diff --git a/bin/ShellClash.tar.gz b/bin/ShellClash.tar.gz
index 480e2c0..1a52649 100644
Binary files a/bin/ShellClash.tar.gz and b/bin/ShellClash.tar.gz differ
diff --git a/bin/clashfm.tar.gz b/bin/clashfm.tar.gz
index a655947..8fe0053 100644
Binary files a/bin/clashfm.tar.gz and b/bin/clashfm.tar.gz differ
diff --git a/bin/version b/bin/version
index cbaf3bc..84a8a83 100644
--- a/bin/version
+++ b/bin/version
@@ -3,4 +3,4 @@ clashpre_v=2022.11.25
 clash_v=v1.7.1
 meta_v=v1.14.2
 GeoIP_v=20230225
-versionsh=1.7.1
+versionsh=1.7.3
diff --git a/install.sh b/install.sh
index 3ef82b2..26b8427 100644
--- a/install.sh
+++ b/install.sh
@@ -55,7 +55,8 @@ gettar(){
 		echo -----------------------------------------------
 		echo 开始解压文件！
 		mkdir -p $clashdir > /dev/null
-		tar -zxvf '/tmp/ShellClash.tar.gz' -C $clashdir/
+		tar -zxf '/tmp/ShellClash.tar.gz' -C $clashdir/
+		[ $? -ne 0 ] && tar -zxf --no-same-owner '/tmp/ShellClash.tar.gz' -C $clashdir/
 		if [ $? -ne 0 ];then
 			rm -rf /tmp/ShellClash.tar.gz
 			$echo "\033[33m文件解压失败！\033[0m"
diff --git a/scripts/clash.sh b/scripts/clash.sh
index 4183e1e..64b1b2c 100644
--- a/scripts/clash.sh
+++ b/scripts/clash.sh
@@ -359,7 +359,7 @@ setport(){
 		elif [ -n "$(echo "|$mix_port|$redir_port|$dns_port|$db_port|" | grep "|$portx|")" ]; then
 			echo -e "\033[31m输入错误！请不要输入重复的端口！\033[0m"
 			inputport
-		elif [ -n "$(netstat -ntul |grep :$portx)" ];then
+		elif [ -n "$(netstat -ntul |grep ":$portx ")" ];then
 			echo -e "\033[31m当前端口已被其他进程占用，请重新输入！\033[0m"
 			inputport
 		else
@@ -376,7 +376,7 @@ setport(){
 	echo -e " 5 修改面板访问端口：	\033[36m$db_port\033[0m"
 	echo -e " 6 设置面板访问密码：	\033[36m$secret\033[0m"
 	echo -e " 7 修改默认端口过滤：	\033[36m$multiport\033[0m"
-	echo -e " 8 指定本机host地址：	\033[36m$host\033[0m"
+	echo -e " 8 自定义本机host地址：	\033[36m$host\033[0m"
 	echo -e " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 	if [ -z "$num" ]; then 
@@ -445,8 +445,8 @@ setport(){
 		setport
 	elif [ "$num" = 8 ]; then
 		echo -----------------------------------------------
-		echo -e "\033[33m此处可以更改脚本内置的局域网设备IP地址\033[0m"
-		echo -e "\033[31m设置后如本机host地址有变动，请务必手动修改！\033[0m"
+		echo -e "\033[33m如果你的局域网网段不是192.168.x或127.16.x或10.x开头，请务必修改！\033[0m"
+		echo -e "\033[31m设置后如本机host地址有变动，请务必重新修改！\033[0m"
 		echo -----------------------------------------------
 		read -p "请输入自定义host地址(输入0移除自定义host) > " host
 		if [ "$host" = "0" ];then
@@ -516,25 +516,18 @@ setdns(){
 		setdns
 		
 	elif [ "$num" = 4 ]; then
-		$clashdir/start.sh webget /tmp/ssl_test https://doh.pub echooff rediron
-		if [ "$?" = "1" ];then
-			echo -----------------------------------------------
-			if openssl version >/dev/null 2>&1;then
-				echo -e "\033[31m当前设备缺少本地根证书，请先安装证书！\033[0m"
-				source $clashdir/getdate.sh
-				setcrt
-			else
-				echo -e "\033[31m当前设备未安装OpenSSL，无法启用加密DNS，Linux系统请自行搜索安装方式！\033[0m"
-			fi
-		else
+		echo -----------------------------------------------
+		if openssl version >/dev/null 2>&1;then
