diff --git a/iptables.spec b/iptables.spec
index 994c805753948155c7d58e31f245b07c57de0e14..a9f793ff901309b1b7f858b91125aaaae6d55fbf 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,5 +1,5 @@
-%define anolis_release 1
-# install init scripts to /usr/libexec with systemd
+%define anolis_release 2
+# install init scripts to %{_prefix}/libexec with systemd
 %global script_path %{_libexecdir}/iptables
 %global legacy_actions %{_libexecdir}/initscripts/legacy-actions
 %global iptc_so_ver  0
@@ -28,27 +28,19 @@ License: GPLv2 and Artistic Licence 2.0 and ISC
 # libnetfilter_conntrack is needed for xt_connlabel
 BuildRequires: pkgconfig(libnetfilter_conntrack)
 # libnfnetlink-devel is requires for nfnl_osf
-BuildRequires: pkgconfig(libnfnetlink)
-BuildRequires: libselinux-devel
-BuildRequires: kernel-headers
-BuildRequires: systemd
+BuildRequires: pkgconfig(libnfnetlink) libselinux-devel kernel-headers systemd
 # libmnl, libnftnl, bison, flex for nftables
-BuildRequires: bison
-BuildRequires: flex
-BuildRequires: gcc
-BuildRequires: pkgconfig(libmnl) >= 1.0
-BuildRequires: pkgconfig(libnftnl) >= 1.1.6
+BuildRequires: bison flex gcc pkgconfig(libmnl) >= 1.0 pkgconfig(libnftnl) >= 1.1.6
 # libpcap-devel for nfbpf_compile
-BuildRequires: libpcap-devel
-BuildRequires: autoconf
-BuildRequires: automake
-BuildRequires: libtool
-BuildRequires: make
+BuildRequires: libpcap-devel autoconf automake libtool make
 
 %description
-The iptables utility controls the network packet filtering code in the
-Linux kernel. If you need to set up firewalls and/or IP masquerading,
-you should install this package.
+iptables is a powerful command-line utility that enables you to configure the 
+IP packet filter rules of the Linux kernel firewall. It provides thousands 
+of network traffic management options through a simple syntax. With iptables, 
+you can set up, maintain and inspect tables of IPv4 packet filter rules in the 
+Linux kernel. If you’re looking for a reliable tool to help you set up 
+firewalls and/or IP masquerading, iptables is definitely worth considering.
 
 %package compat
 Summary: Temporary transitioning package
@@ -71,11 +63,14 @@ Requires(postun): %{_sbindir}/update-alternatives
 Provides:	iptables
 
 %description legacy
-The iptables utility controls the network packet filtering code in the
-Linux kernel. This package contains the legacy tools which are obsoleted by
-nft-variants in iptables-nft package for backwards compatibility reasons.
-If you need to set up firewalls and/or IP masquerading, you should not install
-this package but either nftables or iptables-nft instead.
+The iptables-legacy utility is a command line tool that controls the network 
+packet filtering code in the Linux kernel. It uses an old 
+getsockopt/setsockopt-based kernel interface which has some limitations. 
+Therefore, iptables can also be used with the newer nf_tables based API1. 
+This package contains the legacy tools which are obsoleted by nft-variants 
+in iptables-nft package for backwards compatibility reasons. If you need to 
+set up firewalls and/or IP masquerading, you should not install this package 
+but either nftables or iptables-nft instead.
 
 %package libs
 Summary: libxtables and iptables extensions userspace support
@@ -115,11 +110,9 @@ stable and may change with every new version. It is therefore unsupported.
 
