From 45abeaf1dbc8355a26343d471d768b1132e6d07c Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Fri, 12 Dec 2025 11:38:31 +0800
Subject: [PATCH 01/12] =?UTF-8?q?=E5=B7=B2=E6=B7=BB=E5=8A=A0=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20scripts/components/gateway.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/components/gateway.sh | 153 ++++++++++++++++++++++++++++++++++
 scripts/menu.sh               |   4 +
 2 files changed, 157 insertions(+)
 create mode 100644 scripts/components/gateway.sh

diff --git a/scripts/components/gateway.sh b/scripts/components/gateway.sh
new file mode 100644
index 00000000..96cf00d0
--- /dev/null
+++ b/scripts/components/gateway.sh
@@ -0,0 +1,153 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+CFG="$CRASHDIR"/config/gateway.cfg
+
+gateway(){
+	echo -----------------------------------------------
+	echo -e "\033[30;47m欢迎使用访问与控制菜单：\033[0m"
+	echo -----------------------------------------------
+	echo -e " 1 配置公网访问防火墙"
+	echo -e " 2 配置Telegram专属控制机器人"
+	echo -e " 3 配置DDNS自动域名"
+	[ "$disoverride" != "1" ] && {
+		echo -e " 4 自定义公网入站节点"
+		echo -e " 5 配置\033[32m内网穿透\033[0m(WireGuard/Tailscale)"
+	}
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		setfirewall
+		gateway
+		;;
+	2)
+		settgadvbot
+		gateway
+		;;
+	3)
+		setddns
+		gateway
+		;;
+	4)
+		setlisteners
+		gateway
+		;;
+	5)
+		setendpoints
+		gateway
+		;;
+	*) errornum ;;
+	esac
+}
+
+setendpoints(){
+	genendpoints(){
+		cat >"$CRASHDIR"/yamls/wireguard.yaml <<EOF
+
+
+
+
+EOF
+	}
+	setwireguard(){
+		echo -----------------------------------------------
+		echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件！"
+		echo -----------------------------------------------
+		echo -e " 1 设置服务器地址"
+		echo -e " 2 设置服务器端口"
+		echo -e " 3 设置服务端公钥"
+		echo -e " 4 设置本地私钥"
+		echo -e " 5 设置本地IPV4地址"
+		echo -e " 6 设置本地IPV6地址"
+		echo -e " 0 返回上级菜单 \033[0m"
+		echo -----------------------------------------------
+		read -p "请输入对应数字 > " num
+		read -p "请输入相应内容 > " text
+		case "$num" in
+		0) ;;
+		1)
+			setconfig wg_server "$text" "$CFG"
+			setwireguard
+			;;
+		2)
+			setconfig wg_port "$text" "$CFG"
+			setwireguard
+			;;
+		3)
+			setconfig wg_publickey "$text" "$CFG"
+			setwireguard
+			;;
+		4)
+			setconfig wg_privatekey "$text" "$CFG"
+			setwireguard
+			;;
+		5)
+			setconfig wg_ipv4 "$text" "$CFG"
+			setwireguard
+			;;
+		6)
+			setconfig wg_ipv6 "$text" "$CFG"
+			setwireguard
+			;;
+		*) errornum ;;
+		esac		
+	}
+	settailscale(){
+		echo -----------------------------------------------
+		echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
+		echo -e "登陆后请前往此处创建秘钥\033[36;4mhttps://login.tailscale.com/admin/settings/keys\033[0m"
+		echo -----------------------------------------------
+		echo -e " 1 设置秘钥"
+		echo -e " 2 使用代理出站"
+		echo -e " 0 返回上级菜单 \033[0m"
+		echo -----------------------------------------------
+		read -p "请输入对应数字 > " num
+		read -p "请输入相应内容 > " text
+		case "$num" in
+		0) ;;
+		1)
+			setconfig ts_auth_key "$text" "$CFG"
+			setwireguard
+			;;
+		2)
+			setconfig ts_proxy_type "$text" "$CFG"
+			setwireguard
+			;;
+		*) errornum ;;
+		esac		
+	}
+	echo -----------------------------------------------
+	echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard/Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
+	echo -e "\033[33m配置完成后请手动生成配置文件！相关文件会在内核启动时自动加载！\033[0m"
+	echo -----------------------------------------------
+	echo -e " 1 生成内核配置文件"
+	echo -e " 2 配置WireGuard客户端"
+	echo -e " 3 配置Tailscale(仅限Singbox内核)"
+	echo -e " 4 移除内核配置文件"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		genendpoints
+		gateway
+		;;	
+	2)
+		setwireguard
+		gateway
+		;;
+	3)
+		settailscale
+		gateway
+		;;
+	4)
+		delendpoints
+		gateway
+		;;	
+	*) errornum ;;
+	esac
+}
\ No newline at end of file
diff --git a/scripts/menu.sh b/scripts/menu.sh
index c035bdbd..dc1e8697 100644
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -1849,6 +1849,10 @@ advanced_set() { #进阶设置
 	read -p "请输入对应数字 > " num
 	case "$num" in
 	0) ;;
+	1)
+		. "$CRASHDIR"/components/gateway.sh && gateway
+		advanced_set
+		;;
 	3)
 		setfirewall
 		advanced_set

From 7bdd32459f47d8859a93efbd5f4fec589c381e83 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Fri, 12 Dec 2025 21:46:14 +0800
Subject: [PATCH 02/12] =?UTF-8?q?~=E5=A2=9E=E5=8A=A0tailscale=E8=AE=BE?=
 =?UTF-8?q?=E7=BD=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/components/endpoints.sh | 20 ++++++++++++
 scripts/components/gateway.sh   | 56 +++++++++++++++------------------
 scripts/start.sh                |  7 +++++
 3 files changed, 53 insertions(+), 30 deletions(-)
 create mode 100644 scripts/components/endpoints.sh

diff --git a/scripts/components/endpoints.sh b/scripts/components/endpoints.sh
new file mode 100644
index 00000000..5c4f913e
--- /dev/null
+++ b/scripts/components/endpoints.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ "ts_advertise_routes" = true ] && advertise_routes='"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"'
+cat >"$TMPDIR"/jsons/tailscale.json <<EOF
+{
+  "endpoints": [
+    {
+	  "type": "tailscale",
+	  "tag": "ts-ep",
+	  "state_directory": "/tmp/ShellCrash/tailscale",
+	  "auth_key": "$ts_auth_key",
+	  "hostname": "ShellCrash-ts-ep",
+	  "advertise_routes": [$advertise_routes],
+	  "advertise_exit_node": $ts_advertise_exit_node,
+	  "udp_timeout": "5m"
+    }
+  ]
+}
+EOF
diff --git a/scripts/components/gateway.sh b/scripts/components/gateway.sh
index 96cf00d0..28efb0a8 100644
--- a/scripts/components/gateway.sh
+++ b/scripts/components/gateway.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-CFG="$CRASHDIR"/config/gateway.cfg
+CFG="$CRASHDIR"/configs/gateway.cfg
 
 gateway(){
 	echo -----------------------------------------------
@@ -44,14 +44,6 @@ gateway(){
 }
 
 setendpoints(){
-	genendpoints(){
-		cat >"$CRASHDIR"/yamls/wireguard.yaml <<EOF
-
-
-
-
-EOF
-	}
 	setwireguard(){
 		echo -----------------------------------------------
 		echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件！"
@@ -96,24 +88,39 @@ EOF
 		esac		
 	}
 	settailscale(){
+		[ -n "$ts_auth_key" ] && ts_auth_key_info='已设置'
 		echo -----------------------------------------------
 		echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
 		echo -e "登陆后请前往此处创建秘钥\033[36;4mhttps://login.tailscale.com/admin/settings/keys\033[0m"
+		echo -e "通告路由首次启动服务后，需前往\033[36;4mhttps://login.tailscale.com\033[0m允许对应通告，并在客户端启用相关路由"
 		echo -----------------------------------------------
-		echo -e " 1 设置秘钥"
-		echo -e " 2 使用代理出站"
+		echo -e " 1 启用/关闭Tailscale服务		\033[32m$ts_service\033[0m"
+		echo -e " 2 设置秘钥(Auth Key)			\033[32m$ts_auth_key_info\033[0m"
+		echo -e " 3 通告路由保留地址(Subnet)	\033[32m$ts_advertise_routes\033[0m"
+		echo -e " 4 通告路由全部流量(EXIT NODE)	\033[32m$ts_exit_node_allow\033[0m"
 		echo -e " 0 返回上级菜单 \033[0m"
 		echo -----------------------------------------------
 		read -p "请输入对应数字 > " num
-		read -p "请输入相应内容 > " text
 		case "$num" in
 		0) ;;
 		1)
-			setconfig ts_auth_key "$text" "$CFG"
+			[ "ts_service" = ON ] && ts_service=OFF || ts_service=ON
+			setconfig ts_service "$ts_service"
 			setwireguard
 			;;
 		2)
-			setconfig ts_proxy_type "$text" "$CFG"
+			read -p "请输入秘钥(Auth key) > " text
+			[ -n "$text" ] && setconfig ts_auth_key "$text" "$CFG"
+			setwireguard
+			;;
+		3)
+			[ "ts_advertise_routes" = true ] && ts_advertise_routes=false || ts_advertise_routes=true
+			setconfig ts_advertise_routes "$ts_advertise_routes" "$CFG"
+			setwireguard
+			;;
+		4)
+			[ "advertise_exit_node" = true ] && advertise_exit_node=false || advertise_exit_node=true
+			setconfig advertise_exit_node "$advertise_exit_node" "$CFG"
 			setwireguard
 			;;
 		*) errornum ;;
@@ -121,33 +128,22 @@ EOF
 	}
 	echo -----------------------------------------------
 	echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard/Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
-	echo -e "\033[33m配置完成后请手动生成配置文件！相关文件会在内核启动时自动加载！\033[0m"
 	echo -----------------------------------------------
-	echo -e " 1 生成内核配置文件"
-	echo -e " 2 配置WireGuard客户端"
-	echo -e " 3 配置Tailscale(仅限Singbox内核)"
-	echo -e " 4 移除内核配置文件"
-	echo -e " 0 返回上级菜单 \033[0m"
+	echo -e " 1 配置WireGuard客户端"
+	echo -e " 2 配置Tailscale(仅限Singbox内核)"
+	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
 	case "$num" in
-	0) ;;
+	0) ;;	
 	1)
-		genendpoints
-		gateway
-		;;	
-	2)
 		setwireguard
 		gateway
 		;;
-	3)
+	2)
 		settailscale
 		gateway
 		;;
-	4)
-		delendpoints
-		gateway
-		;;	
 	*) errornum ;;
 	esac
 }
\ No newline at end of file
diff --git a/scripts/start.sh b/scripts/start.sh
index 13ecf977..719a35f7 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -625,6 +625,11 @@ modify_json() { #修饰singbox1.13配置文件
 		cat "$TMPDIR"/format.json | sed -n '/^  "providers":/,/^  "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/providers.json
 	}
 	cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\(  "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json
+	#加载端点配置文件并生成
+	[ "ts_service" = ON ] || [ "wg_service" = ON ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		. "$CRASHDIR"/components/endpoints.sh
+	}
 	#生成log.json
 	cat >"$TMPDIR"/jsons/log.json <<EOF
 { "log": { "level": "info", "timestamp": true } }
@@ -772,6 +777,7 @@ EOF
 	#生成add_route.json
 		#域名嗅探配置
 	[ "$sniffer" = "已启用" ] && sniffer_set='{ "inbound": [ "redirect-in", "tproxy-in", "tun-in" ], "action": "sniff", "timeout": "500ms" },' 
+	[ "advertise_exit_node" = true ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },'
 	cat >"$TMPDIR"/jsons/add_route.json <<EOF
 {
   "route": {
@@ -779,6 +785,7 @@ EOF
     "default_mark": $routing_mark,
 	"rules": [
 	  { "inbound": [ "dns-in" ], "action": "hijack-dns" },
+	  $tailscale_set
 	  $sniffer_set
       { "protocol": "dns", "action": "hijack-dns" },
       { "clash_mode": "Direct" , "outbound": "DIRECT" },

From 3c302d6e1fea17b8b8cf076d9ab0b45a14b39915 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Fri, 12 Dec 2025 22:13:12 +0800
Subject: [PATCH 03/12] =?UTF-8?q?~=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/components/gateway.sh | 41 +++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 19 deletions(-)

diff --git a/scripts/components/gateway.sh b/scripts/components/gateway.sh
index 28efb0a8..c68268b3 100644
--- a/scripts/components/gateway.sh
+++ b/scripts/components/gateway.sh
@@ -2,6 +2,7 @@
 # Copyright (C) Juewuy
 
 CFG="$CRASHDIR"/configs/gateway.cfg
+. "$CFG"
 
 gateway(){
 	echo -----------------------------------------------
@@ -91,37 +92,39 @@ setendpoints(){
 		[ -n "$ts_auth_key" ] && ts_auth_key_info='已设置'
 		echo -----------------------------------------------
 		echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
-		echo -e "登陆后请前往此处创建秘钥\033[36;4mhttps://login.tailscale.com/admin/settings/keys\033[0m"
-		echo -e "通告路由首次启动服务后，需前往\033[36;4mhttps://login.tailscale.com\033[0m允许对应通告，并在客户端启用相关路由"
+		echo -e "创建秘钥:\033[32;4mhttps://login.tailscale.com/admin/settings/keys\033[0m"
+		echo -e "访问非本机目标需允许通告:\033[32;4mhttps://login.tailscale.com\033[0m"
+		echo -e "访问非本机目标需在终端设置使用Subnet或EXIT-NODE模式"
 		echo -----------------------------------------------
-		echo -e " 1 启用/关闭Tailscale服务		\033[32m$ts_service\033[0m"
-		echo -e " 2 设置秘钥(Auth Key)			\033[32m$ts_auth_key_info\033[0m"
-		echo -e " 3 通告路由保留地址(Subnet)	\033[32m$ts_advertise_routes\033[0m"
-		echo -e " 4 通告路由全部流量(EXIT NODE)	\033[32m$ts_exit_node_allow\033[0m"
+		echo -e " 1 启用/关闭Tailscale服务	\033[32m$ts_service\033[0m"
+		echo -e " 2 设置秘钥(Auth Key)		\033[32m$ts_auth_key_info\033[0m"
+		echo -e " 3 通告路由内网地址(Subnet)	\033[32m$ts_subnet\033[0m"
+		echo -e " 4 通告路由全部流量(EXIT-NODE)	\033[32m$ts_exit_node\033[0m"
 		echo -e " 0 返回上级菜单 \033[0m"
 		echo -----------------------------------------------
 		read -p "请输入对应数字 > " num
 		case "$num" in
 		0) ;;
 		1)
-			[ "ts_service" = ON ] && ts_service=OFF || ts_service=ON
+			[ "$ts_service" = ON ] && ts_service=OFF || ts_service=ON
 			setconfig ts_service "$ts_service"
-			setwireguard
+			settailscale
 			;;
 		2)
-			read -p "请输入秘钥(Auth key) > " text
-			[ -n "$text" ] && setconfig ts_auth_key "$text" "$CFG"
-			setwireguard
+			read -p "请输入秘钥(输入0删除) > " text
+			[ "$text" = 0 ] && unset ts_auth_key ts_auth_key_info || ts_auth_key="$text"
+			[ -n "$ts_auth_key" ] && setconfig ts_auth_key "$ts_auth_key" "$CFG"
+			settailscale
 			;;
 		3)
-			[ "ts_advertise_routes" = true ] && ts_advertise_routes=false || ts_advertise_routes=true
-			setconfig ts_advertise_routes "$ts_advertise_routes" "$CFG"
-			setwireguard
+			[ "$ts_subnet" = true ] && ts_subnet=false || ts_subnet=true
+			setconfig ts_subnet "$ts_subnet" "$CFG"
+			settailscale
 			;;
 		4)
-			[ "advertise_exit_node" = true ] && advertise_exit_node=false || advertise_exit_node=true
-			setconfig advertise_exit_node "$advertise_exit_node" "$CFG"
-			setwireguard
+			[ "$ts_exit_node" = true ] && ts_exit_node=false || ts_exit_node=true
+			setconfig ts_exit_node "$ts_exit_node" "$CFG"
+			settailscale
 			;;
 		*) errornum ;;
 		esac		
@@ -138,11 +141,11 @@ setendpoints(){
 	0) ;;	
 	1)
 		setwireguard
-		gateway
+		setendpoints
 		;;
 	2)
 		settailscale
-		gateway
+		setendpoints
 		;;
 	*) errornum ;;
 	esac