 			dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
 			dns_fallback='tls://1.0.0.1:853, tls://8.8.4.4:853, https://doh.opendns.com/dns-query'
 			setconfig dns_nameserver \'"$dns_nameserver"\'
 			setconfig dns_fallback \'"$dns_fallback"\' 
-			echo -e "\033[32m设置成功！！！\033[0m"
+			echo -e "\033[32m已设置加密DNS，如出现DNS解析问题，请尝试重置DNS配置！\033[0m"
+		else
+			echo -e "\033[31m当前设备未安装OpenSSL，无法启用加密DNS，Linux系统请自行搜索安装方式！\033[0m"
 		fi
 		rm -rf /tmp/ssl_test
-		sleep 1
+		sleep 2
 		setdns
 		
 	elif [ "$num" = 5 ]; then
@@ -790,89 +783,45 @@ macfilter(){
 	fi
 }
 localproxy(){
-	[ -z "$local_proxy" ] && local_proxy='未开启'
-	[ -z "$local_type" ] && local_type='环境变量'
-	[ "$local_proxy" = "已开启" ] && proxy_set='禁用' || proxy_set='启用'
 	[ -w /etc/systemd/system/clash.service -o -w /usr/lib/systemd/system/clash.service -o -x /bin/su ] && local_enh=1
 	[ -f /etc/rc.common -a -w /etc/passwd ] && local_enh=1
 	echo -----------------------------------------------
-	echo -e "\033[33m当前本机代理配置方式为：\033[32m$local_type\033[0m"
-	echo -----------------------------------------------
-	echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
-	echo -e " 2 使用\033[32m环境变量\033[0m方式配置(部分应用可能无法使用)"
-	[ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 3 使用\033[32miptables增强模式\033[0m配置(支持docker)"
-	ckcmd nft && echo -e " 4 使用\033[32mnftables增强模式\033[0m配置(支持docker)"
+	[ -n "$local_enh" ] && {
+		[ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐！)"
+		ckcmd nft && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐！)"
+	}
+	echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐！)"
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
-	read -p "请输入对应数字 > " num
-	if [ -z "$num" ]; then 
-		errornum
-	elif [ "$num" = 0 ]; then
-		i=
-	elif [ "$num" = 1 ]; then
-		echo -----------------------------------------------
-		if [ "$local_proxy" = "未开启" ]; then 
-			if [ -n "$authentication" ] && [ "$authentication" != "未设置" ] ;then
-				echo -e "\033[32m检测到您已经设置了Http/Sock5代理密码，请先取消密码！\033[0m"
-				sleep 1
-				setport
-				localproxy
-			else
-				local_proxy=已开启
-				setconfig local_proxy $local_proxy
-				setconfig local_type $local_type
-				echo -e "\033[32m已经成功使用$local_type方式配置本机代理~\033[0m"
-				if [ "$local_type" = "环境变量" ];then
-					$clashdir/start.sh set_proxy $mix_port $db_port
-					echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m"
-				else
-					echo -e "\033[36m请重新启动clash服务！\033[0m"
-				fi
-				sleep 1
-			fi		
-		else
-			local_proxy=未开启
-			setconfig local_proxy $local_proxy
-			setconfig local_type
-			sed -i '/user shellclash/d' /etc/init.d/clash 2>/dev/null
-			$clashdir/start.sh stop
-			echo -e "\033[33m已经停用本机代理规则并停止clash服务！！\033[0m"
-			[ "$local_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
-		fi
-
-	elif [ "$num" = 2 ]; then
-		local_type="环境变量"
-		local_proxy=已开启
-		setconfig local_proxy $local_proxy
-		setconfig local_type $local_type
-		localproxy
-	elif [ "$num" = 3 ]; then
