diff --git a/package/lienol/luci-app-passwall/Makefile b/package/lienol/luci-app-passwall/Makefile
index a324e0f8bd..a0cacab8d4 100644
--- a/package/lienol/luci-app-passwall/Makefile
+++ b/package/lienol/luci-app-passwall/Makefile
@@ -7,8 +7,8 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-passwall
 PKG_VERSION:=3.6
-PKG_RELEASE:=21
-PKG_DATE:=20200311
+PKG_RELEASE:=22
+PKG_DATE:=20200314
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
 
diff --git a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/tips.htm b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/tips.htm
index e9d114f217..c71b0f7da4 100644
--- a/package/lienol/luci-app-passwall/luasrc/view/passwall/global/tips.htm
+++ b/package/lienol/luci-app-passwall/luasrc/view/passwall/global/tips.htm
@@ -3,6 +3,10 @@
 	<div class="cbi-value-field">
 		<%:Tips%>：<%:You can use load balancing for failover.%>
 		<br />
-		<%:Restore the default configuration method. Input example in the address bar: %>http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/reset_config
+		<%:Restore the default configuration method. Input example in the address bar:%> http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/reset_config
+		<br />
+		<%:Hide menu method, input example in the address bar:%> http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/hide
+		<br />
+		<%:After the hidden to the display, input example in the address bar:%> http://192.168.1.1/cgi-bin/luci/admin/vpn/passwall/show
 	</div>
 </div>
diff --git a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po
index 1d8c51bed5..18b2be91e5 100644
--- a/package/lienol/luci-app-passwall/po/zh-cn/passwall.po
+++ b/package/lienol/luci-app-passwall/po/zh-cn/passwall.po
@@ -814,8 +814,8 @@ msgstr "状态信息显示节点检测"
 msgid "Status Show IP111"
 msgstr "状态信息显示IP111"
 
-msgid "Hide Menu"
-msgstr "隐藏菜单"
+msgid "Hide menu method, input example in the address bar:"
+msgstr "隐藏菜单方法，地址栏输入例："
 
 msgid "After the hidden to the display, input example in the address bar:"
 msgstr "当你隐藏后想再次显示，地址栏输入例："
diff --git a/package/lienol/luci-app-passwall/root/etc/config/passwall b/package/lienol/luci-app-passwall/root/etc/config/passwall
index d448eaf6a7..bab4f7bff8 100644
--- a/package/lienol/luci-app-passwall/root/etc/config/passwall
+++ b/package/lienol/luci-app-passwall/root/etc/config/passwall
@@ -20,7 +20,7 @@ config global_delay
 	option start_delay '1'
 
 config global_forwarding
-	option process '1'
+	option process '0'
 	option tcp_no_redir_ports 'disable'
 	option udp_no_redir_ports '80,443'
 	option tcp_redir_ports '22,25,53,143,465,587,993,995,80,443'
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
index 3f6fe7c875..101a842820 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/app.sh
@@ -51,6 +51,8 @@ config_t_get() {
 
