v1.7.10c

~修复小米设备开启自启失败的问题
~修复本机代理nftables增强模式部分情况下无法代理docker流量的问题
~修复本机代理iptables提示重复添加的问题

bin/version

@@ -2,5 +2,5 @@ clashnet_v=v1.7.6
 clashpre_v=2022.11.25
 clash_v=v1.7.1
 meta_v=v1.15.0
-versionsh=1.7.9f
 GeoIP_v=20230729
+versionsh=1.7.10c

scripts/clash.service

@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=simple
 User=root
-ExecStart=/etc/clash/clash -d /etc/clash -f /tmp/clash_$USER/config.yaml >/dev/null
+ExecStart=/etc/clash/clash -d /etc/clash >/dev/null
 ExecStartPost=/etc/clash/start.sh afstart
 Restart=on-failure
 RestartSec=3s

scripts/clash.sh

@@ -3,7 +3,7 @@
 
 CFG_PATH=$clashdir/configs/ShellClash.cfg
 YAMLSDIR=$clashdir/yamls
-TMPDIR=/tmp/clash_$USER && [ ! -f $TMPDIR ] && mkdir -p $TMPDIR
+TMPDIR=/tmp/ShellClash && [ ! -f $TMPDIR ] && mkdir -p $TMPDIR
 #读取配置相关
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
@@ -1745,7 +1745,7 @@ clashcron(){
 							echo "$cronwords" >> $tmpcron
 							croncmd $tmpcron
 							#华硕/Padavan固件存档在本地,其他则删除
-							[ "$clashdir" = "/jffs/clash" -o "$clashdir" = "/etc/storage/clash" ] && mv -f $tmpcron $clashdir/cron || rm -f $tmpcron
+							[ "$clashdir" = "/jffs/clash" -o "$clashdir" = "/etc/storage/clash" ] && mv -f $tmpcron $clashdir/tools/cron || rm -f $tmpcron
 							echo -----------------------------------------------
 							echo -e "\033[31m定时任务已添加！！！\033[0m"
 						fi
@@ -1769,7 +1769,7 @@ clashcron(){
 			i=
 		elif [ "$num" = 9 ]; then
 			croncmd -l > $TMPDIR/conf && sed -i "/$cronname/d" $TMPDIR/conf && croncmd $TMPDIR/conf
-			sed -i "/$cronname/d" $clashdir/cron 2>/dev/null
+			sed -i "/$cronname/d" $clashdir/tools/cron 2>/dev/null
 			rm -f $TMPDIR/conf
 			echo -----------------------------------------------
 			echo -e "\033[31m定时任务：$cronname已删除！\033[0m"
@@ -1853,7 +1853,7 @@ clashcron(){
 		[ -n "$txt" ] && {
 			cronname=$txt
 			croncmd -l > $TMPDIR/conf && sed -i "/$cronname/d" $TMPDIR/conf && croncmd $TMPDIR/conf
-			sed -i "/$cronname/d" $clashdir/cron 2>/dev/null
+			sed -i "/$cronname/d" $clashdir/tools/cron 2>/dev/null
 			rm -f $TMPDIR/conf
 			echo -----------------------------------------------
 			echo -e "所有关键词\033[32m$cronname\033[0m匹配的定时任务均已删除！\033[0m"

scripts/clashservice

@@ -10,7 +10,6 @@ DIR=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
 [ -z "$DIR" ] && DIR=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
 BINDIR=$(cat $DIR/configs/ShellClash.cfg | grep bindir | awk -F "=" '{print $2}')
 [ -z "$BINDIR" ] && BINDIR=$DIR
-TMPDIR=/tmp/clash_$USER
 
 start_service() {
 	#检测必须文件
@@ -21,7 +20,7 @@ start_service() {
 		procd_set_param respawn
 		procd_set_param stderr 0
 		procd_set_param stdout 0
-		procd_set_param command $BINDIR/clash -d $BINDIR -f $TMPDIR/config.yaml
+		procd_set_param command $BINDIR/clash -d $BINDIR
 		procd_close_instance
 		#其他设置
 		$DIR/start.sh afstart
@@ -34,7 +33,7 @@ start() {
 		$DIR/start.sh bfstart
 		if [ "$?" = "0" ];then
 			#创建后台进程
-			service_start  $BINDIR/clash -d $BINDIR -f $TMPDIR/config.yaml
+			service_start  $BINDIR/clash -d $BINDIR
 			#其他设置
 			$DIR/start.sh afstart
 			#设置守护进程

