diff --git a/scripts/init.sh b/scripts/init.sh
index 558a9660..d5535529 100644
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -102,7 +102,7 @@ grep -q 'firewall_mod' "$CRASHDIR/configs/ShellClash.cfg" 2>/dev/null || {
 #设置更新地址
 [ -n "$url" ] && setconfig update_url $url
 #设置环境变量
-[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+[ -w /opt/etc/profile ] && [ "$systype" = "Padavan" ] && profile=/opt/etc/profile
 [ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
 [ -z "$profile" ] && profile=/etc/profile
 if [ -n "$profile" ]; then
diff --git a/scripts/libs/set_proxy.sh b/scripts/libs/set_proxy.sh
index 3f3400cf..c5e0c8ff 100644
--- a/scripts/libs/set_proxy.sh
+++ b/scripts/libs/set_proxy.sh
@@ -3,6 +3,7 @@ setproxy(){
 	[ -n "$(pidof CrashCore)" ] && {
 		[ -n "$authentication" ] && auth="$authentication@" || auth=""
 		[ -z "$mix_port" ] && mix_port=7890
-		export all_proxy="http://${auth}127.0.0.1:$mix_port"
+		export https_proxy="http://${auth}127.0.0.1:$mix_port"
+		export http_proxy="http://${auth}127.0.0.1:$mix_port"
 	}
 }
\ No newline at end of file
diff --git a/scripts/libs/web_get.sh b/scripts/libs/web_get.sh
index 949fd6d9..261a91ee 100644
--- a/scripts/libs/web_get.sh
+++ b/scripts/libs/web_get.sh
@@ -32,7 +32,8 @@ webget(){
 			result=$(curl $agent -w '%{http_code}' --connect-timeout 3 $progress $redirect $certificate -o "$1" "$url")
 		fi
 		[ "$result" = "200" ] && return 0 #成功则退出否则重试
-		export all_proxy=""
+		export https_proxy=""
+		export http_proxy=""
 		result=$(curl $agent -w '%{http_code}' --connect-timeout 5 $progress $redirect $certificate -o "$1" "$2")
 		[ "$result" = "200" ]
 		return $?
diff --git a/scripts/libs/web_save.sh b/scripts/libs/web_save.sh
index b9f75c88..23cecb35 100644
--- a/scripts/libs/web_save.sh
+++ b/scripts/libs/web_save.sh
@@ -20,11 +20,13 @@ web_save() { #最小化保存面板节点选择
         }
     done <"$TMPDIR"/web_proxies
     rm -rf "$TMPDIR"/web_proxies
-    #对比文件，如果有变动且不为空则写入磁盘，否则清除缓存
-    for file in web_save web_configs; do
-        if [ -s "$TMPDIR"/${file} ]; then
-            . "$CRASHDIR"/libs/compare.sh && compare "$TMPDIR"/${file} "$CRASHDIR"/configs/${file}
-            [ "$?" = 0 ] && rm -rf "$TMPDIR"/${file} || mv -f "$TMPDIR"/${file} "$CRASHDIR"/configs/${file}
+    #对比文件，如果有变动则写入磁盘，否则清除缓存
+    for file in web_save; do
+        if [ -s "$TMPDIR/$file" ]; then
+            . "$CRASHDIR"/libs/compare.sh && compare "$TMPDIR/$file" "$CRASHDIR/configs/$file"
+            [ "$?" = 0 ] && rm -f "$TMPDIR/$file" || mv -f "$TMPDIR/$file" "$CRASHDIR/configs/$file"
+		else
+			rm -f "$CRASHDIR/configs/$file" #空文件时移除旧文件
         fi
     done
 }
diff --git a/scripts/start.sh b/scripts/start.sh
index 3e7142fb..22895a9e 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -37,6 +37,7 @@ case "$1" in
 start)
     [ -n "$(pidof CrashCore)" ] && $0 stop #禁止多实例
     stop_firewall                          #清理路由策略
+	rm -f "CRASHDIR"/.start_error #移除自启失败标记
     #使用不同方式启动服务
 	if [ "$firewall_area" = "5" ]; then #主旁转发
         . "$CRASHDIR"/starts/fw_start.sh
diff --git a/scripts/starts/bfstart.sh b/scripts/starts/bfstart.sh
index 294e1418..3882f88a 100644
--- a/scripts/starts/bfstart.sh
+++ b/scripts/starts/bfstart.sh
@@ -6,6 +6,9 @@
 . "$CRASHDIR"/libs/get_config.sh
 [ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && . "$CRASHDIR"/init.sh >/dev/null 2>&1
 [ ! -f "$TMPDIR" ] && mkdir -p "$TMPDIR"
+
+#当上次启动失败时终止自启动
+[ -f "CRASHDIR"/.start_error ] && exit 1
 #加载工具
 . "$CRASHDIR"/libs/check_cmd.sh
 . "$CRASHDIR"/libs/check_target.sh
@@ -18,6 +21,7 @@
 [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
 [ -z "$dns_mod" ] && dns_mod='redir_host'
 [ -z "$redir_mod" ] && firewall_area='4'
+routing_mark=$((fwmark + 2))
 
 makehtml() { #生成面板跳转文件
     cat >"$BINDIR"/ui/index.html <<EOF
@@ -69,7 +73,7 @@ EOF
     [ "$?" = 0 ] && rm -rf "$TMPDIR"/shellcrash_pac || mv -f "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
 }
 
-routing_mark=$((fwmark + 2))
+
 #检测网络连接
 [ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
 [ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
@@ -99,7 +103,7 @@ if echo "$crashcore" | grep -q 'singbox'; then
 	if [ "$disoverride" != "1" ];then
 		. "$CRASHDIR"/starts/singbox_modify.sh && modify_json
 	else
-		ln -sf "$core_config" "$TMPDIR"/config.json
+		ln -sf "$core_config" "$TMPDIR"/configs/config.json
 	fi
 else
 	. "$CRASHDIR"/starts/clash_check.sh && clash_check
diff --git a/scripts/starts/fw_getlanip.sh b/scripts/starts/fw_getlanip.sh
index 4440ff91..8227608c 100644
--- a/scripts/starts/fw_getlanip.sh
+++ b/scripts/starts/fw_getlanip.sh
@@ -2,8 +2,8 @@
 getlanip() { #获取局域网host地址
     i=1
     while [ "$i" -le "20" ]; do
-        host_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -Ev 'utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/[[:space:]]br.*$//g' | sed 's/metric.*$//g') #ipv4局域网网段