From 602d45442119bdbd20a27cd6e19854ff25a510ab Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Sun, 14 Dec 2025 08:50:18 +0800
Subject: [PATCH 04/12] =?UTF-8?q?=E5=B7=B2=E6=B7=BB=E5=8A=A0=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20scripts/components/bot=5Ftg.sh=20=E5=B7=B2=E6=B7=BB?=
 =?UTF-8?q?=E5=8A=A0=20=20=20=20=20=20=20=20scripts/components/ddns=5Fop.s?=
 =?UTF-8?q?h=20=E5=B7=B2=E4=BF=AE=E6=94=B9=20=20=20=20=20=20=20=20scripts/?=
 =?UTF-8?q?components/gateway.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/components/bot_tg.sh  | 210 ++++++++++++++++++++++++++++++++++
 scripts/components/ddns_op.sh | 178 ++++++++++++++++++++++++++++
 scripts/components/gateway.sh | 208 +++++++++++++++++++++------------
 3 files changed, 526 insertions(+), 70 deletions(-)
 create mode 100644 scripts/components/bot_tg.sh
 create mode 100644 scripts/components/ddns_op.sh

diff --git a/scripts/components/bot_tg.sh b/scripts/components/bot_tg.sh
new file mode 100644
index 00000000..58b91a26
--- /dev/null
+++ b/scripts/components/bot_tg.sh
@@ -0,0 +1,210 @@
+#!/bin/sh
+
+. "$CRASHDIR"/configs/gateway.cfg
+OFFSET=0
+API="https://api.telegram.org/bot$TG_TOKEN"
+STATE_FILE="/tmp/ShellCrash/tgbot_state"
+LOGFILE="/tmp/ShellCrash/tgbot.log"
+
+### --- 基础函数 --- ###
+setproxy(){
+	[ -n "$(pidof CrashCore)" ] && {
+		[ -n "$authentication" ] && auth="$authentication@"
+		[ -z "$mix_port" ] && mix_port=7890
+		export https_proxy="http://${auth}127.0.0.1:$mix_port"
+	}
+}
+webget() {
+	setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -kfsSl --connect-timeout 3 $1 2>/dev/null
+	else
+		wget -Y on -q --timeout=3 -O - $1
+	fi
+}
+webpost() {
+	setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json; charset=utf-8" "$1" -d "$2" >/dev/null 2>&1
+	else
+		wget -Y on -q --timeout=3 --method=POST --header="Content-Type: application/json; charset=utf-8" --body-data="$2" "$1"
+	fi
+}
+send_msg() {
+    TEXT="$1"
+	webpost "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\"}"
+}
+send_help(){
+    TEXT=$(cat <<EOF
+进群讨论：
+https://t.me/+RKujv98Gbx5zGY-P
+项目地址：
+https://github.com/juewuy/ShellCrash
+相关教程：
+https://juewuy.github.io
+请喝咖啡：
+https://juewuy.github.io/yOF4Yf06Q/
+友情机场： 
+https://dler.pro/auth/register?affid=89698
+https://pub.bigmeok.me?code=2PuWY9I7
+EOF
+)
+	send_msg "$TEXT"
+}
+send_menu() {
+	#获取运行状态
+	PID=$(pidof CrashCore | awk '{print $NF}')
+	if [ -n "$PID" ]; then
+		run=正在运行
+		VmRSS=$(cat /proc/$PID/status | grep -w VmRSS | awk 'unit="MB" {printf "%.2f %s\n", $2/1000, unit}')
+		start_time=$(cat /tmp/ShellCrash/crash_start_time)
+		if [ -n "$start_time" ]; then
+			time=$(($(date +%s) - start_time))
+			day=$((time / 86400))
+			[ "$day" = "0" ] && day='' || day="$day天"
+			time=$(date -u -d @${time} +%H小时%M分%S秒)
+		fi
+	corename=$(echo $crashcore | sed 's/singboxr/SingBoxR/' | sed 's/singbox/SingBox/' | sed 's/clash/Clash/' | sed 's/meta/Mihomo/')
+	else
+		run=未运行
+	fi
+    TEXT=$(cat <<EOF
+*欢迎使用ShellCrash！*                版本：$versionsh_l
+$corename服务$run               【*$redir_mod*】
+内存占用：$VmRSS                    已运行：$day$time
+请选择操作：
+EOF
+)
+
+    MENU=$(cat <<'EOF'
+{
+  "inline_keyboard":[
+    [
+      {"text":"▶ 启用劫持","callback_data":"start_redir"},
+      {"text":"■ 纯净模式","callback_data":"stop_redir"},
+      {"text":"🔄 重启内核","callback_data":"restart"}
+    ],
+    [
+      {"text":"🌀 热更新订阅","callback_data":"refresh"},
+      {"text":"📝 添加订阅","callback_data":"set_sub"}
+    ]
+  ]
+}
+EOF
+)
+
+webpost "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\",\"reply_markup\":$MENU}"
+
+}
+
+### --- 具体操作函数 --- ###
+do_start_fw() {
+	[ -z "$redir_mod_bf" ] && redir_mod_bf='Redir模式'
+	redir_mod=$redir_mod_bf
+	setconfig redir_mod $redir_mod
+	"$CRASHDIR"/start.sh start_firewall
+    echo "ShellCrash 透明路由*$redir_mod_bf*已启用！" > "$LOGFILE"
+}
+do_stop_fw() {
+	redir_mod_bf=$redir_mod
+	redir_mod='纯净模式'
+	setconfig redir_mod $redir_mod
+	"$CRASHDIR"/start.sh stop_firewall
+    echo "ShellCrash 已切换到纯净模式！" > "$LOGFILE"
+}
+do_restart() {
+    "$CRASHDIR"/start.sh restart
+    echo "ShellCrash 服务已重启！" > "$LOGFILE"
+}
+do_refresh() {
+    "$CRASHDIR"/start.sh hotupdate
+	echo "ShellCrash 已完成热更新订阅！" > "$LOGFILE"
+}
+do_set_sub() {
+    #echo "$1" "$2" >> "$CRASHDIR"/configs/providers.cfg
+    echo "错误，还未完成的功能！" > "$LOGFILE"
+
+}
+
+### --- 轮询主进程 --- ###
+polling(){
+	while true; do
+		UPDATES=$(webget "$API/getUpdates?timeout=25&offset=$OFFSET")
+
+		echo "$UPDATES" | grep -q '"update_id"' || continue
+
+		OFFSET=$(echo "$UPDATES" | grep -o '"update_id":[0-9]*' | tail -n1 | cut -d: -f2)
+		OFFSET=$((OFFSET + 1))
+		
+		### --- 处理按钮事件 --- ###
+		CALLBACK=$(echo "$UPDATES" | grep -o '"data":"[^"]*"' | head -n1 | sed 's/.*:"//;s/"$//')
+
+		case "$CALLBACK" in
+			"start_redir")
+				if [ "$redir_mod" = '纯净模式' ];then
+					do_start_fw
+					send_msg  "已切换到$redir_mod_bf！"
+				else
+					send_msg  "当前已经是$redir_mod！"
+				fi
+				send_menu 
+				continue
+				;;
+			"stop_redir")
+				if [ "$redir_mod" != '纯净模式' ];then
+					do_stop_fw
+					send_msg  "已切换到纯净模式"
+				else
+					send_msg  "当前已经是纯净模式！"
+				fi
+				send_menu 
+				continue
+				;;
+			"restart")
+				do_restart
+				send_msg  "🔄 服务已重启"
+				sleep 10
+				send_menu 
+				continue
+				;;
+			"refresh")
+				do_refresh
+				send_msg  "🌀 刷新完成：\n$(cat "$LOGFILE")"
+				send_menu 
+				continue
+				;;
+			"set_sub")
+				echo "await_sub" > "$STATE_FILE"
+				send_msg  "✏ 请输入新的订阅链接："
+				continue
+				;;
+		esac
+
+
+		### --- 处理订阅输入 --- ###
+		TEXT=$(echo "$UPDATES" | grep -o '"text":"[^"]*"' | tail -n1 | sed 's/.*"text":"//;s/"$//')
+
+		if [ "$(cat "$STATE_FILE" 2>/dev/null)" = "await_sub" ]; then
+			echo "" > "$STATE_FILE"
+			do_set_sub "$TEXT"
+			send_msg  "订阅更新完成：\n$(cat "$LOGFILE")"
+			send_menu 
+			continue
+		fi
+
+
+		### 处理命令 ###
+		case "$TEXT" in
+		/crash)
+			send_menu
+		;;
+		/help)
+			send_help
+		;;
+		esac
+
+	done
+}
+
+polling
+
diff --git a/scripts/components/ddns_op.sh b/scripts/components/ddns_op.sh
new file mode 100644
index 00000000..a51d3afb
--- /dev/null
+++ b/scripts/components/ddns_op.sh
@@ -0,0 +1,178 @@
+#! /bin/bash
+# Copyright (C) Juewuy
+
+ddns_dir=/etc/config/ddns
+tmp_dir=/tmp/ddns_$USER
+
+[ ! -f $ddns_dir ] && echo -e "本脚本依赖OpenWrt内置的DDNS服务,当前设备无法运行,已退出！" && exit 1
+echo -----------------------------------------------
+echo -e "\033[30;46m欢迎使用ShellDDNS！\033[0m"
+echo -e "TG群：\033[36;4mhttps://t.me/ShellCrash\033[0m"
+
+add_ddns() {
+	cat >>$ddns_dir <<EOF
+	
+config service '$service'
+	option enabled '1'
+	option force_unit 'hours'
+	option lookup_host '$domain'
+	option service_name '$service_name'
+	option domain '$domain'
+	option username '$username'
+	option use_https '0'
+	option use_ipv6 '$use_ipv6'
+	option password '$password'
+	option ip_source 'web'
+	option ip_url 'http://ip.sb'
+	option check_unit 'minutes'
+	option check_interval '$check_interval'
+	option force_interval '$force_interval'
+	option interface 'wan'
+	option bind_network 'wan'
+EOF
+	/usr/lib/ddns/dynamic_dns_updater.sh -S $service start >/dev/null 2>&1 &
+	sleep 3
+	echo 服务已经添加！
+}
+set_ddns() {
+	echo -----------------------------------------------
+	read -p "请输入你的域名 > " str
+	[ -z "$str" ] && domain=$domain || domain=$str
+	echo -----------------------------------------------
+	read -p "请输入用户名或邮箱 > " str
+	[ -z "$str" ] && username=$username || username=$str
+	echo -----------------------------------------------
+	read -p "请输入密码或令牌秘钥 > " str
+	[ -z "$str" ] && password=$password || password=$str
+	echo -----------------------------------------------
+	read -p "请输入检测更新间隔(单位:分钟;默认为10) > " check_interval
+	[ -z "$check_interval" ] || [ "$check_interval" -lt 1 -o "$check_interval" -gt 1440 ] && check_interval=10
+	echo -----------------------------------------------
+	read -p "请输入强制更新间隔(单位:小时;默认为24) > " force_interval
+	[ -z "$force_interval" ] || [ "$force_interval" -lt 1 -o "$force_interval" -gt 240 ] && force_interval=24
+	echo -----------------------------------------------
+	echo -e "请核对如下信息："
+	echo -e "服务商：		\033[32m$service\033[0m"
+	echo -e "域名：			\033[32m$domain\033[0m"
+	echo -e "用户名：		\033[32m$username\033[0m"
+	echo -e "检测间隔：		\033[32m$check_interval\033[0m"
+	echo -----------------------------------------------
+	read -p "确认添加？(1/0) > " res
+	[ "$res" = 1 ] && add_ddns || set_ddns
+}
+
+set_service() {
+	services_dir=/etc/ddns/$serv 
+	[ -s $services_dir ] || services_dir=/usr/share/ddns/list
+	echo -----------------------------------------------
+	echo -e "\033[32m请选择服务提供商\033[0m"
+	cat $services_dir | grep -v '^#' | awk '{print " "NR" " $1}'
+	nr=$(cat $services_dir | grep -v '^#' | wc -l)
+	read -p "请输入对应数字 > " num
+	if [ -z "$num" ]; then
+		i=
+	elif [ "$num" -gt 0 -a "$num" -lt $nr ]; then
+		service_name=$(cat $services_dir | grep -v '^#' | awk '{print $1}' | sed -n "$num"p | sed 's/"//g')
+		service=$(echo $service_name | sed 's/\./_/g')
+		set_ddns
+	else
+		echo "输入错误，请重新输入！"
+		sleep 1
+		set_service
+	fi
+}
+
+network_type() {
+	echo -----------------------------------------------
+	echo -e "\033[32m请选择网络模式\033[0m"
+	echo -e " 1 \033[36mIPV4\033[0m"
+	echo -e " 2 \033[36mIPV6\033[0m"