scripts/getdate.sh

@@ -729,7 +729,7 @@ clashlink(){
 }
 #下载更新相关
 gettar(){
-	$clashdir/start.sh webget $tmpdir/clashfm.tar.gz $tarurl
+	$clashdir/start.sh webget $TMPDIR/clashfm.tar.gz $tarurl
 	if [ "$?" != "0" ];then
 		echo -e "\033[33m文件下载失败！\033[0m"
 		error_down
@@ -739,9 +739,9 @@ gettar(){
 		echo -----------------------------------------------
 		echo 开始解压文件！
 		mkdir -p $clashdir > /dev/null
-		tar -zxvf "$tmpdir/clashfm.tar.gz" -C $clashdir/
+		tar -zxvf "$TMPDIR/clashfm.tar.gz" -C $clashdir/
 		if [ $? -ne 0 ];then
-			rm -rf $tmpdir/clashfm.tar.gz
+			rm -rf $TMPDIR/clashfm.tar.gz
 			echo -e "\033[33m文件解压失败！\033[0m"
 			error_down
 		else
@@ -810,21 +810,21 @@ getcore(){
 	#获取在线clash核心文件
 	echo -----------------------------------------------
 	echo 正在在线获取clash核心文件……
-	$clashdir/start.sh webget $tmpdir/clash.new $corelink
+	$clashdir/start.sh webget $TMPDIR/clash.new $corelink
 	if [ "$?" = "1" ];then
 		echo -e "\033[31m核心文件下载失败！\033[0m"
-		rm -rf $tmpdir/clash.new
+		rm -rf $TMPDIR/clash.new
 		[ -z "$custcorelink" ] && error_down
 	else
-		chmod +x $tmpdir/clash.new 
+		chmod +x $TMPDIR/clash.new 
-		clashv=$($tmpdir/clash.new -v 2>/dev/null | sed 's/ linux.*//;s/.* //')
+		clashv=$($TMPDIR/clash.new -v 2>/dev/null | sed 's/ linux.*//;s/.* //')
 		if [ -z "$clashv" ];then
 			echo -e "\033[31m核心文件下载成功但校验失败！请尝试手动指定CPU版本\033[0m"
-			rm -rf $tmpdir/clash.new
+			rm -rf $TMPDIR/clash.new
 			setcpucore
 		else
 			echo -e "\033[32m$clashcore核心下载成功！\033[0m"
-			mv -f $tmpdir/clash.new $bindir/clash
+			mv -f $TMPDIR/clash.new $bindir/clash
 			chmod +x $bindir/clash 
 			setconfig clashcore $clashcore
 			setconfig clashv $version
@@ -930,13 +930,13 @@ setcore(){
 getgeo(){
 	echo -----------------------------------------------
 	echo 正在从服务器获取数据库文件…………
-	$clashdir/start.sh webget $tmpdir/$geoname $update_url/bin/geodata/$geotype
+	$clashdir/start.sh webget $TMPDIR/$geoname $update_url/bin/geodata/$geotype
 	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 		error_down
 	else
-		mv -f $tmpdir/$geoname $bindir/$geoname
+		mv -f $TMPDIR/$geoname $bindir/$geoname
 		echo -----------------------------------------------
 		echo -e "\033[32mGeoIP/CN_IP数据库文件下载成功！\033[0m"
 		Geo_v=$GeoIP_v
@@ -1014,7 +1014,7 @@ getdb(){
 	dblink="${update_url}/bin/dashboard/${db_type}.tar.gz"
 	echo -----------------------------------------------
 	echo 正在连接服务器获取安装文件…………
-	$clashdir/start.sh webget $tmpdir/clashdb.tar.gz $dblink
+	$clashdir/start.sh webget $TMPDIR/clashdb.tar.gz $dblink
 	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
@@ -1024,10 +1024,10 @@ getdb(){
 	else
 		echo -e "\033[33m下载成功，正在解压文件！\033[0m"
 		mkdir -p $dbdir > /dev/null
-		tar -zxvf "$tmpdir/clashdb.tar.gz" -C $dbdir > /dev/null
+		tar -zxvf "$TMPDIR/clashdb.tar.gz" -C $dbdir > /dev/null
 		if [ $? -ne 0 ];then
-			tar -zxvf "$tmpdir/clashdb.tar.gz" --no-same-permissions -C $dbdir > /dev/null
+			tar -zxvf "$TMPDIR/clashdb.tar.gz" --no-same-permissions -C $dbdir > /dev/null
-			[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf $tmpdir/clashfm.tar.gz && exit 1 
+			[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf $TMPDIR/clashfm.tar.gz && exit 1 
 		fi
 		#修改默认host和端口
 		if [ "$db_type" = "clashdb" -o "$db_type" = "meta_db" ];then
@@ -1041,7 +1041,7 @@ getdb(){
 		setconfig hostdir \'$hostdir\'
 		echo -----------------------------------------------
 		echo -e "\033[32m面板安装成功！\033[0m"
-		rm -rf $tmpdir/clashdb.tar.gz
+		rm -rf $TMPDIR/clashdb.tar.gz
 		sleep 1
 	fi
 }
@@ -1121,20 +1121,20 @@ getcrt(){
 	crtlink="${update_url}/bin/fix/ca-certificates.crt"
 	echo -----------------------------------------------
 	echo 正在连接服务器获取安装文件…………
-	$clashdir/start.sh webget $tmpdir/ca-certificates.crt $crtlink
+	$clashdir/start.sh webget $TMPDIR/ca-certificates.crt $crtlink
 	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 		error_down
 	else
 		echo -----------------------------------------------
-		mv -f $tmpdir/ca-certificates.crt $crtdir
+		mv -f $TMPDIR/ca-certificates.crt $crtdir
-		$clashdir/start.sh webget $tmpdir/ssl_test https://baidu.com echooff rediron skipceroff
+		$clashdir/start.sh webget $TMPDIR/ssl_test https://baidu.com echooff rediron skipceroff
