install_easy

2026-03-14 06:13:09 +00:00 · 2025-12-02 15:40:39 +03:00
parent ec6021898b
commit 69b08f0a36
18 changed files with 1872 additions and 5 deletions
--- a/common/installer.sh
+++ b/common/installer.sh
@@ -0,0 +1,803 @@
+GET_LIST_PREFIX=/ipset/get_
+
+SYSTEMD_DIR=/lib/systemd
+[ -d "$SYSTEMD_DIR" ] || SYSTEMD_DIR=/usr/lib/systemd
+[ -d "$SYSTEMD_DIR" ] && SYSTEMD_SYSTEM_DIR="$SYSTEMD_DIR/system"
+
+INIT_SCRIPT=/etc/init.d/zapret2
+
+
+exitp()
+{
+	echo
+	echo press enter to continue
+	read A
+	exit $1
+}
+
+extract_var_def()
+{
+	# $1 - var name
+	# this sed script parses single or multi line shell var assignments with optional ' or " enclosure
+	sed -n \
+"/^$1=\"/ {
+:s1
+/\".*\"/ {
+ p
+ b
+}
+N
+t c1
+b s1
+:c1
+}
+/^$1='/ {
+:s2
+/'.*'/ {
+ p
+ b
+}
+N
+t c2
+b s2
+:c2
+}
+/^$1=/p
+"
+}
+replace_var_def()
+{
+	# $1 - var name
+	# $2 - new val
+	# $3 - conf file
+	# this sed script replaces single or multi line shell var assignments with optional ' or " enclosure
+	local repl
+	if [ -z "$2" ]; then
+		repl="#$1="
+	elif contains "$2" " "; then
+		repl="$1=\"$2\""
+	else
+		repl="$1=$2"
+	fi
+	local script=\
+"/^#*[[:space:]]*$1=\"/ {
+:s1
+/\".*\"/ {
+ c\\
+$repl
+ b
+}
+N
+t c1
+b s1
+:c1
+}
+/^#*[[:space:]]*$1='/ {
+:s2
+/'.*'/ {
+ c\\
+$repl
+ b
+}
+N
+t c2
+b s2
+:c2
+}
+/^#*[[:space:]]*$1=/c\\
+$repl"
+	# there's incompatibility with -i option on BSD and busybox/GNU
+	if [ "$UNAME" = "Linux" ]; then
+		sed -i -e "$script" "$3"
+	else
+		sed -i '' -e "$script" "$3"
+	fi
+}
+
+parse_var_checked()
+{
+	# $1 - file name
+	# $2 - var name
+
+	local tmp="/tmp/zvar-pid-$$.sh"
+	local v
+	cat "$1" | extract_var_def "$2" >"$tmp"
+	. "$tmp"
+	rm -f "$tmp"
+	eval v="\$$2"
+	# trim
+	v="$(echo "$v" | trim)"
+	eval $2=\""$v"\"
+}
+parse_vars_checked()
+{
+	# $1 - file name
+	# $2,$3,... - var names
+	local f="$1"
+	shift
+	while [ -n "$1" ]; do
+		parse_var_checked "$f" $1
+		shift
+	done
+}
+edit_file()
+{
+	# $1 - file name
+	local ed="$EDITOR"
+	[ -n "$ed" ] || {
+		for e in mcedit nano vim vi; do
+			exists "$e" && {
+				ed="$e"
+				break
+			}
+		done
+	}
+	[ -n "$ed" ] && "$ed" "$1"
+}
+echo_var()
+{
+	local v delimeter delims=
+	eval v="\$$1"
+	if find_str_in_list $1 "$EDITVAR_NEWLINE_VARS"; then
+		echo "$1=\""
+		for delimeter in $EDITVAR_NEWLINE_DELIMETERS; do
+			delims="${delims:+$delims }-e "'"'"s/$delimeter/"'\\n'"$delimeter/g"'"'
+		done
+		echo "$v\"" | tr '\n' ' ' | tr -d '\r' | eval sed -e 's/^\ *//' -e 's/\ *$//' $delims
+	else
+		if contains "$v" " "; then
