v1.6.12

~内置下载功能防滥用优化
~移除fastgit源
~域名嗅探默认改为未启用
~本机hosts生成优先读取user.yaml
~其他优化及若干bug修复

README_CN.md

@@ -40,11 +40,7 @@
 --
 ~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
 ~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
-~确认设备已经安装curl或者wget下载工具。**如未安装**，Linux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
-
-```Shell
-opkg update && opkg install curl #如已安装请忽略
-```
+~确认设备已经安装curl或者wget下载工具
 
 ~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
 
@@ -52,13 +48,8 @@ opkg update && opkg install curl #如已安装请忽略
 
 ~**使用curl安装**：<br>
 
-```Shell
-#fastgit.org加速
-export url='https://raw.fastgit.org/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
-```
-
 ```shell
-#GitHub源
+#GitHub源(可能需要代理)
 export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
 ```
 
@@ -75,7 +66,7 @@ export url='https://shellclash.cf' && sh -c "$(curl -kfsSl $url/install.sh)" &&
 ~**使用wget安装**：<br>
 
 ```Shell
-#GitHub源
+#GitHub源(可能需要代理)
 export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
@@ -84,11 +75,6 @@ export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && wget
 export url='https://fastly.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
-```shell
-#fastgit.org加速
-export url='https://raw.fastgit.org/juewuy/ShellClash/master' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
-```
-
 ~**使用低版本wget（提示不支持https）安装**：<br>
 
 ```Shell
@@ -119,13 +105,9 @@ clash -t #测试模式运行
 
 > 大部分的设备/系统都已经预装了以下的大部分依赖，使用时如无影响可以无视之
 
-```Text
-bash/ash		必须		全部缺少时无法安装及运行脚本
+```shell
 curl/wget		必须		全部缺少时无法在线安装及更新，无法使用节点保存功能
-iptables		重要		缺少时只能使用纯净模式
-systemd/rc.common	一般		全部缺少时只能使用保守模式
-iptables-mod-nat	一般		缺少时无法使用redir模式，混合模式
-ip6tables-mod-nat	较低		缺少时影响redir模式，混合模式对ipv6的支持
+iptables/nftables	重要		缺少时只能使用纯净模式
 crontab			较低		缺少时无法启用定时任务功能
 net-tools		极低		缺少时无法正常检测端口占用
 ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
@@ -150,5 +132,4 @@ ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
 
 机场推荐：
 --
-#### [梦迪-高速专线，流媒体解锁，月付推荐](https://dash.catnet.uk/#/register?code=KOhfH9qD)<br>
 #### [墙洞-老牌稳定，流媒体解锁，年付推荐](https://dler.best/auth/register?affid=89698)<br>

scripts/clash.sh

@@ -1168,7 +1168,7 @@ clashadv(){
 	[ -z "$start_old" ] && start_old=未开启
 	[ -z "$tproxy_mod" ] && tproxy_mod=未开启
 	[ -z "$public_support" ] && public_support=未开启
-	[ -z "$sniffer" ] && sniffer=已开启
+	[ -z "$sniffer" ] && sniffer=未启用
 	[ "$bindir" = "/tmp/clash_$USER" ] && mini_clash=已开启 || mini_clash=未开启
 	#
 	echo -----------------------------------------------
@@ -1199,7 +1199,7 @@ clashadv(){
 	elif [ "$num" = 4 ]; then
 		echo -----------------------------------------------
 		if [ "$sniffer" = "未启用" ];then
-			if [ "$clashcore" != "clash.meta" -o "$clashcore" != "clashpre" ];then
+			if [ "$clashcore" = "clash" ];then
 				rm -rf $bindir/clash
 				clashcore=clash.meta
 				setconfig clashcore $clashcore

