From 08fc32d63e29e8a4d441ca378af77f62cbcd5f9e Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Wed, 31 Dec 2025 20:44:21 +0800
Subject: [PATCH] =?UTF-8?q?~=E4=BC=98=E5=8C=96vmess=E5=85=A5=E7=AB=99?=
 =?UTF-8?q?=E5=8A=9F=E8=83=BD=EF=BC=8C=E5=A2=9E=E5=8A=A0=E5=AF=B9=E8=87=AA?=
 =?UTF-8?q?=E5=AE=9A=E4=B9=89=E6=B7=B7=E6=B7=86host=E7=9A=84=E9=85=8D?=
 =?UTF-8?q?=E7=BD=AE=E5=AD=98=E6=A1=A3=20~=E4=BC=98=E5=8C=96Tailscale?=
 =?UTF-8?q?=E5=90=AF=E7=94=A8exitnode=E5=8A=9F=E8=83=BD=E6=97=B6=E7=9A=84?=
 =?UTF-8?q?=E6=96=87=E5=AD=97=E6=8F=90=E7=A4=BA=20~=E5=A2=9E=E5=8A=A0?=
 =?UTF-8?q?=E5=AF=B9=E6=97=A0=E6=B3=95=E8=87=AA=E5=8A=A8=E8=8E=B7=E5=8F=96?=
 =?UTF-8?q?lan=E7=BD=91=E6=AE=B5=E8=AE=BE=E5=A4=87=E7=9A=84=E6=8F=90?=
 =?UTF-8?q?=E7=A4=BA=E4=BF=A1=E6=81=AF=20~=E5=B0=9D=E8=AF=95=E4=BF=AE?=
 =?UTF-8?q?=E5=A4=8D=E9=83=A8=E5=88=86=E8=AE=BE=E5=A4=87=E5=AE=9A=E6=97=B6?=
 =?UTF-8?q?=E4=BB=BB=E5=8A=A1=E6=8A=A5=E9=94=99=20~=E5=B0=9D=E8=AF=95?=
 =?UTF-8?q?=E8=B0=83=E6=95=B4tun=E6=A8=A1=E5=BC=8F=E4=B8=8B=E5=B1=8F?=
 =?UTF-8?q?=E8=94=BDquic=E7=9A=84=E9=98=B2=E7=81=AB=E5=A2=99=E5=B7=A5?=
 =?UTF-8?q?=E4=BD=9C=E6=9C=BA=E5=88=B6=20~=E4=BF=AE=E5=A4=8D=E9=87=8D?=
 =?UTF-8?q?=E6=96=B0=E8=BF=9B=E5=85=A5=E6=96=B0=E6=89=8B=E5=BC=95=E5=AF=BC?=
 =?UTF-8?q?=E4=BC=9A=E8=A6=86=E7=9B=96singbox=E5=86=85=E6=A0=B8=E4=B8=BAme?=
 =?UTF-8?q?ta=E5=86=85=E6=A0=B8=E7=9A=84bug=20~=E4=BF=AE=E5=A4=8D=E5=85=AC?=
 =?UTF-8?q?=E7=BD=91=E9=98=B2=E7=81=AB=E5=A2=99=E6=94=BE=E8=A1=8C=E7=AB=AF?=
 =?UTF-8?q?=E5=8F=A3=E5=9C=A8=E8=BE=83=E6=96=B0=E7=89=88=E6=9C=ACopenwrt?=
 =?UTF-8?q?=E4=B8=8A=E6=9C=AA=E7=94=9F=E6=95=88=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/set_cron.sh      | 29 +++++++++++++----------------
 scripts/menus/7_gateway.sh    | 21 ++++++++++++++++++---
 scripts/menus/8_tools.sh      |  3 ++-
 scripts/starts/fw_getlanip.sh |  5 ++++-
 scripts/starts/fw_nftables.sh | 15 +++++++--------
 5 files changed, 44 insertions(+), 29 deletions(-)

diff --git a/scripts/libs/set_cron.sh b/scripts/libs/set_cron.sh
index 6bbb2869..1f0972cb 100644
--- a/scripts/libs/set_cron.sh
+++ b/scripts/libs/set_cron.sh
@@ -1,24 +1,21 @@
 
+crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
+[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
+[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
+[ ! -w "$crondir" ] && crondir="/var/spool/cron"
+tmpcron="$TMPDIR"/cron_tmp
+
 croncmd() { #定时任务工具
-    if [ -n "$(crontab -h 2>&1 | grep '\-l')" ]; then
-        crontab "$1"
-    else
-        crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
-        [ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
-        [ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
-        [ ! -w "$crondir" ] && crondir="/var/spool/cron"
-        if [ -w "$crondir" ]; then
-            [ "$1" = "-l" ] && cat "$crondir"/"$USER" 2>/dev/null
-            [ -f "$1" ] && cat "$1" >"$crondir"/"$USER"
-        else
-            echo "找不到可用的crond或者crontab应用！No available crond or crontab application can be found!"