+			echo $1=\"$v\"
+		else
+			echo $1=$v
+		fi
+	fi
+}
+edit_vars()
+{
+	# $1,$2,... - var names
+	local n=1 var tmp="/tmp/zvars-pid-$$.txt"
+	rm -f "$tmp"
+	while : ; do
+		eval var="\${$n}"
+		[ -n "$var" ] || break
+		echo_var $var >> "$tmp"
+		n=$(($n+1))
+	done
+	edit_file "$tmp" && parse_vars_checked "$tmp" "$@"
+	rm -f "$tmp"
+}
+
+list_vars()
+{
+	while [ -n "$1" ] ; do
+		echo_var $1
+		shift
+	done
+	echo
+}
+
+openrc_test()
+{
+	exists rc-update || return 1
+	# some systems do not usse openrc-init but launch openrc from inittab
+	[ "$INIT" = "openrc-init" ] || grep -qE "sysinit.*openrc" /etc/inittab 2>/dev/null
+}
+check_system()
+{
+	# $1 - nonempty = do not fail on unknown rc system
+
+	echo \* checking system
+
+	SYSTEM=
+	SUBSYS=
+	SYSTEMCTL="$(whichq systemctl)"
+
+	get_fwtype
+	OPENWRT_FW3=
+	OPENWRT_FW4=
+
+	local info
+	UNAME=$(uname)
+	if [ "$UNAME" = "Linux" ]; then
+		# do not use 'exe' because it requires root
+		local INIT="$(sed 's/\x0/\n/g' /proc/1/cmdline | head -n 1)"
+		[ -L "$INIT" ] && INIT=$(readlink "$INIT")
+		INIT="$(basename "$INIT")"
+		# some distros include systemctl without systemd
+		if [ -d "$SYSTEMD_DIR" ] && [ -x "$SYSTEMCTL" ] && [ "$INIT" = "systemd" ]; then
+			SYSTEM=systemd
+			[ -f "$EXEDIR/init.d/sysv/functions" ] && . "$EXEDIR/init.d/sysv/functions"
+		elif [ -f "/etc/openwrt_release" ] && exists opkg || exists apk && exists uci && [ "$INIT" = "procd" ] ; then
+			SYSTEM=openwrt
+			OPENWRT_PACKAGER=opkg
+			OPENWRT_PACKAGER_INSTALL="opkg install"
+			OPENWRT_PACKAGER_UPDATE="opkg update"
+			exists apk && {
+				OPENWRT_PACKAGER=apk
+				OPENWRT_PACKAGER_INSTALL="apk add"
+				OPENWRT_PACKAGER_UPDATE=
+			}
+			info="package manager $OPENWRT_PACKAGER\n"
+			if openwrt_fw3 ; then
+				OPENWRT_FW3=1
+				info="${info}firewall fw3"
+				if is_ipt_flow_offload_avail; then
+					info="$info. hardware flow offloading requires iptables."
+				else
+					info="$info. flow offloading unavailable."
+				fi
+			elif openwrt_fw4; then
+				OPENWRT_FW4=1
+				info="${info}firewall fw4. flow offloading requires nftables."
+			fi
+			[ -f "$EXEDIR/init.d/openwrt/functions" ] && . "$EXEDIR/init.d/openwrt/functions"
+		elif openrc_test; then
+			SYSTEM=openrc
+			[ -f "$EXEDIR/init.d/sysv/functions" ] && . "$EXEDIR/init.d/sysv/functions"
+		else
+			echo system is not either systemd, openrc or openwrt based
+			echo easy installer can set up config settings but can\'t configure auto start
+			echo you have to do it manually. check readme.md for manual setup info.