 		if [ "$?" = "1" ];then
 			export CURL_CA_BUNDLE=$crtdir
 			echo "export CURL_CA_BUNDLE=$crtdir" >> /etc/profile
 		fi
-		rm -rf $tmpdir/ssl_test
+		rm -rf $TMPDIR/ssl_test
 		echo -e "\033[32m证书安装成功！\033[0m"
 		sleep 1
 	fi
@@ -1212,15 +1212,15 @@ setserver(){
 	b)
 		echo -----------------------------------------------
 		echo -e "\033[33m如无法连接，请务必先启用clash服务！！！\033[0m"
-		$clashdir/start.sh webget $tmpdir/clashrelease https://raw.githubusercontent.com/juewuy/ShellClash/master/bin/release_version echooff rediroff 2>$tmpdir/clashrelease
+		$clashdir/start.sh webget $TMPDIR/clashrelease https://raw.githubusercontent.com/juewuy/ShellClash/master/bin/release_version echooff rediroff 2>$TMPDIR/clashrelease
 		echo -e "\033[31m请选择想要回退至的release版本：\033[0m"
-		cat $tmpdir/clashrelease | awk '{print " "NR" "$1}'
+		cat $TMPDIR/clashrelease | awk '{print " "NR" "$1}'
 		echo -e " 0 返回上级菜单"
 		read -p "请输入对应数字 > " num
 		if [ -z "$num" -o "$num" = 0 ]; then
 			setserver
-		elif [ $num -le $(cat $tmpdir/clashrelease 2>/dev/null | awk 'END{print NR}') ]; then
+		elif [ $num -le $(cat $TMPDIR/clashrelease 2>/dev/null | awk 'END{print NR}') ]; then
-			release_version=$(cat $tmpdir/clashrelease | awk '{print $1}' | sed -n "$num"p)
+			release_version=$(cat $TMPDIR/clashrelease | awk '{print $1}' | sed -n "$num"p)
 			update_url="https://raw.githubusercontent.com/juewuy/ShellClash/$release_version"
 			saveserver
 			unset release_url
@@ -1228,7 +1228,7 @@ setserver(){
 			echo -----------------------------------------------
 			echo -e "\033[31m输入有误，请重新输入！\033[0m"
 		fi
-		rm -rf $tmpdir/clashrelease
+		rm -rf $TMPDIR/clashrelease
 	;;
 	*)
 		errornum
@@ -1240,25 +1240,25 @@ checkupdate(){
 if [ -z "$release_new" ];then
 	if [ -n "$release_url" ];then
 		[ -n "$(echo $release_url|grep 'jsdelivr')" ] && check_url=$release_url@master || check_url=$release_url/master
-		$clashdir/start.sh webget $tmpdir/clashversion $check_url/bin/release_version echoon rediroff 2>$tmpdir/clashversion
+		$clashdir/start.sh webget $TMPDIR/clashversion $check_url/bin/release_version echoon rediroff 2>$TMPDIR/clashversion
-		release_new=$(cat $tmpdir/clashversion | head -1)
+		release_new=$(cat $TMPDIR/clashversion | head -1)
 		[ -n "$(echo $release_url|grep 'jsdelivr')" ] && update_url=$release_url@$release_new || update_url=$release_url/$release_new
 		setconfig update_url \'$update_url\'
 		release_type=正式版
 	else
 		release_type=测试版
 	fi	
-	$clashdir/start.sh webget $tmpdir/clashversion $update_url/bin/version echooff 
+	$clashdir/start.sh webget $TMPDIR/clashversion $update_url/bin/version echooff 
-	[ "$?" = "0" ] && release_new=$(cat $tmpdir/clashversion | grep -oE 'versionsh=.*' | awk -F'=' '{ print $2 }')
+	[ "$?" = "0" ] && release_new=$(cat $TMPDIR/clashversion | grep -oE 'versionsh=.*' | awk -F'=' '{ print $2 }')
 	if [ -n "$release_new" ];then
-		source $tmpdir/clashversion 2>/dev/null
+		source $TMPDIR/clashversion 2>/dev/null
 	else
 		echo -e "\033[31m检查更新失败！请切换其他安装源！\033[0m"
 		echo -e "\033[36m如全部安装源都无法使用，请先运行clash服务后再使用更新功能！\033[0m"
 		sleep 1
 		setserver
 	fi
-	rm -rf $tmpdir/clashversion
+	rm -rf $TMPDIR/clashversion
 fi
 }
 update(){
@@ -1438,14 +1438,14 @@ userguide(){
 		[ "$res" = 1 ] && checkupdate && getcrt
 	fi
 	#设置加密DNS
-	$clashdir/start.sh webget $tmpdir/ssl_test https://doh.pub echooff rediron
+	$clashdir/start.sh webget $TMPDIR/ssl_test https://doh.pub echooff rediron
 	if [ "$?" = "0" ];then
 		dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
 		dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query'
 		setconfig dns_nameserver \'"$dns_nameserver"\'
 		setconfig dns_fallback \'"$dns_fallback"\' 
 	fi
-	rm -rf $tmpdir/ssl_test
+	rm -rf $TMPDIR/ssl_test
 	#开启公网访问
 	sethost(){
 		read -p "请输入你的公网IP地址 > " host
@@ -1526,7 +1526,7 @@ testcommand(){
 		echo -----------------------------------------------
 		if $clashdir/clash -v &>/dev/null;then
 			clash -s modify_yaml &>/dev/null
-			$clashdir/clash -t -d $clashdir	-f $tmpdir/config.yaml
+			$clashdir/clash -t -d $clashdir	-f $TMPDIR/config.yaml
 			[ "$?" = 0 ] && testover=32m测试通过！|| testover=31m出现错误！请截图后到TG群询问！！！
 			echo -e "\033[$testover\033[0m"
 		else