+	read -p "请输入对应数字 > " num
+	if [ -z "$num" ]; then
+		i=
+	elif [ "$num" = 1 ]; then
+		use_ipv6=0
+		serv=services
+		set_service
+	elif [ "$num" = 2 ]; then
+		use_ipv6=1
+		serv=services_ipv6
+		set_service
+	else
+		echo "输入错误，请重新输入！"
+		sleep 1
+		network_type
+	fi
+}
+
+rev_service() {
+	enabled=$(uci show ddns.$service | grep 'enabled' | awk -F "=" '{print $2}' | tr -d "'\"")
+	[ "$enabled" = 1 ] && enabled_b="停用" || enabled_b="启用"
+	echo -----------------------------------------------
+	echo -e " 1 \033[32m立即更新\033[0m"
+	echo -e " 2 编辑当前服务\033[0m"
+	echo -e " 3 $enabled_b当前服务"
+	echo -e " 4 移除当前服务"
+	echo -e " 5 查看运行日志"
+	echo -e " 0 返回上级菜单"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	if [ -z "$num" -o "$num" = 0 ]; then
+		i=
+	elif [ "$num" = 1 ]; then
+		/usr/lib/ddns/dynamic_dns_updater.sh -S $service start >/dev/null 2>&1 &
+		sleep 3
+	elif [ "$num" = 2 ]; then
+		domain=$(uci show ddns.$service | grep 'domain' | awk -F "=" '{print $2}' | tr -d "'\"")
+		username=$(uci show ddns.$service | grep 'username' | awk -F "=" '{print $2}' | tr -d "'\"")
+		password=$(uci show ddns.$service | grep 'password' | awk -F "=" '{print $2}' | tr -d "'\"")
+		service_name=$(uci show ddns.$service | grep 'service_name' | awk -F "=" '{print $2}' | tr -d "'\"")
+		uci delete ddns.$service
+		set_ddns
+	elif [ "$num" = 3 ]; then
+		[ "$enabled" = 1 ] && uci set ddns.$service.enabled='0' || uci set ddns.$service.enabled='1' && sleep 3
+		uci commit ddns.$service
+	elif [ "$num" = 4 ]; then
+		uci delete ddns.$service
+		uci commit ddns.$service
+	elif [ "$num" = 5 ]; then
+		echo -----------------------------------------------
+		cat /var/log/ddns/$service.log 2>/dev/null
+		sleep 1
+	fi
+}
+
+load_ddns() {
+	nr=0
+	cat $ddns_dir | grep 'config service' | awk '{print $3}' | sed "s/\'//g" | sed "s/\"//g" >$tmp_dir
+	echo -----------------------------------------------
+	echo -e "列表      域名       启用     IP地址"
+	echo -----------------------------------------------
+	for service in $(cat $tmp_dir); do
+		#echo $service >>$tmp_dir
+		nr=$((nr + 1))
+		enabled=$(uci show ddns.$service 2>/dev/null | grep 'enabled' | awk -F "=" '{print $2}' | tr -d "'\"")
+		domain=$(uci show ddns.$service 2>/dev/null | grep 'domain' | awk -F "=" '{print $2}' | tr -d "'\"")
+		local_ip=$(sed '1!G;h;$!d' /var/log/ddns/$service.log 2>/dev/null | grep -E 'Registered IP' | tail -1 | awk -F "'" '{print $2}' | tr -d "'\"")
+		echo -e " $nr   $domain  $enabled   $local_ip"
+	done
+	echo -e " $((nr + 1))   添加DDNS服务"
+	echo -e " 0   退出"
+	echo -----------------------------------------------
+	read -p "请输入对应序号 > " num
+	if [ -z "$num" -o "$num" = 0 ]; then
+		i=
+	elif [ "$num" -gt $nr ]; then
+		network_type
+		load_ddns
+	elif [ "$num" -gt 0 -a "$num" -le $nr ]; then
+		service=$(cat $tmp_dir | sed -n "$num"p)
+		rev_service
+		load_ddns
+	else
+		echo "请输入正确数字！" && load_ddns
+	fi
+}
+
+load_ddns
+rm -rf $tmp_dir
diff --git a/scripts/components/gateway.sh b/scripts/components/gateway.sh
index c68268b3..52143bbb 100644
--- a/scripts/components/gateway.sh
+++ b/scripts/components/gateway.sh
@@ -13,7 +13,7 @@ gateway(){
 	echo -e " 3 配置DDNS自动域名"
 	[ "$disoverride" != "1" ] && {
 		echo -e " 4 自定义公网入站节点"
-		echo -e " 5 配置\033[32m内网穿透\033[0m(WireGuard/Tailscale)"
+		echo -e " 5 配置\033[32m内网穿透\033[0m(Tailscale,仅限Singbox)"
 	}
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
@@ -21,73 +21,160 @@ gateway(){
 	case "$num" in
 	0) ;;
 	1)
-		setfirewall
+		set_pub_fw
 		gateway
 		;;
 	2)
-		settgadvbot
+		set_bot_tg
 		gateway
 		;;
 	3)
-		setddns
+		set_ddns
 		gateway
 		;;
 	4)
-		setlisteners
+		set_listeners
 		gateway
 		;;
 	5)
-		setendpoints
+		if echo "$crashcore" | grep -q 'sing';then
+			setendpoints
+		else
+			echo -e "\033[33m$crashcore内核暂不支持此功能，请先更换内核！\033[0m"
+			sleep 1
+			checkupdate && setcore
+		fi
 		gateway
 		;;
 	*) errornum ;;
 	esac
 }
-
+set_pub_fw() { #公网防火墙设置
+	[ -z "$public_support" ] && public_support=未开启
+	[ -z "$public_mixport" ] && public_mixport=未开启
+	echo -----------------------------------------------
+	echo -e " 1 公网访问Dashboard面板:	\033[36m$public_support\033[0m"
+	echo -e " 2 公网访问Socks/Http代理:	\033[36m$public_mixport\033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case $num in
+	1)
+		if [ "$public_support" = "未开启" ]; then
+			public_support=已开启
+		else
+			public_support=未开启
+		fi
+		setconfig public_support $public_support
+		setfirewall
+		;;
+	2)
+		if [ "$public_mixport" = "未开启" ]; then
+			if [ "$mix_port" = "7890" -o -z "$authentication" ]; then
+				echo -----------------------------------------------
+				echo -e "\033[33m为了安全考虑，请先修改默认Socks/Http端口并设置代理密码\033[0m"
+				sleep 1
+				setport
+			else
+				public_mixport=已开启
+			fi
+		else
+			public_mixport=未开启
+		fi
+		setconfig public_mixport $public_mixport
+		setfirewall
+		;;
+	3)
+		set_cust_host_ipv4
+		setfirewall
+		;;
+	*)
+		errornum
+		;;
+	esac
+}
+set_bot_tg_init(){
+	echo -----------------------------------------------
+	echo -e "请先通过 \033[32;4mhttps://t.me/BotFather\033[0m 申请TG机器人并获取其\033[36mAPI TOKEN\033[0m"
+	echo -----------------------------------------------
+	read -p "请输入你获取到的API TOKEN > " TOKEN
+	echo -----------------------------------------------
+	echo -e "请向\033[32m你申请的机器人\033[31m而不是BotFather\033[0m，发送任意几条消息！"
+	echo -----------------------------------------------
+	read -p "我已经发送完成(1/0) > " res
+	if [ "$res" = 1 ]; then
+		url_tg=https://api.telegram.org/bot${TOKEN}/getUpdates
+		[ -n "$authentication" ] && auth="$authentication@"
+		export https_proxy="http://${auth}127.0.0.1:$mix_port"
+		chat=$(webget $url_tg | tail -n -1)
+		[ -n "$chat" ] && chat_ID=$(echo $chat | grep -oE '"id":.*,"is_bot":false' | sed s'/"id"://'g | sed s'/,"is_bot":false//'g)
+		[ -z "$chat_ID" ] && {
+			echo -e "\033[31m无法获取对话ID，请确认使用的不是已经被绑定的机器人，或手动输入ChatID！\033[0m"
+			echo -e "通常访问 $url_tg 即可看到ChatID，也可以尝试其他方法\033[0m"
+			read -p "请手动输入ChatID > " chat_ID
+		}
+		if [ -n "$chat_ID" ]; then
+			setconfig TG_TOKEN $TOKEN "$CFG"
+			setconfig TG_CHATID $chat_ID "$CFG"
+			#设置机器人快捷命令
+			curl -s -X POST "https://api.telegram.org/bot$TOKEN/setMyCommands" \
+			  -H "Content-Type: application/json" \
+			  -d '{
+					"commands": [
+					  {"command": "crash", "description": "呼出ShellCrash菜单"},
+					  {"command": "help",  "description": "查看帮助"}
+					]
+				  }'
+			echo -e "\033[32m已完成Telegram机器人设置！\033[0m"
+			return 0
+		else
+			echo -e "\033[31m无法获取对话ID，请重新配置！\033[0m"
+			return 1
+		fi
+	fi
+}
+set_bot_tg_service(){
+	if [ "$bot_tg_service" = ON ];then
+		bot_tg_service=OFF
+		PID=$(pidof bot_tg.sh) && [ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1
+	else
+		bot_tg_service=ON
+		[ -z "$(pidof bot_tg.sh)" ] && "$CRASHDIR"/components/bot_tg.sh &
+	fi
+	setconfig bot_tg_service "$bot_tg_service"
+}
+set_bot_tg(){
+	[ -n "$ts_auth_key" ] && ts_auth_key_info='已设置'
+	echo -----------------------------------------------
+	echo -e "\033[31m注意：\033[0m由于网络环境原因，此机器人仅限服务启动时运行！"
+	echo -e "此机器人与推送机器人互不影响，请尽量不要设置成同一机器人"
+	echo -----------------------------------------------
+	echo -e " 1 启用/关闭TG-BOT服务	\033[32m$bot_tg_service\033[0m"
+	echo -e " 2 TG-BOT绑定设置"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		. "$CFG"
+		if [ -n "$TG_CHATID" ];then
+			set_bot_tg_service
+		else
+			set_bot_tg_init && set_bot_tg_service
+		fi
+	;;
+	2)
+		set_bot_tg_init && set_bot_tg_service
+	;;
+	*)
+		errornum
+	;;
+	esac		
+}
+set_ddns(){
+	echo
+}
 setendpoints(){
-	setwireguard(){
-		echo -----------------------------------------------
-		echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件！"
-		echo -----------------------------------------------
-		echo -e " 1 设置服务器地址"
-		echo -e " 2 设置服务器端口"
-		echo -e " 3 设置服务端公钥"
-		echo -e " 4 设置本地私钥"
-		echo -e " 5 设置本地IPV4地址"
-		echo -e " 6 设置本地IPV6地址"
-		echo -e " 0 返回上级菜单 \033[0m"
-		echo -----------------------------------------------
-		read -p "请输入对应数字 > " num
-		read -p "请输入相应内容 > " text
-		case "$num" in
-		0) ;;
-		1)
-			setconfig wg_server "$text" "$CFG"
-			setwireguard
-			;;
-		2)
-			setconfig wg_port "$text" "$CFG"
-			setwireguard
-			;;
-		3)
-			setconfig wg_publickey "$text" "$CFG"
-			setwireguard
-			;;
-		4)
-			setconfig wg_privatekey "$text" "$CFG"
-			setwireguard
-			;;
-		5)
-			setconfig wg_ipv4 "$text" "$CFG"
-			setwireguard
-			;;
-		6)
-			setconfig wg_ipv6 "$text" "$CFG"
-			setwireguard
-			;;
-		*) errornum ;;
-		esac		
-	}
 	settailscale(){
 		[ -n "$ts_auth_key" ] && ts_auth_key_info='已设置'
 		echo -----------------------------------------------
@@ -129,24 +216,5 @@ setendpoints(){
 		*) errornum ;;
 		esac		
 	}
-	echo -----------------------------------------------
-	echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard/Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
-	echo -----------------------------------------------
-	echo -e " 1 配置WireGuard客户端"
-	echo -e " 2 配置Tailscale(仅限Singbox内核)"
-	echo -e " 0 返回上级菜单"
-	echo -----------------------------------------------
-	read -p "请输入对应数字 > " num
-	case "$num" in
-	0) ;;	
-	1)
-		setwireguard
-		setendpoints
-		;;
-	2)
-		settailscale
-		setendpoints
-		;;
-	*) errornum ;;
-	esac
+	settailscale
 }
\ No newline at end of file

