v1.5.2

~增加DDNS脚本
~优化安装脚本
~SSH公网访问功能增加ipv6支持
~优化Geosite自动下载检测机制
~尝试屏蔽OpenWrt自带53端口劫持
~代码优化及bug修复

install.sh

@@ -28,7 +28,7 @@ webget(){
 		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
 		[ -z "$4" ] && redirect='-L' || redirect=''
 		result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
-		[ -z $(echo $result | grep -e ^2) && result="200"
+		[ -n "$(echo $result | grep -e ^2)" ] && result="200"
 	else
 		if wget --version > /dev/null 2>&1;then
 			[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
@@ -44,7 +44,6 @@ webget(){
 }
 #检查更新
 [ -z "$url" ] && url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
-#选择版本
 echo -----------------------------------------------
 $echo "\033[33m请选择想要安装的版本：\033[0m"	
 $echo " 1 \033[32mShellclash正式版\033[0m"
@@ -52,8 +51,7 @@ $echo " 2 \033[31mShellclash测试版\033[0m"
 echo -----------------------------------------------
 read -p "请输入相应数字 > " num
 if [ -z $num ];then
-	echo 安装已取消
-	exit 1;
+	echo 安装已取消！ && exit 1;
 elif [ "$num" = "1" ];then
 	webget /tmp/clashrelease $url/bin/release_version echoon rediroff 2>/tmp/clashrelease
 	if [ "$result" = "200" ];then

scripts/clash.sh

@@ -1096,6 +1096,10 @@ streaming(){
 }
 tools(){
 	ssh_tools(){
+		stop_iptables(){
+			iptables -t nat -D PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 >/dev/null 2>&1
+			ip6tables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 >/dev/null 2>&1
+		}
 		[ -n "$(cat /etc/firewall.user 2>1 | grep '启用外网访问SSH服务')" ] && ssh_ol=禁止 || ssh_ol=开启
 		[ -z "$ssh_port" ] && ssh_port=10022
 		echo -----------------------------------------------
@@ -1125,6 +1129,7 @@ tools(){
 						ssh_port=$num
 						setconfig ssh_port $ssh_port
 						sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+						stop_iptables
 						echo -e "\033[32m设置成功，请重新开启外网访问SSH功能！！！\033[0m"
 					fi
 				sleep 1
@@ -1138,11 +1143,14 @@ tools(){
 			elif [ "$num" = 3 ]; then	 
 				if [ "$ssh_ol" = "开启" ];then
 					iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22
+					[ -n "$(command -v ip6tables)" ] && ip6tables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22
 					echo "iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >> /etc/firewall.user
+					[ -n "$(command -v ip6tables)" ] && echo "ip6tables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >> /etc/firewall.user
 					echo -----------------------------------------------
 					echo -e "已开启外网访问SSH功能！"
 				else
 					sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+					stop_iptables
 					echo -----------------------------------------------
 					echo -e "已禁止外网访问SSH！"
 				fi

scripts/getdate.sh

@@ -975,7 +975,7 @@ userguide(){
 		[ "$res" = 1 ] && checkupdate && getcrt
 	fi
 	#设置加密DNS
-	$clashdir/start.sh webget /tmp/ssl_test https://www.baidu.com echooff rediron skipceroff
+	$clashdir/start.sh webget /tmp/ssl_test https://doh.pub echooff rediron skipceroff
 	if [ "$?" = "0" ];then
 		dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
 		dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query'

scripts/start.sh

@@ -13,23 +13,16 @@ getconfig(){
 	#默认设置
 	[ -z "$bindir" ] && bindir=$clashdir
 	[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod=Redir模式
-	[ -z "$redir_mod" ] && redir_mod=Redir模式
+	[ -z "$redir_mod" ] && redir_mod=纯净模式
 	[ -z "$skip_cert" ] && skip_cert=已开启
 	[ -z "$common_ports" ] && common_ports=已开启
 	[ -z "$dns_mod" ] && dns_mod=redir_host
-	[ -z "$dns_over" ] && dns_over=已开启
-	[ -z "$modify_yaml" ] && modify_yaml=未开启
 	[ -z "$ipv6_support" ] && ipv6_support=未开启
 	[ -z "$ipv6_dns" ] && ipv6_dns=$ipv6_support
-	[ -z "$start_old" ] && start_old=未开启
-	[ -z "$local_proxy" ] && local_proxy=未开启
 	[ -z "$mix_port" ] && mix_port=7890
 	[ -z "$redir_port" ] && redir_port=7892
 	[ -z "$db_port" ] && db_port=9999
 	[ -z "$dns_port" ] && dns_port=1053
-	[ -z "$dns_redir" ] && dns_redir=未开启
-	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
-	[ -z "$public_support" ] && public_support=未开启
 	[ -z "$stearming_int" ] && stearming_int=24
 	[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
 	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
@@ -429,6 +422,11 @@ start_dns(){
 		ip6tables -I INPUT -p tcp --dport 53 -j REJECT > /dev/null 2>&1
 		ip6tables -I INPUT -p udp --dport 53 -j REJECT > /dev/null 2>&1
 	fi
+	#屏蔽OpenWrt内置53端口转发
+	iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
+	ip6tables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null
+	ip6tables -t nat -D PREROUTING -p tcp --dport 53 -j REDIRECT --to-ports 53 2> /dev/null	
 }
 start_udp(){
 	ip rule add fwmark 1 table 100
@@ -653,15 +651,6 @@ bfstart(){
 			setconfig Geo_v $Geo_v
 		fi
 	fi
-	# if [ "$clashcore" = "clash.meta" -a ! -f $bindir/geosite.dat ];then
-		# if [ -f $clashdir/geosite.dat ];then
-			# mv $clashdir/geosite.dat $bindir/geosite.dat
-		# else
-			# logger "未找到geosite数据库，正在下载！" 33
-			# $0 webget $bindir/geosite.dat $update_url/bin/geosite.dat
-			# [ "$?" = "1" ] && rm -rf $bindir/geosite.dat && logger "数据库下载失败，已退出！" 31 && exit 1
-		# fi
-	# fi
 	#检查dashboard文件
 	if [ -f $clashdir/ui/index.html -a ! -f $bindir/ui/index.html ];then
 		cp -rf $clashdir/ui $bindir
@@ -683,6 +672,16 @@ bfstart(){
 			exit 1
 		fi
 	fi
+	#预下载Geosite数据库
+	if [ "$clashcore" = "clash.meta" ] && [ ! -f $bindir/geosite.dat ] && [ -n "$(cat $clashdir/config.yaml|grep -Ei 'geosite')" ];then
+		if [ -f $clashdir/geosite.dat ];then
+			mv $clashdir/geosite.dat $bindir/geosite.dat
+		else
+			logger "未找到geosite数据库，正在下载！" 33
+			$0 webget $bindir/geosite.dat $update_url/bin/geosite.dat
+			[ "$?" = "1" ] && rm -rf $bindir/geosite.dat && logger "数据库下载失败，已退出！" 31 && exit 1
+		fi
+	fi
 	#本机代理准备
 	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
 		if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
@@ -770,8 +769,6 @@ start)
 		#检测必须文件并下载
 		bfstart
 		stop_iptables #清理iptables
-		#使用内置规则强行覆盖config配置文件
-		[ "$modify_yaml" != "已开启" ] && modify_yaml
 		#使用不同方式启动clash服务
 		if [ "$start_old" = "已开启" ];then
 			start_old