-		if [ -n "$local_enh" ];then
+	read -p "请选择本机代理方式 > " num
+	case "$num" in
+	1)
 			local_type="iptables增强模式"
 			local_proxy=已开启
-			setconfig local_proxy $local_proxy
-			setconfig local_type $local_type
-			
-		else
-			echo -e "\033[31m当前设备无法使用iptables增强模式！\033[0m"
-		fi
-		sleep 1
-		localproxy
-		
-	elif [ "$num" = 4 ]; then
-		if [ -n "$local_enh" ];then
+	;;
+	2)
 			local_type="nftables增强模式"
 			local_proxy=已开启
-			setconfig local_proxy $local_proxy
-			setconfig local_type $local_type
-		else
-			echo -e "\033[31m当前设备无法使用nftables增强模式！\033[0m"
-		fi
-		sleep 1
-		localproxy
-	else
-		errornum
-	fi	
+	;;	
+	3)
+			if [ -z "$authentication" -o "$authentication" = "未设置" ];then
+				local_type="环境变量"
+				echo -e "\033[33m注意，请重启clash后手动输入以下命令使配置生效\033[0m"
+				echo -e "【\033[32m source /etc/profile > /dev/null \033[0m】"
+				local_proxy=已开启
+			else
+				echo -e "\033[32m检测到您已经设置了Http/Sock5代理密码，请先取消密码！\033[0m"
+				setport
+				localproxy
+			fi
+			sleep 1
+	;;	
+	*)
+			errornum
+	;;
+	esac
+	setconfig local_proxy $local_proxy
+	setconfig local_type $local_type
 }
 setboot(){
 	[ -z "$start_old" ] && start_old=未开启
@@ -888,7 +837,7 @@ setboot(){
 	echo -e " 4 启用小闪存模式:	\033[36m$mini_clash\033[0m	————用于闪存空间不足的设备"
 	[ "$bindir" != "$clashdir" ] && echo -e " 5 设置小闪存目录:	\033[36m$bindir\033[0m"
 	echo -----------------------------------------------
-	echo -e " 0 \033[0m退出脚本\033[0m"
+	echo -e " 0 \033[0m返回上级菜单\033[0m"
 	read -p "请输入对应数字 > " num
 	echo -----------------------------------------------
 	case "$num" in
@@ -975,29 +924,41 @@ setboot(){
 	5)
 		echo -e "\033[33m如设置到内存，则每次开机后都自动重新下载相关文件\033[0m"
 		echo -e "\033[33m请确保安装源可用裸连，否则会导致启动失败\033[0m"
-		echo " 1 使用内存"
+		echo " 1 使用内存(/tmp)"
 		echo " 2 选择U盘目录"
+		echo " 3 自定义目录"
 		read -p "请输入相应数字 > " num
 		case "$num" in 
 		1)
 			bindir="/tmp/clash_$USER"	;;
 		2)
 			set_usb_dir(){
-				$echo "请选择安装目录"
+				echo "请选择安装目录"
 				du -hL /mnt | awk '{print " "NR" "$2"  "$1}'
 				read -p "请输入相应数字 > " num
 				bindir=$(du -hL /mnt | awk '{print $2}' | sed -n "$num"p)
 				if [ -z "$bindir" ];then
-					$echo "\033[31m输入错误！请重新设置！\033[0m"
+					echo "\033[31m输入错误！请重新设置！\033[0m"
 					set_usb_dir
 				fi
 			}
 			set_usb_dir
 		;;
+		3)
+			input_dir(){
+				read -p "请输入自定义目录 > " bindir
+				if [ ! -d "$bindir" ];then
+					echo "\033[31m输入错误！请重新设置！\033[0m"
+					input_dir
+				fi
+			}
+			input_dir
+		;;
 		*)
 			errornum
 		;;
 		esac
+		setconfig bindir $bindir
 		setboot
 	;;
 	*)			
@@ -1181,6 +1142,7 @@ clashcfg(){
 	[ -z "$dns_mod" ] && dns_mod=redir_host
 	[ -z "$dns_over" ] && dns_over=已开启
 	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
+	[ -z "$local_proxy" ] && local_proxy=未开启
 	[ -z "$quic_rj" ] && quic_rj=未开启
 	[ -z "$(cat $clashdir/mac)" ] && mac_return=未开启 || mac_return=已启用
 	#
@@ -1256,7 +1218,15 @@ clashcfg(){
 		clashcfg
 		
 	elif [ "$num" = 6 ]; then	
-		localproxy
+		if [ "$local_proxy" = "未开启" ]; then 
+			localproxy
