diff --git a/br-ext-chip-goke/board/gk7205v200/kernel/gk7202v300.generic.config b/br-ext-chip-goke/board/gk7205v200/kernel/gk7202v300.generic.config
index 9923a6ee..609070f1 100644
--- a/br-ext-chip-goke/board/gk7205v200/kernel/gk7202v300.generic.config
+++ b/br-ext-chip-goke/board/gk7205v200/kernel/gk7202v300.generic.config
@@ -664,7 +664,7 @@ CONFIG_TCP_MD5SIG=y
 # CONFIG_TIPC is not set
 # CONFIG_ATM is not set
 # CONFIG_L2TP is not set
-# CONFIG_BRIDGE is not set
+CONFIG_BRIDGE=y
 CONFIG_HAVE_NET_DSA=y
 # CONFIG_VLAN_8021Q is not set
 # CONFIG_DECNET is not set
diff --git a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic-fpv.config b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic-fpv.config
index 0d3a08ab..c9a8193f 100644
--- a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic-fpv.config
+++ b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic-fpv.config
@@ -664,7 +664,7 @@ CONFIG_TCP_MD5SIG=y
 # CONFIG_TIPC is not set
 # CONFIG_ATM is not set
 # CONFIG_L2TP is not set
-# CONFIG_BRIDGE is not set
+CONFIG_BRIDGE=y
 CONFIG_HAVE_NET_DSA=y
 # CONFIG_VLAN_8021Q is not set
 # CONFIG_DECNET is not set
diff --git a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic.config b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic.config
index d7950713..38c7e4bf 100644
--- a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic.config
+++ b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v200.generic.config
@@ -664,7 +664,7 @@ CONFIG_TCP_MD5SIG=y
 # CONFIG_TIPC is not set
 # CONFIG_ATM is not set
 # CONFIG_L2TP is not set
-# CONFIG_BRIDGE is not set
+CONFIG_BRIDGE=y
 CONFIG_HAVE_NET_DSA=y
 # CONFIG_VLAN_8021Q is not set
 # CONFIG_DECNET is not set
diff --git a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic-fpv.config b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic-fpv.config
index 27920b18..fe64a3c1 100644
--- a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic-fpv.config
+++ b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic-fpv.config
@@ -664,7 +664,7 @@ CONFIG_TCP_MD5SIG=y
 # CONFIG_TIPC is not set
 # CONFIG_ATM is not set
 # CONFIG_L2TP is not set
-# CONFIG_BRIDGE is not set
+CONFIG_BRIDGE=y
 CONFIG_HAVE_NET_DSA=y
 # CONFIG_VLAN_8021Q is not set
 # CONFIG_DECNET is not set
diff --git a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic.config b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic.config
index d170d9cd..faf898b4 100644
--- a/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic.config
+++ b/br-ext-chip-goke/board/gk7205v200/kernel/gk7205v300.generic.config
@@ -664,7 +664,7 @@ CONFIG_TCP_MD5SIG=y
 # CONFIG_TIPC is not set
 # CONFIG_ATM is not set
 # CONFIG_L2TP is not set
-# CONFIG_BRIDGE is not set
+CONFIG_BRIDGE=y
 CONFIG_HAVE_NET_DSA=y
 # CONFIG_VLAN_8021Q is not set
 # CONFIG_DECNET is not set
diff --git a/br-ext-chip-goke/board/gk7205v200/kernel/gk7605v100.generic.config b/br-ext-chip-goke/board/gk7205v200/kernel/gk7605v100.generic.config
index 42ed2886..f53f3847 100644
--- a/br-ext-chip-goke/board/gk7205v200/kernel/gk7605v100.generic.config
+++ b/br-ext-chip-goke/board/gk7205v200/kernel/gk7605v100.generic.config
@@ -664,7 +664,7 @@ CONFIG_TCP_MD5SIG=y
 # CONFIG_TIPC is not set
 # CONFIG_ATM is not set
 # CONFIG_L2TP is not set
-# CONFIG_BRIDGE is not set
+CONFIG_BRIDGE=y
 CONFIG_HAVE_NET_DSA=y
 # CONFIG_VLAN_8021Q is not set
 # CONFIG_DECNET is not set
diff --git a/br-ext-chip-goke/configs/unknown_unknown_gk7205v200_ultimate_defconfig b/br-ext-chip-goke/configs/unknown_unknown_gk7205v200_ultimate_defconfig
index ef830134..65fe92a9 100644
--- a/br-ext-chip-goke/configs/unknown_unknown_gk7205v200_ultimate_defconfig
+++ b/br-ext-chip-goke/configs/unknown_unknown_gk7205v200_ultimate_defconfig
@@ -99,5 +99,8 @@ BR2_PACKAGE_LINUX_FIRMWARE_OPENIPC_MT7601U=y
 BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
 BR2_PACKAGE_WIREGUARD_TOOLS=y
 
+# IPTABLES
+BR2_PACKAGE_IPTABLES=y
+
 # ZEROTIER
 BR2_PACKAGE_ZEROTIER_ONE=y
diff --git a/br-ext-chip-goke/configs/unknown_unknown_gk7205v300_ultimate_defconfig b/br-ext-chip-goke/configs/unknown_unknown_gk7205v300_ultimate_defconfig
index b627d128..b9cc3e30 100644
--- a/br-ext-chip-goke/configs/unknown_unknown_gk7205v300_ultimate_defconfig
+++ b/br-ext-chip-goke/configs/unknown_unknown_gk7205v300_ultimate_defconfig
@@ -99,5 +99,8 @@ BR2_PACKAGE_LINUX_FIRMWARE_OPENIPC_MT7601U=y
 BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
 BR2_PACKAGE_WIREGUARD_TOOLS=y
 