 %package services
 Summary: iptables and ip6tables services for iptables
-Requires: %{name} = %{version}-%{release}
-Requires: %{name}-utils = %{version}-%{release}
+Requires: %{name} = %{version}-%{release} %{name}-utils = %{version}-%{release}
 %{?systemd_ordering}
-Obsoletes: %{name} < 1.4.16.1
-Obsoletes: %{name}-ipv6 < 1.4.11.1
+Obsoletes: %{name} < 1.4.16.1  %{name}-ipv6 < 1.4.11.1
 BuildArch: noarch
 
 %description services
@@ -146,10 +139,7 @@ Requires(post): %{_sbindir}/update-alternatives
 Requires(post): %{_bindir}/readlink
 Requires(postun): %{_sbindir}/update-alternatives
 Obsoletes: iptables-compat < 1.6.2
-Provides: arptables-helper
-Provides: iptables
-Provides: arptables
-Provides: ebtables
+Provides: arptables-helper iptables arptables ebtables
 
 %description nft
 nftables compatibility for iptables, arptables and ebtables.
@@ -159,7 +149,7 @@ nftables compatibility for iptables, arptables and ebtables.
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing " \
-%configure --enable-devel --enable-bpf-compiler --with-kernel=/usr --with-kbuild=/usr --with-ksource=/usr
+%configure --enable-devel --enable-bpf-compiler --with-kernel=%{_prefix} --with-kbuild=%{_prefix} --with-ksource=%{_prefix}
 
 rm -f include/linux/types.h
 
@@ -183,7 +173,7 @@ install -c -m 600 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/ip6tables
 # install systemd service files
 install -d -m 755 %{buildroot}/%{_unitdir}
 install -c -m 644 %{SOURCE3} %{buildroot}/%{_unitdir}
-sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;/usr/libexec/ip6tables;/usr/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
+sed -e 's;iptables;ip6tables;g' -e 's;IPv4;IPv6;g' -e 's;%{_prefix}/libexec/ip6tables;%{_prefix}/libexec/iptables;g' < %{SOURCE3} > ip6tables.service
 install -c -m 644 ip6tables.service %{buildroot}/%{_unitdir}
 
 # install legacy actions for service command
@@ -213,10 +203,10 @@ install -p -D -m 755 %{SOURCE6} %{buildroot}%{_libexecdir}/
 touch %{buildroot}%{_libexecdir}/arptables-helper
 
 # prepare for alternatives
-touch %{buildroot}%{_mandir}/man8/arptables.8
-touch %{buildroot}%{_mandir}/man8/arptables-save.8
-touch %{buildroot}%{_mandir}/man8/arptables-restore.8
 touch %{buildroot}%{_mandir}/man8/ebtables.8
+touch %{buildroot}%{_mandir}/man8/arptables-restore.8
+touch %{buildroot}%{_mandir}/man8/arptables-save.8
+touch %{buildroot}%{_mandir}/man8/arptables.8
 
 # Drop xtables.conf, it's not used
 rm -f %{buildroot}%{_sysconfdir}/xtables.conf
@@ -231,12 +221,12 @@ ln -s ../sbin/xtables-legacy-multi %{buildroot}%{_bindir}/iptables-xml
 pfx=%{_sbindir}/iptables
 pfx6=%{_sbindir}/ip6tables
 %{_sbindir}/update-alternatives --install \
-	$pfx iptables $pfx-legacy 10 \
-	--slave $pfx6 ip6tables $pfx6-legacy \
-	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
-	--slave $pfx-save iptables-save $pfx-legacy-save \
+	--slave $pfx6-save ip6tables-save $pfx6-legacy-save \
 	--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
-	--slave $pfx6-save ip6tables-save $pfx6-legacy-save
+	--slave $pfx-save iptables-save $pfx-legacy-save \
+	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
+	--slave $pfx6 ip6tables $pfx6-legacy \
+	$pfx iptables $pfx-legacy 10
 
