diff --git a/.gitignore b/.gitignore
index 7be93dd..58a3912 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
-config
+/config
 ip2net/ip2net
 mdig/mdig
 nfq/nfqws
diff --git a/binaries/aarch64/nfqws b/binaries/aarch64/nfqws
index b03d414..fe55d65 100755
Binary files a/binaries/aarch64/nfqws and b/binaries/aarch64/nfqws differ
diff --git a/binaries/arm/nfqws b/binaries/arm/nfqws
index a72c5e6..3282d1d 100755
Binary files a/binaries/arm/nfqws and b/binaries/arm/nfqws differ
diff --git a/binaries/freebsd-x64/dvtws b/binaries/freebsd-x64/dvtws
index a84838b..3a71ce8 100755
Binary files a/binaries/freebsd-x64/dvtws and b/binaries/freebsd-x64/dvtws differ
diff --git a/binaries/mips32r1-lsb/nfqws b/binaries/mips32r1-lsb/nfqws
index 9613162..5b89f53 100755
Binary files a/binaries/mips32r1-lsb/nfqws and b/binaries/mips32r1-lsb/nfqws differ
diff --git a/binaries/mips32r1-msb/nfqws b/binaries/mips32r1-msb/nfqws
index 7e73a91..e50d58f 100755
Binary files a/binaries/mips32r1-msb/nfqws and b/binaries/mips32r1-msb/nfqws differ
diff --git a/binaries/mips64r2-msb/nfqws b/binaries/mips64r2-msb/nfqws
index 6f0bb4e..3e27539 100755
Binary files a/binaries/mips64r2-msb/nfqws and b/binaries/mips64r2-msb/nfqws differ
diff --git a/binaries/ppc/nfqws b/binaries/ppc/nfqws
index 2b4cb41..8562814 100755
Binary files a/binaries/ppc/nfqws and b/binaries/ppc/nfqws differ
diff --git a/binaries/win64/winws.exe b/binaries/win64/winws.exe
index c63453f..77a5c74 100644
Binary files a/binaries/win64/winws.exe and b/binaries/win64/winws.exe differ
diff --git a/binaries/win64/zapret-winws/preset_russia.cmd b/binaries/win64/zapret-winws/preset_russia.cmd
index 8b1a7b1..b2241c0 100644
--- a/binaries/win64/zapret-winws/preset_russia.cmd
+++ b/binaries/win64/zapret-winws/preset_russia.cmd
@@ -5,5 +5,5 @@ start "zapret: http,https,quic" /min "%~dp0winws.exe" ^
 --filter-udp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic="%~dp0quic_initial_www_google_com.bin" --new ^
 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 --new ^
 --filter-tcp=80 --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --new ^
---filter-tcp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake,split2 --dpi-desync-repeats=11 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="%~dp0tls_clienthello_www_google_com.bin" --new ^
+--filter-tcp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake,split2 --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="%~dp0tls_clienthello_www_google_com.bin" --new ^
 --dpi-desync=fake,disorder2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig
diff --git a/binaries/win64/zapret-winws/preset_russia_autohostlist.cmd b/binaries/win64/zapret-winws/preset_russia_autohostlist.cmd
index f0dbd99..541ac8b 100644
--- a/binaries/win64/zapret-winws/preset_russia_autohostlist.cmd
+++ b/binaries/win64/zapret-winws/preset_russia_autohostlist.cmd
@@ -5,5 +5,5 @@ start "zapret: http,https,quic" /min "%~dp0winws.exe" ^
 --filter-udp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake --dpi-desync-repeats=11 --dpi-desync-fake-quic="%~dp0quic_initial_www_google_com.bin" --new ^
 --filter-udp=443 --dpi-desync=fake --dpi-desync-repeats=11 --new ^
 --filter-tcp=80 --dpi-desync=fake,split2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --hostlist-auto="%~dp0autohostlist.txt" --new ^