From 951d93a05520d226905a26d69170343c20fed159 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Sun, 14 Dec 2025 22:14:25 +0800
Subject: [PATCH 05/12] =?UTF-8?q?=E5=B7=B2=E4=BF=AE=E6=94=B9=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20scripts/components/endpoints.sh=20=E5=B7=B2?=
 =?UTF-8?q?=E4=BF=AE=E6=94=B9=20=20=20=20=20=20=20=20scripts/components/ga?=
 =?UTF-8?q?teway.sh=20=E5=B7=B2=E4=BF=AE=E6=94=B9=20=20=20=20=20=20=20=20s?=
 =?UTF-8?q?cripts/start.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/components/endpoints.sh |  55 ++++++++++-
 scripts/components/gateway.sh   | 170 +++++++++++++++++++++++---------
 scripts/start.sh                |   2 +-
 3 files changed, 178 insertions(+), 49 deletions(-)

diff --git a/scripts/components/endpoints.sh b/scripts/components/endpoints.sh
index 5c4f913e..d591759f 100644
--- a/scripts/components/endpoints.sh
+++ b/scripts/components/endpoints.sh
@@ -1,8 +1,10 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-[ "ts_advertise_routes" = true ] && advertise_routes='"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"'
-cat >"$TMPDIR"/jsons/tailscale.json <<EOF
+[ "$ts_service" = ON ] && {
+	[ "$ts_subnet" = true ] && advertise_routes='"10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"'
+	[ -z "$ts_exit_node" ] && ts_exit_node=false
+	cat >"$TMPDIR"/jsons/tailscale.json <<EOF
 {
   "endpoints": [
     {
@@ -12,9 +14,56 @@ cat >"$TMPDIR"/jsons/tailscale.json <<EOF
 	  "auth_key": "$ts_auth_key",
 	  "hostname": "ShellCrash-ts-ep",
 	  "advertise_routes": [$advertise_routes],
-	  "advertise_exit_node": $ts_advertise_exit_node,
+	  "advertise_exit_node": $ts_exit_node,
 	  "udp_timeout": "5m"
     }
   ]
 }
 EOF
+}
+
+[ "$wg_service" = ON ] && {
+	echo "$crashcore" | grep -q 'singbox' && {
+		[ -n "$wg_ipv6" ] && wg_ipv6_add=", \"$wg_ipv6\""
+		cat >"$TMPDIR"/jsons/wireguard.json <<EOF
+{
+  "endpoints": [
+	{
+	  "type": "wireguard",
+	  "tag": "wg-ep",
+	  "system": true,
+	  "mtu": 1420,
+	  "address": [ "$wg_ipv4"$wg_ipv6_add ],
+	  "private_key": "$wg_private_key",
+	  "peers": [
+		{
+		  "address": "$wg_server",
+		  "port": $wg_port,
+		  "public_key": "$wg_public_key",
+		  "pre_shared_key": "$wg_pre_shared_key",
+		  "allowed_ips": ["0.0.0.0/0", "::/0"]
+		}
+	  ]
+	}
+  ]
+}
+EOF
+	}
+	#meta内核wg生成
+	echo "$crashcore" | grep -q 'meta' && {
+		cat >"$TMPDIR"/yamls/wireguard.yaml <<EOF
+- name: "wg"
+  type: wireguard
+  private-key: $wg_private_key
+  server: $wg_server
+  port: $wg_port
+  ip: $wg_ipv4
+  ipv6: $wg_ipv6
+  public-key: $wg_public_key
+  allowed-ips: ['0.0.0.0/0', '::/0']
+  pre-shared-key: $wg_pre_shared_key
+  mtu: 1420
+  udp: true
+EOF
+	}
+}
diff --git a/scripts/components/gateway.sh b/scripts/components/gateway.sh
index 52143bbb..53843de0 100644
--- a/scripts/components/gateway.sh
+++ b/scripts/components/gateway.sh
@@ -13,7 +13,8 @@ gateway(){
 	echo -e " 3 配置DDNS自动域名"
 	[ "$disoverride" != "1" ] && {
 		echo -e " 4 自定义公网入站节点"
-		echo -e " 5 配置\033[32m内网穿透\033[0m(Tailscale,仅限Singbox)"
+		echo -e " 5 配置\033[32mTailscale内网穿透\033[0m(限Singbox)"
+		echo -e " 6 配置\033[32mWireguard客户端\033[0m"
 	}
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
@@ -23,29 +24,33 @@ gateway(){
 	1)
 		set_pub_fw
 		gateway
-		;;
+	;;
 	2)
 		set_bot_tg
 		gateway
-		;;
+	;;
 	3)
 		set_ddns
 		gateway
-		;;
+	;;
 	4)
 		set_listeners
 		gateway
-		;;
+	;;
 	5)
 		if echo "$crashcore" | grep -q 'sing';then
-			setendpoints
+			set_tailscale
 		else
 			echo -e "\033[33m$crashcore内核暂不支持此功能，请先更换内核！\033[0m"
 			sleep 1
 			checkupdate && setcore
 		fi
 		gateway
-		;;
+	;;
+	6)
+		set_wireguard
+		gateway
+	;;
 	*) errornum ;;
 	esac
 }
@@ -174,47 +179,122 @@ set_bot_tg(){
 set_ddns(){
 	echo
 }
-setendpoints(){
-	settailscale(){
-		[ -n "$ts_auth_key" ] && ts_auth_key_info='已设置'
-		echo -----------------------------------------------
-		echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
-		echo -e "创建秘钥:\033[32;4mhttps://login.tailscale.com/admin/settings/keys\033[0m"
-		echo -e "访问非本机目标需允许通告:\033[32;4mhttps://login.tailscale.com\033[0m"
-		echo -e "访问非本机目标需在终端设置使用Subnet或EXIT-NODE模式"
-		echo -----------------------------------------------
-		echo -e " 1 启用/关闭Tailscale服务	\033[32m$ts_service\033[0m"
-		echo -e " 2 设置秘钥(Auth Key)		\033[32m$ts_auth_key_info\033[0m"
-		echo -e " 3 通告路由内网地址(Subnet)	\033[32m$ts_subnet\033[0m"
-		echo -e " 4 通告路由全部流量(EXIT-NODE)	\033[32m$ts_exit_node\033[0m"
-		echo -e " 0 返回上级菜单 \033[0m"
-		echo -----------------------------------------------
-		read -p "请输入对应数字 > " num
-		case "$num" in
-		0) ;;
-		1)
+
+set_tailscale(){
+	[ -n "$ts_auth_key" ] && ts_auth_key_info='*********'
+	echo -----------------------------------------------
+	echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
+	echo -e "创建秘钥:\033[32;4mhttps://login.tailscale.com/admin/settings/keys\033[0m"
+	echo -e "访问非本机目标需允许通告:\033[32;4mhttps://login.tailscale.com\033[0m"
+	echo -e "访问非本机目标需在终端设置使用Subnet或EXIT-NODE模式"
+	echo -----------------------------------------------
+	echo -e " 1 \033[32m启用/关闭\033[0mTailscale服务	\033[32m$ts_service\033[0m"
+	echo -e " 2 设置\033[36m秘钥\033[0m(Auth Key)		$ts_auth_key_info"
+	echo -e " 3 通告路由\033[33m内网地址\033[0m(Subnet)	\033[36m$ts_subnet\033[0m"
+	echo -e " 4 通告路由\033[31m全部流量\033[0m(EXIT-NODE)	\033[36m$ts_exit_node\033[0m"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ -n "$ts_auth_key" ];then
 			[ "$ts_service" = ON ] && ts_service=OFF || ts_service=ON
 			setconfig ts_service "$ts_service"
-			settailscale
-			;;
+		else
+			echo -e "\033[31m请先设置秘钥！\033[0m"
+			sleep 1
+		fi
+		set_tailscale
+	;;
+	2)
+		read -p "请输入秘钥(输入0删除) > " text
+		[ "$text" = 0 ] && unset ts_auth_key ts_auth_key_info || ts_auth_key="$text"
+		[ -n "$ts_auth_key" ] && setconfig ts_auth_key "$ts_auth_key" "$CFG"
+		set_tailscale
+	;;
+	3)
+		[ "$ts_subnet" = true ] && ts_subnet=false || ts_subnet=true
+		setconfig ts_subnet "$ts_subnet" "$CFG"
+		set_tailscale
+	;;
+	4)
+		[ "$ts_exit_node" = true ] && ts_exit_node=false || ts_exit_node=true
+		setconfig ts_exit_node "$ts_exit_node" "$CFG"
+		set_tailscale
+	;;
+	*) errornum ;;
+	esac		
+}
+
+set_wireguard(){
+	[ -n "$wg_public_key" ] && wgp_key_info='*********' || unset wgp_key_info
+	[ -n "$wg_private_key" ] && wgv_key_info='*********' || unset wgv_key_info
+	[ -n "$wg_pre_shared_key" ] && wgpsk_key_info='*********' || unset wgpsk_key_info
+	echo -----------------------------------------------
+	echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件！"
+	echo -----------------------------------------------
+	echo -e " 1 \033[32m启用/关闭\033[0mWireguard服务	\033[32m$wg_service\033[0m"
+	echo -----------------------------------------------
+	echo -e " 2 设置\033[36mEndpoint地址\033[0m：		\033[36m$wg_server\033[0m"
+	echo -e " 3 设置\033[36mEndpoint端口\033[0m：		\033[36m$wg_port\033[0m"
+	echo -e " 4 设置\033[36m公钥-PublicKey\033[0m：		\033[36m$wgp_key_info\033[0m"
+	echo -e " 5 设置\033[36m密钥-PresharedKey\033[0m：	\033[36m$wgpsk_key_info\033[0m"
+	echo -----------------------------------------------
+	echo -e " 6 设置\033[33m私钥-PrivateKey\033[0m：	\033[33m$wgv_key_info\033[0m"
+	echo -e " 7 设置\033[33m组网IPV4地址\033[0m：		\033[33m$wg_ipv4\033[0m"
+	echo -e " 8 可选\033[33m组网IPV6地址\033[0m：	\033[33m$wg_ipv6\033[0m"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ -n "$wg_server" ] && [ -n "$wg_port" ] && [ -n "$wg_public_key" ] && [ -n "$wg_pre_shared_key" ] && [ -n "$wg_private_key" ] && [ -n "$wg_ipv4" ];then
+			[ "$wg_service" = ON ] && wg_service=OFF || wg_service=ON
+			setconfig wg_service "$wg_service"
+		else
+			echo -e "\033[31m请先完成必选设置！\033[0m"
+			sleep 1
+		fi
+		set_wireguard
+	;;
+	[1-8])
+		read -p "请输入相应内容(回车或0删除) > " text
+		[ "$text" = 0 ] && text=''
+		case "$num" in
 		2)
-			read -p "请输入秘钥(输入0删除) > " text
-			[ "$text" = 0 ] && unset ts_auth_key ts_auth_key_info || ts_auth_key="$text"
-			[ -n "$ts_auth_key" ] && setconfig ts_auth_key "$ts_auth_key" "$CFG"
-			settailscale
-			;;
+			wg_server="$text"
+			setconfig wg_server "$text" "$CFG"
+		;;
 		3)
-			[ "$ts_subnet" = true ] && ts_subnet=false || ts_subnet=true
-			setconfig ts_subnet "$ts_subnet" "$CFG"
-			settailscale
-			;;
+			wg_port="$text"
+			setconfig wg_port "$text" "$CFG"
+		;;
 		4)
-			[ "$ts_exit_node" = true ] && ts_exit_node=false || ts_exit_node=true
-			setconfig ts_exit_node "$ts_exit_node" "$CFG"
-			settailscale
-			;;
-		*) errornum ;;
-		esac		
-	}
-	settailscale
+			wg_public_key="$text"
+			setconfig wg_public_key "$text" "$CFG"
+		;;
+		5)
+			wg_pre_shared_key="$text"
+			setconfig wg_pre_shared_key "$text" "$CFG"
+		;;
+		6)
+			wg_private_key="$text"
+			setconfig wg_private_key "$text" "$CFG"
+		;;
+		7)
+			wg_ipv4="$text"
+			setconfig wg_ipv4 "$text" "$CFG"
+		;;
+		8)
+			wg_ipv6="$text"
+			setconfig wg_ipv6 "$text" "$CFG"
+		;;
+
+		esac
+		set_wireguard
+	;;
+	*) errornum ;;
+	esac		
 }
\ No newline at end of file
diff --git a/scripts/start.sh b/scripts/start.sh
index 088b79eb..a09e52ee 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -634,7 +634,7 @@ modify_json() { #修饰singbox1.13配置文件
 	}
 	cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\(  "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json
 	#加载端点配置文件并生成
-	[ "ts_service" = ON ] || [ "wg_service" = ON ] && {
+	[ "$ts_service" = ON ] || [ "$wg_service" = ON ] && {
 		. "$CRASHDIR"/configs/gateway.cfg
 		. "$CRASHDIR"/components/endpoints.sh
 	}

From 417c15db60210ad8cce175201c13718cf438cc79 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Thu, 18 Dec 2025 21:53:49 +0800
Subject: [PATCH 06/12] =?UTF-8?q?=E9=87=8D=E5=91=BD=E5=90=8D=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20scripts/menus/bot=5Ftg.sh=20(=E4=BB=8E=20scripts/co?=
 =?UTF-8?q?mponents/bot=5Ftg.sh)=20=E9=87=8D=E5=91=BD=E5=90=8D=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20scripts/menus/ddns=5Fop.sh=20(=E4=BB=8E=20scripts/c?=
 =?UTF-8?q?omponents/ddns=5Fop.sh)=20=E9=87=8D=E5=91=BD=E5=90=8D=20=20=20?=
 =?UTF-8?q?=20=20=20=20=20scripts/menus/endpoints.sh=20(=E4=BB=8E=20script?=
 =?UTF-8?q?s/components/endpoints.sh)=20=E9=87=8D=E5=91=BD=E5=90=8D=20=20?=
 =?UTF-8?q?=20=20=20=20=20=20scripts/menus/gateway.sh=20(=E4=BB=8E=20scrip?=
 =?UTF-8?q?ts/components/gateway.sh)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/README.md                     | 3 +++
 scripts/menus/README.md                    | 3 +++
 scripts/{components => menus}/bot_tg.sh    | 0
 scripts/{components => menus}/ddns_op.sh   | 0
 scripts/{components => menus}/endpoints.sh | 0
 scripts/{components => menus}/gateway.sh   | 0
 scripts/starts/README.md                   | 3 +++
 7 files changed, 9 insertions(+)
 create mode 100644 scripts/libs/README.md
 create mode 100644 scripts/menus/README.md
 rename scripts/{components => menus}/bot_tg.sh (100%)
 rename scripts/{components => menus}/ddns_op.sh (100%)
 rename scripts/{components => menus}/endpoints.sh (100%)
 rename scripts/{components => menus}/gateway.sh (100%)
 create mode 100644 scripts/starts/README.md

diff --git a/scripts/libs/README.md b/scripts/libs/README.md
new file mode 100644
index 00000000..e5a4d53f
--- /dev/null
+++ b/scripts/libs/README.md
@@ -0,0 +1,3 @@
+用于存放脚本内置工具的脚本
+
+此处脚本内容不应包含非报错的文字输出和log输出
\ No newline at end of file
diff --git a/scripts/menus/README.md b/scripts/menus/README.md
new file mode 100644
index 00000000..1762fba9
--- /dev/null
+++ b/scripts/menus/README.md
@@ -0,0 +1,3 @@
+用于存放脚本各级菜单界面的脚本
+
+此处脚本内容包含各类文字说明
\ No newline at end of file
diff --git a/scripts/components/bot_tg.sh b/scripts/menus/bot_tg.sh
similarity index 100%
rename from scripts/components/bot_tg.sh
rename to scripts/menus/bot_tg.sh
diff --git a/scripts/components/ddns_op.sh b/scripts/menus/ddns_op.sh
similarity index 100%
rename from scripts/components/ddns_op.sh
rename to scripts/menus/ddns_op.sh
diff --git a/scripts/components/endpoints.sh b/scripts/menus/endpoints.sh
similarity index 100%
rename from scripts/components/endpoints.sh
rename to scripts/menus/endpoints.sh
diff --git a/scripts/components/gateway.sh b/scripts/menus/gateway.sh
similarity index 100%
rename from scripts/components/gateway.sh
rename to scripts/menus/gateway.sh
diff --git a/scripts/starts/README.md b/scripts/starts/README.md
new file mode 100644
index 00000000..4a6cf025
--- /dev/null
+++ b/scripts/starts/README.md
@@ -0,0 +1,3 @@
+用于存放负责启动和服务相关的脚本
+
+此处脚本内容不应包含任何具体中文说明，log内容的文字应当从相关lang文件调用
\ No newline at end of file

