diff --git a/plugins/network/ipset b/plugins/network/ipset
old mode 100644
new mode 100755
index d931deed..d9abfc81
--- a/plugins/network/ipset
+++ b/plugins/network/ipset
@@ -1,12 +1,50 @@
-#!/bin/bash
-#Graph number of members of netfilter ipsets
-#(c) Tomas Mudrunka 2016
-#
-#Add this line to sudoers:
-#ALL             ALL = (root) NOPASSWD: /sbin/ipset list [!-]*, /sbin/ipset list -n
-#
-#%# family=auto
-#%# capabilities=autoconf
+#!/bin/sh
+# -*- sh -*-
+
+: <<=cut
+
+=head1 NAME
+
+ipset - Graph number of members of netfilter ipsets
+
+=head1 APPLICABLE SYSTEMS
+
+Any system with a compatible ipset command.
+
+=head1 CONFIGURATION
+
+Ipset has to be run as root:
+
+  [ipset]
+  user root
+
+=head1 INTERPRETATION
+
+This plugin draws number of members for each ipset present in the kernel
+
+=head1 MAGIC MARKERS
+
+  #%# family=auto
+  #%# capabilities=autoconf
+
+=head1 VERSION
+  0.1 first release
+  0.2 added docs, munin best practices
+
+=head1 BUGS
+
+None known
+
+=head1 AUTHOR
+
+Originally: Tomas Mudrunka 2016-2018 ( github.com/harvie )
+
+=head1 LICENSE
+
+GPLv2
+
+=cut
+
 
 [ "$1" = "autoconf" ] && {
 	[ -e /sbin/ipset -o -n "$(which ipset)" ] && echo 'yes' || echo 'no (ipset binary not present)'
@@ -18,14 +56,15 @@
 	echo graph_category network
 	echo graph_vlabel Members
 	echo graph_args --base 1000 --logarithmic --units=si
+	exit 0
 }
 
-sudo ipset list -n | while read list; do
+ipset list -n | while read list; do
 	[ "$1" = "config" ] && {
 		echo "$list.label $list"
 		echo "$list.min 0"
 	} || {
-		echo "$list.value $(( $(sudo ipset list $list | wc -l) - 7 ))"
+		echo "$list.value $(( $(ipset list "$list" | wc -l) - 7 ))"
 	}
 done;