+			if [ -n "$1" ] || ask_yes_no N "do you want to continue"; then
+			    SYSTEM=linux
+			else
+			    exitp 5
+			fi
+			[ -f "$EXEDIR/init.d/sysv/functions" ] && . "$EXEDIR/init.d/sysv/functions"
+		fi
+		linux_get_subsys
+	else
+		echo easy installer only supports Linux. check readme.md for supported systems and manual setup info.
+		exitp 5
+	fi
+	echo system is based on $SYSTEM
+	[ -n "$info" ] && printf "${info}\n"
+}
+
+get_free_space_mb()
+{
+    df -m $PWD | awk '/[0-9]%/{print $(NF-2)}'
+}
+get_ram_kb()
+{
+    grep MemTotal /proc/meminfo | awk '{print $2}'
+}
+get_ram_mb()
+{
+    local R=$(get_ram_kb)
+    echo $(($R/1024))
+}
+
+crontab_del()
+{
+	exists crontab || return
+
+	echo \* removing crontab entry
+
+	CRONTMP=/tmp/cron.tmp
+	crontab -l >$CRONTMP 2>/dev/null
+	if grep -q "$GET_LIST_PREFIX" $CRONTMP; then
+		echo removing following entries from crontab :
+		grep "$GET_LIST_PREFIX" $CRONTMP
+		grep -v "$GET_LIST_PREFIX" $CRONTMP >$CRONTMP.2
+		crontab $CRONTMP.2
+		rm -f $CRONTMP.2
+	fi
+	rm -f $CRONTMP
+}
+crontab_del_quiet()
+{
+	exists crontab || return
+
+	CRONTMP=/tmp/cron.tmp
+	crontab -l >$CRONTMP 2>/dev/null
+	if grep -q "$GET_LIST_PREFIX" $CRONTMP; then
+		grep -v "$GET_LIST_PREFIX" $CRONTMP >$CRONTMP.2
+		crontab $CRONTMP.2
+		rm -f $CRONTMP.2
+	fi
+	rm -f $CRONTMP
+}
+crontab_add()
+{
+	# $1 - hour min
+	# $2 - hour max
+	[ -x "$GET_LIST" ] &&	{
+		echo \* adding crontab entry
+
+		if exists crontab; then
+			CRONTMP=/tmp/cron.tmp
+			crontab -l >$CRONTMP 2>/dev/null
+			if grep -q "$GET_LIST_PREFIX" $CRONTMP; then
+				echo some entries already exist in crontab. check if this is corrent :
+				grep "$GET_LIST_PREFIX" $CRONTMP
+			else
+				end_with_newline <"$CRONTMP" || echo >>"$CRONTMP"
+				echo "$(random 0 59) $(random $1 $2) */2 * * $GET_LIST" >>$CRONTMP
+				crontab $CRONTMP
+			fi
+			rm -f $CRONTMP
+		else
+			echo '!!! CRON IS ABSENT !!! LISTS AUTO UPDATE WILL NOT WORK !!!'