 %postun legacy
 if [ $1 -eq 0 ]; then
@@ -253,12 +243,12 @@ cp /var/lib/alternatives/iptables /var/tmp/alternatives.iptables.setup
 pfx=%{_sbindir}/iptables
 pfx6=%{_sbindir}/ip6tables
 %{_sbindir}/update-alternatives --install \
-	$pfx iptables $pfx-legacy 10 \
-	--slave $pfx6 ip6tables $pfx6-legacy \
-	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
-	--slave $pfx-save iptables-save $pfx-legacy-save \
+	--slave $pfx6-save ip6tables-save $pfx6-legacy-save \
 	--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
-	--slave $pfx6-save ip6tables-save $pfx6-legacy-save
+	--slave $pfx-save iptables-save $pfx-legacy-save \
+	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
+	--slave $pfx6 ip6tables $pfx6-legacy \
+	$pfx iptables $pfx-legacy 10
 alternatives --set iptables $(</var/tmp/alternatives.iptables.current)
 rm /var/tmp/alternatives.iptables.current
 mv /var/tmp/alternatives.iptables.setup /var/lib/alternatives/iptables
@@ -276,12 +266,12 @@ mv /var/tmp/alternatives.iptables.setup /var/lib/alternatives/iptables
 pfx=%{_sbindir}/iptables
 pfx6=%{_sbindir}/ip6tables
 %{_sbindir}/update-alternatives --install \
-	$pfx iptables $pfx-nft 10 \
-	--slave $pfx6 ip6tables $pfx6-nft \
-	--slave $pfx-restore iptables-restore $pfx-nft-restore \
-	--slave $pfx-save iptables-save $pfx-nft-save \
+	--slave $pfx6-save ip6tables-save $pfx6-nft-save \
 	--slave $pfx6-restore ip6tables-restore $pfx6-nft-restore \
-	--slave $pfx6-save ip6tables-save $pfx6-nft-save
+	--slave $pfx-save iptables-save $pfx-nft-save \
+	--slave $pfx-restore iptables-restore $pfx-nft-restore \
+	--slave $pfx6 ip6tables $pfx6-nft \
+	$pfx iptables $pfx-nft 10
 
 pfx=%{_sbindir}/ebtables
 manpfx=%{_mandir}/man8/ebtables
@@ -316,13 +306,13 @@ if [ "$(readlink -e $lepfx-helper)" == $lepfx-helper ]; then
 fi
 
 %{_sbindir}/update-alternatives --install \
-	$pfx arptables $pfx-nft 10 \
-	--slave $pfx-save arptables-save $pfx-nft-save \
-	--slave $pfx-restore arptables-restore $pfx-nft-restore \
-	--slave $manpfx.8%{_extension} arptables.8%{_extension} $manpfx-nft.8%{_extension} \
-	--slave $manpfx-save.8%{_extension} arptables-save.8%{_extension} $manpfx-nft-save.8%{_extension} \
+	--slave $lepfx-helper arptables-helper $lepfx-nft-helper \
 	--slave $manpfx-restore.8%{_extension} arptables-restore.8%{_extension} $manpfx-nft-restore.8%{_extension} \
-	--slave $lepfx-helper arptables-helper $lepfx-nft-helper
+	--slave $manpfx-save.8%{_extension} arptables-save.8%{_extension} $manpfx-nft-save.8%{_extension} \
+	--slave $manpfx.8%{_extension} arptables.8%{_extension} $manpfx-nft.8%{_extension} \
+	--slave $pfx-restore arptables-restore $pfx-nft-restore \
+	--slave $pfx-save arptables-save $pfx-nft-save \
+	$pfx arptables $pfx-nft 10
 
 %postun nft
 if [ $1 -eq 0 ]; then
@@ -335,24 +325,24 @@ fi
 %files compat
 
 %files legacy
-%{_sbindir}/ip{,6}tables-legacy*
-%{_sbindir}/xtables-legacy-multi
-%{_bindir}/iptables-xml
-%{_mandir}/man1/iptables-xml*
-%{_mandir}/man8/xtables-legacy*
-%dir %{_datadir}/xtables
-%{_datadir}/xtables/iptables.xslt
 %ghost %{_sbindir}/ip{,6}tables{,-save,-restore}
+%{_datadir}/xtables/iptables.xslt
+%dir %{_datadir}/xtables
+%{_mandir}/man8/xtables-legacy*
+%{_mandir}/man1/iptables-xml*
+%{_bindir}/iptables-xml
+%{_sbindir}/xtables-legacy-multi
+%{_sbindir}/ip{,6}tables-legacy*
 