From 5ce80fdf3b72165bfbb6dbe489a04867d3358049 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Fri, 19 Dec 2025 22:18:40 +0800
Subject: [PATCH 07/12] =?UTF-8?q?=E6=B7=BB=E5=8A=A0vmess=E5=85=A5=E7=AB=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/menu.sh          |  8 ++--
 scripts/menus/gateway.sh | 89 ++++++++++++++++++++++++++++++++++++----
 2 files changed, 85 insertions(+), 12 deletions(-)

diff --git a/scripts/menu.sh b/scripts/menu.sh
index 10a0d634..08de6f6b 100644
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -569,10 +569,10 @@ setport() { #端口设置
         elif [ -n "$(netstat -ntul | grep ":$portx ")" ]; then
             echo -e "\033[31m当前端口已被其他进程占用，请重新输入！\033[0m"
             inputport
-        else
+		else
             setconfig $xport $portx
             echo -e "\033[32m设置成功！！！\033[0m"
-            setport
+			setport
         fi
     }
     echo "-----------------------------------------------"
@@ -1868,7 +1868,7 @@ advanced_set() { #进阶设置
     echo -e "\033[30;47m欢迎使用进阶模式菜单：\033[0m"
     echo -e "\033[33m如您并不了解ShellCrash的运行机制，请勿更改本页面功能！\033[0m"
     echo "-----------------------------------------------"
-    #echo -e " 2 配置Meta特性"
+    echo -e " 1 访问与控制"
     echo -e " 3 配置公网及局域网防火墙"
     [ "$disoverride" != "1" ] && {
         echo -e " 4 启用域名嗅探:	\033[36m$sniffer\033[0m	————用于流媒体及防DNS污染"
@@ -1882,7 +1882,7 @@ advanced_set() { #进阶设置
     case "$num" in
     0) ;;
 	1)
-		. "$CRASHDIR"/components/gateway.sh && gateway
+		. "$CRASHDIR"/menus/gateway.sh && gateway
 		advanced_set
 	;;
     3)
diff --git a/scripts/menus/gateway.sh b/scripts/menus/gateway.sh
index 53843de0..dc5a3fb1 100644
--- a/scripts/menus/gateway.sh
+++ b/scripts/menus/gateway.sh
@@ -12,9 +12,10 @@ gateway(){
 	echo -e " 2 配置Telegram专属控制机器人"
 	echo -e " 3 配置DDNS自动域名"
 	[ "$disoverride" != "1" ] && {
-		echo -e " 4 自定义公网入站节点"
-		echo -e " 5 配置\033[32mTailscale内网穿透\033[0m(限Singbox)"
-		echo -e " 6 配置\033[32mWireguard客户端\033[0m"
+		echo -e " 4 自定义\033[32m公网Vmess入站\033[0m节点"
+		echo -e " 5 自定义\033[32m公网ShadowSocks入站\033[0m节点"
+		echo -e " 6 配置\033[32mTailscale内网穿透\033[0m(限Singbox)"
+		echo -e " 7 配置\033[32mWireguard客户端\033[0m"
 	}
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
@@ -34,10 +35,14 @@ gateway(){
 		gateway
 	;;
 	4)
-		set_listeners
+		set_vmess
 		gateway
 	;;
 	5)
+		set_shadowsocks
+		gateway
+	;;
+	6)
 		if echo "$crashcore" | grep -q 'sing';then
 			set_tailscale
 		else
@@ -47,7 +52,7 @@ gateway(){
 		fi
 		gateway
 	;;
-	6)
+	7)
 		set_wireguard
 		gateway
 	;;
@@ -179,7 +184,75 @@ set_bot_tg(){
 set_ddns(){
 	echo
 }
-
+set_vmess(){
+	echo -----------------------------------------------
+	echo -e "\033[31m注意：\033[0m启动内核服务后会自动开放相应端口公网访问，请谨慎使用！"
+	echo -----------------------------------------------
+	echo -e " 1 \033[32m启用/关闭\033[0mVmess入站	\033[32m$vms_service\033[0m"
+	echo -----------------------------------------------
+	echo -e " 2 设置\033[36m监听端口\033[0m：	\033[36m$vms_port\033[0m"
+	echo -e " 3 设置\033[33mWS-path(可选)\033[0m：	\033[33m$vms_ws_path\033[0m"
+	echo -e " 4 设置\033[36m秘钥-uuid\033[0m：	\033[36m$vms_uuid\033[0m"
+	echo -e " 5 一键生成\033[32m随机秘钥\033[0m"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
+			[ "$vms_service" = ON ] && vms_service=OFF || vms_service=ON
+			setconfig vms_service "$vms_service"
+		else
+			echo -e "\033[31m请先完成必选设置！\033[0m"
+			sleep 1
+		fi
+		set_vmess
+	;;
+	2)
+		read -p "请输入端口号(输入0删除) > " text
+		[ "$text" = 0 ] && unset vms_port
+		if sh "$CRASHDIR"/libs/check_port.sh "$text"; then
+			vms_port="$text"
+			setconfig vms_port "$text" "$CFG"
+		else
+			sleep 1
+		fi
+		set_vmess
+	;;
+	3)
+		read -p "请输入ws-path路径(输入0删除) > " text
+		[ "$text" = 0 ] && unset vms_ws_path
+		if echo "$text" |grep -qE '^/';then
+			vms_ws_path="$text"
+			setconfig vms_ws_path "$text" "$CFG"
+		else
+			echo -e "\033[31m不是合法的path路径，必须以【/】开头！\033[0m"
+			sleep 1
+		fi
+		set_vmess
+	;;
+	4)
+		read -p "请输入UUID(输入0删除) > " text
+		[ "$text" = 0 ] && unset vms_uuid
+		if echo "$text" |grep -qiE '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$';then
+			vms_uuid="$text"
+			setconfig vms_uuid "$text" "$CFG"
+		else
+			echo -e "\033[31m不是合法的UUID格式，请重新输入或使用随机生成功能！\033[0m"
+			sleep 1
+		fi
+		set_vmess
+	;;
+	5)
+		vms_uuid=$(cat /proc/sys/kernel/random/uuid)
+		setconfig vms_uuid "$vms_uuid" "$CFG"
+		sleep 1
+		set_vmess
+	;;
+	*) errornum ;;
+	esac		
+}
 set_tailscale(){
 	[ -n "$ts_auth_key" ] && ts_auth_key_info='*********'
 	echo -----------------------------------------------
@@ -226,7 +299,6 @@ set_tailscale(){
 	*) errornum ;;
 	esac		
 }
-
 set_wireguard(){
 	[ -n "$wg_public_key" ] && wgp_key_info='*********' || unset wgp_key_info
 	[ -n "$wg_private_key" ] && wgv_key_info='*********' || unset wgv_key_info
@@ -297,4 +369,5 @@ set_wireguard(){
 	;;
 	*) errornum ;;
 	esac		
-}
\ No newline at end of file
+}
+

From e1e8aba4eead6f8216b151719f574131debced8f Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Fri, 19 Dec 2025 22:21:32 +0800
Subject: [PATCH 08/12] =?UTF-8?q?=E5=B7=B2=E6=B7=BB=E5=8A=A0=20=20=20=20?=
 =?UTF-8?q?=20=20=20=20scripts/libs/check=5Fport.sh?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/check_port.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 scripts/libs/check_port.sh

diff --git a/scripts/libs/check_port.sh b/scripts/libs/check_port.sh
new file mode 100644
index 00000000..76ca118d
--- /dev/null
+++ b/scripts/libs/check_port.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+
+if [ $1 -gt 65535 -o $1 -le 1 ]; then
+	echo -e "\033[31m输入错误！请输入正确的数值(1-65535)！\033[0m"
+	exit 1
+elif [ -n "$(echo "|$mix_port|$redir_port|$dns_port|$db_port|" | grep "|$1|")" ]; then
+	echo -e "\033[31m输入错误！请不要输入重复的端口！\033[0m"
+	exit 1
+elif [ -n "$(netstat -ntul | grep ":$1 ")" ]; then
+	echo -e "\033[31m当前端口已被其他进程占用，请重新输入！\033[0m"
+	exit 1
+else
+	exit 0
+fi
+

From 51f5795731fd0f22c0aab4c48954735a71a246de Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Sat, 20 Dec 2025 12:54:42 +0800
Subject: [PATCH 09/12] =?UTF-8?q?~=E6=B7=BB=E5=8A=A0ss=E5=92=8Cvmess?=
 =?UTF-8?q?=E5=85=A5=E7=AB=99=E6=94=AF=E6=8C=81?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/meta_listeners.sh                |  25 ++++
 scripts/libs/meta_proxies.sh                  |  19 +++
 .../endpoints.sh => libs/sb_endpoints.sh}     |  23 +---
 scripts/libs/sb_inbounds.sh                   |  38 ++++++
 scripts/menus/gateway.sh                      | 109 +++++++++++++++++-
 scripts/start.sh                              |  19 ++-
 6 files changed, 207 insertions(+), 26 deletions(-)
 create mode 100644 scripts/libs/meta_listeners.sh
 create mode 100644 scripts/libs/meta_proxies.sh
 rename scripts/{menus/endpoints.sh => libs/sb_endpoints.sh} (65%)
 create mode 100644 scripts/libs/sb_inbounds.sh

diff --git a/scripts/libs/meta_listeners.sh b/scripts/libs/meta_listeners.sh
new file mode 100644
index 00000000..a2cba397
--- /dev/null
+++ b/scripts/libs/meta_listeners.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#meta内核vmess入站生成
+[ "$vms_service" = ON ] && {
+	cat >>"$TMPDIR"/yamls/listeners.yaml <<EOF
+- name: "vmess-in"
+  type: vmess
+  port: $vms_port
+  listen: 0.0.0.0
+  uuid: $vms_uuid
+  ws-path: $vms_ws_path
+EOF
+}
+#meta内核ss入站生成
+[ "$sss_service" = ON ] && {
+	cat >>"$TMPDIR"/yamls/listeners.yaml <<EOF
+- name: "ss-in"
+  port: $sss_port
+  listen: 0.0.0.0
+  cipher: $sss_cipher
+  password: $sss_pwd
+  udp: true
+EOF
+}
\ No newline at end of file
diff --git a/scripts/libs/meta_proxies.sh b/scripts/libs/meta_proxies.sh
new file mode 100644
index 00000000..563e1eee
--- /dev/null
+++ b/scripts/libs/meta_proxies.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ "$wg_service" = ON ] && {
+	cat >>"$TMPDIR"/yamls/proxies.yaml <<EOF
+- name: "wg"
+  type: wireguard
+  private-key: $wg_private_key
+  server: $wg_server
+  port: $wg_port
+  ip: $wg_ipv4
+  ipv6: $wg_ipv6
+  public-key: $wg_public_key
+  allowed-ips: ['0.0.0.0/0', '::/0']
+  pre-shared-key: $wg_pre_shared_key
+  mtu: 1420
+  udp: true
+EOF
+}
diff --git a/scripts/menus/endpoints.sh b/scripts/libs/sb_endpoints.sh
similarity index 65%
rename from scripts/menus/endpoints.sh
rename to scripts/libs/sb_endpoints.sh
index d591759f..49c86f19 100644
--- a/scripts/menus/endpoints.sh
+++ b/scripts/libs/sb_endpoints.sh
@@ -23,9 +23,8 @@ EOF
 }
 
 [ "$wg_service" = ON ] && {
-	echo "$crashcore" | grep -q 'singbox' && {
-		[ -n "$wg_ipv6" ] && wg_ipv6_add=", \"$wg_ipv6\""
-		cat >"$TMPDIR"/jsons/wireguard.json <<EOF
+	[ -n "$wg_ipv6" ] && wg_ipv6_add=", \"$wg_ipv6\""
+	cat >"$TMPDIR"/jsons/wireguard.json <<EOF
 {
   "endpoints": [
 	{
@@ -48,22 +47,4 @@ EOF
   ]
 }
 EOF
-	}
-	#meta内核wg生成
-	echo "$crashcore" | grep -q 'meta' && {
-		cat >"$TMPDIR"/yamls/wireguard.yaml <<EOF
-- name: "wg"
-  type: wireguard
-  private-key: $wg_private_key
-  server: $wg_server
-  port: $wg_port
-  ip: $wg_ipv4
-  ipv6: $wg_ipv6
-  public-key: $wg_public_key
-  allowed-ips: ['0.0.0.0/0', '::/0']
-  pre-shared-key: $wg_pre_shared_key
-  mtu: 1420
-  udp: true
-EOF
-	}
 }
diff --git a/scripts/libs/sb_inbounds.sh b/scripts/libs/sb_inbounds.sh
new file mode 100644
index 00000000..da9f98da
--- /dev/null
+++ b/scripts/libs/sb_inbounds.sh
@@ -0,0 +1,38 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ "$vms_service" = ON ] && {
+	[ -n "$vms_ws_path" ] && transport=', "transport": { "type": "ws", "path": '"$vms_ws_path"' }'
+	cat >"$TMPDIR"/jsons/vmess-in.json <<EOF
+{
+  "inbounds": [
+    {
+      "type": "vmess",
+      "tag": "vmess-in",
+      "listen": "::",
+      "listen_port": $vms_port,
+	  "users": [
+        {
+          "uuid": "$vms_uuid"
+        }
+      ]$transport
+    }
+  ]
+}
+EOF
+}
+
+[ "$sss_service" = ON ] && {
+	cat >"$TMPDIR"/jsons/ss-in.json <<EOF
+{
+  "inbounds": [
+	{
+	  "type": "shadowsocks",
+	  "tag": "ss-in",
+	  "method": "$sss_cipher",
+	  "password": "$sss_pwd",
+	}
+  ]
+}
+EOF
+}
diff --git a/scripts/menus/gateway.sh b/scripts/menus/gateway.sh
index dc5a3fb1..b8c44b32 100644
--- a/scripts/menus/gateway.sh
+++ b/scripts/menus/gateway.sh
@@ -4,7 +4,7 @@
 CFG="$CRASHDIR"/configs/gateway.cfg
 . "$CFG"
 