-        fi
-    fi
+	if [ -w "$crondir" ]; then
+		[ "$1" = "-l" ] && cat "$crondir"/"$USER"
+		[ -f "$1" ] && cat "$1" >"$crondir"/"$USER"
+	else
+		echo "找不到可用的crond或者crontab应用！No available crond or crontab application can be found!"
+	fi
 }
 cronset() { #定时任务设置
     # 参数1代表要移除的关键字,参数2代表要添加的任务语句
-    tmpcron="$TMPDIR"/cron_tmp
-    croncmd -l >"$tmpcron" 2>/dev/null
+    croncmd -l >"$tmpcron"
     sed -i "/$1/d" "$tmpcron"
     sed -i '/^$/d' "$tmpcron"
     echo "$2" >>"$tmpcron"
diff --git a/scripts/menus/7_gateway.sh b/scripts/menus/7_gateway.sh
index 83f55f68..75025363 100644
--- a/scripts/menus/7_gateway.sh
+++ b/scripts/menus/7_gateway.sh
@@ -233,8 +233,9 @@ set_vmess(){
 	echo -e " 3 设置\033[33mWS-path(可选)\033[0m：	\033[33m$vms_ws_path\033[0m"
 	echo -e " 4 设置\033[36m秘钥-uuid\033[0m：	\033[36m$vms_uuid\033[0m"
 	echo -e " 5 一键生成\033[32m随机秘钥\033[0m"
+	echo -e " 6 设置\033[36m混淆host(可选)\033[0m：	\033[33m$vms_host\033[0m"
 	gen_base64 1 >/dev/null 2>&1 &&
-	echo -e " 6 一键生成\033[36m分享链接\033[0m"
+	echo -e " 7 一键生成\033[32m分享链接\033[0m"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo "-----------------------------------------------"
 	read -p "请输入对应数字 > " num
@@ -303,8 +304,18 @@ set_vmess(){
 		set_vmess
 	;;
 	6)
+		read -p "请输入免流混淆host(输入0删除) > " text
+		if [ "$text" = 0 ];then
+			vms_host=''
+			setconfig vms_host "" "$GT_CFG_PATH"
+		else
+			vms_host="$text"
+			setconfig vms_host "$text" "$GT_CFG_PATH"
+		fi
+		set_vmess
+	;;
+	7)
 		read -p "请输入本机公网IP(4/6)或域名 > " host_wan
-		read -p "请输入免流混淆host(可选) > " vms_host
 		if [ -n "$host_wan" ] && [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
 			[ -n "$vms_ws_path" ] && vms_net=ws
 			vms_json=$(cat <<EOF
@@ -496,7 +507,11 @@ set_tailscale(){
 		set_tailscale
 	;;
 	4)
-		[ "$ts_exit_node" = true ] && ts_exit_node=false || ts_exit_node=true
+		[ "$ts_exit_node" = true ] && ts_exit_node=false || {
+			ts_exit_node=true
+			echo -e "\033[31m注意：\033[0m目前exitnode的官方DNS有bug，要么启用域名嗅探并禁用TailscaleDNS，\n要么必须在网页设置Globalname servers为分配的本设备子网IP且启用override"
+			sleep 3
+		}
 		setconfig ts_exit_node "$ts_exit_node" "$GT_CFG_PATH"
 		set_tailscale
 	;;
diff --git a/scripts/menus/8_tools.sh b/scripts/menus/8_tools.sh
index 1456e400..76ec8ef5 100644
--- a/scripts/menus/8_tools.sh
+++ b/scripts/menus/8_tools.sh
@@ -696,7 +696,8 @@ userguide(){
 					redir_mod="Redir模式"
 				fi
 			}
-			setconfig crashcore "meta"
+			[ -z "$crashcore" ] && crashcore=meta
+			setconfig crashcore "$crashcore"
 			setconfig redir_mod "$redir_mod"
 			setconfig dns_mod mix
 			setconfig firewall_area '1'
diff --git a/scripts/starts/fw_getlanip.sh b/scripts/starts/fw_getlanip.sh
index 61f10095..b5b4316e 100644
--- a/scripts/starts/fw_getlanip.sh
+++ b/scripts/starts/fw_getlanip.sh
