From 28644099131c333a8eff6345c9f6a918279a223d Mon Sep 17 00:00:00 2001
From: Vladimir Ezhikov <47463683+Wend4r@users.noreply.github.com>
Date: Fri, 4 Apr 2025 20:09:55 +0300
Subject: [PATCH 1/6] Add Cloudflare bypass script

Co-authored-by: Mikhail Buchka <52104782+domikuss@users.noreply.github.com>
---
 init.d/custom.d.examples.linux/50-cloudflare | 55 ++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 init.d/custom.d.examples.linux/50-cloudflare

diff --git a/init.d/custom.d.examples.linux/50-cloudflare b/init.d/custom.d.examples.linux/50-cloudflare
new file mode 100644
index 0000000..d798f5a
--- /dev/null
+++ b/init.d/custom.d.examples.linux/50-cloudflare
@@ -0,0 +1,55 @@
+NFQWS_CLOUDFLARE_OPTS="${NFQWS_CLOUDFLARE_OPTS:---dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-any-protocol}"
+NFQWS_CLOUDFLARE_PORTS=${NFQWS_CLOUDFLARE_PORTS:-443,80}
+NFQWS_CLOUDFLARE_SUBNETS="103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/13 104.24.0.0/14 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17"
+
+alloc_dnum DNUM_NFQWS_CLOUDFLARE
+alloc_qnum QNUM_NFQWS_CLOUDFLARE
+NFQWS_CLOUDFLARE_SET_NAME=cloudflare_nfqws
+
+zapret_custom_daemons()
+{
+	local opt="--qnum=$QNUM_NFQWS_CLOUDFLARE $NFQWS_CLOUDFLARE_OPTS"
+	do_nfqws $1 $DNUM_NFQWS_CLOUDFLARE "$opt"
+}
+
+zapret_custom_firewall()
+{
+	local first_packets_only="$ipt_connbytes 1:3"
+	local dest_set="-m set --match-set $NFQWS_CLOUDFLARE_SET_NAME dst"
+	local subnet
+
+	[ "$1" = 1 ] && {
+		ipset create $NFQWS_CLOUDFLARE_SET_NAME hash:net hashsize 8192 maxelem 4096 2>/dev/null
+		ipset flush $NFQWS_CLOUDFLARE_SET_NAME
+		for subnet in $NFQWS_CLOUDFLARE_SUBNETS; do
+			echo add $NFQWS_CLOUDFLARE_SET_NAME $subnet
+		done | ipset -! restore
+	}
+
+	local f="-p tcp -m multiport --dports $NFQWS_CLOUDFLARE_PORTS"
+	fw_nfqws_post $1 "$f $first_packets_only $dest_set" "" $QNUM_NFQWS_CLOUDFLARE
+
+	[ "$1" = 1 ] || {
+		ipset destroy $NFQWS_CLOUDFLARE_SET_NAME 2>/dev/null
+	}
+}
+
+zapret_custom_firewall_nft()
+{
+	local first_packets_only="$nft_connbytes 1-3"
+	local dest_set="ip daddr @$NFQWS_CLOUDFLARE_SET_NAME"
+	local subnets
+
+	make_comma_list subnets $NFQWS_CLOUDFLARE_SUBNETS
+	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME "type ipv4_addr; size 4096; auto-merge; flags interval;"
+	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME
+	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME "$subnets"
+
+	local f="tcp dport {$NFQWS_CLOUDFLARE_PORTS}"
+	nft_fw_nfqws_post "$f $first_packets_only $dest_set" "" $QNUM_NFQWS_CLOUDFLARE
+}
+
+zapret_custom_firewall_nft_flush()
+{
+	nft_del_set $NFQWS_CLOUDFLARE_SET_NAME 2>/dev/null
+}

From 99fe1531a7d23ae4b3d9b568c226cdef4fd77cb7 Mon Sep 17 00:00:00 2001
From: Wend4r <47463683+Wend4r@users.noreply.github.com>
Date: Fri, 4 Apr 2025 22:03:38 +0300
Subject: [PATCH 2/6] Cloudflare: add IPv6 support