scripts/getdate.sh

@@ -756,11 +756,10 @@ setserver(){
 	echo -e "当前源地址：\033[4;32m$update_url\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 \033[33m稳定版\033[0m&Jsdelivr-CDN源"
-	echo -e " 2 \033[33m稳定版\033[0m&fastgit.org源"
+	echo -e " 2 \033[33m稳定版\033[0m&Github源(须clash服务启用)"
 	echo -e " 3 \033[32m公测版\033[0m&Github源(须clash服务启用)"
 	echo -e " 4 \033[32m公测版\033[0m&ShellClash私人源"
 	echo -e " 5 \033[32m公测版\033[0m&Jsdelivr-CDN源(推荐)"
-	echo -e " 6 \033[32m公测版\033[0m&fastgit.org源"
 	echo -e " 7 \033[31m内测版\033[0m(请加TG讨论组:\033[4;36mhttps://t.me/ShellClash\033[0m)"
 	echo -e " 8 自定义源地址(用于本地源或自建源)"
 	echo -e " 9 \033[31m版本回退\033[0m"
@@ -772,7 +771,7 @@ setserver(){
 		release_url='https://fastly.jsdelivr.net/gh/juewuy/ShellClash'
 		saveserver
 	elif [ "$num" = 2 ]; then
-		release_url='https://raw.fastgit.org/juewuy/ShellClash'
+		release_url='https://raw.githubusercontent.com/juewuy/ShellClash'
 		saveserver
 	elif [ "$num" = 3 ]; then
 		update_url='https://raw.githubusercontent.com/juewuy/ShellClash/master'
@@ -787,7 +786,7 @@ setserver(){
 		release_url=''
 		saveserver
 	elif [ "$num" = 6 ]; then
-		update_url='https://raw.fastgit.org/juewuy/ShellClash/master'
+		update_url='https://raw.staticdn.net/juewuy/ShellClash/master'
 		release_url=''
 		saveserver
 	elif [ "$num" = 7 ]; then
@@ -1122,15 +1121,15 @@ testcommand(){
 				iptables  -t mangle -L PREROUTING --line-numbers
 				iptables  -t mangle  -L clash --line-numbers
 			}
-			[ -n "$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')" -a "$ipv6_redir" = "已开启" ] && {
-				echo -------------------Redir---------------------
-				ip6tables  -t nat  -L PREROUTING --line-numbers
-				ip6tables  -t nat -L clashv6_dns --line-numbers
-				ip6tables  -t nat  -L clashv6 --line-numbers
-				[ -n "$(echo $redir_mod | grep 'Tproxy')" ] && {
-					echo -------------------Tproxy--------------------
-					ip6tables  -t mangle -L PREROUTING --line-numbers
-					ip6tables  -t mangle  -L clashv6 --line-numbers
+			[ -n "$(echo $redir_mod | grep 'Tproxy')" -a "$ipv6_redir" = "已开启" ] && {
+				echo -------------------Tproxy--------------------
+				ip6tables  -t mangle -L PREROUTING --line-numbers
+				ip6tables  -t mangle  -L clashv6 --line-numbers
+				[ -n "$(lsmod | grep 'ip6table_nat')" ] && {
+					echo -------------------Redir---------------------
+					ip6tables  -t nat  -L PREROUTING --line-numbers
+					ip6tables  -t nat -L clashv6_dns --line-numbers
+					ip6tables  -t nat  -L clashv6 --line-numbers
 				}
 			}
 		fi

