diff --git a/README-zh.md b/README-zh.md
index 2c76a82..dec5b7d 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -157,9 +157,9 @@ sh vpnsetup.sh
 
 如果需要添加，修改或者删除 VPN 用户账户，请参见 <a href="docs/manage-users-zh.md" target="_blank">管理 VPN 用户</a>。该文档包含辅助脚本，以方便管理 VPN 用户。
 
-对于有外部防火墙的服务器（比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>），请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)。
+对于有外部防火墙的服务器（比如 <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>），请为 VPN 打开 UDP 端口 500 和 4500。阿里云用户请参见 [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433)。
 
-在 VPN 已连接时，客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务，编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`，然后重启服务器。高级用户可以在运行 VPN 脚本时定义 `VPN_DNS_SRV1` 和 `VPN_DNS_SRV2`（可选）。
+在 VPN 已连接时，客户端配置为使用 <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a>。如果偏好其它的域名解析服务，编辑 `/etc/ppp/options.xl2tpd` 和 `/etc/ipsec.conf` 并替换 `8.8.8.8` 和 `8.8.4.4`，然后重启服务器。
 
 使用内核支持有助于提高 IPsec/L2TP 性能。它在以下系统上可用： Ubuntu 16.04-20.04, Debian 9-10 和 CentOS 6-8. Ubuntu 系统需要安装 `linux-modules-extra-$(uname -r)`（或者 `linux-image-extra`），然后运行 `service xl2tpd restart`。
 
diff --git a/README.md b/README.md
index 2a32ad2..12add58 100644
--- a/README.md
+++ b/README.md
@@ -157,9 +157,9 @@ The same VPN account can be used by your multiple devices. However, due to an IP
 
 If you wish to add, edit or remove VPN user accounts, see <a href="docs/manage-users.md" target="_blank">Manage VPN Users</a>. Helper scripts are included for convenience.
 
-For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433).
+For servers with an external firewall (e.g. <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html" target="_blank">EC2</a>/<a href="https://cloud.google.com/vpc/docs/firewalls" target="_blank">GCE</a>), open UDP ports 500 and 4500 for the VPN. Aliyun users, see [#433](https://github.com/hwdsl2/setup-ipsec-vpn/issues/433).
 
-Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`, then reboot your server. Advanced users can define `VPN_DNS_SRV1` and optionally `VPN_DNS_SRV2` when running the VPN setup script.
+Clients are set to use <a href="https://developers.google.com/speed/public-dns/" target="_blank">Google Public DNS</a> when the VPN is active. If another DNS provider is preferred, replace `8.8.8.8` and `8.8.4.4` in both `/etc/ppp/options.xl2tpd` and `/etc/ipsec.conf`, then reboot your server.
 
 Using kernel support could improve IPsec/L2TP performance. It is available on Ubuntu 16.04-20.04, Debian 9-10 and CentOS 6-8. Ubuntu users: Install `linux-modules-extra-$(uname -r)` (or `linux-image-extra`), then run `service xl2tpd restart`.
 
diff --git a/docs/uninstall-zh.md b/docs/uninstall-zh.md
index 6c85d8f..561349f 100644
--- a/docs/uninstall-zh.md
+++ b/docs/uninstall-zh.md
@@ -37,14 +37,13 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
 
 ### Ubuntu/Debian
 
-编辑 `/etc/iptables.rules` 并删除不需要的规则。   
-你以前的防火墙规则（如果有）会备份在 `/etc/iptables.rules.old-日期-时间`。   
-另外如果文件 `/etc/iptables/rules.v4` 存在，请编辑它。   
+编辑 `/etc/iptables.rules` 并删除不需要的规则。你之前的防火墙规则（如果有）备份在 `/etc/iptables.rules.old-日期-时间`。另外如果文件 `/etc/iptables/rules.v4` 存在，请编辑它。
 
 ### CentOS/RHEL
 
-编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。   
-你以前的防火墙规则（如果有）会备份在 `/etc/sysconfig/iptables.old-日期-时间`。   
+编辑 `/etc/sysconfig/iptables` 并删除不需要的规则。你之前的防火墙规则（如果有）备份在 `/etc/sysconfig/iptables.old-日期-时间`。
+
+**注：** 如果使用 CentOS/RHEL 8 并且在安装 VPN 时 firewalld 正在运行，则可能已配置 nftables。编辑 `/etc/sysconfig/nftables.conf` 并删除不需要的规则。你之前的防火墙规则备份在 `/etc/sysconfig/nftables.conf.old-日期-时间`。
 
 ## 第四步
 
@@ -53,7 +52,7 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
 
 ## 可选步骤
 
-注： 这一步是可选的。
+**注：** 这一步是可选的。
 
 删除这些配置文件：
 
diff --git a/docs/uninstall.md b/docs/uninstall.md
index 6037292..b0f0cd6 100644
--- a/docs/uninstall.md
+++ b/docs/uninstall.md
@@ -37,14 +37,13 @@ rm -f /etc/init/ipsec.conf /lib/systemd/system/ipsec.service \
 
 ### Ubuntu/Debian
 
-Edit `/etc/iptables.rules` and remove unneeded rules.   
-Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`.   
-In addition, edit `/etc/iptables/rules.v4` if the file exists.   
+Edit `/etc/iptables.rules` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/iptables.rules.old-date-time`. In addition, edit `/etc/iptables/rules.v4` if the file exists.   
 
 ### CentOS/RHEL
 
-Edit `/etc/sysconfig/iptables` and remove unneeded rules.   
-Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.   
+Edit `/etc/sysconfig/iptables` and remove unneeded rules. Your original rules (if any) are backed up as `/etc/sysconfig/iptables.old-date-time`.
+
+**Note:** If using CentOS/RHEL 8 and firewalld was active during VPN setup, nftables may be configured. Edit `/etc/sysconfig/nftables.conf` and remove unneeded rules. Your original rules are backed up as `/etc/sysconfig/nftables.conf.old-date-time`.
 
 ## Fourth step
 
@@ -53,7 +52,7 @@ Edit `/etc/rc.local` and remove the lines after `# Added by hwdsl2 VPN script`.
 
 ## Optional
 
-Note: This step is optional.
+**Note:** This step is optional.
 
 Remove these config files: