diff --git a/README.md b/README.md
index dfcc497..89ad86e 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,18 @@
 # v2rule
 
-适用于透明路由的iptables规则
\ No newline at end of file
+适用于透明路由的iptables规则
+
+## 工作原理
+由DNSmasq将需要路由的GFW地址加入ipset,在iptables中将被ipset标记的流量进行转发至v2ray.v2ray只处理需要转发的流量.
+* 为了本地请求的效率才做的如上过滤,也可以直接将所有请求转发至v2ray然后在v2ray中判断
+
+## 用法
+```
+# 启用 
+v2rule.sh enable
+
+# 停用
+v2rule.sh disable
+
+```
+<font color='red'>脚本运行iptables需要root权限,请在`root`或者`sudo`下运行</font>
\ No newline at end of file
diff --git a/v2rule.sh b/v2rule.sh
new file mode 100755
index 0000000..41ed253
--- /dev/null
+++ b/v2rule.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+V2RAY_PORT=12345
+PROXY_SET="gfwlist"
+PRIVATE=(0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4)
+
+check_iptables() {
+  iptables_version=`iptables -V | grep -o "v1\.[0-9]"`
+  if [ "${iptables_version}" = "v1.8" ] ; then
+    echo "[Info]: Current iptables version: ${iptables_version}"
+  else
+    echo "[Error]: Cant run this script without iptables"
+    exit 1
+  fi
+}
+
+create_proxy_iptables() {
+  ipset list $PROXY_SET > /dev/null
+  if [ $? -ne 0 ]; then
+    echo "[Info]: Create ipset ${PROXY_SET}"
+    ipset create $PROXY_SET hash:ip
+  fi
+  echo "[Info]: Create proxy iptables rules"
+  iptables -t nat -N V2RAY
+  # 内网网段请求返回
+  for subnet in ${PRIVATE[@]}; do
+    iptables -t nat -A V2RAY -d ${subnet} -j RETURN
+  done
+  # 代理所有请求
+  iptables -t nat -A V2RAY -p tcp -j REDIRECT --to-ports ${V2RAY_PORT}
+  iptables -t nat -A V2RAY -p udp -j REDIRECT --to-ports ${V2RAY_PORT}
+
+  # 符合GFWLIST的包转发至V2RAY链
+  # 在PREROUTING链转发则可以处理来自于局域网的包
+  iptables -t nat -A PREROUTING -m set --match-set $PROXY_SET dst -j V2RAY
+}
+
+flush_nat_iptables() {
+  echo "[Info]: Clean nat proxy iptables rules."
+  ip_chain_check=`iptables-save -t nat | cut -d ' ' -f 1 | tr "\n" " "`
+  if eval "echo \"${ip_chain_check}\"  | grep -q \":V2RAY\"" ; then
+    iptables -t nat -D PREROUTING -m set --match-set $PROXY_SET dst -j V2RAY
+    iptables -t nat -F V2RAY
+    iptables -t nat -X V2RAY
+  fi
+  unset ip_chain_check
+}
+
+disable_proxy() {
+  flush_nat_iptables
+}
+
+enable_proxy() {
+  create_proxy_iptables
+}
+
+# find_ip_path
+check_iptables
+
+case "$1" in
+  enable)
+    disable_proxy
+    enable_proxy
+    ;;
+  disable)
+    disable_proxy
+    ;;
+  *)
+    echo "$0:  usage:  $0 {enable|disable}"
+    ;;
+esac