 %files libs
-%dir %{abidir}
-%license COPYING
-%{_libdir}/libxtables.so.12*
-%dir %{_libdir}/xtables
-%{_libdir}/xtables/lib{ip,ip6,x}t*
-%{abidir}/lib{ip,ip6,x}t*.dump
-%{_mandir}/man8/ip{,6}tables.8.*
 %{_mandir}/man8/ip{,6}tables-{extensions,save,restore}.8.*
+%{_mandir}/man8/ip{,6}tables.8.*
+%{abidir}/lib{ip,ip6,x}t*.dump
+%{_libdir}/xtables/lib{ip,ip6,x}t*
+%dir %{_libdir}/xtables
+%{_libdir}/libxtables.so.12*
+%license COPYING
+%dir %{abidir}
 
 %files legacy-libs
 %license COPYING
@@ -379,41 +369,44 @@ fi
 %{legacy_actions}/ip{,6}tables/{save,panic}
 
 %files utils
-%license COPYING
-%{_sbindir}/nfnl_osf
-%{_sbindir}/nfbpf_compile
-%{_sbindir}/ip{,6}tables-apply
-%{abidir}/ip{,6}tables-apply-option.list
-%dir %{_datadir}/xtables
-%{_datadir}/xtables/pf.os
-%{_mandir}/man8/nfnl_osf*
-%{_mandir}/man8/nfbpf_compile*
 %{_mandir}/man8/ip{,6}tables-apply*
+%{_mandir}/man8/nfbpf_compile*
+%{_mandir}/man8/nfnl_osf*
+%{_datadir}/xtables/pf.os
+%dir %{_datadir}/xtables
+%{abidir}/ip{,6}tables-apply-option.list
+%{_sbindir}/ip{,6}tables-apply
+%{_sbindir}/nfbpf_compile
+%{_sbindir}/nfnl_osf
+%license COPYING
 
 %files nft
-%{_sbindir}/ip{,6}tables-nft*
-%{_sbindir}/ip{,6}tables{,-restore}-translate
-%{_sbindir}/{eb,arp}tables-nft*
-%{_sbindir}/xtables-nft-multi
-%{_sbindir}/xtables-monitor
-%{_sbindir}/ebtables-translate
-%dir %{_libdir}/xtables
-%{_libdir}/xtables/lib{arp,eb}t*
-%{abidir}/lib{arp,eb}t*.dump
-%{_libexecdir}/arptables-nft-helper
-%{_mandir}/man8/xtables-monitor*
-%{_mandir}/man8/xtables-translate*
-%{_mandir}/man8/*-nft*
-%{_mandir}/man8/ip{,6}tables{,-restore}-translate*
-%{_mandir}/man8/ebtables-translate*
-%ghost %{_sbindir}/ip{,6}tables{,-save,-restore}
-%ghost %{_sbindir}/{eb,arp}tables{,-save,-restore}
-%ghost %{_libexecdir}/arptables-helper
-%ghost %{_mandir}/man8/arptables{,-save,-restore}.8.*
 %ghost %{_mandir}/man8/ebtables.8.*
+%ghost %{_mandir}/man8/arptables{,-save,-restore}.8.*
+%ghost %{_libexecdir}/arptables-helper
+%ghost %{_sbindir}/{eb,arp}tables{,-save,-restore}
+%ghost %{_sbindir}/ip{,6}tables{,-save,-restore}
+%{_mandir}/man8/ebtables-translate*
+%{_mandir}/man8/ip{,6}tables{,-restore}-translate*
+%{_mandir}/man8/*-nft*
+%{_mandir}/man8/xtables-translate*
+%{_mandir}/man8/xtables-monitor*
+%{_libexecdir}/arptables-nft-helper
+%{abidir}/lib{arp,eb}t*.dump
+%{_libdir}/xtables/lib{arp,eb}t*
+%dir %{_libdir}/xtables
+%{_sbindir}/ebtables-translate
+%{_sbindir}/xtables-monitor
+%{_sbindir}/xtables-nft-multi
+%{_sbindir}/{eb,arp}tables-nft*
+%{_sbindir}/ip{,6}tables{,-restore}-translate
+%{_sbindir}/ip{,6}tables-nft*
 
 
 %changelog
+* Thu Apr 13 2023 Zhongling <zhonglingh@linux.alibaba.com> - 1.8.9-2
+- Refactor rpm spec
+
 * Sun Jan 15 2023 Funda Wang <fundawang@yeah.net> - 1.8.9-1
 - New version 1.8.9