+# IPTABLES
+BR2_PACKAGE_IPTABLES=y
+
 # ZEROTIER
 BR2_PACKAGE_ZEROTIER_ONE=y
diff --git a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av100_ultimate_defconfig b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av100_ultimate_defconfig
index 212dfc87..6d221408 100644
--- a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av100_ultimate_defconfig
+++ b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av100_ultimate_defconfig
@@ -104,5 +104,8 @@ BR2_PACKAGE_LINUX_FIRMWARE_OPENIPC_MT7601U=y
 BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
 BR2_PACKAGE_WIREGUARD_TOOLS=y
 
+# IPTABLES
+BR2_PACKAGE_IPTABLES=y
+
 # ZEROTIER
 BR2_PACKAGE_ZEROTIER_ONE=y
diff --git a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av200_ultimate_defconfig b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av200_ultimate_defconfig
index 0c6f871b..3fc7ef95 100644
--- a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av200_ultimate_defconfig
+++ b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516av200_ultimate_defconfig
@@ -105,5 +105,8 @@ BR2_PACKAGE_LINUX_FIRMWARE_OPENIPC_MT7601U=y
 BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
 BR2_PACKAGE_WIREGUARD_TOOLS=y
 
+# IPTABLES
+BR2_PACKAGE_IPTABLES=y
+
 # ZEROTIER
 BR2_PACKAGE_ZEROTIER_ONE=y
diff --git a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516cv300_ultimate_defconfig b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516cv300_ultimate_defconfig
index 66b8941a..673687db 100644
--- a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516cv300_ultimate_defconfig
+++ b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516cv300_ultimate_defconfig
@@ -103,5 +103,8 @@ BR2_PACKAGE_LINUX_FIRMWARE_OPENIPC_MT7601U=y
 BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
 BR2_PACKAGE_WIREGUARD_TOOLS=y
 
+# IPTABLES
+BR2_PACKAGE_IPTABLES=y
+
 # ZEROTIER
 BR2_PACKAGE_ZEROTIER_ONE=y
diff --git a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev200_ultimate_defconfig b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev200_ultimate_defconfig
index a0d0c323..0010683f 100644
--- a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev200_ultimate_defconfig
+++ b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev200_ultimate_defconfig
@@ -104,5 +104,8 @@ BR2_PACKAGE_LINUX_FIRMWARE_OPENIPC_MT7601U=y
 BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
 BR2_PACKAGE_WIREGUARD_TOOLS=y
 
+# IPTABLES
+BR2_PACKAGE_IPTABLES=y
+
 # ZEROTIER
 BR2_PACKAGE_ZEROTIER_ONE=y
diff --git a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev300_ultimate_defconfig b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev300_ultimate_defconfig
index 95e2515d..1f1f1ea5 100644
--- a/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev300_ultimate_defconfig
+++ b/br-ext-chip-hisilicon/configs/unknown_unknown_hi3516ev300_ultimate_defconfig
@@ -104,5 +104,8 @@ BR2_PACKAGE_LINUX_FIRMWARE_OPENIPC_MT7601U=y
 BR2_PACKAGE_WIREGUARD_LINUX_COMPAT=y
 BR2_PACKAGE_WIREGUARD_TOOLS=y
 
+# IPTABLES
+BR2_PACKAGE_IPTABLES=y
+
 # ZEROTIER
 BR2_PACKAGE_ZEROTIER_ONE=y
diff --git a/general/overlay/etc/network/interfaces b/general/overlay/etc/network/interfaces
index e4b42a56..4c64a5ca 100644
--- a/general/overlay/etc/network/interfaces
+++ b/general/overlay/etc/network/interfaces
@@ -22,7 +22,7 @@ iface wlan0 inet dhcp
     pre-up modprobe mt7601u
     pre-up wpa_passphrase "SSID" "password" >/tmp/wpa_supplicant.conf
     pre-up sed -i '2i \\tscan_ssid=1' /tmp/wpa_supplicant.conf
-    pre-up (sleep 3; wpa_supplicant -B -Dnl80211 -iwlan0 -c/tmp/wpa_supplicant.conf)
+    pre-up (sleep 3; wpa_supplicant -B -D nl80211 -i wlan0 -c/tmp/wpa_supplicant.conf)
     post-down killall -q wpa_supplicant
     post-down echo 1 > /sys/class/gpio/gpio7/value
     post-down echo 7 > /sys/class/gpio/unexport
@@ -32,7 +32,7 @@ iface eth2 inet dhcp
     pre-up wifi xm711
     pre-up wpa_passphrase "SSID" "password" >/tmp/wpa_supplicant.conf
     pre-up sed -i '2i \\tscan_ssid=1' /tmp/wpa_supplicant.conf
-    pre-up (sleep 3; wpa_supplicant -B -Dnl80211 -ieth2 -c/tmp/wpa_supplicant.conf)
+    pre-up (sleep 3; wpa_supplicant -B -D nl80211 -i eth2 -c/tmp/wpa_supplicant.conf)
     post-down killall -q wpa_supplicant
 
 manual usb0