 get_host_ip() {
 	local host=$2
+	local count=$3
+	[ -z "$count" ] && count=3
 	local isip=""
 	local ip=$host
 	if [ "$1" == "ipv6" ]; then
@@ -66,7 +68,7 @@ get_host_ip() {
 	[ -z "$isip" ] && {
 		local t=4
 		[ "$1" == "ipv6" ] && t=6
-		local vpsrip=$(resolveip -$t -t 3 $host | awk 'NR==1{print}')
+		local vpsrip=$(resolveip -$t -t $count $host | awk 'NR==1{print}')
 		ip=$vpsrip
 	}
 	echo $ip
@@ -200,12 +202,10 @@ load_config() {
 	[ ! -f "$RESOLVFILE" -o ! -s "$RESOLVFILE" ] && RESOLVFILE=/tmp/resolv.conf.auto
 	if [ "$UP_CHINA_DNS" == "dnsbyisp" -o "$UP_CHINA_DNS" == "default" ]; then
 		UP_CHINA_DNS1=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '1P')
-		if [ -n "$UP_CHINA_DNS1" ]; then
-			UP_CHINA_DNS=$UP_CHINA_DNS1
-		else
-			UP_CHINA_DNS="119.29.29.29"
-		fi
-		local UP_CHINA_DNS2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
+		DEFAULT_DNS1="$UP_CHINA_DNS1"
+		[ -z "$UP_CHINA_DNS1" ] && UP_CHINA_DNS1="119.29.29.29"
+		UP_CHINA_DNS="$UP_CHINA_DNS1"
+		UP_CHINA_DNS2=$(cat $RESOLVFILE 2>/dev/null | grep -E -o "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | grep -v 0.0.0.0 | grep -v 127.0.0.1 | sed -n '2P')
 		[ -n "$UP_CHINA_DNS1" -a -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="$UP_CHINA_DNS1,$UP_CHINA_DNS2"
 	else
 		UP_CHINA_DNS1=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $1}')
@@ -213,7 +213,8 @@ load_config() {
 			UP_CHINA_DNS2=$(echo $UP_CHINA_DNS | sed "s/:/#/g" | awk -F ',' '{print $2}')
 			[ -n "$UP_CHINA_DNS2" ] && UP_CHINA_DNS="${UP_CHINA_DNS1},${UP_CHINA_DNS2}"
 		else
-			UP_CHINA_DNS="114.114.114.114"
+			UP_CHINA_DNS1="119.29.29.29"
+			UP_CHINA_DNS=$UP_CHINA_DNS1
 		fi
 	fi
 	PROXY_IPV6=$(config_t_get global_forwarding proxy_ipv6 0)
@@ -632,16 +633,20 @@ add_dnsmasq() {
 	}
 	
 	[ "$DNS_MODE" != "nonuse" ] && {
-		local dns2="$UP_CHINA_DNS2"
-		[ -z "$dns2" ] && dns2="114.114.114.114"
-		[ -f "$RULES_PATH/whitelist_host" -a -s "$RULES_PATH/whitelist_host" ] && cat $RULES_PATH/whitelist_host | sed -e "/^$/d" | sort | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nserver=/."$1"/'$dns2'\nipset=/."$1"/whitelist"}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
+		if [ -n "$UP_CHINA_DNS2" ]; then
+			[ -f "$RULES_PATH/whitelist_host" -a -s "$RULES_PATH/whitelist_host" ] && cat $RULES_PATH/whitelist_host | sed -e "/^$/d" | sort | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nserver=/."$1"/'$UP_CHINA_DNS2'\nipset=/."$1"/whitelist"}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
+			uci show $CONFIG | grep "@nodes" | grep "address" | cut -d "'" -f 2 | sed 's/^\(https:\/\/\|http:\/\/\)//g' | awk -F '/' '{print $1}' | grep -E '.*\..*$' | grep '[a-zA-Z]$' | sort | uniq | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nserver=/."$1"/'$UP_CHINA_DNS2'\nipset=/."$1"/vpsiplist"}' > $TMP_DNSMASQ_PATH/vpsiplist_host.conf
+		else
+			[ -f "$RULES_PATH/whitelist_host" -a -s "$RULES_PATH/whitelist_host" ] && cat $RULES_PATH/whitelist_host | sed -e "/^$/d" | sort | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nipset=/."$1"/whitelist"}' > $TMP_DNSMASQ_PATH/whitelist_host.conf
+			uci show $CONFIG | grep "@nodes" | grep "address" | cut -d "'" -f 2 | sed 's/^\(https:\/\/\|http:\/\/\)//g' | awk -F '/' '{print $1}' | grep -E '.*\..*$' | grep '[a-zA-Z]$' | sort | uniq | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nipset=/."$1"/vpsiplist"}' > $TMP_DNSMASQ_PATH/vpsiplist_host.conf
+		fi
 		[ -f "$RULES_PATH/blacklist_host" -a -s "$RULES_PATH/blacklist_host" ] && cat $RULES_PATH/blacklist_host | sed -e "/^$/d" | sort | awk '{print "server=/."$1"/127.0.0.1#'$DNS_PORT'\nipset=/."$1"/blacklist"}' > $TMP_DNSMASQ_PATH/blacklist_host.conf
 		[ -f "$RULES_PATH/gfwlist.conf" -a -s "$RULES_PATH/gfwlist.conf" ] && ln -s $RULES_PATH/gfwlist.conf $TMP_DNSMASQ_PATH/gfwlist.conf
 		
 		subscribe_proxy=$(config_t_get global_subscribe subscribe_proxy 0)
 		[ "$subscribe_proxy" -eq 1 ] && {
 			local count=$(uci show $CONFIG | grep "@subscribe_list" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
-			[ -n "$count" -a "$count" -ge 0 ] && {
+			[ -n "$count" ] && [ "$count" -ge 0 ] && {
 				u_get() {
 					local ret=$(uci -q get $CONFIG.@subscribe_list[$1].$2)
 					echo ${ret:=$3}
@@ -664,7 +669,7 @@ add_dnsmasq() {
 		}
 	}
 	
