diff --git a/Makefile b/Makefile
index 0ace1f3..49003e3 100644
--- a/Makefile
+++ b/Makefile
@@ -1,11 +1,12 @@
 CROSS_COMPILE ?= 
 CC := $(CROSS_COMPILE)gcc
-CFLAGS += -g -Wall
+CFLAGS += -O2 -g -Wall
 LIB += -lcurl -lip4tc
 OBG = rhost
 
 all: conf.o rhost.o libiptc.o
 	$(CC) $(CFLAGS) $^ -o $(OBG) $(LIB)
+	chmod +x $(OBG)
     
 clean:
 	rm -rf *.o
diff --git a/README.md b/README.md
index 729c4bb..7e8dda5 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,11 @@ ssh防止暴力破解,适用Debian 8、9、11 Centos 7
 支持第三方QQ邮箱告警  
 支持一次运行检测、后台运行检测  
 Debian系统请安装libcurl库和libiptc库  
+<<<<<<< HEAD
 Centos 7系统请安装libcurl库和iptables-devel库，yum install iptables-devel libcurl-devel
+=======
+Centos 7系统请安装libcurl库和iptables-devel库，yum install iptables-devel libcurl-devel  
+>>>>>>> 708af46 (优化)
 
 
 ```
diff --git a/libiptc.c b/libiptc.c
index b301c12..76b3c29 100644
--- a/libiptc.c
+++ b/libiptc.c
@@ -29,7 +29,7 @@ int x_get_rule(const char *chain, struct xtc_handle *handle, char *ipv4)
 
 int show_all_rule(char *ipv4)
 {
-    int r;
+    int r=0;
     struct xtc_handle *handle;
     const char *chain = NULL;
     struct ipt_counters counter;
@@ -83,7 +83,7 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign
     size = IPT_ALIGN(sizeof(*match)) + IPT_ALIGN(sizeof(*udpinfo));
     match = (struct ipt_entry_match *)calloc(1, size);
     match->u.match_size = size;
-    strncpy(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN);
+    memmove(match->u.user.name, protocol, IPT_FUNCTION_MAXNAMELEN);
 
     udpinfo = (struct ipt_udp *)match->data;
     udpinfo->spts[1] = udpinfo->dpts[1] = 0xFFFF;
@@ -103,10 +103,10 @@ struct ipt_entry_match *get_match(const char *sports, const char *dports, unsign
 int iptc_add_rule(const char *table, const char *chain, int protocol, const char *iniface, const char *outiface, unsigned int src, 
     unsigned int dest, const char *srcports, const char *destports, const char *target, const char *dnat_to, const int append)
 {
-    struct xtc_handle *handle;
-    struct ipt_entry *chain_entry;
+    struct xtc_handle *handle = NULL;
+    struct ipt_entry *chain_entry = NULL;
     struct ipt_entry_match *entry_match = NULL;
-    struct ipt_entry_target *entry_target;
+    struct ipt_entry_target *entry_target = NULL;
     ipt_chainlabel labelit;
     long match_size;
     int result = 0;
@@ -123,9 +123,9 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
     }
 
     if (iniface)
-        strncpy(chain_entry->ip.iniface, iniface, IFNAMSIZ);
+        memmove(chain_entry->ip.iniface, iniface, IFNAMSIZ);
     if (outiface)
-        strncpy(chain_entry->ip.outiface, outiface, IFNAMSIZ);
+        memmove(chain_entry->ip.outiface, outiface, IFNAMSIZ);
 
     chain_entry->ip.proto = protocol;
     if (IPPROTO_UDP == protocol)
@@ -138,7 +138,7 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
         size = IPT_ALIGN(sizeof(struct ipt_entry_target)) + IPT_ALIGN(sizeof(int));
         entry_target = (struct ipt_entry_target *)calloc(1, size);
         entry_target->u.user.target_size = size;
-        strncpy(entry_target->u.user.name, target, IPT_FUNCTION_MAXNAMELEN);
+        memmove(entry_target->u.user.name, target, IPT_FUNCTION_MAXNAMELEN);
     }
     if (entry_match) {
         match_size = entry_match->u.match_size;
@@ -168,7 +168,7 @@ int iptc_add_rule(const char *table, const char *chain, int protocol, const char
         return 1;
     }
 
-    strncpy(labelit, chain, sizeof(ipt_chainlabel));
+    memmove(labelit, chain, sizeof(ipt_chainlabel));