+		else
+			local_proxy=未开启
+			setconfig local_proxy $local_proxy
+			setconfig local_type
+			sed -i '/user shellclash/d' /etc/init.d/clash 2>/dev/null
+			echo -e "\033[33m已经停用本机代理规则,请尽快重启clash服务！！\033[0m"
+		fi
 		sleep 1
 		clashcfg
 		
@@ -1563,6 +1533,7 @@ tools(){
 	#获取设置默认显示
 	[ -n "$(cat /etc/crontabs/root 2>&1| grep otapredownload)" ] && mi_update=禁用 || mi_update=启用
 	[ "$mi_autoSSH" = "已启用" ] && mi_autoSSH_type=32m已启用 || mi_autoSSH_type=31m未启用
+	[ -f $clashdir/tun.ko ] && mi_tunfix=32m已启用 || mi_tunfix=31m未启用
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用其他工具菜单：\033[0m"
@@ -1577,6 +1548,7 @@ tools(){
 	[ -x /usr/sbin/otapredownload ] && echo -e " 5 \033[33m$mi_update\033[0m小米系统自动更新"
 	[ -f /data/clash/misnap_init.sh ] && echo -e " 6 小米设备软固化SSH ———— \033[$mi_autoSSH_type \033[0m"
 	[ -f /etc/config/ddns -a -d "/etc/ddns" ] && echo -e " 7 配置\033[32mDDNS服务\033[0m(需下载相关脚本)"
+	[ -f /data/clash/misnap_init.sh ] && echo -e " 8 小米设备Tun模块修复 ———— \033[$mi_tunfix \033[0m"
 	echo -----------------------------------------------
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
@@ -1647,6 +1619,35 @@ tools(){
 		setconfig mi_autoSSH $mi_autoSSH
 		setconfig mi_autoSSH_pwd $mi_autoSSH_pwd
 		tools		
+	elif [ "$num" = 8 ]; then
+		if [ -f $clashdir/tun.ko ];then
+			read -p "是否禁用此功能并移除相关补丁？(1/0) > " res
+			[ "$res" = 1 ] && {
+				rm -rf $clashdir/tun.ko
+				echo -e "\033[33m补丁文件已移除，请立即重启设备以防止出错！\033[0m"
+			}
+		elif [ -z "$(modinfo tun)" ];then
+			echo -e "\033[33m本功能需要修改系统文件，可能导致未知的不稳定情况产生！\033[0m"
+			echo -e "\033[33m本功能采集的Tun模块不一定适用于你的设备！\033[0m"
+			read -p "是否继续？(1/0) > " res
+			if [ "$res" = 1 ];then
+				tunfixlink="${update_url}/bin/fix/tun.ko"
+				echo -----------------------------------------------
+				echo 正在连接服务器获取Tun模块补丁文件…………
+				$clashdir/start.sh webget /tmp/tun.ko $tunfixlink
+				if [ "$?" = "0" ];then
+					mv -f /tmp/tun.ko $clashdir && \
+					$clashdir/misnap_init.sh tunfix && \
+					echo -e "\033[32m设置成功！请重启clash服务！\033[0m"
+				else
+					echo -e "\033[31m文件下载失败，请重试！\033[0m"
+				fi
+			fi
+		else
+			echo -e "\033[31m当前设备无需设置，请勿尝试！\033[0m"
+			sleep 1
+		fi
+		tools	
 	else
 		errornum
 	fi
diff --git a/scripts/getdate.sh b/scripts/getdate.sh
index 433cf12..5da1554 100644
--- a/scripts/getdate.sh
+++ b/scripts/getdate.sh
@@ -703,8 +703,8 @@ setcrt(){
 		echo -e "\033[33m用于解决证书校验错误，x509报错等问题\033[0m"
 		echo -e "\033[31m无上述问题的设备请勿使用！\033[0m"
 		echo -----------------------------------------------
-		[ -f "$crtdir" ] && echo -e "\033[33m检测到系统已经安装根证书文件了！\033[0m\n-----------------------------------------------"
-		read -p "确认安装？(1/0) > " res
+		[ -f "$crtdir" ] && echo -e "\033[33m检测到系统已经存在根证书文件($crtdir)了！\033[0m\n-----------------------------------------------"
+		read -p "是否覆盖更新？(1/0) > " res
 
 		if [ -z "$res" ];then
 			errornum
@@ -960,23 +960,7 @@ userguide(){
 			setconfig common_ports "未开启"
 			echo -----------------------------------------------