-	[ -z "$IS_DEFAULT_CHINA_DNS" -o "$IS_DEFAULT_CHINA_DNS" == 0 ] && {
+	if [ -z "$IS_DEFAULT_CHINA_DNS" -o "$IS_DEFAULT_CHINA_DNS" == 0 ]; then
 		server="server=127.0.0.1#$DNS_PORT"
 		[ "$DNS_MODE" != "chinadns-ng" ] && {
 			[ -n "$UP_CHINA_DNS1" ] && server="server=$UP_CHINA_DNS1"
@@ -676,7 +681,21 @@ add_dnsmasq() {
 			no-poll
 			no-resolv
 		EOF
-	}
+	else
+		# 如果有某些人DNS设置了默认，但是没有设置上级DNS会上不了网，做个防呆...(真是服了你们这些xxx)
+		[ -z "$DEFAULT_DNS1" ] && {
+			local tmp=$(get_host_ip ipv4 www.baidu.com 1)
+			[ -z "$tmp" ] && {
+				cat <<-EOF > /var/dnsmasq.d/dnsmasq-$CONFIG.conf
+					server=$UP_CHINA_DNS1
+					no-poll
+					no-resolv
+				EOF
+				echolog "你没有设置接口DNS，请前往设置！"
+				/etc/init.d/dnsmasq restart >/dev/null 2>&1 &
+			}
+		}
+	fi
 	
 	echo "conf-dir=$TMP_DNSMASQ_PATH" >> /var/dnsmasq.d/dnsmasq-$CONFIG.conf
 	cp -rf /var/dnsmasq.d/dnsmasq-$CONFIG.conf $DNSMASQ_PATH/dnsmasq-$CONFIG.conf
@@ -797,7 +816,7 @@ start_haproxy() {
 				    mode tcp
 			EOF
 			local count=$(uci show $CONFIG | grep "@balancing" | sed -n '$p' | cut -d '[' -f 2 | cut -d ']' -f 1)
-			[ -n "$count" -a "$count" -ge 0 ] && {
+			[ -n "$count" ] && [ "$count" -ge 0 ] && {
 				u_get() {
 					local ret=$(uci -q get $CONFIG.@balancing[$1].$2)
 					echo ${ret:=$3}
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default b/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default
index 4b53fbeecf..76afb424a9 100644
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/config.default
@@ -20,7 +20,7 @@ config global_delay
 	option start_delay '1'
 
 config global_forwarding
-	option process '1'
+	option process '0'
 	option tcp_no_redir_ports 'disable'
 	option udp_no_redir_ports '80,443'
 	option tcp_redir_ports '22,25,53,143,465,587,993,995,80,443'
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
index 598d33960a..0e64e1be87 100755
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/iptables.sh
@@ -171,9 +171,6 @@ load_acl() {
 filter_vpsip() {
 	echolog "开始过滤所有IPV4节点到白名单"
 	uci show $CONFIG | grep "@nodes" | grep "address" | cut -d "'" -f 2 | grep -E "([0-9]{1,3}[\.]){3}[0-9]{1,3}" | sed -e "/^$/d" | sed -e "s/^/add $IPSET_VPSIPLIST &/g" | awk '{print $0} END{print "COMMIT"}' | ipset -! -R
-	local dns2="$UP_CHINA_DNS2"
-	[ -z "$dns2" ] && dns2="114.114.114.114"
-	uci show $CONFIG | grep "@nodes" | grep "address" | cut -d "'" -f 2 | sed 's/^\(https:\/\/\|http:\/\/\)//g' | awk -F '/' '{print $1}' | grep -E '.*\..*$' | grep '[a-zA-Z]$' | sort | uniq | awk '{print "server=/."$1"/'$UP_CHINA_DNS1'\nserver=/."$1"/'$dns2'\nipset=/."$1"/'$IPSET_VPSIPLIST'"}' > $TMP_DNSMASQ_PATH/vpsiplist_host.conf
 	echolog "过滤所有IPV4节点完成"
 }
 