scripts/init.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-version=1.7.9f
+version=1.7.10c
 
 setdir(){
 	dir_avail(){
@@ -124,7 +124,7 @@ fi
 }
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
-	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
+	[ -z "$3" ] && configpath=$clashdir/configs/ShellClash.cfg || configpath=$3
 	[ -n "$(grep -E "^${1}=" $configpath)" ] && sed -i "s#^${1}=\(.*\)#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 
@@ -151,7 +151,8 @@ mkdir -p $clashdir
 mv -f /tmp/SC_tmp/* $clashdir 2>/dev/null
 
 #初始化
-[ -f "$clashdir/mark" ] || echo '#ShellClash配置文件，不明勿动！' > $clashdir/mark
+mkdir -p $clashdir/configs
+[ -f "$clashdir/configs/ShellClash.cfg" ] || echo '#ShellClash配置文件，不明勿动！' > $clashdir/configs/ShellClash.cfg
 #本地安装跳过新手引导
 #[ -z "$url" ] && setconfig userguide 1
 #判断系统类型写入不同的启动文件
@@ -231,17 +232,16 @@ rm -rf /tmp/*lash*gz
 rm -rf /tmp/SC_tmp
 #转换&清理旧版本文件
 mkdir -p $clashdir/yamls
-mkdir -p $clashdir/configs
 mkdir -p $clashdir/tools
 for file in config.yaml config.yaml.bak user.yaml proxies.yaml proxy-groups.yaml rules.yaml others.yaml ;do
-	mv -f $clashdir/$file $clashdir/yamls/$file
+	mv -f $clashdir/$file $clashdir/yamls/$file 2>/dev/null
 done
 for file in fake_ip_filter mac web_save servers.list fake_ip_filter.list fallback_filter.list;do
-	mv -f $clashdir/$file $clashdir/configs/$file
+	mv -f $clashdir/$file $clashdir/configs/$file 2>/dev/null
 done
-	mv -f $clashdir/mark $clashdir/configs/ShellClash.cfg
+	mv -f $clashdir/mark $clashdir/configs/ShellClash.cfg 2>/dev/null
-for file in dropbear_rsa_host_key authorized_keys tun.ko ShellDDNS.sh;do
+for file in cron dropbear_rsa_host_key authorized_keys tun.ko ShellDDNS.sh;do
-	mv -f $clashdir/$file $clashdir/tools/$file
+	mv -f $clashdir/$file $clashdir/tools/$file 2>/dev/null
 done
 for file in log clash.service mark? mark.bak;do
 	rm -rf $clashdir/$file