 			echo -e "\033[36m请选择设置本机代理的方式\033[0m"
-			echo -e " 1 使用\033[32m环境变量\033[0m方式配置(不支持部分应用)"
-			echo -e " 2 使用\033[32miptables增强模式\033[0m配置"
-			echo -e " 3 使用\033[32mnftables增强模式\033[0m配置"
-			echo -e " 0 稍后设置"
-			read -p "请输入对应数字 > " num
-			if [ "$num" = 1 ]; then
-				local_proxy=已开启
-				local_type=环境变量
-			elif [ "$num" = 2 ]; then
-				local_proxy=已开启
-				local_type=iptables增强模式
-			elif [ "$num" = 3 ]; then
-				local_proxy=已开启
-				local_type=nftables增强模式
-			fi
-			setconfig local_proxy $local_proxy
-			setconfig local_type $local_type
+			localproxy
 		elif [ "$num" = 3 ];then
 			mv -f $ccfg.bak $ccfg
 			echo -e "\033[32m脚本设置已还原！\033[0m"
diff --git a/scripts/init.sh b/scripts/init.sh
index c0f2142..f8ac4f2 100644
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -1,7 +1,7 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-version=1.7.1
+version=1.7.3
 
 setdir(){
 	dir_avail(){
diff --git a/scripts/misnap_init.sh b/scripts/misnap_init.sh
index df2ddaa..e643a2a 100644
--- a/scripts/misnap_init.sh
+++ b/scripts/misnap_init.sh
@@ -6,18 +6,12 @@ profile=/etc/profile
 
 tunfix(){
 	#在/tmp创建并挂载overlay
-	[ -e /tmp/overlay ] || mkdir /tmp/overlay
-	[ -e /tmp/overlay/upper ] || mkdir /tmp/overlay/upper
-	[ -e /tmp/overlay/work ] || mkdir /tmp/overlay/work
-	mount --bind /tmp/overlay /overlay
-	. /lib/functions/preinit.sh
-	fopivot /overlay/upper /overlay/work /rom 1
-	#Fixup miwifi misc, and DO NOT use /overlay/upper/etc instead, /etc/uci-defaults/* may be already removed
-	mount -o noatime,move /rom/data /data 2>&-
-	mount -o noatime,move /rom/etc /etc 2>&-
-	mount -o noatime,move /rom/userdisk /userdisk 2>&-
+	mkdir -p /tmp/overlay
+	mkdir -p /tmp/overlay/upper
+	mkdir -p /tmp/overlay/work
+	mount -o noatime,lowerdir=/lib/modules/4.4.198,upperdir=/tmp/overlay/upper,workdir=/tmp/overlay/work -t overlay "overlay_mods_only" /lib/modules/4.4.198
 	#将tun.ko链接到lib
-	ln -s $clashdir/tun.ko /overlay/upper/lib/modules/4.4.198/tun.ko
+	ln -s $clashdir/tun.ko /lib/modules/4.4.198/tun.ko
 }
 init(){
 	#初始化环境变量
@@ -36,7 +30,7 @@ init(){
 			[ -n "$(grep 'init complete' $log_file)" ] && i=10 || i=$((i + 1))
 		done
 		#AX6S/AX6000修复tun功能
-		[ -f $clashdir/tun.ko -a ! -f /lib/modules/4.4.198/tun.ko ] && tunfix
+		[ -f $clashdir/tun.ko -a ! -f /lib/modules/4.4.198/tun.ko ] && tunfix && sleep 10
 		#
 		/etc/init.d/clash start
 		/etc/init.d/clash enable
diff --git a/scripts/start.sh b/scripts/start.sh
index c59fc79..76a7f91 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -204,14 +204,14 @@ EOF`
 		else
 			if [ "$retry" -ge 4 ];then
 				logger "无法获取配置文件，请检查链接格式以及网络连接状态！" 31
+				echo -e "\033[32m你也可以尝试使用浏览器下载配置文件后，使用WinSCP手动上传到/tmp目录！\033[0m"
 				exit 1
 			elif [ "$retry" = 3 ];then
 				retry=4
-				logger "配置文件获取失败！最后尝试使用http备用服务器获取！" 31
-				echo -e "\033[32m如担心安全性，请在5s内使用【ctrl+c】退出！\033[0m"
+				logger "配置文件获取失败！将尝试使用http协议备用服务器获取！" 31
+				echo -e "\033[32m如担心数据安全，请在5s内使用【ctrl+c】退出！\033[0m"
