v1.6.1

~本机代理增强模式适配更多设备
~重新本机代理部分逻辑，优化docker兼容性，修复bug
~修复版本回退功能bug

bin/version

@@ -2,5 +2,5 @@ clashnet_v=v1.7.6
 clashpre_v=2021.09.15
 clash_v=v1.7.1
 meta_v=v1.11.0
-versionsh=1.6.0
 GeoIP_v=20220531
+versionsh=1.6.1

scripts/clash.sh

@@ -521,7 +521,7 @@ localproxy(){
 	echo -----------------------------------------------
 	echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
 	echo -e " 2 使用\033[32m环境变量\033[0m方式配置(部分应用可能无法使用)"
-	echo -e " 3 使用\033[32miptables增强模式\033[0m配置(仅支持Linux系统)"
+	echo -e " 3 使用\033[32miptables增强模式\033[0m配置(支持docker)"
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -542,13 +542,19 @@ localproxy(){
 				setconfig local_proxy $local_proxy
 				setconfig local_type $local_type
 				echo -e "\033[32m已经成功使用$local_type方式配置本机代理~\033[0m"
-				[ "$local_type" = "环境变量" ] && $clashdir/start.sh set_proxy $mix_port $db_port &&echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
-				[ "$local_type" = "iptables增强模式" ] && $clashdir/start.sh start
+				if [ "$local_type" = "环境变量" ];then
+					$clashdir/start.sh set_proxy $mix_port $db_port
+					echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m"
+				else
+					echo -e "\033[36m请重新启动clash服务！\033[0m"
+				fi
+				sleep 1
 			fi		
 		else
 			local_proxy=未开启
 			setconfig local_proxy $local_proxy
 			setconfig local_type
+			sed -i '/user shellclash/d' /etc/init.d/clash 2>/dev/null
 			$clashdir/start.sh stop
 			echo -e "\033[33m已经停用本机代理规则并停止clash服务！！\033[0m"
 			[ "$local_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1

scripts/getdate.sh

@@ -604,7 +604,7 @@ getdb(){
 			[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
 		fi
 		#修改默认host和端口
-		if [ "$db_type" = "clashdb" ];then
+		if [ "$db_type" = "clashdb" -o "$db_type" = "meta_db" ];then
 			sed -i "s/127.0.0.1/${host}/g" $dbdir/assets/*.js
 			sed -i "s/9090/${db_port}/g" $dbdir/assets/*.js
 		else
@@ -812,7 +812,7 @@ setserver(){
 			setserver
 		elif [ $num -le $(cat /tmp/clashrelease | awk 'END{print NR}') 2>/dev/null ]; then
 			release_version=$(cat /tmp/clashrelease | awk '{print $1}' | sed -n "$num"p)
-			update_url="https://raw.githubusercontents.com/juewuy/ShellClash/master/$release_version"
+			update_url="https://raw.githubusercontents.com/juewuy/ShellClash/$release_version"
 			saveserver
 			release_url=''
 		else

