssr')" ] && return 0
+	[ -n "$(iptables-save 2>/dev/null | grep 'A ssr')" ] && return 0
 	return 1
 }
 
@@ -356,7 +356,7 @@ rules_up() {
 		config_foreach ss_rules_restart "$cfgtype" "$cfgtype"
 	done
 	config_foreach ss_rules ss_rules
-	[ -z "$(iptables-save | grep :ssr)" ] && logger -t "Shadowsocks" "Rules not applied"
+	[ -z "$(iptables-save 2>/dev/null | grep :ssr)" ] && logger -t "Shadowsocks" "Rules not applied"
 	[ -f /etc/init.d/omr-bypass ] && [ -z "$(pgrep -f omr-bypass)" ] && {
 		logger -t "Shadowsocks" "Reload omr-bypass rules"
 		/etc/init.d/omr-bypass reload_rules

shadowsocks-libev/files/ss-rules

@@ -122,7 +122,7 @@ ss_rules_parse_args() {
 ss_rules_flush() {
 	local setname
 
-	iptables-save --counters | grep -v ssr_ | iptables-restore -w --counters
+	iptables-save --counters 2>/dev/null | grep -v ssr_ | iptables-restore -w --counters
 	while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr_${rule}"); do
@@ -187,7 +187,7 @@ ss_rules_iptchains_init_tcp() {
 		forward) local_target=ssr_${rule}_forward ;;
 		bypass|*) return 0;;
 	esac
-	if [ "$(iptables-save | grep ssr_${rule}_local_out | grep ssr_${rule}_dst_bypass)" = "" ]; then
+	if [ "$(iptables-save 2>/dev/null | grep ssr_${rule}_local_out | grep ssr_${rule}_dst_bypass)" = "" ]; then
 		iptables-restore -w --noflush <<-EOF
 			*nat
 			:ssr_${rule}_local_out -

shadowsocks-libev/files/ss-rules6

@@ -105,7 +105,7 @@ ss_rules6_parse_args() {
 ss_rules6_flush() {
 	local setname
 
-	ip6tables-save --counters | grep -v ssr6_ | ip6tables-restore -w --counters
+	ip6tables-save --counters 2>/dev/null | grep -v ssr6_ | ip6tables-restore -w --counters
 	while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip -f inet6 route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr6_${rule}"); do

v2ray-core/files/usr/bin/v2ray-rules

@@ -122,7 +122,7 @@ v2r_rules_parse_args() {
 v2r_rules_flush() {
 	local setname
 
-	iptables-save --counters | grep -v v2r_ | iptables-restore -w --counters
+	iptables-save --counters 2>/dev/null | grep -v v2r_ | iptables-restore -w --counters
 	while ip rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr_${rule}"); do
@@ -287,14 +287,14 @@ v2r_rules_fw_drop() {
 	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j reject/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/reject/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "iptables -w -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 		fi
 	done
 	fw3 -4 print 2>/dev/null | awk '/iptables/&&/zone_lan_forward/&&/tcp/&&/-t filter/&&/-j drop/ {for(i=6; i<=NF; i++) { printf "%s ",$i } print "\n" }' |
 	while IFS=$"\n" read -r c; do
 		fwrule=$(echo "$c" | sed 's/drop/REDIRECT --to-ports 65535/')
-		if [ -n "$fwrule" ] && [ -z "$(iptables-save | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
+		if [ -n "$fwrule" ] && [ -z "$(iptables-save 2>/dev/null | grep zone_lan_prerouting | grep '${fwrule}')" ]; then
 			eval "iptables -t nat -A zone_lan_prerouting ${fwrule} 2>&1 >/dev/null"
 		fi
 	done

v2ray-core/files/usr/bin/v2ray-rules6

@@ -105,7 +105,7 @@ v2ray_rules6_parse_args() {
 v2ray_rules6_flush() {
 	local setname
 
-	ip6tables-save --counters | grep -v v2r6_ | ip6tables-restore -w --counters
+	ip6tables-save --counters 2>/dev/null | grep -v v2r6_ | ip6tables-restore -w --counters
 	while ip -f inet6 rule del fwmark 1 lookup 100 2>/dev/null; do true; done
 	ip -f inet6 route flush table 100 || true
 	for setname in $(ipset -n list | grep "ssr6_${rule}"); do