 				sleep 5
 				server_link=6
-				setconfig server_link 6
 				Https=""
 				getyaml
 			else
@@ -517,7 +517,8 @@ start_redir(){
 			iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
 		done
 		iptables -t nat -A clash -p tcp -s 192.168.0.0/16 -j REDIRECT --to-ports $redir_port
-		iptables -t nat -A clash -p tcp -s 10.0.0.0/8 -j REDIRECT --to-ports $redir_port
+		iptables -t nat -A clash -p tcp -s 10.0.0.0/12 -j REDIRECT --to-ports $redir_port
+		iptables -t nat -A clash -p tcp -s 172.16.0.0/12 -j REDIRECT --to-ports $redir_port
 		[ -n "$host_lan" ] && iptables -t nat -A clash -p tcp -s $host_lan -j REDIRECT --to-ports $redir_port
 	fi
 	#将PREROUTING链指向clash链
@@ -624,7 +625,8 @@ start_tproxy(){
 				iptables -t mangle -A clash -m mac --mac-source $mac -j RETURN
 			done
 			iptables -t mangle -A clash -p $1 -s 192.168.0.0/16 -j TPROXY --on-port $tproxy_port --tproxy-mark 1
-			iptables -t mangle -A clash -p $1 -s 10.0.0.0/8 -j TPROXY --on-port $tproxy_port --tproxy-mark 1
+			iptables -t mangle -A clash -p $1 -s 10.0.0.0/12 -j TPROXY --on-port $tproxy_port --tproxy-mark 1
+			iptables -t mangle -A clash -p $1 -s 172.16.0.0/12 -j TPROXY --on-port $tproxy_port --tproxy-mark 1
 			[ -n "$host_lan" ] && iptables -t mangle -A clash -p $1 -s $host_lan -j TPROXY --on-port $tproxy_port --tproxy-mark 1
 		fi
 		iptables -t mangle -A PREROUTING -p $1 $ports -j clash
@@ -724,7 +726,7 @@ start_tun(){
 		fi
 		modprobe xt_mark &> /dev/null && {
 			i=1
-			while [ -z "$(ip route list |grep utun)" -a "$i" -le 9 ];do
+			while [ -z "$(ip route list |grep utun)" -a "$i" -le 29 ];do
 				sleep 1
 				i=$((i+1))
 			done
@@ -758,7 +760,8 @@ start_tun(){
 					iptables -t mangle -A clash -m mac --mac-source $mac -j RETURN
 				done
 				iptables -t mangle -A clash -s 192.168.0.0/16 -j MARK --set-mark 1	
-				iptables -t mangle -A clash -s 10.0.0.0/8 -j MARK --set-mark 1	
+				iptables -t mangle -A clash -s 10.0.0.0/12 -j MARK --set-mark 1	
+				iptables -t mangle -A clash -s 172.16.0.0/12 -j MARK --set-mark 1	
 				[ -n "$host_lan" ] && iptables -t mangle -A clash -s $host_lan -j MARK --set-mark 1	
 			fi
 			iptables -t mangle -A PREROUTING -p udp $ports -j clash
@@ -1234,12 +1237,14 @@ afstart(){
 			start_nft
 		}
 		#设置本机代理
-		[ "$local_proxy" = "已开启" ] && [ "$local_type" = "环境变量" ] && $0 set_proxy $mix_port $db_port
-		[ "$local_proxy" = "已开启" ] && [ "$local_type" = "iptables增强模式" ] && start_output
-		[ "$local_proxy" = "已开启" ] && [ "$local_type" = "nftables增强模式" ] && [ "$redir_mod" = "纯净模式" ] && start_nft
+		[ "$local_proxy" = "已开启" ] && {
+			[ "$local_type" = "环境变量" ] && $0 set_proxy $mix_port $db_port
+			[ "$local_type" = "iptables增强模式" ] && start_output
+			[ "$local_type" = "nftables增强模式" ] && [ "$redir_mod" = "纯净模式" ] && start_nft
+		}
 		ckcmd iptables && start_wan
 		#同步本机时间
-		ckcmd ntpd && ntpd -n -q -p 203.107.6.88
+		ckcmd ntpd && ntpd -n -q -p 203.107.6.88 &
 		#标记启动时间
 		mark_time
 		#加载定时任务