---
 init.d/custom.d.examples.linux/50-cloudflare | 51 +++++++++++++-------
 1 file changed, 34 insertions(+), 17 deletions(-)

diff --git a/init.d/custom.d.examples.linux/50-cloudflare b/init.d/custom.d.examples.linux/50-cloudflare
index d798f5a..0c3ee17 100644
--- a/init.d/custom.d.examples.linux/50-cloudflare
+++ b/init.d/custom.d.examples.linux/50-cloudflare
@@ -1,10 +1,12 @@
 NFQWS_CLOUDFLARE_OPTS="${NFQWS_CLOUDFLARE_OPTS:---dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-any-protocol}"
 NFQWS_CLOUDFLARE_PORTS=${NFQWS_CLOUDFLARE_PORTS:-443,80}
-NFQWS_CLOUDFLARE_SUBNETS="103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/13 104.24.0.0/14 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17"
+NFQWS_CLOUDFLARE_SUBNETS_IPV4="103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/13 104.24.0.0/14 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17"
+NFQWS_CLOUDFLARE_SUBNETS_IPV6="2400:cb00::/32 2405:8100::/32 2405:b500::/32 2606:4700::/32 2803:f800::/32 2a06:98c0::/29 2c0f:f248::/32"
 
 alloc_dnum DNUM_NFQWS_CLOUDFLARE
 alloc_qnum QNUM_NFQWS_CLOUDFLARE
-NFQWS_CLOUDFLARE_SET_NAME=cloudflare_nfqws
+NFQWS_CLOUDFLARE_SET_NAME_IPV4=cloudflare_nfqws_ipv4
+NFQWS_CLOUDFLARE_SET_NAME_IPV6=cloudflare_nfqws_ipv6
 
 zapret_custom_daemons()
 {
@@ -15,41 +17,56 @@ zapret_custom_daemons()
 zapret_custom_firewall()
 {
 	local first_packets_only="$ipt_connbytes 1:3"
-	local dest_set="-m set --match-set $NFQWS_CLOUDFLARE_SET_NAME dst"
+	local dest_set_ipv4="-m set --match-set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 dst"
+	local dest_set_ipv6="-m set --match-set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 dst"
 	local subnet
 
 	[ "$1" = 1 ] && {
-		ipset create $NFQWS_CLOUDFLARE_SET_NAME hash:net hashsize 8192 maxelem 4096 2>/dev/null
-		ipset flush $NFQWS_CLOUDFLARE_SET_NAME
-		for subnet in $NFQWS_CLOUDFLARE_SUBNETS; do
-			echo add $NFQWS_CLOUDFLARE_SET_NAME $subnet
+		ipset create $NFQWS_CLOUDFLARE_SET_NAME_IPV4 hash:net hashsize 8192 maxelem 4096 2>/dev/null
+		ipset create $NFQWS_CLOUDFLARE_SET_NAME_IPV6 hash:net family inet6 hashsize 8192 maxelem 4096 2>/dev/null
+		ipset flush $NFQWS_CLOUDFLARE_SET_NAME_IPV4
+		ipset flush $NFQWS_CLOUDFLARE_SET_NAME_IPV6
+		for subnet in $NFQWS_CLOUDFLARE_SUBNETS_IPV4; do
+			echo add $NFQWS_CLOUDFLARE_SET_NAME_IPV4 $subnet
+		done | ipset -! restore
+		for subnet in $NFQWS_CLOUDFLARE_SUBNETS_IPV6; do
+			echo add $NFQWS_CLOUDFLARE_SET_NAME_IPV6 $subnet
 		done | ipset -! restore
 	}
 
 	local f="-p tcp -m multiport --dports $NFQWS_CLOUDFLARE_PORTS"
-	fw_nfqws_post $1 "$f $first_packets_only $dest_set" "" $QNUM_NFQWS_CLOUDFLARE
+	fw_nfqws_post $1 "$f $first_packets_only $dest_set_ipv4" "" $QNUM_NFQWS_CLOUDFLARE
+	fw_nfqws_post $1 "$f $first_packets_only $dest_set_ipv6" "" $QNUM_NFQWS_CLOUDFLARE
 