scripts/start.sh

@@ -7,7 +7,7 @@
 [ -z "$clashdir" ] && clashdir=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
 [ -z "$clashdir" ] && clashdir=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
 CFG_PATH=$clashdir/configs/ShellClash.cfg
-TMPDIR=/tmp/clash_$USER && [ ! -f $TMPDIR ] && mkdir -p $TMPDIR
+TMPDIR=/tmp/ShellClash && [ ! -f $TMPDIR ] && mkdir -p $TMPDIR
 #脚本内部工具
 getconfig(){
 	#加载配置文件
@@ -38,7 +38,7 @@ getconfig(){
 }
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
-	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
+	[ -z "$3" ] && configpath=$CFG_PATH || configpath=$3
 	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 ckcmd(){
@@ -143,8 +143,8 @@ getlanip(){
 	while [ "$i" -le "10" ];do
 		host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' ) #ipv4局域网网段
 		host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g' ) #ipv6公网地址段
-		[ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
 		[ -f  $TMPDIR/ShellClash_log ] && break
+		[ -n "$host_ipv4" -o -n "$host_ipv6" ] && break
 		sleep 2 && i=$((i+1))
 	done
 	#添加自定义ipv4局域网网段
@@ -163,10 +163,10 @@ getlanip(){
 getyaml(){
 	[ -z "$rule_link" ] && rule_link=1
 	[ -z "$server_link" ] && server_link=1
-	Server=$(grep -aE '^3|^4' $clashdir/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
+	Server=$(grep -aE '^3|^4' $clashdir/configs/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
-	[ -n "$(echo $Url | grep -oE 'vless:|hysteria:')" ] && Server=$(grep -aE '^4' $clashdir/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
+	[ -n "$(echo $Url | grep -oE 'vless:|hysteria:')" ] && Server=$(grep -aE '^4' $clashdir/configs/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
-	[ "$retry" = 4 ] && Server=$(grep -aE '^499' $clashdir/servers.list | awk '{print $3}')
+	[ "$retry" = 4 ] && Server=$(grep -aE '^499' $clashdir/configs/servers.list | awk '{print $3}')
-	Config=$(grep -aE '^5' $clashdir/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
+	Config=$(grep -aE '^5' $clashdir/configs/servers.list | sed -n ""$rule_link"p" | awk '{print $3}')
 	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
 	if [ -z "$Https" ];then
 		Https="$Server/sub?target=clash&insert=true&new_name=true&scv=true&udp=true&exclude=$exclude&include=$include&url=$Url&config=$Config"
@@ -257,7 +257,7 @@ getyaml(){
 			if [ "$?" != "0" ];then
 				logger "配置文件加载失败！请查看报错信息！" 31
 				$bindir/clash -t -d $bindir -f $yamlnew
-				echo "$($bindir/clash -t -d $bindir -f $yamlnew)" >> $clashdir/log
+				echo "$($bindir/clash -t -d $bindir -f $yamlnew)" >> $TMPDIR/ShellClash_log
 				exit 1
 			fi
 		fi
@@ -308,7 +308,7 @@ dns:
   fake-ip-filter:
 EOF
 		if [ "$dns_mod" = "fake-ip" ];then
-			cat $clashdir/configs/fake_ip_filter.list $clashdir/configs/fake_ip_filter | grep '\.' | sed "s/^/    - '/" | sed "s/$/'/" >> $TMPDIR/dns.yaml
+			cat $clashdir/configs/fake_ip_filter $clashdir/configs/fake_ip_filter.list 2>/dev/null | grep '\.' | sed "s/^/    - '/" | sed "s/$/'/" >> $TMPDIR/dns.yaml
 		else
 			echo "    - '+.*'" >> $TMPDIR/dns.yaml
 		fi
@@ -434,16 +434,16 @@ EOF