@@ -185,17 +182,17 @@ filter_node() {
 			[ "$type" == "brook" -a "$(config_n_get $1 brook_protocol client)" == "client" ] && i=$ipt_m
 			local address=$(config_n_get $1 address)
 			local port=$(config_n_get $1 port)
-			is_exist=$($i -L PSW 2>/dev/null | grep -c "$address:$port")
+			is_exist=$($i -n -L PSW 2>/dev/null | grep -c "$address:$port")
 			[ "$is_exist" == 0 ] && {
 				local ADD_INDEX=2
-				local INDEX=$($i -L PSW --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
+				local INDEX=$($i -n -L PSW --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
 				[ -n "$INDEX" ] && ADD_INDEX=$INDEX
 				$i -I PSW $ADD_INDEX -p tcp -d $address --dport $port $(comment "$address:$port") -j RETURN
 			}
-			is_exist=$($i -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port")
+			is_exist=$($i -n -L PSW_OUTPUT 2>/dev/null | grep -c "$address:$port")
 			[ "$is_exist" == 0 ] && {
 				local ADD_INDEX=2
-				local INDEX=$($i -L PSW_OUTPUT --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
+				local INDEX=$($i -n -L PSW_OUTPUT --line-numbers | grep "$IPSET_VPSIPLIST" | sed -n '$p' | awk '{print $1}')
 				[ -n "$INDEX" ] && ADD_INDEX=$INDEX
 				$i -I PSW_OUTPUT $ADD_INDEX -p tcp -d $address --dport $port $(comment "$address:$port") -j RETURN
 			}
@@ -531,10 +528,10 @@ add_firewall_rule() {
 }
 
 del_firewall_rule() {
-	ipv6_output_ss_exist=$($ip6t_n -L OUTPUT 2>/dev/null | grep -c "PSW")
+	ipv6_output_ss_exist=$($ip6t_n -n -L OUTPUT 2>/dev/null | grep -c "PSW")
 	[ -n "$ipv6_output_ss_exist" ] && {
 		until [ "$ipv6_output_ss_exist" = 0 ]; do
-			rules=$($ip6t_n -L OUTPUT --line-numbers | grep "PSW" | awk '{print $1}')
+			rules=$($ip6t_n -n -L OUTPUT --line-numbers | grep "PSW" | awk '{print $1}')
 			for rule in $rules; do
 				$ip6t_n -D OUTPUT $rule 2>/dev/null
 				break
diff --git a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
index 98e0dfd2b2..97fbc83037 100644
--- a/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
+++ b/package/lienol/luci-app-passwall/root/usr/share/passwall/subscribe.lua
@@ -401,14 +401,15 @@ local function select_node(nodes, config)
 	end
 end
 
-local function update_node()
+local function update_node(manual)
 	if next(nodeResult) == nil then
 		log("更新失败，没有可用的节点信息")
 		return
 	end
 	-- delet all for subscribe nodes
 	ucic2:foreach(application, uciType, function(node)
-		if (node.is_sub or node.hashkey) and node.add_mode ~= '导入' then
+		-- 如果是手动导入的节点就不参与删除
+		if manual == 0 and (node.is_sub or node.hashkey) and node.add_mode ~= '导入' then
 			ucic2:delete(application, node['.name'])
 		end
 	end)
@@ -531,7 +532,7 @@ local execute = function()
 			end
 		end)
 		-- diff
-		update_node()
+		update_node(0)
 	end
 end
 
@@ -557,12 +558,9 @@ if arg[1] then
 		for _, raw in ipairs(nodes) do
 			parse_link(raw, nil, 1)
 		end
-		update_node()
+		update_node(1)
+		luci.sys.call("rm -f /tmp/links.conf")
 	elseif arg[1] == "truncate" then
 		truncate_nodes()
-	elseif arg[1] == "test" then
-		for k, v in pairs(CONFIG) do
-			print(k, v)
-		end
 	end
 end