 	[ "$1" = 1 ] || {
-		ipset destroy $NFQWS_CLOUDFLARE_SET_NAME 2>/dev/null
+		ipset destroy $NFQWS_CLOUDFLARE_SET_NAME_IPV4 2>/dev/null
+		ipset destroy $NFQWS_CLOUDFLARE_SET_NAME_IPV6 2>/dev/null
 	}
 }
 
 zapret_custom_firewall_nft()
 {
 	local first_packets_only="$nft_connbytes 1-3"
-	local dest_set="ip daddr @$NFQWS_CLOUDFLARE_SET_NAME"
-	local subnets
+	local dest_set_ipv4="ip daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV4"
+	local dest_set_ipv6="ip6 daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV6"
+	local subnets subnets_ipv6
 
-	make_comma_list subnets $NFQWS_CLOUDFLARE_SUBNETS
-	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME "type ipv4_addr; size 4096; auto-merge; flags interval;"
-	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME
-	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME "$subnets"
+	make_comma_list subnets $NFQWS_CLOUDFLARE_SUBNETS_IPV4
+	make_comma_list subnets_ipv6 $NFQWS_CLOUDFLARE_SUBNETS_IPV6
+	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "type ipv4_addr; size 4096; auto-merge; flags interval;"
+	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "type ipv6_addr; size 4096; auto-merge; flags interval;"
+	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4
+	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6
+	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$subnets"
+	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$subnets_ipv6"
 
 	local f="tcp dport {$NFQWS_CLOUDFLARE_PORTS}"
-	nft_fw_nfqws_post "$f $first_packets_only $dest_set" "" $QNUM_NFQWS_CLOUDFLARE
+	nft_fw_nfqws_post "$f $first_packets_only $dest_set_ipv4" "" $QNUM_NFQWS_CLOUDFLARE
+	nft_fw_nfqws_post "$f $first_packets_only $dest_set_ipv6" "" $QNUM_NFQWS_CLOUDFLARE
 }
 
 zapret_custom_firewall_nft_flush()
 {
-	nft_del_set $NFQWS_CLOUDFLARE_SET_NAME 2>/dev/null
+	nft_del_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 2>/dev/null
+	nft_del_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 2>/dev/null
 }

From 1c7ca564649d1676941a089e8f82ca214df532a5 Mon Sep 17 00:00:00 2001
From: Wend4r <47463683+Wend4r@users.noreply.github.com>
Date: Sat, 5 Apr 2025 00:47:12 +0300
Subject: [PATCH 3/6] Cloudflare: update the working strategy

---
 init.d/custom.d.examples.linux/50-cloudflare | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init.d/custom.d.examples.linux/50-cloudflare b/init.d/custom.d.examples.linux/50-cloudflare
index 0c3ee17..3b5ed7d 100644
--- a/init.d/custom.d.examples.linux/50-cloudflare
+++ b/init.d/custom.d.examples.linux/50-cloudflare
@@ -1,4 +1,4 @@
-NFQWS_CLOUDFLARE_OPTS="${NFQWS_CLOUDFLARE_OPTS:---dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-any-protocol}"
+NFQWS_CLOUDFLARE_OPTS="${NFQWS_CLOUDFLARE_OPTS:---dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=6}"
 NFQWS_CLOUDFLARE_PORTS=${NFQWS_CLOUDFLARE_PORTS:-443,80}
 NFQWS_CLOUDFLARE_SUBNETS_IPV4="103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/13 104.24.0.0/14 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17"
 NFQWS_CLOUDFLARE_SUBNETS_IPV6="2400:cb00::/32 2405:8100::/32 2405:b500::/32 2606:4700::/32 2803:f800::/32 2a06:98c0::/29 2c0f:f248::/32"

From 15dcd94735cdf34dc58d48fbb0acd401b9abfdf7 Mon Sep 17 00:00:00 2001
From: Wend4r <47463683+Wend4r@users.noreply.github.com>
Date: Sat, 5 Apr 2025 01:03:47 +0300
Subject: [PATCH 4/6] Cloudflare: optimize the working strategy