 	}
 	#插入自定义规则
 	sed -i "/#自定义规则/d" $TMPDIR/rules.yaml
-	[ -f $clashdir/rules.yaml ] && {
+	[ -f $clashdir/yamls/rules.yaml ] && {
-		cat $clashdir/rules.yaml | sed "/^#/d" | sed '$a\' | sed 's/$/ #自定义规则/g' > $TMPDIR/rules.add
+		cat $clashdir/yamls/rules.yaml | sed "/^#/d" | sed '$a\' | sed 's/$/ #自定义规则/g' > $TMPDIR/rules.add
 		cat $TMPDIR/rules.yaml >> $TMPDIR/rules.add
 		mv -f $TMPDIR/rules.add $TMPDIR/rules.yaml
 	}
 	#对齐rules中的空格
 	sed -i 's/^ *-/ -/g' $TMPDIR/rules.yaml
 	#合并文件
-	[ -s $clashdir/user.yaml ] && {
+	[ -s $clashdir/yamls/user.yaml ] && {
-		yaml_user=$clashdir/user.yaml
+		yaml_user=$clashdir/yamls/user.yaml
 		#set和user去重,且优先使用user.yaml
 		cp -f $TMPDIR/set.yaml $TMPDIR/set_bak.yaml
 		for char in mode allow-lan log-level tun experimental interface-name dns store-selected;do
@@ -452,7 +452,7 @@ EOF
 	}
 	[ -s $TMPDIR/dns.yaml ] && yaml_dns=$TMPDIR/dns.yaml
 	[ -s $TMPDIR/hosts.yaml ] && yaml_hosts=$TMPDIR/hosts.yaml
-	[ -s $TMPDIR/others.yaml ] && yaml_others=$clashdir/others.yaml
+	[ -s $TMPDIR/others.yaml ] && yaml_others=$clashdir/yamls/others.yaml
 	yaml_add=
 	for char in $yaml_char;do #将额外配置文件合并
 		[ -s $TMPDIR/${char}.yaml ] && {
@@ -473,6 +473,8 @@ EOF
 		cut -c 1- $TMPDIR/set.yaml $yaml_dns $yaml_add > $TMPDIR/config.yaml
 		sed -i "/#自定义/d" $TMPDIR/config.yaml 
 	fi
+	#建立软连接
+	[ "$TMPDIR" = "$bindir" ] || ln -sf $TMPDIR/config.yaml $bindir/config.yaml
 	#清理缓存
 	for char in $yaml_char set set_bak dns hosts;do
 		rm -f $TMPDIR/${char}.yaml
@@ -887,8 +889,10 @@ start_nft(){
 		}
 		#Docker
 		type docker &>/dev/null && {
-			ip rule add fwmark $fwmark table 102 2> /dev/null
+			nft add chain inet shellclash docker { type nat hook prerouting priority -100 \; }
-			ip route add local 172.16.0.0/12 dev lo table 102 2> /dev/null
+			nft add rule inet shellclash docker ip saddr != {172.16.0.0/12} return
+			nft add rule inet shellclash docker udp dport 53 redirect to $dns_port
+			nft add rule inet shellclash docker meta l4proto tcp mark set $fwmark redirect to $redir_port
 		}
 	}
 }
@@ -953,7 +957,7 @@ stop_firewall(){
 		iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null
 		iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null
 		#本机代理
-		iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
+		iptables -t nat -D OUTPUT -p tcp $ports -j clash_out 2> /dev/null
 		iptables -t nat -F clash_out 2> /dev/null
 		iptables -t nat -X clash_out 2> /dev/null	
 		iptables -t nat -D OUTPUT -p udp --dport 53 -j clash_dns_out 2> /dev/null
@@ -1027,8 +1031,6 @@ stop_firewall(){
 	ip route del local default dev lo table 100 2> /dev/null
 	ip -6 rule del fwmark $fwmark table 101 2> /dev/null
 	ip -6 route del local ::/0 dev lo table 101 2> /dev/null
-	ip rule del fwmark $fwmark table 102 2> /dev/null
-	ip route del local 172.16.0.0/12 dev lo table 102 2> /dev/null
 	#重置nftables相关规则
 	ckcmd nft && {
 		nft flush table inet shellclash >/dev/null 2>&1
@@ -1222,6 +1224,8 @@ bfstart(){
 			fi
 		fi
 	fi
+	#生成配置文件
+	[ "$disoverride" != "1" ] && modify_yaml || ln -s $yaml $bindir/config.yaml
 }
 afstart(){
 
