```

feat(iptables): 更新 iptables 规则命令并添加 reload 功能

移除了 iptables 命令中的冗余协议参数 `-p tcp`，统一使用更通用的匹配方式。
新增 `-s reload` 参数支持重新加载 iptables 规则，提升操作便利性。
同时更新了依赖库版本，包括 ip2region 和 golang.org/x 包。
```

go.mod

@@ -4,10 +4,10 @@ go 1.25.4
 
 require (
 	github.com/google/gopacket v1.1.19
-	github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251121144738-613501fc0093
+	github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251207115101-d4b8f9f841b9
 )
 
 require (
-	golang.org/x/net v0.47.0 // indirect
-	golang.org/x/sys v0.38.0 // indirect
+	golang.org/x/net v0.48.0 // indirect
+	golang.org/x/sys v0.39.0 // indirect
 )

go.sum

@@ -8,6 +8,10 @@ github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251113013923-bd30b77d5
 github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251113013923-bd30b77d5468/go.mod h1:+mNMTBuDMdEGhWzoQgc6kBdqeaQpWh5ba8zqmp2MxCU=
 github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251121144738-613501fc0093 h1:+vHmV2SqaCMxb21SuOvezhBFKlUdaB8pYfDIDOhU64Y=
 github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251121144738-613501fc0093/go.mod h1:+mNMTBuDMdEGhWzoQgc6kBdqeaQpWh5ba8zqmp2MxCU=
+github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251124080701-096d68ea7706 h1:yi4Usm9TUC5itUsw6DPqWXZnfSui0Y3qWEoeFlq778s=
+github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251124080701-096d68ea7706/go.mod h1:+mNMTBuDMdEGhWzoQgc6kBdqeaQpWh5ba8zqmp2MxCU=
+github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251207115101-d4b8f9f841b9 h1:0IngVEHYqJUpjrnY9T1dZ2AMIbsI/sCUxxg77eGXXes=
+github.com/lionsoul2014/ip2region/binding/golang v0.0.0-20251207115101-d4b8f9f841b9/go.mod h1:+mNMTBuDMdEGhWzoQgc6kBdqeaQpWh5ba8zqmp2MxCU=
 github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
 github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -20,6 +24,8 @@ golang.org/x/net v0.46.0 h1:giFlY12I07fugqwPuWJi68oOnpfqFnJIJzaIIm2JVV4=
 golang.org/x/net v0.46.0/go.mod h1:Q9BGdFy1y4nkUwiLvT5qtyhAnEHgnQ/zd8PfU6nc210=
 golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
 golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
+golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU=
+golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -27,6 +33,8 @@ golang.org/x/sys v0.37.0 h1:fdNQudmxPjkdUTPnLn5mdQv7Zwvbvpaxqs831goi9kQ=
 golang.org/x/sys v0.37.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
 golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk=
+golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

ipset.go

@@ -130,7 +130,7 @@ func RemoveIPIfInSets(prefix string, max int, ip string) (string, error) {
 // 添加 Iptables 规则
 func iptables_add(setName string) error {
 
-	cmd := exec.Command("sh", "-c", fmt.Sprintf("iptables -A INPUT -p tcp -m set --match-set %s src -j DROP", setName))
+	cmd := exec.Command("sh", "-c", fmt.Sprintf("iptables -A INPUT -m set --match-set %s src -j DROP", setName))
 
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout
@@ -148,7 +148,7 @@ func iptables_add(setName string) error {
 // 删除 Iptables 规则
 func iptables_del(setName string) error {
 
-	cmd := exec.Command("sh", "-c", fmt.Sprintf("iptables -D INPUT -p tcp -m set --match-set %s src -j DROP", setName))
+	cmd := exec.Command("sh", "-c", fmt.Sprintf("iptables -D INPUT -m set --match-set %s src -j DROP", setName))
 
 	var stdout, stderr bytes.Buffer
 	cmd.Stdout = &stdout

main.go

@@ -449,7 +449,7 @@ func HandleCmd() {
 	flag.BoolVar(&InterfacesList, "l", false, "列出可用的网络接口")
 	Protocol = flag.String("f", "'tcp' or 'udp' or 'tcp or udp'", "指定 BPF 过滤器")
 	PcapFile = flag.String("o", "", "保存捕获数据的输出文件（可选）")
-	flag.StringVar(&instruction, "s", "", "-s start 启动 Iptables 规则\n-s stop  停止 Iptables 规则\n-s list  打印 Iptables 规则")
+	flag.StringVar(&instruction, "s", "", "-s start   启动 Iptables 规则\n-s stop    停止 Iptables 规则\n-s list    打印 Iptables 规则\n-s reload  重启 Iptables 规则")
 	flag.BoolVar(&help, "h", false, "")
 	flag.BoolVar(&help, "help", false, "帮助信息")
 	flag.Parse()
@@ -480,6 +480,23 @@ func HandleCmd() {
 				_name := fmt.Sprintf("root%d", i)
 				iptables_del(_name)
 			}
+
+			os.Exit(0)
+		case "r":
+			fallthrough
+		case "restart":
+			fallthrough
+		case "reload":
+			for i := 0; i < MAX_IPSET_NAME; i++ {
+				_name := fmt.Sprintf("root%d", i)
+				iptables_del(_name)
+			}
+
+			for i := 0; i < MAX_IPSET_NAME; i++ {
+				_name := fmt.Sprintf("root%d", i)
+				iptables_add(_name)
+			}
+
 			os.Exit(0)
 		case "l":
 			fallthrough