---
 init.d/custom.d.examples.linux/50-cloudflare | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init.d/custom.d.examples.linux/50-cloudflare b/init.d/custom.d.examples.linux/50-cloudflare
index 3b5ed7d..0eca9c4 100644
--- a/init.d/custom.d.examples.linux/50-cloudflare
+++ b/init.d/custom.d.examples.linux/50-cloudflare
@@ -1,4 +1,4 @@
-NFQWS_CLOUDFLARE_OPTS="${NFQWS_CLOUDFLARE_OPTS:---dpi-desync=fake --dpi-desync-repeats=6 --dpi-desync-ttl=6}"
+NFQWS_CLOUDFLARE_OPTS="${NFQWS_CLOUDFLARE_OPTS:---dpi-desync=fake --dpi-desync-repeats=3 --dpi-desync-ttl=6}"
 NFQWS_CLOUDFLARE_PORTS=${NFQWS_CLOUDFLARE_PORTS:-443,80}
 NFQWS_CLOUDFLARE_SUBNETS_IPV4="103.21.244.0/22 103.22.200.0/22 103.31.4.0/22 104.16.0.0/13 104.24.0.0/14 108.162.192.0/18 131.0.72.0/22 141.101.64.0/18 162.158.0.0/15 172.64.0.0/13 173.245.48.0/20 188.114.96.0/20 190.93.240.0/20 197.234.240.0/22 198.41.128.0/17"
 NFQWS_CLOUDFLARE_SUBNETS_IPV6="2400:cb00::/32 2405:8100::/32 2405:b500::/32 2606:4700::/32 2803:f800::/32 2a06:98c0::/29 2c0f:f248::/32"

From 59ff6f1c7c1cd0a4add133fa62dbb5d65da4e4a5 Mon Sep 17 00:00:00 2001
From: Wend4r <47463683+Wend4r@users.noreply.github.com>
Date: Sat, 5 Apr 2025 03:05:11 +0300
Subject: [PATCH 5/6] Cloudflare: add IPv6 support (2)

---
 init.d/custom.d.examples.linux/50-cloudflare | 36 +++++++++++++-------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/init.d/custom.d.examples.linux/50-cloudflare b/init.d/custom.d.examples.linux/50-cloudflare
index 0eca9c4..40735df 100644
--- a/init.d/custom.d.examples.linux/50-cloudflare
+++ b/init.d/custom.d.examples.linux/50-cloudflare
@@ -23,24 +23,28 @@ zapret_custom_firewall()
 
 	[ "$1" = 1 ] && {
 		ipset create $NFQWS_CLOUDFLARE_SET_NAME_IPV4 hash:net hashsize 8192 maxelem 4096 2>/dev/null
-		ipset create $NFQWS_CLOUDFLARE_SET_NAME_IPV6 hash:net family inet6 hashsize 8192 maxelem 4096 2>/dev/null
 		ipset flush $NFQWS_CLOUDFLARE_SET_NAME_IPV4
-		ipset flush $NFQWS_CLOUDFLARE_SET_NAME_IPV6
 		for subnet in $NFQWS_CLOUDFLARE_SUBNETS_IPV4; do
 			echo add $NFQWS_CLOUDFLARE_SET_NAME_IPV4 $subnet
 		done | ipset -! restore
-		for subnet in $NFQWS_CLOUDFLARE_SUBNETS_IPV6; do
-			echo add $NFQWS_CLOUDFLARE_SET_NAME_IPV6 $subnet
-		done | ipset -! restore
+
+		[ "$DISABLE_IPV6" != "1" ] && {
+			ipset create $NFQWS_CLOUDFLARE_SET_NAME_IPV6 hash:net family inet6 hashsize 8192 maxelem 4096 2>/dev/null
+			ipset flush $NFQWS_CLOUDFLARE_SET_NAME_IPV6
+			for subnet in $NFQWS_CLOUDFLARE_SUBNETS_IPV6; do
+				echo add $NFQWS_CLOUDFLARE_SET_NAME_IPV6 $subnet
+			done | ipset -! restore
+		}
 	}
 
 	local f="-p tcp -m multiport --dports $NFQWS_CLOUDFLARE_PORTS"
 	fw_nfqws_post $1 "$f $first_packets_only $dest_set_ipv4" "" $QNUM_NFQWS_CLOUDFLARE
-	fw_nfqws_post $1 "$f $first_packets_only $dest_set_ipv6" "" $QNUM_NFQWS_CLOUDFLARE
+
+	[ "$DISABLE_IPV6" != "1" ] && fw_nfqws_post $1 "$f $first_packets_only $dest_set_ipv6" "" $QNUM_NFQWS_CLOUDFLARE
 