scripts/start.sh

@@ -443,8 +443,6 @@ start_redir(){
 	fi
 	#将PREROUTING链指向clash链
 	iptables -t nat -A PREROUTING -p tcp $ports -j clash
-	#Docker特殊处理
-	[ "$local_proxy" = "已开启" ] && iptables -t nat -I PREROUTING -s 172.16.0.0/12  -j clash
 	#禁用QUIC
 	if [ "$quic_rj" = 已启用 ] && [ "$tproxy_mod" = "已开启" ];then
 		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
@@ -547,7 +545,7 @@ start_udp(){
 	iptables -t mangle -A PREROUTING -p udp -j clash
 }
 start_output(){
-	#流量过滤规则
+	#流量过滤
 	iptables -t nat -N clash_out
 	iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN
 	iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
@@ -555,21 +553,31 @@ start_output(){
 	iptables -t nat -A clash_out -d 100.64.0.0/10 -j RETURN
 	iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
 	iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
-	iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
-	iptables -t nat -A clash_out -d 192.0.0.0/24 -j RETURN
 	iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
-	iptables -t nat -A clash_out -d 255.255.255.255/32 -j RETURN
-	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
+	iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	iptables -t nat -A clash_out -p tcp -j REDIRECT --to-ports $redir_port
+	#
 	iptables -t nat -A OUTPUT -p tcp -j clash_out
 	#设置dns转发
 	[ "$dns_no" != "已禁用" ] && {
-		iptables -t nat -N clash_dns_out
-		iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN
-		iptables -t nat -A clash_dns_out -p udp -j REDIRECT --to $dns_port
-		iptables -t nat -A OUTPUT -p udp --dport 53 -j clash_dns_out
+	iptables -t nat -N clash_dns_out
+	iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN
+	iptables -t nat -A clash_dns_out -p udp -j REDIRECT --to $dns_port
+	iptables -t nat -A OUTPUT -p udp --dport 53 -j clash_dns_out
+	}
+	#Docker转发
+	type docker &>/dev/null && {
+	iptables -t nat -N clash_docker
+	iptables -t nat -A clash_docker -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_docker -d 127.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_docker -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash_docker -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_docker -p tcp -j REDIRECT --to-ports $redir_port
+	iptables -t nat -A PREROUTING -p tcp -s 172.16.0.0/12 -j clash_docker
+	[ "$dns_no" != "已禁用" ] && iptables -t nat -A PREROUTING -p udp --dport 53 -s 172.16.0.0/12 -j REDIRECT --to $dns_port
 	}
 }
 start_tun(){
@@ -606,7 +614,6 @@ stop_iptables(){
 	iptables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
 	iptables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
 	iptables -t nat -D PREROUTING -p udp --dport 53 -j clash_dns 2> /dev/null
-	iptables -t nat -D PREROUTING -s 172.16.0.0/12  -j clash 2> /dev/null
 	iptables -t nat -F clash 2> /dev/null
 	iptables -t nat -X clash 2> /dev/null
 	iptables -t nat -F clash_dns 2> /dev/null
@@ -617,17 +624,17 @@ stop_iptables(){
 	iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	#重置output规则
-	iptables -t nat -D OUTPUT -p tcp -s 127.0.0.0/8 -j clash_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p tcp -s 172.16.0.0/12 -j clash_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p tcp -d 198.18.0.0/16 -j clash_out 2> /dev/null
 	iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
 	iptables -t nat -F clash_out 2> /dev/null
 	iptables -t nat -X clash_out 2> /dev/null	
-	iptables -t nat -D OUTPUT -p udp --dport 53 -s 127.0.0.0/8 -j clash_dns_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p udp --dport 53 -s 172.16.0.0/12 -j clash_dns_out 2> /dev/null
 	iptables -t nat -D OUTPUT -p udp --dport 53 -j clash_dns_out 2> /dev/null
 	iptables -t nat -F clash_dns_out 2> /dev/null
 	iptables -t nat -X clash_dns_out 2> /dev/null
+	#重置docker规则
+	iptables -t nat -F clash_docker 2> /dev/null
+	iptables -t nat -X clash_docker 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -s 172.16.0.0/12 -j clash_docker 2> /dev/null
+	iptables -t nat -D PREROUTING -p udp --dport 53 -s 172.16.0.0/12 -j REDIRECT --to $dns_port 2> /dev/null
 	#重置udp规则
 	iptables -t mangle -D PREROUTING -p udp -j clash 2> /dev/null
 	iptables -t mangle -F clash 2> /dev/null
@@ -816,24 +823,22 @@ bfstart(){
 	#本机代理准备
 	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
 		if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
-			if [ -z "$(command -v useradd 2>/dev/null)" -o -z "$(command -v groupmod 2>/dev/null)" ]; then
-				grep -qw shellclash /etc/passwd || echo "shellclash:x:0:7890:::" >> /etc/passwd
-			else
+			if type userdel useradd groupmod &>/dev/null; then
 				userdel shellclash 2>/dev/null
 				useradd shellclash -u 7890
 				groupmod shellclash -g 7890
 				sed -Ei s/7890:7890/0:7890/g /etc/passwd
+			else
+				grep -qw shellclash /etc/passwd || echo "shellclash:x:0:7890:::" >> /etc/passwd
 			fi
 		fi
 		if [ "$start_old" != "已开启" ];then
+			[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
+			[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
 			if [ -w /etc/init.d/clash ]; then
-				[ "$systype" = "mi_snapshot" ] && servdir=$clashdir/clashservice || servdir=/etc/init.d/clash
-				[ -z "$(grep 'procd_set_param user shellclash' $servdir)" ] && {
-    				sed -i '/procd_close_instance/i\\t\tprocd_set_param user shellclash' $servdir
-				}
-			else
-				[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
-				[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
+				[ -z "$(grep 'procd_set_param user shellclash' /etc/init.d/clash)" ] && \
+    			sed -i '/procd_close_instance/i\\t\tprocd_set_param user shellclash' /etc/init.d/clash
+			elif [ -w "$servdir" ]; then
 				setconfig ExecStart "/bin/su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir
 				systemctl daemon-reload >/dev/null
 			fi