-gateway(){
+gateway(){ #访问与控制主菜单
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用访问与控制菜单：\033[0m"
 	echo -----------------------------------------------
@@ -182,11 +182,11 @@ set_bot_tg(){
 	esac		
 }
 set_ddns(){
-	echo
+	echo 等待施工
 }
 set_vmess(){
 	echo -----------------------------------------------
-	echo -e "\033[31m注意：\033[0m启动内核服务后会自动开放相应端口公网访问，请谨慎使用！"
+	echo -e "\033[31m注意：\033[0m启动内核服务后会自动开放相应端口公网访问，请谨慎使用！\n      脚本只提供基础功能，更多需求请使用自定义配置文件功能！"
 	echo -----------------------------------------------
 	echo -e " 1 \033[32m启用/关闭\033[0mVmess入站	\033[32m$vms_service\033[0m"
 	echo -----------------------------------------------
@@ -253,6 +253,109 @@ set_vmess(){
 	*) errornum ;;
 	esac		
 }
+set_shadowsocks(){
+	[ -z "$sss_cipher" ] && sss_cipher='xchacha20-ietf-poly1305'
+	echo -----------------------------------------------
+	echo -e "\033[31m注意：\033[0m启动内核服务后会自动开放相应端口公网访问，请谨慎使用！\n      脚本只提供基础功能，更多需求请使用自定义配置文件功能！"
+	echo -----------------------------------------------
+	echo -e " 1 \033[32m启用/关闭\033[0mShadowSocks入站	\033[32m$sss_service\033[0m"
+	echo -----------------------------------------------
+	echo -e " 2 设置\033[36m监听端口\033[0m：	\033[36m$sss_port\033[0m"
+	echo -e " 3 选择\033[33m加密协议\033[0m：	\033[33m$sss_cipher\033[0m"
+	echo -e " 4 设置\033[36mpassword\033[0m：	\033[36m$sss_pwd\033[0m"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ -n "$sss_port" ] && [ -n "$sss_pwd" ];then
+			[ "$sss_service" = ON ] && sss_service=OFF || sss_service=ON
+			setconfig sss_service "$sss_service"
+		else
+			echo -e "\033[31m请先完成必选设置！\033[0m"
+			sleep 1
+		fi
+		set_shadowsocks
+	;;
+	2)
+		read -p "请输入端口号(输入0删除) > " text
+		[ "$text" = 0 ] && unset sss_port
+		if sh "$CRASHDIR"/libs/check_port.sh "$text"; then
+			sss_port="$text"
+			setconfig sss_port "$text" "$CFG"
+		else
+			sleep 1
+		fi
+		set_shadowsocks
+	;;
+	3)
+		echo -----------------------------------------------
+		echo -e " 1 \033[32mxchacha20-ietf-poly1305\033[0m"
+		echo -e " 2 \033[32mchacha20-ietf-poly1305\033[0m"
+		echo -e " 3 \033[32maes-128-gcm\033[0m"
+		echo -e " 4 \033[32maes-256-gcm\033[0m"
+		ckcmd openssl && {
+			echo -----------------------------------------------
+			echo -e "\033[31m注意：\033[0m2022系列加密必须使用OpenSSL随机生成的password！"
+			echo -e " 5 \033[32m2022-blake3-chacha20-poly1305\033[0m"
+			echo -e " 6 \033[32m2022-blake3-aes-128-gcm\033[0m"
+			echo -e " 7 \033[32m2022-blake3-aes-256-gcm\033[0m"
+		}
+		echo -----------------------------------------------
+		echo -e " 0 返回上级菜单"
+		read -p "请选择要使用的加密协议 > " num
+		case "$num" in
+		1)
+			sss_cipher=xchacha20-ietf-poly1305
+			sss_pwd=$(cat /proc/sys/kernel/random/uuid)
+		;;
+		2)
+			sss_cipher=chacha20-ietf-poly1305
+			sss_pwd=$(cat /proc/sys/kernel/random/uuid)
+		;;
+		3)
+			sss_cipher=aes-128-gcm
+			sss_pwd=$(cat /proc/sys/kernel/random/uuid)
+		;;
+		4)
+			sss_cipher=aes-256-gcm
+			sss_pwd=$(cat /proc/sys/kernel/random/uuid)
+		;;
+		5)
+			sss_cipher=2022-blake3-chacha20-poly1305
+			sss_pwd=$(openssl rand --base64 32)
+		;;
+		6)
+			sss_cipher=2022-blake3-aes-128-gcm
+			sss_pwd=$(openssl rand --base64 16)
+		;;
+		7)
+			sss_cipher=2022-blake3-aes-256-gcm
+			sss_pwd=$(openssl rand --base64 32)
+		;;
+		*)
+		;;
+		esac
+		setconfig sss_cipher "$sss_cipher" "$CFG"
+		setconfig sss_pwd "$sss_pwd" "$CFG"
+		set_shadowsocks
+	;;
+	4)
+		if echo "$sss_cipher" |grep -q '2022-blake3';then
+			echo -e "\033[31m注意：\033[0m2022系列加密必须使用脚本随机生成的password！"
+			sleep 1
+		else
+			read -p "请输入秘钥(输入0删除) > " text
+			[ "$text" = 0 ] && unset sss_pwd
+			sss_pwd="$text"
+			setconfig sss_pwd "$text" "$CFG"
+		fi
+		set_shadowsocks
+	;;
+	*) errornum ;;
+	esac		
+}
 set_tailscale(){
 	[ -n "$ts_auth_key" ] && ts_auth_key_info='*********'
 	echo -----------------------------------------------
diff --git a/scripts/start.sh b/scripts/start.sh
index e6e37269..60015175 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -617,6 +617,16 @@ EOF
             IFS="$oldIFS"
         done
     }
+    #添加自定义入站
+	[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		. "$CRASHDIR"/libs/meta_listeners.sh
+	}
+    #生成自定义出站
+	[ "$wg_service" = ON ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		. "$CRASHDIR"/libs/meta_proxies.sh
+	}
     #节点绕过功能支持
     sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
     [ "$proxies_bypass" = "已启用" ] && {
@@ -692,10 +702,10 @@ modify_json() { #修饰singbox1.13配置文件
         cat "$TMPDIR"/format.json | sed -n '/^  "providers":/,/^  "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/providers.json
     }
     cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\(  "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json
-    #生成log.json
+    #生成endpoints.json
 	[ "$ts_service" = ON ] || [ "$wg_service" = ON ] && {
 		. "$CRASHDIR"/configs/gateway.cfg
-		. "$CRASHDIR"/components/endpoints.sh
+		. "$CRASHDIR"/libs/sb_endpoints.sh
 	}
 	#生成log.json
     cat >"$TMPDIR"/jsons/log.json <<EOF
@@ -891,6 +901,11 @@ EOF
   ]
 }
 EOF
+    #inbounds.json添加自定义入站
+	[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		. "$CRASHDIR"/libs/sb_inbounds.sh
+	}
     if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
         [ "ipv6_redir" = '已开启' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
         cat >>"$TMPDIR"/jsons/tun.json <<EOF

From 9a2d98a6b8143c095f639e21f664372714052797 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Sat, 20 Dec 2025 20:30:50 +0800
Subject: [PATCH 10/12] =?UTF-8?q?~=E7=BB=A7=E7=BB=AD=E4=BC=98=E5=8C=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/meta_listeners.sh | 31 ++++++++++---------
 scripts/libs/meta_proxies.sh   | 26 ++++++++--------
 scripts/libs/sb_inbounds.sh    |  2 +-
 scripts/menus/bot_tg.sh        | 38 ++++++-----------------
 scripts/menus/gateway.sh       | 56 +++++++++++++++++++++-------------
 scripts/start.sh               |  5 ++-
 6 files changed, 78 insertions(+), 80 deletions(-)

diff --git a/scripts/libs/meta_listeners.sh b/scripts/libs/meta_listeners.sh
index a2cba397..c338a769 100644
--- a/scripts/libs/meta_listeners.sh
+++ b/scripts/libs/meta_listeners.sh
@@ -3,23 +3,26 @@
 
 #meta内核vmess入站生成
 [ "$vms_service" = ON ] && {
-	cat >>"$TMPDIR"/yamls/listeners.yaml <<EOF
-- name: "vmess-in"
-  type: vmess
-  port: $vms_port
-  listen: 0.0.0.0
-  uuid: $vms_uuid
-  ws-path: $vms_ws_path
+	cat >>"$TMPDIR"/listeners.yaml <<EOF
+  - name: "vmess-in"
+    type: vmess
+    port: $vms_port
+    listen:
+    users:
+      - uuid: $vms_uuid
+        alterId: 0
+    ws-path: $vms_ws_path
 EOF
 }
 #meta内核ss入站生成
 [ "$sss_service" = ON ] && {
-	cat >>"$TMPDIR"/yamls/listeners.yaml <<EOF
-- name: "ss-in"
-  port: $sss_port
-  listen: 0.0.0.0
-  cipher: $sss_cipher
-  password: $sss_pwd
-  udp: true
+	cat >>"$TMPDIR"/listeners.yaml <<EOF
+  - name: "ss-in"
+    type: shadowsocks
+    port: $sss_port
+    listen:
+    cipher: $sss_cipher
+    password: $sss_pwd
+    udp: true
 EOF
 }
\ No newline at end of file
diff --git a/scripts/libs/meta_proxies.sh b/scripts/libs/meta_proxies.sh
index 563e1eee..e70018f5 100644
--- a/scripts/libs/meta_proxies.sh
+++ b/scripts/libs/meta_proxies.sh
@@ -2,18 +2,18 @@
 # Copyright (C) Juewuy
 
 [ "$wg_service" = ON ] && {
-	cat >>"$TMPDIR"/yamls/proxies.yaml <<EOF
-- name: "wg"
-  type: wireguard
-  private-key: $wg_private_key
-  server: $wg_server
-  port: $wg_port
-  ip: $wg_ipv4
-  ipv6: $wg_ipv6
-  public-key: $wg_public_key
-  allowed-ips: ['0.0.0.0/0', '::/0']
-  pre-shared-key: $wg_pre_shared_key
-  mtu: 1420
-  udp: true
+	cat >>"$TMPDIR"/proxies.yaml <<EOF
+  - name: "wg"
+    type: wireguard
+    private-key: $wg_private_key
+    server: $wg_server
+    port: $wg_port
+    ip: $wg_ipv4
+    ipv6: $wg_ipv6
+    public-key: $wg_public_key
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    pre-shared-key: $wg_pre_shared_key
+    mtu: 1420
+    udp: true
 EOF
 }
diff --git a/scripts/libs/sb_inbounds.sh b/scripts/libs/sb_inbounds.sh
index da9f98da..c45c258e 100644
--- a/scripts/libs/sb_inbounds.sh
+++ b/scripts/libs/sb_inbounds.sh
@@ -2,7 +2,7 @@
 # Copyright (C) Juewuy
 
 [ "$vms_service" = ON ] && {
-	[ -n "$vms_ws_path" ] && transport=', "transport": { "type": "ws", "path": '"$vms_ws_path"' }'
+	[ -n "$vms_ws_path" ] && transport=', "transport": { "type": "ws", "path": "'"$vms_ws_path"'" }'
 	cat >"$TMPDIR"/jsons/vmess-in.json <<EOF
 {
   "inbounds": [
diff --git a/scripts/menus/bot_tg.sh b/scripts/menus/bot_tg.sh
index 58b91a26..3ca5ba2f 100644
--- a/scripts/menus/bot_tg.sh
+++ b/scripts/menus/bot_tg.sh
@@ -1,45 +1,25 @@
 #!/bin/sh
 
+. "$CRASHDIR"/configs/ShellCrash.cfg
 . "$CRASHDIR"/configs/gateway.cfg
+. "$CRASHDIR"/libs/web_json.sh
+
 OFFSET=0
 API="https://api.telegram.org/bot$TG_TOKEN"
 STATE_FILE="/tmp/ShellCrash/tgbot_state"
 LOGFILE="/tmp/ShellCrash/tgbot.log"
 
 ### --- 基础函数 --- ###
-setproxy(){
-	[ -n "$(pidof CrashCore)" ] && {
-		[ -n "$authentication" ] && auth="$authentication@"
-		[ -z "$mix_port" ] && mix_port=7890
-		export https_proxy="http://${auth}127.0.0.1:$mix_port"
-	}
-}
-webget() {
-	setproxy
-	if curl --version >/dev/null 2>&1; then
-		curl -kfsSl --connect-timeout 3 $1 2>/dev/null
-	else
-		wget -Y on -q --timeout=3 -O - $1
-	fi
-}
-webpost() {
-	setproxy
-	if curl --version >/dev/null 2>&1; then
-		curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json; charset=utf-8" "$1" -d "$2" >/dev/null 2>&1
-	else
-		wget -Y on -q --timeout=3 --method=POST --header="Content-Type: application/json; charset=utf-8" --body-data="$2" "$1"
-	fi
-}
 send_msg() {
     TEXT="$1"
-	webpost "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\"}"
+	web_json_post "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\"}"
 }
 send_help(){
     TEXT=$(cat <<EOF
 进群讨论：
-https://t.me/+RKujv98Gbx5zGY-P
+https://t.me/+6AElkMDzwPxmMmM1
 项目地址：
-https://github.com/juewuy/ShellCrash
+https://github.com/juewuy/ShellClash
 相关教程：
 https://juewuy.github.io
 请喝咖啡：
@@ -93,7 +73,7 @@ EOF
 EOF
 )
 
-webpost "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\",\"reply_markup\":$MENU}"
+web_json_post "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\",\"reply_markup\":$MENU}"
 
 }
 
@@ -129,7 +109,7 @@ do_set_sub() {
 ### --- 轮询主进程 --- ###
 polling(){
 	while true; do
-		UPDATES=$(webget "$API/getUpdates?timeout=25&offset=$OFFSET")
+		UPDATES=$(web_json_get "$API/getUpdates?timeout=25&offset=$OFFSET")
 
 		echo "$UPDATES" | grep -q '"update_id"' || continue
 
@@ -205,6 +185,6 @@ polling(){
 
 	done
 }
-
+send_menu
 polling
 
diff --git a/scripts/menus/gateway.sh b/scripts/menus/gateway.sh
index b8c44b32..b2fcbc65 100644
--- a/scripts/menus/gateway.sh
+++ b/scripts/menus/gateway.sh
@@ -2,6 +2,7 @@
 # Copyright (C) Juewuy
 
 CFG="$CRASHDIR"/configs/gateway.cfg
+touch "$CFG"
 . "$CFG"
 
 gateway(){ #访问与控制主菜单
@@ -9,13 +10,13 @@ gateway(){ #访问与控制主菜单
 	echo -e "\033[30;47m欢迎使用访问与控制菜单：\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 配置公网访问防火墙"
-	echo -e " 2 配置Telegram专属控制机器人"
+	echo -e " 2 配置Telegram专属控制机器人		\033[32m$bot_tg_service\033[0m"
 	echo -e " 3 配置DDNS自动域名"
 	[ "$disoverride" != "1" ] && {
-		echo -e " 4 自定义\033[32m公网Vmess入站\033[0m节点"
-		echo -e " 5 自定义\033[32m公网ShadowSocks入站\033[0m节点"
-		echo -e " 6 配置\033[32mTailscale内网穿透\033[0m(限Singbox)"
-		echo -e " 7 配置\033[32mWireguard客户端\033[0m"
+		echo -e " 4 自定义\033[33m公网Vmess入站\033[0m节点		\033[32m$vms_service\033[0m"
+		echo -e " 5 自定义\033[33m公网ShadowSocks入站\033[0m节点	\033[32m$sss_service\033[0m"
+		echo -e " 6 配置\033[36mTailscale内网穿透\033[0m(限Singbox)	\033[32m$ts_service\033[0m"
+		echo -e " 7 配置\033[36mWireguard客户端\033[0m(限Singbox)	\033[32m$wg_service\033[0m"
 	}
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
@@ -48,12 +49,16 @@ gateway(){ #访问与控制主菜单
 		else
 			echo -e "\033[33m$crashcore内核暂不支持此功能，请先更换内核！\033[0m"
 			sleep 1
-			checkupdate && setcore
 		fi
 		gateway
 	;;
 	7)
-		set_wireguard
+		if echo "$crashcore" | grep -q 'sing';then
+			set_wireguard
+		else
+			echo -e "\033[33m$crashcore内核暂不支持此功能，请先更换内核！\033[0m"
+			sleep 1
+		fi
 		gateway
 	;;
 	*) errornum ;;
@@ -112,10 +117,9 @@ set_bot_tg_init(){
 	echo -----------------------------------------------
 	read -p "我已经发送完成(1/0) > " res
 	if [ "$res" = 1 ]; then
-		url_tg=https://api.telegram.org/bot${TOKEN}/getUpdates
-		[ -n "$authentication" ] && auth="$authentication@"
-		export https_proxy="http://${auth}127.0.0.1:$mix_port"
-		chat=$(webget $url_tg | tail -n -1)
+		. "$CRASHDIR"/libs/web_json.sh #加载web工具
+		bot_api=https://api.telegram.org/bot$TOKEN
+		chat=$(web_json_get "$bot_api/getUpdates" | tail -n -1)
 		[ -n "$chat" ] && chat_ID=$(echo $chat | grep -oE '"id":.*,"is_bot":false' | sed s'/"id"://'g | sed s'/,"is_bot":false//'g)
 		[ -z "$chat_ID" ] && {
 			echo -e "\033[31m无法获取对话ID，请确认使用的不是已经被绑定的机器人，或手动输入ChatID！\033[0m"
@@ -126,15 +130,19 @@ set_bot_tg_init(){
 			setconfig TG_TOKEN $TOKEN "$CFG"
 			setconfig TG_CHATID $chat_ID "$CFG"
 			#设置机器人快捷命令
-			curl -s -X POST "https://api.telegram.org/bot$TOKEN/setMyCommands" \
-			  -H "Content-Type: application/json" \
-			  -d '{
-					"commands": [
-					  {"command": "crash", "description": "呼出ShellCrash菜单"},
-					  {"command": "help",  "description": "查看帮助"}
-					]
-				  }'
-			echo -e "\033[32m已完成Telegram机器人设置！\033[0m"
+			JSON=$(cat <<EOF
+{
+  "commands": [
+    {"command": "crash", "description": "呼出ShellCrash菜单"},
+    {"command": "help",  "description": "查看帮助"}
+  ]
+}
+EOF
+)
+			TEXT='已完成Telegram机器人设置！'
+			web_json_post "$bot_api/setMyCommands" "$JSON"
+			web_json_post "$bot_api/sendMessage" '{"chat_id":"'"$chat_ID"'","text":"'"$TEXT"'","parse_mode":"Markdown"}'
+			echo -e "\033[32m$TEXT\033[0m"
 			return 0
 		else
 			echo -e "\033[31m无法获取对话ID，请重新配置！\033[0m"
@@ -143,12 +151,13 @@ set_bot_tg_init(){
 	fi
 }
 set_bot_tg_service(){
+	PID=$(pidof /bin/sh "$CRASHDIR"/menus/bot_tg.sh)
 	if [ "$bot_tg_service" = ON ];then
 		bot_tg_service=OFF
-		PID=$(pidof bot_tg.sh) && [ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1
+		[ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1
 	else
 		bot_tg_service=ON
-		[ -z "$(pidof bot_tg.sh)" ] && "$CRASHDIR"/components/bot_tg.sh &
+		[ -z "$PID" ] && "$CRASHDIR"/menus/bot_tg.sh &
 	fi
 	setconfig bot_tg_service "$bot_tg_service"
 }
@@ -172,9 +181,12 @@ set_bot_tg(){
 		else
 			set_bot_tg_init && set_bot_tg_service
 		fi
+		sleep 1
+		set_bot_tg
 	;;
 	2)
 		set_bot_tg_init && set_bot_tg_service
+		set_bot_tg
 	;;
 	*)
 		errornum
diff --git a/scripts/start.sh b/scripts/start.sh
index 60015175..dec850c9 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -666,7 +666,7 @@ EOF
     for char in $yaml_char; do #将额外配置文件合并
         [ -s "$TMPDIR"/${char}.yaml ] && {
             sed -i "1i\\${char}:" "$TMPDIR"/${char}.yaml
-            yaml_add="$yaml_add "$TMPDIR"/${char}.yaml"
+            yaml_add="$yaml_add $TMPDIR/${char}.yaml"
         }
     done
     #合并完整配置文件
@@ -2023,6 +2023,8 @@ afstart() { #启动后
             line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1)
             sed -i "${line}a\\. "$CRASHDIR"/task/affirewall" /etc/init.d/firewall
         } &
+		#启动TG机器人
+		[ "$bot_tg_service" = ON ] && "$CRASHDIR"/menus/bot_tg.sh &
     else
         start_error
         $0 stop
@@ -2120,6 +2122,7 @@ stop)
         stop_firewall #清理路由策略
     fi
     PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1
+	PID=$(pidof /bin/sh "$CRASHDIR"/menus/bot_tg.sh) && [ -n "$PID" ] && kill -9 $PID >/dev/null 2>&1
     #清理缓存目录
     rm -rf "$TMPDIR"/CrashCore
     ;;