---filter-tcp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake,split2 --dpi-desync-repeats=11 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="%~dp0tls_clienthello_www_google_com.bin" --new ^
+--filter-tcp=443 --hostlist="%~dp0list-youtube.txt" --dpi-desync=fake,split2 --dpi-desync-repeats=11 --dpi-desync-fooling=md5sig --dpi-desync-fake-tls="%~dp0tls_clienthello_www_google_com.bin" --new ^
 --dpi-desync=fake,disorder2 --dpi-desync-autottl=2 --dpi-desync-fooling=md5sig --hostlist-auto="%~dp0autohostlist.txt"
diff --git a/binaries/win64/zapret-winws/winws.exe b/binaries/win64/zapret-winws/winws.exe
index c63453f..77a5c74 100644
Binary files a/binaries/win64/zapret-winws/winws.exe and b/binaries/win64/zapret-winws/winws.exe differ
diff --git a/binaries/x86/nfqws b/binaries/x86/nfqws
index d252e4f..073c3ba 100755
Binary files a/binaries/x86/nfqws and b/binaries/x86/nfqws differ
diff --git a/binaries/x86_64/nfqws b/binaries/x86_64/nfqws
index 951d98f..9db875d 100755
Binary files a/binaries/x86_64/nfqws and b/binaries/x86_64/nfqws differ
diff --git a/config.default b/config.default
index ea24a7b..4500983 100644
--- a/config.default
+++ b/config.default
@@ -123,4 +123,4 @@ DISABLE_IPV6=1
 # select which init script will be used to get ip or host list
 # possible values : get_user.sh get_antizapret.sh get_combined.sh get_reestr.sh get_hostlist.sh
 # comment if not required
-GETLIST=get_antifilter_ipsmart.sh
+#GETLIST=
diff --git a/docs/readme.txt b/docs/readme.txt
index a773bf8..92f471d 100644
--- a/docs/readme.txt
+++ b/docs/readme.txt
@@ -1716,6 +1716,64 @@ install_easy.sh автоматизирует ручные варианты пр
 Система простой инсталяции заточена на любое умышленное или неумышленное изменение прав доступа на файлы.
 Устойчива к репаку под windows. После копирования в /opt права будут принудительно восстановлены.
 
+
+Установка на openwrt в режиме острой нехватки места на диске
+------------------------------------------------------------
+
+Требуется около 120-200 кб на диске. Придется отказаться от всего, кроме tpws.
+
+* Инструкция для openwrt 22 и выше с nftables.
+
+Никаких зависимостей устанавливать не нужно.
+
+Установка :
+
+Скопируйте все из init.d/openwrt-minimal/tpws/* в корень openwrt.
+Скопируйте бинарник tpws подходящей архитектуры в /usr/bin/tpws.
+Установите права на файлы : chmod 755 /etc/init.d/tpws /usr/bin/tpws
+Отредактируйте /etc/config/tpws
+Если не нужен ipv6, отредактируйте /etc/nftables.d/90-tpws.nft и закомментируйте строки с редиректом ipv6.
+/etc/init.d/tpws enable
+/etc/init.d/tpws start
+fw4 restart
+
+Полное удаление :
+
+/etc/init.d/tpws disable
+/etc/init.d/tpws stop
+rm -f /etc/nftables.d/90-tpws.nft /etc/firewall.user /etc/init.d/tpws /usr/bin/tpws
+fw4 restart
+
+* Инструкция для openwrt 21 и ниже с iptables.
+
+Установите зависимости :
+opkg update
+opkg install iptables-mod-extra
+только для IPV6 : opkg install ip6tables-mod-nat
+
+Убедитесь, что в /etc/firewall.user нет ничего значимого.
+Если есть - не следуйте слепо инструкции. Обьедините код или создайте свой firewall include в /etc/config/firewall.
+
+Установка :
+
+Скопируйте все из init.d/openwrt-minimal/tpws/* в корень openwrt.
+Скопируйте бинарник tpws подходящей архитектуры в /usr/bin/tpws.
+Установите права на файлы : chmod 755 /etc/init.d/tpws /usr/bin/tpws
+Отредактируйте /etc/config/tpws
+Если не нужен ipv6, отредактируйте /etc/firewall.user и установите там DISABLE_IPV6=1.