+		fi
+	}
+}
+cron_ensure_running()
+{
+	# if no crontabs present in /etc/cron openwrt init script does not launch crond. this is default
+	[ "$SYSTEM" = "openwrt" ] && {
+		/etc/init.d/cron enable
+		/etc/init.d/cron start
+	}
+}
+
+
+service_start_systemd()
+{
+	echo \* starting zapret2 service
+
+	"$SYSTEMCTL" start zapret2 || {
+		echo could not start zapret2 service
+		exitp 30
+	}
+}
+service_stop_systemd()
+{
+	echo \* stopping zapret2 service
+
+	"$SYSTEMCTL" daemon-reload
+	"$SYSTEMCTL" disable zapret2
+	"$SYSTEMCTL" stop zapret2
+}
+service_remove_systemd()
+{
+	echo \* removing zapret2 service
+
+	rm -f "$SYSTEMD_SYSTEM_DIR/zapret2.service"
+	"$SYSTEMCTL" daemon-reload
+}
+timer_remove_systemd()
+{
+	echo \* removing zapret2-list-update timer
+
+	"$SYSTEMCTL" daemon-reload
+	"$SYSTEMCTL" disable zapret2-list-update.timer
+	"$SYSTEMCTL" stop zapret2-list-update.timer
+	rm -f "$SYSTEMD_SYSTEM_DIR/zapret2-list-update.service" "$SYSTEMD_SYSTEM_DIR/zapret2-list-update.timer"
+	"$SYSTEMCTL" daemon-reload
+}
+
+install_sysv_init()
+{
+	# $1 - "0"=disable
+	echo \* installing init script
+
+	[ -x "$INIT_SCRIPT" ] && {
+		"$INIT_SCRIPT" stop
+		"$INIT_SCRIPT" disable
+	}
+	ln -fs "$INIT_SCRIPT_SRC" "$INIT_SCRIPT"
+	[ "$1" != "0" ] && "$INIT_SCRIPT" enable
+}
+install_openrc_init()
+{
+	# $1 - "0"=disable
+	echo \* installing init script
+
+	[ -x "$INIT_SCRIPT" ] && {
+		"$INIT_SCRIPT" stop
+		rc-update del zapret2
+	}
+	ln -fs "$INIT_SCRIPT_SRC" "$INIT_SCRIPT"
+	[ "$1" != "0" ] && rc-update add zapret2
+}
+service_remove_openrc()
+{
+	echo \* removing zapret2 service
+
+	[ -x "$INIT_SCRIPT" ] && {
+		rc-update del zapret2
+		"$INIT_SCRIPT" stop
+	}
+	rm -f "$INIT_SCRIPT"
+}
+service_start_sysv()
+{
+	[ -x "$INIT_SCRIPT" ] && {
+		echo \* starting zapret2 service
+		"$INIT_SCRIPT" start || {
+			echo could not start zapret2 service
+			exitp 30
+		}
+	}
+}
+service_stop_sysv()
+{
+	[ -x "$INIT_SCRIPT" ] && {
+		echo \* stopping zapret2 service
+		"$INIT_SCRIPT" stop
+	}
+}
+service_remove_sysv()
+{
+	echo \* removing zapret2 service
+
+	[ -x "$INIT_SCRIPT" ] && {
+		"$INIT_SCRIPT" disable
+		"$INIT_SCRIPT" stop
+	}
+	rm -f "$INIT_SCRIPT"
+}
+
+check_kmod()
+{
+	[ -f "/lib/modules/$(uname -r)/$1.ko" ]
+}
+check_package_exists_openwrt()
+{
+	[ -n "$($OPENWRT_PACKAGER list $1)" ]
+}
+check_package_openwrt()
+{
+	case $OPENWRT_PACKAGER in
+		opkg)
+			[ -n "$(opkg list-installed $1)" ] && return 0
+			local what="$(opkg whatprovides $1 | tail -n +2 | head -n 1)"
+			[ -n "$what" ] || return 1
+			[ -n "$(opkg list-installed $what)" ]
+			;;
+		apk)
+			apk info -e $1
+			;;
+	esac
+}
+check_packages_openwrt()
+{
+	for pkg in $@; do
+		check_package_openwrt $pkg || return
+	done
+}
+
+install_openwrt_iface_hook()
+{
+	echo \* installing ifup hook
+
+	ln -fs "$OPENWRT_IFACE_HOOK" /etc/hotplug.d/iface
+}
+remove_openwrt_iface_hook()
+{
+	echo \* removing ifup hook
+
+	rm -f /etc/hotplug.d/iface/??-zapret2
+}
+openwrt_fw_section_find()
+{
+	# $1 - fw include postfix
+	# echoes section number
+
+	i=0
+	while true
+	do