From ac8f225c4f8e7f17351d36b25341c533f3621397 Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Sat, 20 Dec 2025 20:31:06 +0800
Subject: [PATCH 11/12] =?UTF-8?q?~=E6=8B=86=E5=88=86=E7=BB=84=E4=BB=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/set_proxy.sh |  8 ++++++++
 scripts/libs/web_json.sh  | 18 ++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 scripts/libs/set_proxy.sh
 create mode 100644 scripts/libs/web_json.sh

diff --git a/scripts/libs/set_proxy.sh b/scripts/libs/set_proxy.sh
new file mode 100644
index 00000000..44a083bb
--- /dev/null
+++ b/scripts/libs/set_proxy.sh
@@ -0,0 +1,8 @@
+
+setproxy(){
+	[ -n "$(pidof CrashCore)" ] && {
+		[ -n "$authentication" ] && auth="$authentication@"
+		[ -z "$mix_port" ] && mix_port=7890
+		export https_proxy="http://${auth}127.0.0.1:$mix_port"
+	}
+}
\ No newline at end of file
diff --git a/scripts/libs/web_json.sh b/scripts/libs/web_json.sh
new file mode 100644
index 00000000..5521733d
--- /dev/null
+++ b/scripts/libs/web_json.sh
@@ -0,0 +1,18 @@
+. "$CRASHDIR"/libs/set_proxy.sh
+#$1:目标地址 $2:json字符串
+web_json_get() {
+	setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -ksSl --connect-timeout 3 "$1" 2>/dev/null
+	else
+		wget -Y on -q --timeout=3 -O - "$1"
+	fi
+}
+web_json_post() {
+	setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -ksSl -X POST --connect-timeout 3 -H "Content-Type: application/json; charset=utf-8" "$1" -d "$2" >/dev/null 2>&1
+	else
+		wget -Y on -q --timeout=3 --method=POST --header="Content-Type: application/json; charset=utf-8" --body-data="$2" "$1"
+	fi
+}

From 871ca7eb8aae317058fe6cdf98f504d38148faea Mon Sep 17 00:00:00 2001
From: juewuy <juewuy@gmail.com>
Date: Sun, 21 Dec 2025 11:04:14 +0800
Subject: [PATCH 12/12] =?UTF-8?q?~=E4=BC=98=E5=8C=96=E8=8F=9C=E5=8D=95?=
 =?UTF-8?q?=E7=BB=93=E6=9E=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 scripts/libs/README.md                |  10 +-
 scripts/libs/meta_proxies.sh          |  19 --
 scripts/menu.sh                       |  41 +--
 scripts/{libs => menus}/check_port.sh |   0
 scripts/menus/gateway.sh              |   4 +-
 scripts/menus/normal_set.sh           | 422 ++++++++++++++++++++++++++
 scripts/start.sh                      |   7 +-
 7 files changed, 435 insertions(+), 68 deletions(-)
 delete mode 100644 scripts/libs/meta_proxies.sh
 rename scripts/{libs => menus}/check_port.sh (100%)
 create mode 100644 scripts/menus/normal_set.sh

diff --git a/scripts/libs/README.md b/scripts/libs/README.md
index e5a4d53f..1454be14 100644
--- a/scripts/libs/README.md
+++ b/scripts/libs/README.md
@@ -1,3 +1,11 @@
 用于存放脚本内置工具的脚本
 
-此处脚本内容不应包含非报错的文字输出和log输出
\ No newline at end of file
+引用方式必须为：
+
+```shell
+. "$CRASHDIR"/libs/xxx.sh
+```
+
+返回码必须是return x而不能是exit x
+
+此处脚本内容不应包含文字输出和log输出
\ No newline at end of file
diff --git a/scripts/libs/meta_proxies.sh b/scripts/libs/meta_proxies.sh
deleted file mode 100644
index e70018f5..00000000
--- a/scripts/libs/meta_proxies.sh
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/bin/sh
-# Copyright (C) Juewuy
-
-[ "$wg_service" = ON ] && {
-	cat >>"$TMPDIR"/proxies.yaml <<EOF
-  - name: "wg"
-    type: wireguard
-    private-key: $wg_private_key
-    server: $wg_server
-    port: $wg_port
-    ip: $wg_ipv4
-    ipv6: $wg_ipv6
-    public-key: $wg_public_key
-    allowed-ips: ['0.0.0.0/0', '::/0']
-    pre-shared-key: $wg_pre_shared_key
-    mtu: 1420
-    udp: true
-EOF
-}
diff --git a/scripts/menu.sh b/scripts/menu.sh
index 08de6f6b..a86824b6 100644
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
@@ -895,46 +895,7 @@ setipv6() { #ipv6设置
     esac
 }
 setfirewall() { #防火墙设置
-    set_cust_host_ipv4() {
-        [ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="未启用"
 