 	[ "$1" = 1 ] || {
 		ipset destroy $NFQWS_CLOUDFLARE_SET_NAME_IPV4 2>/dev/null
-		ipset destroy $NFQWS_CLOUDFLARE_SET_NAME_IPV6 2>/dev/null
+		[ "$DISABLE_IPV6" != "1" ] && ipset destroy $NFQWS_CLOUDFLARE_SET_NAME_IPV6 2>/dev/null
 	}
 }
 
@@ -49,24 +53,30 @@ zapret_custom_firewall_nft()
 	local first_packets_only="$nft_connbytes 1-3"
 	local dest_set_ipv4="ip daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV4"
 	local dest_set_ipv6="ip6 daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV6"
+	local nft_rules="type ipv4_addr; size 4096; auto-merge; flags interval;"
 	local subnets subnets_ipv6
 
 	make_comma_list subnets $NFQWS_CLOUDFLARE_SUBNETS_IPV4
 	make_comma_list subnets_ipv6 $NFQWS_CLOUDFLARE_SUBNETS_IPV6
-	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "type ipv4_addr; size 4096; auto-merge; flags interval;"
-	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "type ipv6_addr; size 4096; auto-merge; flags interval;"
+
+	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$nft_rules"
 	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4
-	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6
 	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$subnets"
-	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$subnets_ipv6"
+
+	[ "$DISABLE_IPV6" != "1" ] && {
+		nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$nft_rules"
+		nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6
+		nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$subnets_ipv6"
+	}
 
 	local f="tcp dport {$NFQWS_CLOUDFLARE_PORTS}"
 	nft_fw_nfqws_post "$f $first_packets_only $dest_set_ipv4" "" $QNUM_NFQWS_CLOUDFLARE
-	nft_fw_nfqws_post "$f $first_packets_only $dest_set_ipv6" "" $QNUM_NFQWS_CLOUDFLARE
+
+	[ "$DISABLE_IPV6" != "1" ] && nft_fw_nfqws_post "$f $first_packets_only $dest_set_ipv6" "" $QNUM_NFQWS_CLOUDFLARE
 }
 
 zapret_custom_firewall_nft_flush()
 {
 	nft_del_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 2>/dev/null
-	nft_del_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 2>/dev/null
+	[ "$DISABLE_IPV6" != "1" ] && nft_del_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 2>/dev/null
 }

From 027367944753d0949f420e78ac130182da99cf70 Mon Sep 17 00:00:00 2001
From: Wend4r <47463683+Wend4r@users.noreply.github.com>
Date: Tue, 8 Apr 2025 17:45:41 +0300
Subject: [PATCH 6/6] Cloudflare (NFT): correct IPv6 rule

Co-authored-by: Ivan Trubach <mr.trubach@icloud.com>
---
 init.d/custom.d.examples.linux/50-cloudflare | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/init.d/custom.d.examples.linux/50-cloudflare b/init.d/custom.d.examples.linux/50-cloudflare
index 40735df..e2372ee 100644
--- a/init.d/custom.d.examples.linux/50-cloudflare
+++ b/init.d/custom.d.examples.linux/50-cloudflare
@@ -53,18 +53,19 @@ zapret_custom_firewall_nft()
 	local first_packets_only="$nft_connbytes 1-3"
 	local dest_set_ipv4="ip daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV4"
 	local dest_set_ipv6="ip6 daddr @$NFQWS_CLOUDFLARE_SET_NAME_IPV6"
-	local nft_rules="type ipv4_addr; size 4096; auto-merge; flags interval;"
+	local nft_rules_ipv4="type ipv4_addr; size 4096; auto-merge; flags interval;"
+	local nft_rules_ipv6="type ipv6_addr; size 4096; auto-merge; flags interval;"
 	local subnets subnets_ipv6
 
 	make_comma_list subnets $NFQWS_CLOUDFLARE_SUBNETS_IPV4
 	make_comma_list subnets_ipv6 $NFQWS_CLOUDFLARE_SUBNETS_IPV6
 
-	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$nft_rules"
+	nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$nft_rules_ipv4"
 	nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV4
 	nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV4 "$subnets"
 
 	[ "$DISABLE_IPV6" != "1" ] && {
-		nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$nft_rules"
+		nft_create_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$nft_rules_ipv6"
 		nft_flush_set $NFQWS_CLOUDFLARE_SET_NAME_IPV6
 		nft_add_set_element $NFQWS_CLOUDFLARE_SET_NAME_IPV6 "$subnets_ipv6"
 	}