diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile
index 688b3b826e..51c81cfab4 100644
--- a/package/lienol/luci-app-passwall/Makefile
+++ b/package/lienol/luci-app-passwall/Makefile
@@ -6,8 +6,9 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
-PKG_VERSION:=3.5.9
-PKG_RELEASE:=20200216
+PKG_VERSION:=3.5
+PKG_RELEASE:=11
+PKG_DATA:=20200217
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
diff --git a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
index 867849ae45..c94d101cdf 100644
--- a/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
+++ b/package/lienol/luci-app-passwall/luasrc/model/cbi/passwall/other.lua
@@ -72,9 +72,10 @@ o:value("1:65535", translate("All"))
 
 ---- TCP Redir Ports
 o = s:option(Value, "tcp_redir_ports", translate("TCP Redir Ports"))
-o.default = "80,443"
+o.default = "22,25,53,143,465,587,993,995,80,443"
 o:value("1:65535", translate("All"))
-o:value("80,443", "80,443")
+o:value("22,25,53,143,465,587,993,995,80,443", translate("Common Use"))
+o:value("80,443", translate("Only Web"))
 o:value("80:", "80 " .. translate("or more"))
 o:value(":443", "443 " .. translate("or less"))
 
@@ -82,7 +83,7 @@ o:value(":443", "443 " .. translate("or less"))
 o = s:option(Value, "udp_redir_ports", translate("UDP Redir Ports"))
 o.default = "1:65535"
 o:value("1:65535", translate("All"))
-o:value("53", "53")
+o:value("53", "DNS")
 
 ---- Multi SS/SSR Process Option
 o = s:option(Value, "process", translate("Multi Process Option"),
diff --git a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
index 559f91a0ed..23d599ff59 100644
--- a/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
+++ b/package/lienol/luci-app-passwall/po/zh_Hans/passwall.po
@@ -400,6 +400,12 @@ msgstr "UDP转发端口"
 msgid "All"
 msgstr "所有"
 
+msgid "Common Use"
+msgstr "常用的"
+
+msgid "Only Web"
+msgstr "仅网页"
+
 msgid "or more"
 msgstr "及以上"
 
diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall
index 31805a86d7..3ad2f9087f 100644
--- a/package/lienol/luci-app-passwall/root/etc/config/passwall
+++ b/package/lienol/luci-app-passwall/root/etc/config/passwall
@@ -24,7 +24,7 @@ config global_forwarding
 	option process '1'
 	option tcp_no_redir_ports 'disable'
 	option udp_no_redir_ports 'disable'
-	option tcp_redir_ports '1:65535'
+	option tcp_redir_ports '22,25,53,143,465,587,993,995,80,443'
 	option udp_redir_ports '1:65535'
 	option socks5_proxy_port '1081'
 	option proxy_ipv6 '0'
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default b/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default
index 31805a86d7..3ad2f9087f 100644
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default
@@ -24,7 +24,7 @@ config global_forwarding
 	option process '1'
 	option tcp_no_redir_ports 'disable'
 	option udp_no_redir_ports 'disable'
-	option tcp_redir_ports '1:65535'
+	option tcp_redir_ports '22,25,53,143,465,587,993,995,80,443'
 	option udp_redir_ports '1:65535'
 	option socks5_proxy_port '1081'
 	option proxy_ipv6 '0'
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 08167e38a1..f7afc1e2ca 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -270,7 +270,10 @@ add_firewall_rule() {
 			if [ "$node" != "nil" ]; then
 				local SOCKS5_NODE_PORT=$(config_get $node port)
 				local SOCKS5_NODE_IP=$(get_node_host_ip $node)
-				[ -n "$SOCKS5_NODE_IP" -a -n "$SOCKS5_NODE_PORT" ] && $ipt_n -A PSW -p tcp -d $SOCKS5_NODE_IP -m multiport --dports $SOCKS5_NODE_PORT -j RETURN
+				[ -n "$SOCKS5_NODE_IP" -a -n "$SOCKS5_NODE_PORT" ] && {
+					$ipt_n -A PSW -p tcp -d $SOCKS5_NODE_IP --dport $SOCKS5_NODE_PORT -j RETURN
+					$ipt_n -A PSW_OUTPUT -p tcp -d $SOCKS5_NODE_IP --dport $SOCKS5_NODE_PORT -j RETURN
+				}
 			fi
 		done
 	fi
@@ -286,7 +289,10 @@ add_firewall_rule() {
 				local TCP_NODE_PORT=$(config_get $node port)
 				local TCP_NODE_IP=$(get_node_host_ip $node)
 				local TCP_NODE_TYPE=$(echo $(config_get $node type) | tr 'A-Z' 'a-z')
-				[ -n "$TCP_NODE_IP" -a -n "$TCP_NODE_PORT" ] && $ipt_n -A PSW -p tcp -d $TCP_NODE_IP -m multiport --dports $TCP_NODE_PORT -j RETURN
+				[ -n "$TCP_NODE_IP" -a -n "$TCP_NODE_PORT" ] && {
+					$ipt_n -A PSW -p tcp -d $TCP_NODE_IP --dport $TCP_NODE_PORT -j RETURN
+					$ipt_n -A PSW_OUTPUT -p tcp -d $TCP_NODE_IP --dport $TCP_NODE_PORT -j RETURN
+				}
 				if [ "$TCP_NODE_TYPE" == "brook" ]; then
 					$ipt_m -A PSW_ACL -p tcp -m socket -j MARK --set-mark 1
 