@@ -16,7 +16,10 @@ getlanip() { #获取局域网host地址
         host_ipv4="$host_ipv4$cust_host_ipv4"
     fi
     #缺省配置
-    [ -z "$host_ipv4" ] && host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
+    [ -z "$host_ipv4" ] && {
+		host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
+		logger "无法获取本地LAN-IPV4网段，请前往流量过滤设置界面设置自定义网段！" 31
+	}
     host_ipv6="fe80::/10 fd00::/8 $host_ipv6"
     #获取本机出口IP地址
     local_ipv4=$(ip route 2>&1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)
diff --git a/scripts/starts/fw_nftables.sh b/scripts/starts/fw_nftables.sh
index 613b0a3e..e4ae5ad7 100644
--- a/scripts/starts/fw_nftables.sh
+++ b/scripts/starts/fw_nftables.sh
@@ -140,8 +140,8 @@ start_nft_wan() { #nftables公网防火墙
 	accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /")
     [ -n "$accept_ports" ] && {
 		fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }"
-		nft add rule inet shellcrash input tcp dport $fw_wan_nfports accept
-		nft add rule inet shellcrash input udp dport $fw_wan_nfports accept
+		nft add rule inet shellcrash input tcp dport $fw_wan_nfports meta mark set 0x67890 accept
+		nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
 	}
 	#端口拦截
 	reject_ports="{ $mix_port, $db_port, $dns_port }"
@@ -149,6 +149,10 @@ start_nft_wan() { #nftables公网防火墙
 	nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
 	nft add rule inet shellcrash input tcp dport $reject_ports reject
 	nft add rule inet shellcrash input udp dport $reject_ports reject
+	#fw4特殊处理
+	nft list chain inet fw4 input >/dev/null 2>&1 && \
+    nft list chain inet fw4 input | grep -q 'meta mark 0x67890 accept' || \
+    nft insert rule inet fw4 input meta mark 0x67890 accept 2>/dev/null
 }
 start_nftables() { #nftables配置总入口
     #初始化nftables
@@ -204,16 +208,11 @@ start_nftables() { #nftables配置总入口
     }
     #屏蔽QUIC
     [ "$quic_rj" = '已启用' -a "$lan_proxy" = true ] && {
-        [ "$redir_mod" = "Tproxy模式" ] && {
+        [ "$redir_mod" != "Redir模式" ] && {
             nft add chain inet shellcrash quic_rj { type filter hook input priority 0 \; }
             [ -n "$CN_IP" ] && nft add rule inet shellcrash quic_rj ip daddr @cn_ip return
             [ -n "$CN_IP6" ] && nft add rule inet shellcrash quic_rj ip6 daddr @cn_ip6 return
             nft add rule inet shellcrash quic_rj udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
         }
-        [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
-            nft insert rule inet fw4 forward oifname "utun" udp dport {443, 8443} reject comment 'ShellCrash-QUIC-REJECT'
-            [ -n "$CN_IP" ] && nft insert rule inet fw4 forward oifname "utun" ip daddr { $CN_IP } return
-            [ -n "$CN_IP6" ] && nft insert rule inet fw4 forward oifname "utun" ip6 daddr { $CN_IP6 } return
-        }
     }
 }