diff --git a/extras/vpnuninstall.sh b/extras/vpnuninstall.sh
index e66a95e..6f5c05d 100755
--- a/extras/vpnuninstall.sh
+++ b/extras/vpnuninstall.sh
@@ -273,7 +273,7 @@ update_iptables_rules() {
       nft_bk=$(find /etc/sysconfig -maxdepth 1 -name 'nftables.conf.old-*-*-*-*_*_*' -print0 \
         | xargs -r -0 ls -1 -t | head -1)
       if [ -f "$nft_bk" ] \
-        && [ "$(diff -y --suppress-common-lines "$IPT_FILE" "$nft_bk" | wc -l)" = "25" ]; then
+        && [ "$(diff -y --suppress-common-lines "$IPT_FILE" "$nft_bk" | wc -l)" = "24" ]; then
         bigecho "Restoring nftables rules..."
         conf_bk "$IPT_FILE"
         /bin/cp -f "$nft_bk" "$IPT_FILE" && /bin/rm -f "$nft_bk"
diff --git a/vpnsetup_centos.sh b/vpnsetup_centos.sh
index 0dc6f11..0c83163 100755
--- a/vpnsetup_centos.sh
+++ b/vpnsetup_centos.sh
@@ -581,7 +581,9 @@ update_iptables() {
     $ipf 5 -i "$NET_IFACE" -d "$XAUTH_NET" -m conntrack --ctstate "$res" -j ACCEPT
     $ipf 6 -s "$XAUTH_NET" -o "$NET_IFACE" -j ACCEPT
     $ipf 7 -s "$XAUTH_NET" -o ppp+ -j ACCEPT
-    iptables -A FORWARD -j DROP
+    if [ "$use_nft" != "1" ]; then
+      iptables -A FORWARD -j DROP
+    fi
     $ipp -s "$XAUTH_NET" -o "$NET_IFACE" -m policy --dir out --pol none -j MASQUERADE
     $ipp -s "$L2TP_NET" -o "$NET_IFACE" -j MASQUERADE
     echo "# Modified by hwdsl2 VPN script" > "$IPT_FILE"