From e336bb831c23e99b902da150d20c30e67b40a6b4 Mon Sep 17 00:00:00 2001
From: Andrey Petelin <am.petelin@gmail.com>
Date: Tue, 16 Sep 2025 19:45:32 +0500
Subject: [PATCH 1/4] fix: Mask urltest_proxy_links in config output

---
 podkop/files/usr/bin/podkop | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop
index 8bb8b85..6dbc926 100755
--- a/podkop/files/usr/bin/podkop
+++ b/podkop/files/usr/bin/podkop
@@ -1752,15 +1752,14 @@ show_sing_box_config() {
 }
 
 show_config() {
-    if [ ! -f /etc/config/podkop ]; then
+    if [ ! -f "$PODKOP_CONFIG" ]; then
         nolog "Configuration file not found"
         return 1
     fi
 
     tmp_config=$(mktemp)
 
-    cat /etc/config/podkop | sed \
-        -e 's/\(option proxy_string\).*/\1 '\''MASKED'\''/g' \
+    sed -e 's/\(option proxy_string\).*/\1 '\''MASKED'\''/g' \
         -e 's/\(option outbound_json\).*/\1 '\''MASKED'\''/g' \
         -e 's/\(option second_proxy_string\).*/\1 '\''MASKED'\''/g' \
         -e 's/\(option second_outbound_json\).*/\1 '\''MASKED'\''/g' \
@@ -1769,8 +1768,9 @@ show_config() {
         -e 's/\(pbk=[^&]*\)/pbk=MASKED/g' \
         -e 's/\(sid=[^&]*\)/sid=MASKED/g' \
         -e 's/\(option dns_server '\''[^'\'']*\.dns\.nextdns\.io'\''\)/option dns_server '\''MASKED.dns.nextdns.io'\''/g' \
-        -e "s|\(option dns_server 'dns\.nextdns\.io\)/[^']*|\1/MASKED|"
-    > "$tmp_config"
+        -e "s|\(option dns_server 'dns\.nextdns\.io\)/[^']*|\1/MASKED|" \
+        -e 's/\(list urltest_proxy_links\).*/\1 '\''MASKED'\''/g' \
+        "$PODKOP_CONFIG" > "$tmp_config"
 
     cat "$tmp_config"
     rm -f "$tmp_config"

From 6c5a27110572416b46939ae6a36ad4021041b227 Mon Sep 17 00:00:00 2001
From: Andrey Petelin <am.petelin@gmail.com>
Date: Tue, 16 Sep 2025 20:11:13 +0500
Subject: [PATCH 2/4] fix: Move sing-box config check to after temp file
 creation

---
 podkop/files/usr/bin/podkop | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop
index 6dbc926..e642424 100755
--- a/podkop/files/usr/bin/podkop
+++ b/podkop/files/usr/bin/podkop
@@ -66,7 +66,6 @@ start_main() {
 
     # sing-box
     sing_box_init_config
-    sing_box_config_check
     config_foreach add_cron_job
     /etc/init.d/sing-box start
 
@@ -1167,6 +1166,8 @@ sing_box_save_config() {
     log "Save sing-box temporary config to $temp_file_path" "debug"
     sing_box_cm_save_config_to_file "$config" "$temp_file_path"
 
+    sing_box_config_check "$temp_file_path"
+
     current_config_hash=$(md5sum "$sing_box_config_path" 2> /dev/null | awk '{print $1}')
     temp_config_hash=$(md5sum "$temp_file_path" | awk '{print $1}')
     log "Current sing-box config hash: $current_config_hash" "debug"
@@ -1181,10 +1182,10 @@ sing_box_save_config() {
 }
 
 sing_box_config_check() {
-    local sing_box_config_path
-    config_get sing_box_config_path "main" "config_path"
-    if ! sing-box -c "$sing_box_config_path" check > /dev/null 2>&1; then
-        log "Sing-box configuration is invalid" "fatal"
+    local config_path="$1"
+
+    if ! sing-box -c "$config_path" check > /dev/null 2>&1; then
+        log "Sing-box configuration $config_path is invalid" "fatal"
         exit 1
     fi
 }

From 4999840340b5c9a83105233e94118ff9f1d743d5 Mon Sep 17 00:00:00 2001
From: Andrey Petelin <am.petelin@gmail.com>
Date: Wed, 17 Sep 2025 11:58:55 +0500
Subject: [PATCH 3/4] fix: Support comments in user domain/subnet parsing

---
 podkop/files/usr/lib/helpers.sh | 32 ++++++--------------------------
 1 file changed, 6 insertions(+), 26 deletions(-)

diff --git a/podkop/files/usr/lib/helpers.sh b/podkop/files/usr/lib/helpers.sh
index c09deb3..0a62e1a 100644
--- a/podkop/files/usr/lib/helpers.sh
+++ b/podkop/files/usr/lib/helpers.sh
@@ -299,33 +299,11 @@ parse_domain_or_subnet_string_to_commas_string() {
     local string="$1"
     local type="$2"
 
-    local result
-    for item in $string; do
-        case "$type" in
-        domains)
-            if ! is_domain_suffix "$item"; then
-                log "'$item' is not a valid domain" "debug"
-                continue
-            fi
-            ;;
-        subnets)
-            if ! is_ipv4_ip_or_ipv4_cidr "$item"; then
-                log "'$item' is not IPv4 or IPv4 CIDR" "debug"
-                continue
-            fi
-            ;;
-        *)
-            log "Unknown type: $type" "error"
-            return 1
-            ;;
-        esac
+    tmpfile=$(mktemp)
+    printf "%s\n" "$string" | sed 's/\/\/.*//' | tr ', ' '\n' | grep -v '^$' > "$tmpfile"
 