     //printf("Chain name:%s\n", chain);
     result = iptc_is_chain(chain, handle);
     if (!result) {
diff --git a/rhost.c b/rhost.c
index 6c88189..e6b4ad6 100644
--- a/rhost.c
+++ b/rhost.c
@@ -44,7 +44,7 @@ char *get_public_ip(char *ip)
 int strReplaceAll(char *str, char *sub, char *replace)
 {
     if (NULL == str || NULL == sub || NULL == replace) {
-        printf("strReplaceAll param error\n");
+        printf("strReplaceAll\n");
         return 1;
     }
 
@@ -62,19 +62,19 @@ int strReplaceAll(char *str, char *sub, char *replace)
     while ('\0' != *p) {
         t = str + str_len;
         q = strstr(str, sub);
-        if (NULL == q)                      /* 没有子串了，那么直接返回吧 */
+        if (NULL == q)                      // 没有子串了直接返回
             break;
 
-        src = q + sub_len;                  /* 源头, 原有sub后的一个字符 */
-        dst = q + replace_len;              /* 目的，放完replace后的一个字符 */
-        memcpy(dst, src, t - src);          /* 原有字符串后移，放出空间 */
-        memcpy(q, replace, replace_len);    /* 将replace字符拷贝进来 */
+        src = q + sub_len;                  // 源头, 原有sub后的一个字符
+        dst = q + replace_len;              // 目的，放完replace后的一个字符
+        memcpy(dst, src, t - src);          // 原有字符串后移，放出空间
+        memcpy(q, replace, replace_len);    // 将replace字符拷贝进来
         str_len = str_len + replace_len - sub_len;
 
-        p = q + replace_len;                /* p 下一轮replace后的一个字符 */
+        p = q + replace_len;                // p 下一轮replace后的一个字符
     }
 
-    str[str_len] = '\0';                    /* 通过'\0'表示结尾 */
+    str[str_len] = '\0';                    // 通过'\0'表示结尾
 
     return 0;
 }
@@ -84,7 +84,6 @@ int dingding_warning(char *illegal_ip, char *public_ip, conf *conf)
 {
     FILE *fp;
     if ((fp = fopen("libcurl_ding.log", "wt+")) == NULL){
-        
         return 1;
     }
     
@@ -186,7 +185,9 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, conf *conf)
 int rule(conf *conf)
 {
     FILE *fp, *fc;
-    char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))];
+    
+    //char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER], iptables[BUFFER + (sizeof(IPTABLES))], iptables_check[BUFFER + (sizeof(IPTABLES_CHECK))];
+    char p[2], splice_command[LONG_BUFFER], command[LONG_BUFFER], *temp, buffer[BUFFER], awk[BUFFER];
 
     time_t timep;
     struct tm *tp;
@@ -196,8 +197,8 @@ int rule(conf *conf)
     memset(command, 0, LONG_BUFFER);
     memset(buffer, 0, BUFFER);
     memset(awk, 0, BUFFER);
-    memset(iptables, 0, BUFFER+(sizeof(IPTABLES)));
-    memset(iptables_check, 0, BUFFER+(sizeof(IPTABLES_CHECK)));
+    //memset(iptables, 0, BUFFER+(sizeof(IPTABLES)));
+    //memset(iptables_check, 0, BUFFER+(sizeof(IPTABLES_CHECK)));
     fp = NULL;
     fc = NULL;
 
@@ -260,8 +261,8 @@ int rule(conf *conf)
     {
 
         buffer[strlen(buffer) - 1] = '\0';                  // 去除回车
-        sprintf(iptables, IPTABLES, buffer);
-        sprintf(iptables_check, IPTABLES_CHECK, buffer);
+        //sprintf(iptables, IPTABLES, buffer);
+        //sprintf(iptables_check, IPTABLES_CHECK, buffer);
 
         //if (0 != system(iptables_check))                    // 调用iptables命令判断是否存在规则, 不存在时再添加规则
         if (0 != show_all_rule(buffer))                     // libiptc库判断
@@ -292,7 +293,6 @@ int rule(conf *conf)
             }
             */
             
-            
             // libiptc 库插入规则 iptables -t filter -A INPUT -p tcp -s xxxx -j DROP
             unsigned int destIp;
             inet_pton(AF_INET, buffer, &destIp);