en: update document.

en/docs/config/ipset-nftset.md

@@ -0,0 +1,73 @@
+---
+hide:
+  - toc
+---
+
+# Use ipset and nftset
+
+Like Dnsmasq, smartdns supports ipset and nftset, which can use TPROXY to transparently forward specific domain names. The comparison of transparent forwarding tools is as follows:
+
+1. Tools: iptable, nftable
+
+    iptable: A mature routing rule configuration tool.  
+    nftable: A more powerful rule configuration tool that is becoming mainstream.
+
+## ipset configuration
+
+1. Basic configuration
+
+    The following parameters can be used to configure IPSet rules for specified domain names.
+
+    ```shell
+    nftset /domain/[#4:ip#table#set,#6:ipv6#table#setv6]
+    ```
+
+1. Timeout
+
+    SmartDNS sets IPSet to support enabling timeout function, which can avoid too many IP addresses in IPSet and reduce gateway performance.
+
+    ```shell
+    nftset-timeout yes
+    ```
+
+1. Automatically add to IPSet after speed measurement fails
+
+    SmartDNS can add IP addresses that fail the speed measurement to IPSet, and then forward them through related IP rules.
+
+    ```shell
+    nftset-no-speed ipsetname
+    ```
+
+1. Debugging
+
+    If debugging is needed, nftset's debugging function can be enabled.
+
+    ```shell
+    nftset-debug yes
+    ```
+
+## nftset configuration
+
+1. Basic configuration
+
+    The following parameters can be used to configure NFTSet rules for specified domain names.
+
+    ```shell
+    ipset /domain/ipset
+    ```
+
+1. Timeout
+
+    SmartDNS sets IPSet to support enabling timeout function, which can avoid too many IP addresses in NFTSet and reduce gateway performance.
+
+    ```shell
+    ipset-timeout yes
+    ```
+
+1. Automatically add to IPSet after speed measurement fails
+
+    SmartDNS can add IP addresses that fail the speed measurement to IPSet, and then forward them through related IP rules.
+
+    ```shell
+    ipset-no-speed ipsetname
+    ```