-        echo "-----------------------------------------------"
-        echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m"
-        echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m"
-        echo "-----------------------------------------------"
-        echo -e " 1 移除所有自定义网段"
-        echo -e " 2 使用自定义网段覆盖默认网段	\033[36m$replace_default_host_ipv4\033[0m"
-        echo -e " 0 返回上级菜单"
-        read -p "请输入对应的序号或需要额外添加的网段 > " text
-        case "$text" in
-        2)
-            if [ "$replace_default_host_ipv4" == "未启用" ]; then
-                replace_default_host_ipv4="已启用"
-            else
-                replace_default_host_ipv4="未启用"
-            fi
-            setconfig replace_default_host_ipv4 "$replace_default_host_ipv4"
-            set_cust_host_ipv4
-            ;;
-        1)
-            unset cust_host_ipv4
-            setconfig cust_host_ipv4
-            set_cust_host_ipv4
-            ;;
-        0) ;;
-        *)
-            if [ -n "$(echo $text | grep -Eo '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}'$)" -a -z "$(echo $cust_host_ipv4 | grep "$text")" ]; then
-                cust_host_ipv4="$cust_host_ipv4 $text"
-                setconfig cust_host_ipv4 "'$cust_host_ipv4'"
-            else
-                echo "-----------------------------------------------"
-                echo -e "\033[31m请输入正确的网段地址！\033[0m"
-            fi
-            sleep 1
-            set_cust_host_ipv4
-            ;;
-        esac
-    }
     [ -z "$public_support" ] && public_support=未开启
     [ -z "$public_mixport" ] && public_mixport=未开启
     [ -z "$ipv6_dns" ] && ipv6_dns=已开启
@@ -2252,7 +2213,7 @@ main_menu() {
         ;;
     2)
         checkcfg=$(cat $CFG_PATH)
-        normal_set
+        . "$CRASHDIR"/menus/normal_set.sh && normal_set
         if [ -n "$PID" ]; then
             checkcfg_new=$(cat $CFG_PATH)
             [ "$checkcfg" != "$checkcfg_new" ] && checkrestart
diff --git a/scripts/libs/check_port.sh b/scripts/menus/check_port.sh
similarity index 100%
rename from scripts/libs/check_port.sh
rename to scripts/menus/check_port.sh
diff --git a/scripts/menus/gateway.sh b/scripts/menus/gateway.sh
index b2fcbc65..3c192806 100644
--- a/scripts/menus/gateway.sh
+++ b/scripts/menus/gateway.sh
@@ -224,7 +224,7 @@ set_vmess(){
 	2)
 		read -p "请输入端口号(输入0删除) > " text
 		[ "$text" = 0 ] && unset vms_port
-		if sh "$CRASHDIR"/libs/check_port.sh "$text"; then
+		if sh "$CRASHDIR"/menus/check_port.sh "$text"; then
 			vms_port="$text"
 			setconfig vms_port "$text" "$CFG"
 		else
@@ -293,7 +293,7 @@ set_shadowsocks(){
 	2)
 		read -p "请输入端口号(输入0删除) > " text
 		[ "$text" = 0 ] && unset sss_port
-		if sh "$CRASHDIR"/libs/check_port.sh "$text"; then
+		if sh "$CRASHDIR"/menus/check_port.sh "$text"; then
 			sss_port="$text"
 			setconfig sss_port "$text" "$CFG"
 		else
diff --git a/scripts/menus/normal_set.sh b/scripts/menus/normal_set.sh
new file mode 100644
index 00000000..ee3d1a7d
--- /dev/null
+++ b/scripts/menus/normal_set.sh
@@ -0,0 +1,422 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+normal_set() { #基础设置
+    #获取设置默认显示
+    [ -z "$skip_cert" ] && skip_cert=已开启
+    [ -z "$common_ports" ] && common_ports=已开启
+    [ -z "$dns_mod" ] && dns_mod=fake-ip
+    [ -z "$dns_over" ] && dns_over=已开启
+    [ -z "$cn_ip_route" ] && cn_ip_route=未开启
+    [ -z "$local_proxy" ] && local_proxy=未开启
+    [ -z "$quic_rj" ] && quic_rj=未开启
+    [ -z "$(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null)" ] && mac_return=未开启 || mac_return=已启用
+    #
+    echo "-----------------------------------------------"
+    echo -e "\033[30;47m欢迎使用功能设置菜单：\033[0m"
+    echo "-----------------------------------------------"
+    echo -e " 1 切换防火墙运行模式: 	\033[36m$redir_mod\033[0m"
+    [ "$disoverride" != "1" ] && {
+        echo -e " 2 切换DNS运行模式：	\033[36m$dns_mod\033[0m"
+        echo -e " 3 跳过本地证书验证：	\033[36m$skip_cert\033[0m   ————解决节点证书验证错误"
+    }
+	echo -e " 4 设置流量过滤"
+    [ "$disoverride" != "1" ] && {
+        [ "$dns_mod" != "redir_host" ] &&
+            echo -e " 9 管理Fake-ip过滤列表"
+    }
+    echo "-----------------------------------------------"
+    echo -e " 0 返回上级菜单 \033[0m"
+    echo "-----------------------------------------------"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0)
+	;;
+    1)
+        if [ "$USER" != "root" -a "$USER" != "admin" ]; then
+            echo "-----------------------------------------------"
+            read -p "非root用户可能无法正确配置其他模式！依然尝试吗？(1/0) > " res
+            [ "$res" = 1 ] && set_redir_mod
+        else
+            set_redir_mod
+        fi
+        normal_set
+	;;
+    2)
+        set_dns_mod
+        sleep 1
+        normal_set
+	;;
+    4)
+        set_fw_filter
+		sleep 1
+        normal_set
+	;;
+    3)
+        echo "-----------------------------------------------"
+        if [ "$skip_cert" = "未开启" ] >/dev/null 2>&1; then
+            echo -e "\033[33m已设为开启跳过本地证书验证！！\033[0m"
+            skip_cert=已开启
+        else
+            echo -e "\033[33m已设为禁止跳过本地证书验证！！\033[0m"
+            skip_cert=未开启
+        fi
+        setconfig skip_cert $skip_cert
+        normal_set
+	;;
+    9)
+        echo "-----------------------------------------------"
+        fake_ip_filter
+        normal_set
+	;;
+    *)
+        errornum
+	;;
+    esac
+}
+
+set_fw_filter(){ #流量过滤
+	echo "-----------------------------------------------"
+    echo -e " 1 过滤非常用端口： 	\033[36m$common_ports\033[0m   ————用于过滤P2P流量"
+    echo -e " 2 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑/白名单进行过滤"
+    echo -e " 3 过滤QUIC协议:	\033[36m$quic_rj\033[0m   ————优化视频性能"
+    [ "$dns_mod" != "fake-ip" ] &&
+    echo -e " 4 过滤CN_IP(6)列表:	\033[36m$cn_ip_route\033[0m   ————优化性能，不兼容Fake-ip"
+	echo -e " 5 自定义透明路由ipv4网段:	适合vlan等复杂网络环境"
+	echo -e " 6 自定义保留地址ipv4网段:	需要以保留地址为访问目标的环境"
+    echo "-----------------------------------------------"
+    echo -e " 0 返回上级菜单 \033[0m"
+    echo "-----------------------------------------------"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0)
+	;;
+    1)
+        set_common_ports() {
+            if [ "$common_ports" = "未开启" ]; then
+                echo -e "\033[33m当前代理端口为：【$multiport】\033[0m"
+                echo -e "\033[31m注意，fake-ip模式下，非常用端口的域名连接将不受影响！！\033[0m"
+                read -p "是否修改默认端口？(1/0) > " res
+                [ "$res" = "1" ] && {
+                    read -p "请输入自定义端口,注意用小写逗号分隔 > " text
+                    [ -n "$text" ] && setconfig multiport $text && echo -e "\033[33m已设为代理【$multiport】端口！！\033[0m"
+                }
+                common_ports=已开启
+                sleep 1
+            else
+                echo -e "\033[33m已设为代理全部端口！！\033[0m"
+                common_ports=未开启
+            fi
+            setconfig common_ports $common_ports
+        }
+        echo "-----------------------------------------------"
+        if [ -n "$(pidof CrashCore)" ]; then
+            read -p "切换时将停止服务，是否继续？(1/0) > " res
+            [ "$res" = 1 ] && ${CRASHDIR}/start.sh stop && set_common_ports
+        else
+            set_common_ports
+        fi
+        set_fw_filter
+	;;
+    2)
+        checkcfg_mac=$(cat ${CRASHDIR}/configs/mac)
+        fw_filter_lan
+        if [ -n "$PID" ]; then
+            checkcfg_mac_new=$(cat ${CRASHDIR}/configs/mac)
+            [ "$checkcfg_mac" != "$checkcfg_mac_new" ] && checkrestart
+        fi
+        set_fw_filter
+	;;
+    3)
+        echo "-----------------------------------------------"
+        if [ -n "$(echo "$redir_mod" | grep -oE '混合|Tproxy|Tun')" ]; then
+            if [ "$quic_rj" = "未开启" ]; then
+                echo -e "\033[33m已禁止QUIC流量通过ShellCrash内核！！\033[0m"
+                quic_rj=已启用
+            else
+                echo -e "\033[33m已取消禁止QUIC协议流量！！\033[0m"
+                quic_rj=未开启
+            fi
+            setconfig quic_rj $quic_rj
+        else
+            echo -e "\033[33m当前模式默认不会代理UDP流量，无需设置！！\033[0m"
+        fi
+        sleep 1
+        set_fw_filter
+	;;
+    4)
+        if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ]; then
+            if [ "$cn_ip_route" = "未开启" ]; then
+                echo -e "\033[32m已开启CN_IP绕过内核功能！！\033[0m"
+                echo -e "\033[31m注意！！！此功能会导致全局模式及一切CN相关规则失效！！！\033[0m"
+                cn_ip_route=已开启
+                sleep 2
+            else
+                echo -e "\033[33m已禁用CN_IP绕过内核功能！！\033[0m"
+                cn_ip_route=未开启
+            fi
+            setconfig cn_ip_route $cn_ip_route
+        else
+            echo -e "\033[31m当前设备缺少ipset模块或未使用nftables模式，无法启用绕过功能！！\033[0m"
+            sleep 1
+        fi
+        set_fw_filter
+	;;
+    5)
+        set_cust_host_ipv4
+        set_fw_filter
+        ;;
+    6)
+        [ -z "$reserve_ipv4" ] && reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
+        echo -e "当前网段：\033[36m$reserve_ipv4\033[0m"
+        echo -e "\033[33m地址必须是空格分隔，错误的设置可能导致网络回环或启动报错，请务必谨慎！\033[0m"
+        read -p "请输入 > " text
+        if [ -n "$(
+            echo $text | grep -E "(((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])/(3[0-2]|[1-2]?[0-9]))( +|$)+"
+        )" ]; then
+            reserve_ipv4="$text"
+            echo -e "已将保留地址网段设为：\033[32m$reserve_ipv4\033[0m"
+            setconfig reserve_ipv4 "'$reserve_ipv4'"
+        else
+            echo -e "\033[31m输入有误，操作已取消！\033[0m"
+        fi
+        sleep 1
+        set_fw_filter
+        ;;
+    *)
+        errornum
+	;;
+    esac
+}
+set_cust_host_ipv4() {
+	[ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="未启用"
+	echo "-----------------------------------------------"
+	echo -e "当前默认透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ' && echo) \033[0m"
+	echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 1 移除所有自定义网段"
+	echo -e " 2 使用自定义网段覆盖默认网段	\033[36m$replace_default_host_ipv4\033[0m"
+	echo -e " 0 返回上级菜单"
+	read -p "请输入对应的序号或需要额外添加的网段 > " text
+	case "$text" in
+	2)
+		if [ "$replace_default_host_ipv4" == "未启用" ]; then
+			replace_default_host_ipv4="已启用"
+		else
+			replace_default_host_ipv4="未启用"
+		fi
+		setconfig replace_default_host_ipv4 "$replace_default_host_ipv4"
+		set_cust_host_ipv4
+		;;
+	1)
+		unset cust_host_ipv4
+		setconfig cust_host_ipv4
+		set_cust_host_ipv4
+		;;
+	0) ;;
+	*)
+		if [ -n "$(echo $text | grep -Eo '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}'$)" -a -z "$(echo $cust_host_ipv4 | grep "$text")" ]; then
+			cust_host_ipv4="$cust_host_ipv4 $text"
+			setconfig cust_host_ipv4 "'$cust_host_ipv4'"
+		else
+			echo "-----------------------------------------------"
+			echo -e "\033[31m请输入正确的网段地址！\033[0m"
+		fi
+		sleep 1
+		set_cust_host_ipv4
+		;;
+	esac
+}
+fw_filter_lan() { #局域网设备过滤
+    get_devinfo() {
+        dev_ip=$(cat $dhcpdir | grep " $dev " | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip=$dev
+        dev_mac=$(cat $dhcpdir | grep " $dev " | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$dev
+        dev_name=$(cat $dhcpdir | grep " $dev " | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备'
+    }
+    add_mac() {
+        echo "-----------------------------------------------"
+        echo 已添加的mac地址：
+        cat ${CRASHDIR}/configs/mac 2>/dev/null
+        echo "-----------------------------------------------"
+        echo -e "\033[33m序号   设备IP       设备mac地址       设备名称\033[32m"
+        cat $dhcpdir | awk '{print " "NR" "$3,$2,$4}'
+        echo -e "\033[0m-----------------------------------------------"
+        echo -e "手动输入mac地址时仅支持\033[32mxx:xx:xx:xx:xx:xx\033[0m的形式"
+        echo -e " 0 或回车 结束添加"
+        echo "-----------------------------------------------"
+        read -p "请输入对应序号或直接输入mac地址 > " num
+        if [ -z "$num" -o "$num" = 0 ]; then
+            i=
+        elif [ -n "$(echo $num | grep -aE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$')" ]; then
+            if [ -z "$(cat ${CRASHDIR}/configs/mac | grep -E "$num")" ]; then
+                echo $num | grep -oE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$' >>${CRASHDIR}/configs/mac
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的设备，请勿重复添加！\033[0m"
+            fi
+            add_mac
+        elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then
+            macadd=$(cat $dhcpdir | awk '{print $2}' | sed -n "$num"p)
+            if [ -z "$(cat ${CRASHDIR}/configs/mac | grep -E "$macadd")" ]; then
+                echo $macadd >>${CRASHDIR}/configs/mac
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的设备，请勿重复添加！\033[0m"
+            fi
+            add_mac
+        else
+            echo "-----------------------------------------------"
+            echo -e "\033[31m输入有误，请重新输入！\033[0m"
+            add_mac
+        fi
+    }
+    add_ip() {
+        echo "-----------------------------------------------"
+        echo "已添加的IP地址(段)："
+        cat ${CRASHDIR}/configs/ip_filter 2>/dev/null
+        echo "-----------------------------------------------"
+        echo -e "\033[33m序号   设备IP     设备名称\033[32m"
+        cat $dhcpdir | awk '{print " "NR" "$3,$4}'
+        echo -e "\033[0m-----------------------------------------------"
+        echo -e "手动输入时仅支持\033[32m 192.168.1.0/24\033[0m 或 \033[32m192.168.1.0\033[0m 的形式"
+        echo -e "不支持ipv6地址过滤，如有需求请使用mac地址过滤"
+        echo -e " 0 或回车 结束添加"
+        echo "-----------------------------------------------"
+        read -p "请输入对应序号或直接输入IP地址段 > " num
+        if [ -z "$num" -o "$num" = 0 ]; then
+            i=
+        elif [ -n "$(echo $num | grep -aE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$')" ]; then
+            if [ -z "$(cat ${CRASHDIR}/configs/ip_filter | grep -E "$num")" ]; then
+                echo $num | grep -oE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$' >>${CRASHDIR}/configs/ip_filter
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的地址，请勿重复添加！\033[0m"
+            fi
+            add_ip
+        elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then
+            ipadd=$(cat $dhcpdir | awk '{print $3}' | sed -n "$num"p)
+            if [ -z "$(cat ${CRASHDIR}/configs/mac | grep -E "$ipadd")" ]; then
+                echo $ipadd >>${CRASHDIR}/configs/ip_filter
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的地址，请勿重复添加！\033[0m"
+            fi
+            add_ip
+        else
+            echo "-----------------------------------------------"
+            echo -e "\033[31m输入有误，请重新输入！\033[0m"
+            add_ip
+        fi
+    }
+    del_all() {
+        echo "-----------------------------------------------"
+        if [ -z "$(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null)" ]; then
+            echo -e "\033[31m列表中没有需要移除的设备！\033[0m"
+            sleep 1
+        else
+            echo -e "请选择需要移除的设备：\033[36m"
+            echo -e "\033[33m      设备IP       设备mac地址       设备名称\033[0m"
+            i=1
+            for dev in $(cat ${CRASHDIR}/configs/mac ${CRASHDIR}/configs/ip_filter 2>/dev/null); do
+                get_devinfo
+                echo -e " $i \033[32m$dev_ip \033[36m$dev_mac \033[32m$dev_name\033[0m"
+                i=$((i + 1))
+            done
+            echo "-----------------------------------------------"
+            echo -e "\033[0m 0 或回车 结束删除"
+            read -p "请输入需要移除的设备的对应序号 > " num
+            mac_filter_rows=$(cat ${CRASHDIR}/configs/mac 2>/dev/null | wc -l)
+            ip_filter_rows=$(cat ${CRASHDIR}/configs/ip_filter 2>/dev/null | wc -l)
+            if [ -z "$num" ] || [ "$num" -le 0 ]; then
+                n=
+            elif [ $num -le $mac_filter_rows ]; then
+                sed -i "${num}d" ${CRASHDIR}/configs/mac
+                echo "-----------------------------------------------"
+                echo -e "\033[32m对应设备已移除！\033[0m"
+                del_all
+            elif [ $num -le $((mac_filter_rows + ip_filter_rows)) ]; then
+                num=$((num - mac_filter_rows))
+                sed -i "${num}d" ${CRASHDIR}/configs/ip_filter
+                echo "-----------------------------------------------"
+                echo -e "\033[32m对应设备已移除！\033[0m"
+                del_all
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m输入有误，请重新输入！\033[0m"
+                del_all
+            fi
+        fi
+    }
+    echo "-----------------------------------------------"
+    [ -z "$dhcpdir" ] && [ -f /var/lib/dhcp/dhcpd.leases ] && dhcpdir='/var/lib/dhcp/dhcpd.leases'
+    [ -z "$dhcpdir" ] && [ -f /var/lib/dhcpd/dhcpd.leases ] && dhcpdir='/var/lib/dhcpd/dhcpd.leases'
+    [ -z "$dhcpdir" ] && [ -f /tmp/dhcp.leases ] && dhcpdir='/tmp/dhcp.leases'
+    [ -z "$dhcpdir" ] && [ -f /tmp/dnsmasq.leases ] && dhcpdir='/tmp/dnsmasq.leases'
+    [ -z "$dhcpdir" ] && dhcpdir='/dev/null'
+    [ -z "$fw_filter_lan_type" ] && fw_filter_lan_type='黑名单'
+    if [ "$fw_filter_lan_type" = "黑名单" ]; then
+        fw_filter_lan_over='白名单'
+        fw_filter_lan_scrip='不'
+    else
+        fw_filter_lan_over='黑名单'
+        fw_filter_lan_scrip=''
+    fi
+    ######
+    echo -e "\033[30;47m请在此添加或移除设备\033[0m"
+    echo -e "当前过滤方式为：\033[33m$fw_filter_lan_type模式\033[0m"
+    echo -e "仅列表内设备流量\033[36m$fw_filter_lan_scrip经过\033[0m内核"
+    if [ -n "$(cat ${CRASHDIR}/configs/mac)" ]; then
+        echo "-----------------------------------------------"
+        echo -e "当前已过滤设备为：\033[36m"
+        echo -e "\033[33m 设备mac/ip地址       设备名称\033[0m"
+        for dev in $(cat ${CRASHDIR}/configs/mac 2>/dev/null); do
+            get_devinfo
+            echo -e "\033[36m$dev_mac \033[0m$dev_name"
+        done
+        for dev in $(cat ${CRASHDIR}/configs/ip_filter 2>/dev/null); do
+            get_devinfo
+            echo -e "\033[32m$dev_ip  \033[0m$dev_name"
+        done
+        echo "-----------------------------------------------"
+    fi
+    echo -e " 1 切换为\033[33m$fw_filter_lan_over模式\033[0m"
+    echo -e " 2 \033[32m添加指定设备(mac地址)\033[0m"
+    echo -e " 3 \033[32m添加指定设备(IP地址/网段)\033[0m"
+    echo -e " 4 \033[36m移除指定设备\033[0m"
+    echo -e " 9 \033[31m清空整个列表\033[0m"
+    echo -e " 0 返回上级菜单"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    1)
+        fw_filter_lan_type=$fw_filter_lan_over
+        setconfig fw_filter_lan_type $fw_filter_lan_type
+        echo "-----------------------------------------------"
+        echo -e "\033[32m已切换为$fw_filter_lan_type模式！\033[0m"
+        fw_filter_lan
+        ;;
+    2)
+        add_mac
+        fw_filter_lan
+        ;;
+    3)
+        add_ip
+        fw_filter_lan
+        ;;
+    4)
+        del_all
+        fw_filter_lan
+        ;;
+    9)
+        : >${CRASHDIR}/configs/mac
+        : >${CRASHDIR}/configs/ip_filter
+        echo "-----------------------------------------------"
+        echo -e "\033[31m设备列表已清空！\033[0m"
+        fw_filter_lan
+        ;;
+    *)
+        errornum
+        ;;
+    esac
+}
+
diff --git a/scripts/start.sh b/scripts/start.sh
index dec850c9..fff7ffb5 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -622,11 +622,6 @@ EOF
 		. "$CRASHDIR"/configs/gateway.cfg
 		. "$CRASHDIR"/libs/meta_listeners.sh
 	}
-    #生成自定义出站
-	[ "$wg_service" = ON ] && {
-		. "$CRASHDIR"/configs/gateway.cfg
-		. "$CRASHDIR"/libs/meta_proxies.sh
-	}
     #节点绕过功能支持
     sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
     [ "$proxies_bypass" = "已启用" ] && {
@@ -1913,7 +1908,7 @@ singbox_check() { #singbox启动前检查
     return 0
 }
 network_check() { #检查是否联网
-    for text in 223.5.5.5 dns.alidns.com doh.pub doh.360.cn; do
+    for text in 223.5.5.5 1.2.4.8 dns.alidns.com doh.pub; do
         ping -c 3 $text >/dev/null 2>&1 && return 0
         sleep 5
     done