+		path=$(uci -q get firewall.@include[$i].path)
+		[ -n "$path" ] || break
+		[ "$path" = "$OPENWRT_FW_INCLUDE$1" ] && {
+			echo $i
+			return 0
+		}
+		i=$(($i+1))
+	done
+	return 1
+}
+openwrt_fw_section_del()
+{
+	# $1 - fw include postfix
+
+	local id="$(openwrt_fw_section_find $1)"
+	[ -n "$id" ] && {
+		uci delete firewall.@include[$id] && uci commit firewall
+		rm -f "$OPENWRT_FW_INCLUDE$1"
+	}
+}
+openwrt_fw_section_add()
+{
+	openwrt_fw_section_find ||
+	{
+		uci add firewall include >/dev/null || return
+		echo -1
+	}
+}
+openwrt_fw_section_configure()
+{
+	local id="$(openwrt_fw_section_add $1)"
+	[ -z "$id" ] ||
+	 ! uci set firewall.@include[$id].path="$OPENWRT_FW_INCLUDE" ||
+	 ! uci set firewall.@include[$id].reload="1" ||
+	 ! uci commit firewall &&
+	{
+		echo could not add firewall include
+		exitp 50
+	}
+}
+install_openwrt_firewall()
+{
+	echo \* installing firewall script $1
+
+	[ -n "MODE" ] || {
+		echo should specify MODE in $ZAPRET_CONFIG
+		exitp 7
+	}
+
+	echo "linking : $FW_SCRIPT_SRC => $OPENWRT_FW_INCLUDE"
+	ln -fs "$FW_SCRIPT_SRC" "$OPENWRT_FW_INCLUDE"
+
+	openwrt_fw_section_configure $1
+}
+restart_openwrt_firewall()
+{
+	echo \* restarting firewall
+
+	local FW=fw4
+	[ -n "$OPENWRT_FW3" ] && FW=fw3
+	exists $FW && $FW -q restart || {
+		echo could not restart firewall $FW
+	}
+}
+remove_openwrt_firewall()
+{
+	echo \* removing firewall script
+
+	openwrt_fw_section_del
+}
+
+clear_ipset()
+{
+	echo "* clearing ipset(s)"
+
+	# free some RAM
+	"$IPSET_DIR/create_ipset.sh" clear
+}
+
+
+
+write_config_var()
+{
+	# $1 - mode var
+	local M
+	eval M="\$$1"
+	# replace / => \/
+	#M=${M//\//\\\/}
+	M=$(echo $M | sed 's/\//\\\//g' | trim)
+	grep -q "^[[:space:]]*$1=\|^#*[[:space:]]*$1=" "$ZAPRET_CONFIG" || {
+		# var does not exist in config. add it
+		echo $1= >>"$ZAPRET_CONFIG"
+	}
+	replace_var_def $1 "$M" "$ZAPRET_CONFIG"
+}
+
+no_prereq_exit()
+{
+	echo could not install prerequisites
+	exitp 6
+}
+check_prerequisites_linux()
+{
+	echo \* checking prerequisites
+
+	local s cmd PKGS UTILS req="curl curl"
+	local APTGET DNF YUM PACMAN ZYPPER EOPKG APK
+	case "$FWTYPE" in
+		iptables)
+			req="$req iptables iptables ip6tables iptables ipset ipset"
+			;;
+		nftables)
+			req="$req nft nftables"
+			;;
+	esac
+
+	PKGS=$(for s in $req; do echo $s; done |
+		while read cmd; do
+			read pkg
+			exists $cmd || echo $pkg
+		done | sort -u | xargs)
+	UTILS=$(for s in $req; do echo $s; done |
+		while read cmd; do
+			read pkg
+			echo $cmd
+		done | sort -u | xargs)
+
+	if [ -z "$PKGS" ] ; then
+		echo required utilities exist : $UTILS
+	else
+		echo \* installing prerequisites
+
+		echo packages required : $PKGS
+
+		APTGET=$(whichq apt-get)
+		DNF=$(whichq dnf)
+		YUM=$(whichq yum)
+		PACMAN=$(whichq pacman)
+		ZYPPER=$(whichq zypper)
+		EOPKG=$(whichq eopkg)
+		APK=$(whichq apk)
+		if [ -x "$APTGET" ] ; then
+			"$APTGET" update
+			"$APTGET" install -y --no-install-recommends $PKGS dnsutils || no_prereq_exit
+		elif [ -x "$DNF" ] ; then
+			"$DNF" -y install $PKGS || no_prereq_exit