scripts/start.sh

@@ -243,12 +243,12 @@ EOF`
 		fi
 		#检测并去除无效节点组
 		[ -n "$url_type" ] && type xargs >/dev/null 2>&1 && {
-		cat $yamlnew | grep -A 8 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/ rules:.*//g' | sed 's/- //g' | grep -E '#DIRECT $' | awk -F '#' '{print $1}' > /tmp/clash_proxies_$USER
-		while read line ;do
-			sed -i "/- $line/d" $yamlnew
-			sed -i "/- name: $line/,/- DIRECT/d" $yamlnew
-		done < /tmp/clash_proxies_$USER
-		rm -rf /tmp/clash_proxies_$USER
+			cat $yamlnew | grep -A 8 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/ rules:.*//g' | sed 's/- //g' | grep -E '#DIRECT $' | awk -F '#' '{print $1}' > /tmp/clash_proxies_$USER
+			while read line ;do
+				sed -i "/- $line/d" $yamlnew
+				sed -i "/- name: $line/,/- DIRECT/d" $yamlnew
+			done < /tmp/clash_proxies_$USER
+			rm -rf /tmp/clash_proxies_$USER
 		}
 		#使用核心内置test功能检测
 		if [ -x $bindir/clash ];then
@@ -346,8 +346,7 @@ store-selected: $restore
 EOF
 ###################################
 	#读取本机hosts并生成配置文件
-	hosts_dir=/etc/hosts
-	if [ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && [ -f $hosts_dir ];then
+	if [ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && [ -f /etc/hosts ] && [ -z "$(grep -E '^hosts:' $clashdir/user.yaml 2>/dev/null)" ];then
 		echo 'hosts:' >> $tmpdir/hosts.yaml
 		while read line;do
 			[ -n "$(echo "$line" | grep -oE "([0-9]{1,3}[\.]){3}" )" ] && \
@@ -471,8 +470,7 @@ start_redir(){
 	#将PREROUTING链指向clash链
 	iptables -t nat -A PREROUTING -p tcp $ports -j clash
 	#设置ipv6转发
-	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
-	if [ -n "$ip6_nat" -a "$ipv6_redir" = "已开启" ];then
+	if [ "$ipv6_redir" = "已开启" -a -n "$(lsmod | grep 'ip6table_nat')" ];then
 		ip6tables -t nat -N clashv6
 		ip6tables -t nat -A clashv6 -d ::1/128 -j RETURN
 		ip6tables -t nat -A clashv6 -d fc00::/7 -j RETURN
@@ -495,9 +493,10 @@ start_redir(){
 }
 start_ipt_dns(){
 	#屏蔽OpenWrt内置53端口转发
-	iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
-	iptables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
-
+	[ "$(uci get dhcp.@dnsmasq[0].dns_redirect 2>/dev/null)" = 1 ] && {
+		uci del dhcp.@dnsmasq[0].dns_redirect
+		uci commit dhcp.@dnsmasq[0]
+	}
 	#设置dns转发
 	iptables -t nat -N clash_dns
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
@@ -515,9 +514,6 @@ start_ipt_dns(){
 	iptables -t nat -I PREROUTING -p udp --dport 53 -j clash_dns
 	#ipv6DNS
 	if [ -n "$(lsmod | grep 'ip6table_nat')" ];then
-		#屏蔽OpenWrt内置53端口转发
-		ip6tables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
-		ip6tables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null	
 		ip6tables -t nat -N clashv6_dns > /dev/null 2>&1
 		if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 			#mac白名单
@@ -533,7 +529,7 @@ start_ipt_dns(){
 		fi
 		ip6tables -t nat -I PREROUTING -p udp --dport 53 -j clashv6_dns
 	else
-		ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellClash-IPV6_DNS-REJECT" -j REJECT > /dev/null 2>&1
+		ip6tables -I INPUT -p udp --dport 53 -m comment --comment "ShellClash-IPV6_DNS-REJECT" -j REJECT 2 > /dev/null
 	fi
 	return 0
 