+/etc/init.d/tpws enable
+/etc/init.d/tpws start
+fw3 restart
+
+Полное удаление :
+
+/etc/init.d/tpws disable
+/etc/init.d/tpws stop
+rm -f /etc/nftables.d/90-tpws.nft /etc/firewall.user /etc/init.d/tpws
+touch /etc/firewall.user
+fw3 restart
+
+
 Android
 -------
 
diff --git a/init.d/openwrt-minimal/readme.txt b/init.d/openwrt-minimal/readme.txt
new file mode 100644
index 0000000..081df69
--- /dev/null
+++ b/init.d/openwrt-minimal/readme.txt
@@ -0,0 +1,54 @@
+Minimal tpws startup script for low storage openwrt.
+
+--- openwrt with NFTABLES (22+)
+
+Make sure you are running openwrt with nftables, not iptables.
+No opkg dependencies required !
+
+* install :
+
+Copy everything from tpws directory to the root of the router.
+Copy tpws binary for your architecture to /usr/bin/tpws
+Set proper access rights : chmod 755 /etc/init.d/tpws /usr/bin/tpws
+EDIT /etc/config/tpws
+If you don't want ipv6 : edit /etc/nftables.d and comment lines with ipv6 redirect
+/etc/init.d/tpws enable
+/etc/init.d/tpws start
+fw4 restart
+
+* full uninstall :
+
+/etc/init.d/tpws disable
+/etc/init.d/tpws stop
+rm -f /etc/nftables.d/90-tpws.nft /etc/firewall.user /etc/init.d/tpws
+fw4 restart
+
+--- openwrt with IPTABLES (21-)
+
+Make sure you are running openwrt with iptables, not nftables.
+Make sure you do not have anything valuable in /etc/firewall.user.
+If you have - do not blindly follow instruction in firewall.user part.
+Merge the code instead or setup your own firewall include in /etc/config/firewall.
+
+opkg update
+opkg install iptables-mod-extra
+IPV6 ONLY : opkg install ip6tables-mod-nat
+
+* install :
+
+Copy everything from tpws directory to the root of the router.
+Copy tpws binary for your architecture to /usr/bin/tpws
+Set proper access rights : chmod 755 /etc/init.d/tpws /usr/bin/tpws
+EDIT /etc/config/tpws
+If you don't want ipv6 : edit /etc/firewall.user and set DISABLE_IPV6=1
+/etc/init.d/tpws enable
+/etc/init.d/tpws start
+fw3 restart
+
+* full uninstall :
+
+/etc/init.d/tpws disable
+/etc/init.d/tpws stop
+rm -f /etc/nftables.d/90-tpws.nft /etc/firewall.user /etc/init.d/tpws
+touch /etc/firewall.user
+fw3 restart
diff --git a/init.d/openwrt-minimal/tpws/etc/config/tpws b/init.d/openwrt-minimal/tpws/etc/config/tpws
new file mode 100644
index 0000000..55bf66c
--- /dev/null
+++ b/init.d/openwrt-minimal/tpws/etc/config/tpws
@@ -0,0 +1,12 @@
+config global defaults
+	option user daemon
+	option tpws /usr/bin/tpws
+
+config tpws
+	option port 900
+	option opt '--split-pos=2 --oob'
+	option enabled 1
+config tpws
+	option port 901
+	option opt '--split-tls=sni --disorder'
+	option enabled 0
diff --git a/init.d/openwrt-minimal/tpws/etc/firewall.user b/init.d/openwrt-minimal/tpws/etc/firewall.user
new file mode 100644
index 0000000..2681cf5
--- /dev/null
+++ b/init.d/openwrt-minimal/tpws/etc/firewall.user
@@ -0,0 +1,49 @@
+DISABLE_IPV6=0
+TP_PORT=900
+TP_USER=daemon
+
+EXCLUDE4="10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 169.254.0.0/16 127.0.0.0/8"
+EXCLUDE6="fc00::/7 fe80::/10 ::1"
+IPTS="iptables ip6tables"
+[ "$DISABLE_IPV6" = 1 ] && IPTS=iptables
+
+exists()
+{
+	which "$1" >/dev/null 2>/dev/null
+}
+