@@ -1275,7 +1279,7 @@ afstart(){
 		#标记启动时间
 		mark_time
 		#加载定时任务
-		[ -f $clashdir/cron ] && croncmd $clashdir/cron	
+		[ -f $clashdir/tools/cron ] && croncmd $clashdir/tools/cron	
 		#启用面板配置自动保存
 		cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"\$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置"
 		[ -f $clashdir/configs/web_save ] && web_restore & #后台还原面板配置
@@ -1294,10 +1298,10 @@ start_old(){
 	#使用传统后台执行二进制文件的方式执行
 	if [ "$local_proxy" = "已开启" -a -n "$(echo $local_type | grep '增强模式')" ];then
 		ckcmd su && su=su
-		$su shellclash -c "$bindir/clash -d $bindir -f $TMPDIR/config.yaml >/dev/null" &
+		$su shellclash -c "$bindir/clash -d $bindir >/dev/null" &
 	else
 		ckcmd nohup && nohup=nohup
-		$nohup $bindir/clash -d $bindir -f $TMPDIR/config.yaml >/dev/null 2>&1 &
+		$nohup $bindir/clash -d $bindir >/dev/null 2>&1 &
 	fi
 	afstart
 	$0 daemon
@@ -1317,8 +1321,6 @@ start)
 		#检测必须文件并下载
 		bfstart
 		stop_firewall #清理路由策略
-		#使用内置规则强行覆盖config配置文件
-		[ "$disoverride" != "1" ] && modify_yaml || ln -s $yaml $TMPDIR/config.yaml
 		#使用不同方式启动clash服务
 		if [ "$start_old" = "已开启" ];then
 			start_old