@@ -580,7 +576,7 @@ start_tproxy(){
 	#屏蔽QUIC
 	[ "$quic_rj" = 已启用 ] && {
 		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
-		iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
+		iptables -I INPUT -p udp --dport 443 -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	}
 	#设置ipv6转发
 	[ "$ipv6_redir" = "已开启" ] && {
@@ -609,7 +605,7 @@ start_tproxy(){
 		[ "$1" = "all" ] && tproxy_set6 tcp
 		tproxy_set6 udp
 		[ "$quic_rj" = 已启用 ] && {
-			ip6tables -I INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
+			ip6tables -I INPUT -p udp --dport 443 -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT 2 >/dev/null
 		}	
 	}
 }
@@ -652,7 +648,7 @@ start_output(){
 start_tun(){
 	modprobe tun &> /dev/null
 	iptables -I FORWARD -o utun -j ACCEPT
-	#ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1
+	ip6tables -I FORWARD -o utun -j ACCEPT > /dev/null 2>&1
 	if [ "$quic_rj" = 已启用 ];then
 		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
 		iptables -I FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1 
@@ -773,8 +769,8 @@ stop_firewall(){
 		iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
 		#屏蔽QUIC
 		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
-		iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
-		iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
+		iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null
+		iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null
 		#本机代理
 		iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
 		iptables -t nat -F clash_out 2> /dev/null
@@ -805,7 +801,7 @@ stop_firewall(){
 	type ip6tables >/dev/null 2>&1 && {
 		#redir
 		ip6tables -t nat -D PREROUTING -p tcp -j clashv6 2> /dev/null
-		ip6tables -t nat -D PREROUTING -p udp --dport 53 -j clashv6_dns 2> /dev/null
+		ip6tables -D INPUT -p udp --dport 53 -m comment --comment "ShellClash-IPV6_DNS-REJECT" -j REJECT 2> /dev/null
 		ip6tables -t nat -F clashv6 2> /dev/null
 		ip6tables -t nat -X clashv6 2> /dev/null
 		#dns
@@ -822,6 +818,7 @@ stop_firewall(){
 		ip6tables -t mangle -D PREROUTING -p udp $ports -j clashv6 2> /dev/null
 		ip6tables -t mangle -F clashv6 2> /dev/null
 		ip6tables -t mangle -X clashv6 2> /dev/null
+		ip6tables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash-QUIC-REJECT" $set_cn_ip -j REJECT 2> /dev/null
 	}
 	#清理ipset规则
 	ipset destroy cn_ip >/dev/null 2>&1
@@ -1197,11 +1194,14 @@ logger)
 	;;
 webget)
 		#设置临时代理 
-		[ -n "$(pidof clash)" ] && {
+		if [ -n "$(pidof clash)" ];then
 			getconfig
 			[ -n "$authentication" ] && auth="$authentication@"
-			export https_proxy="http://${auth}127.0.0.1:$mix_port" && export http_proxy="$https_proxy"
-		}
+			export https_proxy="http://${auth}127.0.0.1:$mix_port"
+			url=$(echo $3 | sed 's#https://.*/juewuy/ShellClash[@|/]#https://raw.githubusercontent.com/juewuy/ShellClash/#' | sed 's#https://gh.shellclash.cf/#https://raw.githubusercontent.com/juewuy/ShellClash/#')
+		else
+			url=$(echo $3 | sed 's#https://.*/juewuy/ShellClash/#https://fastly.jsdelivr.net/gh/juewuy/ShellClash@#')
+		fi
 		#参数【$2】代表下载目录，【$3】代表在线地址
 		#参数【$4】代表输出显示，【$4】不启用重定向
 		#参数【$6】代表验证证书，【$7】使用clash文件头
@@ -1210,7 +1210,7 @@ webget)
 			[ "$5" = "rediroff" ] && redirect='' || redirect='-L'
 			[ "$6" = "skipceroff" ] && certificate='' || certificate='-k'
 			#[ -n "$7" ] && agent='-A "clash"'
-			result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3" 2>/dev/null)
+			result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$url" 2>/dev/null)
 			[ "$result" != "200" ] && export https_proxy="" && result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3")
 		else
 			if wget --version > /dev/null 2>&1;then
@@ -1222,7 +1222,7 @@ webget)
 			fi
 			[ "$4" = "echoon" ] && progress=''
 			[ "$4" = "echooff" ] && progress='-q'
-			wget -Y on $agent $progress $redirect $certificate $timeout -O "$2" "$3"
+			wget -Y on $agent $progress $redirect $certificate $timeout -O "$2" "$url"
 			if [ "$?" != "0" ];then
 				wget -Y off $agent $progress $redirect $certificate $timeout -O "$2" "$3"
 				[ "$?" = "0" ] && result="200"