iptables v1.3.7: Couldn't find match `set'

因为dd-wrt里边编译的iptables版本是不带match set功能的，

root@DD-WRT:~# dnsmasq --version
Dnsmasq version 2.80 Copyright (c)
2000-2018 Simon Kelley Compile time options: IPv6 GNU-getopt no-DBus
no-i18n no-IDN DHCP DHCPv6 no-Lua no-TFTP no-conntrack no-ipset
no-auth DNSSEC loop-detect no-inotify no-dumpfile

This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free
software, and you are welcome to redistribute it under the terms of
the GNU General Public License, version 2 or 3.
root@DD-WRT:~#
/jffs/opt/sbin/dnsmasq --version Dnsmasq version 2.80 Copyright (c)
2000-2018 Simon Kelley Compile time options: IPv6 GNU-getopt no-RTC
no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth
no-DNSSEC no-ID loop-detect inotify dumpfile

This software comes with ABSOLUTELY NO WARRANTY. Dnsmasq is free
software, and you are welcome to redistribute it under the terms of
the GNU General Public License, version 2 or 3.

你需要使用entware里边带match ipset的iptables版本.