@@ -375,9 +381,7 @@ add_firewall_rule() {
 						
 						$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_BLACKLIST) -j REDIRECT --to-ports $TCP_REDIR_PORT1
 						$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_ROUTER) -j REDIRECT --to-ports $TCP_REDIR_PORT1
-						[ "$LOCALHOST_PROXY_MODE" == "global" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -j REDIRECT --to-ports $TCP_REDIR_PORT1
-						[ "$LOCALHOST_PROXY_MODE" == "gfwlist" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS $(dst $IPSET_GFW) -j REDIRECT --to-ports $TCP_REDIR_PORT1
-						[ "$LOCALHOST_PROXY_MODE" == "chnroute" ] && $ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -m set ! --match-set $IPSET_CHN dst -j REDIRECT --to-ports $TCP_REDIR_PORT1
+						$ipt_n -A PSW_OUTPUT -p tcp -m multiport --dport $TCP_REDIR_PORTS -j $(get_action_chain $LOCALHOST_PROXY_MODE)1
 					}
 					# 重定所有流量到透明代理端口
 					# $ipt_n -A PSW -p tcp -m ttl --ttl-eq $ttl -j REDIRECT --to $local_port
@@ -420,7 +424,10 @@ add_firewall_rule() {
 				local UDP_NODE_PORT=$(config_get $node port)
 				local UDP_NODE_IP=$(get_node_host_ip $node)
 				local UDP_NODE_TYPE=$(echo $(config_get $node type) | tr 'A-Z' 'a-z')
-				[ -n "$UDP_NODE_IP" -a -n "$UDP_NODE_PORT" ] && $ipt_m -A PSW -p udp -d $UDP_NODE_IP -m multiport --dports $UDP_NODE_PORT -j RETURN
+				[ -n "$UDP_NODE_IP" -a -n "$UDP_NODE_PORT" ] && {
+					$ipt_m -A PSW -p udp -d $UDP_NODE_IP --dport $UDP_NODE_PORT -j RETURN
+					$ipt_m -A PSW_OUTPUT -p udp -d $UDP_NODE_IP --dport $UDP_NODE_PORT -j RETURN
+				}
 				[ "$UDP_NODE_TYPE" == "brook" ] && $ipt_m -A PSW_ACL -p udp -m socket -j MARK --set-mark 1
 				#  全局模式
 				$ipt_m -A PSW_GLO$k -p udp -j TPROXY --tproxy-mark 0x1/0x1 --on-port $local_port