-        [ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')                                                                                                                                #ipv6公网地址段
+        host_ipv4=$(ip route show  scope link | grep -Ev 'wan|utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | grep -E ' 1(92|0|72)\.' | awk '{print $1}') #ipv4局域网网段
+        [ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip -6 route show | grep 'default' | awk '{print $3}')                                                                                                                                #ipv6公网地址段
         [ -f "$TMPDIR"/ShellCrash.log ] && break
         [ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
         [ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
diff --git a/scripts/starts/fw_iptables.sh b/scripts/starts/fw_iptables.sh
index 5e0b4681..8105bb7a 100644
--- a/scripts/starts/fw_iptables.sh
+++ b/scripts/starts/fw_iptables.sh
@@ -1,6 +1,9 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
+ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
+ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
+	
 start_ipt_route() { #iptables-route通用工具
     #$1:iptables/ip6tables	$2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING)	$4:新创建的shellcrash链表	$5:tcp/udp/all
     #区分ipv4/ipv6
@@ -28,7 +31,10 @@ start_ipt_route() { #iptables-route通用工具
         "$1" $w -t "$2" -A "$4" -m owner --gid-owner $gid -j RETURN
     done
     [ "$firewall_area" = 5 ] && "$1" $w -t "$2" -A "$4" -s $bypass_host -j RETURN
-    [ -z "$ports" ] && "$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
+    [ -z "$ports" ] && {
+		"$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
+		"$1" $w -t "$2" -A "$4" -p udp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
+	}
     #跳过目标保留地址及目标本机网段
     for ip in $HOST_IP $RESERVED_IP; do
         "$1" $w -t "$2" -A "$4" -d $ip -j RETURN
@@ -130,8 +136,6 @@ start_ipt_dns() { #iptables-dns通用工具
     "$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3"
 }
 start_ipt_wan() { #iptables公网防火墙
-	ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
-	ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
 	ipt_wan_accept(){
 		$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
 		ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
@@ -141,7 +145,7 @@ start_ipt_wan() { #iptables公网防火墙
 		ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
 	}
 	#端口拦截
-	reject_ports="$mix_port,$db_port,$dns_port"
+	reject_ports="$mix_port,$db_port"
 	ipt_wan_reject tcp
 	ipt_wan_reject udp
 	#端口放行
diff --git a/scripts/starts/fw_nftables.sh b/scripts/starts/fw_nftables.sh
index 53a9bf53..a7d0b52e 100644
--- a/scripts/starts/fw_nftables.sh
+++ b/scripts/starts/fw_nftables.sh
@@ -146,7 +146,7 @@ start_nft_wan() { #nftables公网防火墙
 		nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
 	}
 	#端口拦截
-	reject_ports="{ $mix_port, $db_port, $dns_port }"
+	reject_ports="{ $mix_port, $db_port }"
 	nft add rule inet shellcrash input ip saddr {$HOST_IP} accept
 	nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
 	nft add rule inet shellcrash input tcp dport $reject_ports reject
diff --git a/scripts/starts/fw_stop.sh b/scripts/starts/fw_stop.sh
index 154e40fa..9a6d398d 100644
--- a/scripts/starts/fw_stop.sh
+++ b/scripts/starts/fw_stop.sh
@@ -55,8 +55,8 @@ ckcmd iptables && {
 	done
 	$iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
 	$iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
-	$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
-	$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
+	$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
+	$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
 	#清理shellcrash自建表
 	for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
 		$iptable -t nat -F "$text" 2>/dev/null
@@ -105,8 +105,8 @@ ckcmd ip6tables && {
 	done
 	$ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
 	$ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
-	$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
-	$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port,$dns_port" -j REJECT 2>/dev/null
+	$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
+	$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
 	#清理shellcrash自建表
 	for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
 		$ip6table -t nat -F "$text" 2>/dev/null
diff --git a/scripts/starts/start_error.sh b/scripts/starts/start_error.sh
index 39e807c7..4afc30c1 100644
--- a/scripts/starts/start_error.sh
+++ b/scripts/starts/start_error.sh
@@ -7,6 +7,7 @@ else
 	sleep 2
 	kill $! >/dev/null 2>&1
 fi
-error=$(cat $TMPDIR/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
+touch "CRASHDIR"/.start_error #标记启动失败，防止自启
+error=$(cat "$TMPDIR"/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
 logger "服务启动失败！请查看报错信息！详细信息请查看$TMPDIR/core_test.log" 33
 logger "$error" 31