-        if [ -z "$result" ]; then
-            result="$item"
-        else
-            result="$result,$item"
-        fi
-    done
+    result="$(parse_domain_or_subnet_file_to_comma_string "$tmpfile" "$type")"
+    rm -f "$tmpfile"
 
     echo "$result"
 }
@@ -345,6 +323,8 @@ parse_domain_or_subnet_file_to_comma_string() {
 
     local result
     while IFS= read -r line; do
+        line=$(echo "$line" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
+        log "!!! $line"
         [ -z "$line" ] && continue
 
         case "$type" in

From bb1c06951ca8348ce74e4822e8236aacc2c5318e Mon Sep 17 00:00:00 2001
From: Andrey Petelin <am.petelin@gmail.com>
Date: Wed, 17 Sep 2025 13:31:00 +0500
Subject: [PATCH 4/4] fix: Exclusion of ruleset subnets from dns rules (#148)

---
 podkop/files/usr/bin/podkop       | 30 +++++++++++++++++++++---------
 podkop/files/usr/lib/constants.sh |  3 ++-
 podkop/files/usr/lib/helpers.sh   |  2 +-
 3 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/podkop/files/usr/bin/podkop b/podkop/files/usr/bin/podkop
index e642424..7062dab 100755
--- a/podkop/files/usr/bin/podkop
+++ b/podkop/files/usr/bin/podkop
@@ -238,23 +238,29 @@ migration() {
 }
 
 validate_service() {
-    local domain="$1"
+    local service="$1"
 
-    for valid_service in $VALID_SERVICES; do
-        if [ "$domain" = "$valid_service" ]; then
+    for domain_service in $COMMUNITY_DOMAIN_SERVICES; do
+        if [ "$service" = "$domain_service" ]; then
             return 0
         fi
     done
 
-    log "Invalid service in domain_list: $domain. Exiting. Check config and LuCI cache"
+    for subnet_service in $COMMUNITY_SUBNET_SERVICES; do
+        if [ "$service" = "$subnet_service" ]; then
+            return 0
+        fi
+    done
+
+    log "Invalid service in community lists: $service. Check config and LuCI cache. Aborted." "fatal"
     exit 1
 }
 
 process_validate_service() {
-    local domain_list_enabled
-    config_get_bool domain_list_enabled "$section" "domain_list_enabled" 0
-    if [ "$domain_list_enabled" -eq 1 ]; then
-        config_list_foreach "$section" domain_list validate_service
+    local community_lists_enabled
+    config_get_bool community_lists_enabled "$section" "community_lists_enabled" 0
+    if [ "$community_lists_enabled" -eq 1 ]; then
+        config_list_foreach "$section" "community_lists" validate_service
     fi
 }
 
@@ -970,8 +976,14 @@ configure_community_list_handler() {
     config_get update_interval "main" "update_interval" "1d"
 
     config=$(sing_box_cm_add_remote_ruleset "$config" "$ruleset_tag" "$format" "$url" "$detour" "$update_interval")
-    _add_ruleset_to_dns_rules "$ruleset_tag"
     config=$(sing_box_cm_patch_route_rule "$config" "$route_rule_tag" "rule_set" "$ruleset_tag")
+
+    for service in $COMMUNITY_DOMAIN_SERVICES; do
+        if [ "$tag" = "$service" ]; then
+            _add_ruleset_to_dns_rules "$ruleset_tag"
+            break
+        fi
+    done
 }
 
 configure_user_domain_or_subnets_list() {
diff --git a/podkop/files/usr/lib/constants.sh b/podkop/files/usr/lib/constants.sh
index eaa3572..46b132d 100644
--- a/podkop/files/usr/lib/constants.sh
+++ b/podkop/files/usr/lib/constants.sh
@@ -63,4 +63,5 @@ SUBNETS_HETZNER="${GITHUB_RAW_URL}/Subnets/IPv4/hetzner.lst"
 SUBNETS_OVH="${GITHUB_RAW_URL}/Subnets/IPv4/ovh.lst"
 SUBNETS_DIGITALOCEAN="${GITHUB_RAW_URL}/Subnets/IPv4/digitalocean.lst"
 SUBNETS_CLOUDFRONT="${GITHUB_RAW_URL}/Subnets/IPv4/cloudfront.lst"
-VALID_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube discord meta twitter hdrezka tiktok telegram cloudflare google_ai google_play hetzner ovh hodca digitalocean cloudfront"
\ No newline at end of file
+COMMUNITY_DOMAIN_SERVICES="russia_inside russia_outside ukraine_inside geoblock block porn news anime youtube hdrezka tiktok google_ai google_play hodca"
+COMMUNITY_SUBNET_SERVICES="discord meta twitter cloudflare cloudfront digitalocean hetzner ovh telegram"
\ No newline at end of file
diff --git a/podkop/files/usr/lib/helpers.sh b/podkop/files/usr/lib/helpers.sh
index 0a62e1a..fe3d616 100644
--- a/podkop/files/usr/lib/helpers.sh
+++ b/podkop/files/usr/lib/helpers.sh
@@ -324,7 +324,7 @@ parse_domain_or_subnet_file_to_comma_string() {
     local result
     while IFS= read -r line; do
         line=$(echo "$line" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')
-        log "!!! $line"
+
         [ -z "$line" ] && continue
 
         case "$type" in