+		elif [ -x "$YUM" ] ; then
+			"$YUM" -y install $PKGS || no_prereq_exit
+		elif [ -x "$PACMAN" ] ; then
+			"$PACMAN" -Syy
+			"$PACMAN" --noconfirm -S $PKGS || no_prereq_exit
+		elif [ -x "$ZYPPER" ] ; then
+			"$ZYPPER" --non-interactive install $PKGS || no_prereq_exit
+		elif [ -x "$EOPKG" ] ; then
+			"$EOPKG" -y install $PKGS || no_prereq_exit
+		elif [ -x "$APK" ] ; then
+			"$APK" update
+			# for alpine
+			[ "$FWTYPE" = iptables ] && [ -n "$($APK list ip6tables)" ] && PKGS="$PKGS ip6tables"
+			"$APK" add $PKGS || no_prereq_exit
+		else
+			echo supported package manager not found
+			echo you must manually install : $UTILS
+			exitp 5
+		fi
+	fi
+}
+
+removable_pkgs_openwrt()
+{
+	local pkg PKGS2
+	[ -n "$OPENWRT_FW4" ] && PKGS2="$PKGS2 iptables-zz-legacy iptables ip6tables-zz-legacy ip6tables"
+	[ -n "$OPENWRT_FW3" ] && PKGS2="$PKGS2 nftables-json nftables-nojson nftables"
+	PKGS=
+	for pkg in $PKGS2; do
+		check_package_exists_openwrt $pkg && PKGS="${PKGS:+$PKGS }$pkg"
+	done
+	PKGS="ipset iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra iptables-mod-u32 ip6tables-mod-nat ip6tables-extra kmod-nft-queue gzip coreutils-sort coreutils-sleep curl $PKGS"
+}
+
+openwrt_fix_broken_apk_uninstall_scripts()
+{
+	# at least in early snapshots with apk removing gnu gzip, sort, ... does not restore links to busybox
+	# system may become unusable
+	exists sort || { echo fixing missing sort; ln -fs /bin/busybox /usr/bin/sort; }
+	exists gzip || { echo fixing missing gzip; ln -fs /bin/busybox /bin/gzip; }
+	exists sleep || { echo fixing missing sleep; ln -fs /bin/busybox /bin/sleep; }
+}
+
+remove_extra_pkgs_openwrt()
+{
+	local PKGS
+	echo \* remove dependencies
+	removable_pkgs_openwrt
+	echo these packages may have been installed by install_easy.sh : $PKGS
+	ask_yes_no N "do you want to remove them" && {
+		case $OPENWRT_PACKAGER in
+			opkg)
+				opkg remove --autoremove $PKGS
+				;;
+			apk)
+				apk del $PKGS
+				openwrt_fix_broken_apk_uninstall_scripts
+				;;
+		esac
+	}
+}
+
+check_prerequisites_openwrt()
+{
+	echo \* checking prerequisites
+
+	local PKGS="curl" UPD=0 local pkg_iptables
+
+	case "$FWTYPE" in
+		iptables)
+			pkg_iptables=iptables
+			check_package_exists_openwrt iptables-zz-legacy && pkg_iptables=iptables-zz-legacy
+			PKGS="$PKGS ipset $pkg_iptables iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra iptables-mod-u32"
+			check_package_exists_openwrt ip6tables-zz-legacy && pkg_iptables=ip6tables-zz-legacy
+			[ "$DISABLE_IPV6" = 1 ] || PKGS="$PKGS $pkg_iptables ip6tables-mod-nat ip6tables-extra"
+			;;
+		nftables)
+			PKGS="$PKGS nftables kmod-nft-nat kmod-nft-offload kmod-nft-queue"
+			;;
+	esac
+
+	if check_packages_openwrt $PKGS ; then
+		echo everything is present
+	else
+		echo \* installing prerequisites
+
+		$OPENWRT_PACKAGER_UPDATE
+		UPD=1
+		$OPENWRT_PACKAGER_INSTALL $PKGS || {
+			echo could not install prerequisites
+			exitp 6
+		}
+	fi
+
+	is_linked_to_busybox gzip && {
+		echo
+		echo your system uses default busybox gzip. its several times slower than GNU gzip.