+ipt()
+{
+	$IPTABLES -C "$@" >/dev/null 2>/dev/null || $IPTABLES -I "$@"
+}
+
+redirect_port()
+{
+	ipt tpws -t nat -p tcp --dport $1 -j REDIRECT --to-port $2
+}
+
+redirect()
+{
+	redirect_port 80 $TP_PORT
+	redirect_port 443 $TP_PORT
+}
+
+for IPTABLES in $IPTS; do
+	$IPTABLES -t nat -N tpws 2>/dev/null
+	$IPTABLES -t nat -F tpws
+	redirect
+done
+
+for net in $EXCLUDE4; do
+	iptables -t nat -I tpws -d $net -j RETURN
+done
+[ "$DISABLE_IPV6" = 1 ] || {
+	for net in $EXCLUDE6; do
+		ip6tables -t nat -I tpws -d $net -j RETURN
+	done
+}
+
+for IPTABLES in $IPTS; do
+	ipt PREROUTING -t nat -j tpws
+	ipt OUTPUT -t nat -m owner ! --uid-owner $TP_USER -j tpws
+done
diff --git a/init.d/openwrt-minimal/tpws/etc/init.d/tpws b/init.d/openwrt-minimal/tpws/etc/init.d/tpws
new file mode 100755
index 0000000..65d3f1d
--- /dev/null
+++ b/init.d/openwrt-minimal/tpws/etc/init.d/tpws
@@ -0,0 +1,34 @@
+#!/bin/sh /etc/rc.common
+
+TPWS_DEFAULT=/usr/bin/tpws
+TPWS_USER_DEFAULT=daemon
+
+START=99
+STOP=01
+USE_PROCD=1
+
+tpws_instance()
+{
+	config_get "$@"
+
+	local enabled port opt
+
+	config_get_bool enabled "$1" enabled 0
+	[ "$enabled" -eq 1 ] || return 1
+
+	config_get port "$1" port
+	config_get opt "$1" opt
+
+	local COMMAND="$TPWS --user=$TPWS_USER --port=$port $opt"
+	procd_open_instance
+	procd_set_param command $COMMAND
+	procd_close_instance
+}
+
+start_service()
+{
+	config_load tpws
+	config_get TPWS_USER defaults user $TPWS_USER_DEFAULT
+	config_get TPWS defaults tpws $TPWS_DEFAULT
+	config_foreach tpws_instance tpws
+}
diff --git a/init.d/openwrt-minimal/tpws/etc/nftables.d/90-tpws.nft b/init.d/openwrt-minimal/tpws/etc/nftables.d/90-tpws.nft
new file mode 100644
index 0000000..819ca4f
--- /dev/null
+++ b/init.d/openwrt-minimal/tpws/etc/nftables.d/90-tpws.nft
@@ -0,0 +1,18 @@
+set tpws_exclude4 {
+	type ipv4_addr; flags interval; auto-merge;
+        elements = { 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,127.0.0.0/8 }
+}
+set tpws_exclude6 {
+	type ipv6_addr; flags interval; auto-merge;
+        elements = { fc00::/7, fe80::/10, ::1 }
+}
+chain tpws_pre {
+	type nat hook prerouting priority dstnat; policy accept;
+	tcp dport {80,443} ip daddr != @tpws_exclude4 redirect to :900
+	tcp dport {80,443} ip6 daddr != @tpws_exclude6 redirect to :900
+}
+chain tpws_out {
+	type nat hook output priority -100; policy accept;
+	tcp dport {80,443} skuid != daemon ip daddr != @tpws_exclude4 redirect to :900
+	tcp dport {80,443} skuid != daemon ip6 daddr != @tpws_exclude6 redirect to :900
+}
diff --git a/install_easy.sh b/install_easy.sh
index c95ed61..5e1085f 100755
--- a/install_easy.sh
+++ b/install_easy.sh
@@ -486,6 +486,7 @@ init.d/runit/zapret/finish \
 init.d/openrc/zapret \
 init.d/sysv/zapret \
 init.d/openwrt/zapret \
+init.d/openwrt-minimal/tpws/etc/init.d/tpws \
 uninstall_easy.sh \
 	; do chmod 755 "$1/$f" 2>/dev/null ; done
 }
diff --git a/nfq/desync.c b/nfq/desync.c
index 30f1caa..69e94cd 100644
--- a/nfq/desync.c
+++ b/nfq/desync.c
@@ -612,6 +612,8 @@ static void autottl_discover(t_ctrack *ctrack, bool bIpv6)
 			else
 				DLOG("autottl: could not guess\n");
 		}
+		else
+			ctrack->autottl = 0;
 	}
 }