+		echo ip/host list scripts will run much faster with GNU gzip
+		echo installer can install GNU gzip but it requires about 100 Kb space
+		if ask_yes_no N "do you want to install GNU gzip"; then
+			[ "$UPD" = "0" ] && {
+				$OPENWRT_PACKAGER_UPDATE
+				UPD=1
+			}
+			$OPENWRT_PACKAGER_INSTALL --force-overwrite gzip
+		fi
+	}
+	is_linked_to_busybox sort && {
+		echo
+		echo your system uses default busybox sort. its much slower and consumes much more RAM than GNU sort
+		echo ip/host list scripts will run much faster with GNU sort
+		echo installer can install GNU sort but it requires about 100 Kb space
+		if ask_yes_no N "do you want to install GNU sort"; then
+			[ "$UPD" = "0" ] && {
+				$OPENWRT_PACKAGER_UPDATE
+				UPD=1
+			}
+			$OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sort
+		fi
+	}
+	[ "$FSLEEP" = 0 ] && is_linked_to_busybox sleep && {
+		echo
+		echo no methods of sub-second sleep were found.
+		echo if you want to speed up blockcheck install coreutils-sleep. it requires about 40 Kb space
+		if ask_yes_no N "do you want to install COREUTILS sleep"; then
+			[ "$UPD" = "0" ] && {
+				$OPENWRT_PACKAGER_UPDATE
+				UPD=1
+			}
+			$OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sleep
+			fsleep_setup
+		fi
+	}
+}
+
+
+
+select_ipv6()
+{
+	local T=N
+
+	[ "$DISABLE_IPV6" != '1' ] && T=Y
+	local old6=$DISABLE_IPV6
+	echo
+	if ask_yes_no $T "enable ipv6 support"; then
+		DISABLE_IPV6=0
+	else
+		DISABLE_IPV6=1
+	fi
+	[ "$old6" != "$DISABLE_IPV6" ] && write_config_var DISABLE_IPV6
+}
+select_fwtype()
+{
+	echo
+	[ $(get_ram_mb) -le 400 ] && {
+		echo WARNING ! you are running a low RAM system
+		echo WARNING ! nft requires lots of RAM to load huge ip sets, much more than ipsets require
+		echo WARNING ! if you need large lists it may be necessary to fall back to iptables+ipset firewall
+	}
+	echo select firewall type :
+	ask_list FWTYPE "iptables nftables" "$FWTYPE" && write_config_var FWTYPE
+}
+
+dry_run_nfqws_()
+{
+	local NFQWS="$ZAPRET_BASE/nfq2/nfqws2"
+	echo verifying nfqws options
+	"$NFQWS" --dry-run ${WS_USER:+--user=$WS_USER} "$@"
+}
+dry_run_nfqws()
+{
+	[ "$NFQWS2_ENABLE" = 1 ] || return 0
+	local opt="$NFQWS2_OPT" qn=${QNUM:-300}
+	filter_apply_hostlist_target opt
+	dry_run_nfqws_ --qnum=$qn $opt
+	echo NOTE ! LUA code validity cannot be verified at this stage !
+}