~优化dns菜单，移除fake-ip模式，并将部分原进阶选项移动至dns主菜单

~优化tg-bot绑定流程，增加循环检测对话ID机制
~优化tg-bot启动逻辑，现在不会随着内核服务重启而重启进而导致死循环
~优化公网防火墙功能，增加一键清空功能，增加vmess和ss端口的额外显示
~优化vmess和ss的界面逻辑，增加vmess一键生成时的混淆host输入
~修复因为未选择ss加密类型而导致启动失败的bug
~修复小米/网件镜像化设备重启后服务丢失的bug
~修复因为切换vmess和ss端口导致公网防火墙启动报错的bug
~修复6-5设置定时任务报错的bug

scripts/init.sh

@@ -225,5 +225,6 @@ sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" "$CFG_PATH"
 sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
 sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
 sed -i "s/redir_mod=纯净模式/firewall_area=4/g" "$CFG_PATH"
+sed -i "s/hosts_opt=未启用/hosts_opt=OFF/g" "$CFG_PATH"
 
 echo -e "\033[32m脚本初始化完成,请输入\033[30;47m $my_alias \033[0;33m命令开始使用！\033[0m"

scripts/libs/web_get_bin.sh

@@ -7,12 +7,12 @@ get_bin() { #专用于项目内部文件的下载
         echo "$2" | grep -q '^bin/' && rt=update #/bin文件改为在update分支下载
         echo "$2" | grep -qE '^public/|^rules/' && rt=dev #/public和/rules文件改为在dev分支下载    
         if [ "$url_id" = 101 -o "$url_id" = 104 ]; then
-            url="$(grep "$url_id" "$CRASHDIR"/configs/servers.list | awk '{print $3}')@$rt/$2" #jsdelivr特殊处理
+            bin_url="$(grep "$url_id" "$CRASHDIR"/configs/servers.list | awk '{print $3}')@$rt/$2" #jsdelivr特殊处理
         else
-            url="$(grep "$url_id" "$CRASHDIR"/configs/servers.list | awk '{print $3}')/$rt/$2"
+            bin_url="$(grep "$url_id" "$CRASHDIR"/configs/servers.list | awk '{print $3}')/$rt/$2"
         fi
     else
-        url="$update_url/$2"
+        bin_url="$update_url/$2"
     fi
-    webget "$1" "$url" "$3" "$4" "$5" "$6"
+    webget "$1" "$bin_url" "$3" "$4" "$5" "$6"
 }

scripts/menu.sh

@@ -186,7 +186,8 @@ main_menu() {
         main_menu
 	;;
     3)
-        "$CRASHDIR"/start.sh stop
+        [ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_stop
+		"$CRASHDIR"/start.sh stop
         sleep 1
         echo "-----------------------------------------------"
         echo -e "\033[31m$corename服务已停止！\033[0m"

scripts/menus/1_start.sh

@@ -29,7 +29,11 @@ start_core() {
         "$CRASHDIR"/start.sh start
         #设置循环检测以判定服务启动是否成功
 		. "$CRASHDIR"/libs/start_wait.sh
-        [ -n "$test" -o -n "$(pidof CrashCore)" ] && startover
+        [ -n "$test" -o -n "$(pidof CrashCore)" ] && {
+			#启动TG机器人
+			[ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_start
+			startover
+		}
     else
         echo -e "\033[31m没有找到${crashcore}配置文件，请先导入配置文件！\033[0m"
         . "$CRASHDIR"/webget.sh && set_core_config

scripts/menus/2_settings.sh

@@ -288,7 +288,6 @@ set_fw_filter(){ #流量过滤
     echo -e " 1 过滤非常用端口： 	\033[36m$common_ports\033[0m   ————用于过滤P2P流量"
     echo -e " 2 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑/白名单进行过滤"
     echo -e " 3 过滤QUIC协议:	\033[36m$quic_rj\033[0m   ————优化视频性能"
-    [ "$dns_mod" != "fake-ip" ] &&
     echo -e " 4 过滤CN_IP(6)列表:	\033[36m$cn_ip_route\033[0m   ————优化性能，不兼容Fake-ip"
 	echo -e " 5 自定义透明路由ipv4网段:	适合vlan等复杂网络环境"
 	echo -e " 6 自定义保留地址ipv4网段:	需要以保留地址为访问目标的环境"
@@ -303,7 +302,7 @@ set_fw_filter(){ #流量过滤
         set_common_ports() {
             if [ "$common_ports" = "未开启" ]; then
                 echo -e "\033[33m当前代理端口为：【$multiport】\033[0m"
-                echo -e "\033[31m注意，fake-ip模式下，非常用端口的域名连接将不受影响！！\033[0m"
+                echo -e "\033[31m注意，MIX模式下，非常用端口的域名连接将不受影响！！\033[0m"
                 read -p "是否修改默认端口？(1/0) > " res
                 [ "$res" = "1" ] && {
                     read -p "请输入自定义端口,注意用小写逗号分隔 > " text

scripts/menus/6_core_config.sh

@@ -1095,7 +1095,7 @@ set_core_config(){ #配置文件功能
 		exit
 	;;
 	5)
-		. ${CRASHDIR}/task/task.sh && task_menu
+		. ${CRASHDIR}/menus/task.sh && task_menu
 		set_core_config
 	;;
 	6)

scripts/menus/7_gateway.sh

@@ -70,12 +70,15 @@ set_fw_wan() {
 	echo "-----------------------------------------------"
 	echo -e "\033[31m注意：\033[0m如在vps运行，还需在vps安全策略对相关端口同时放行"
 	[ -n "$fw_wan_ports" ] && 
-	echo -e "当前放行端口：\033[36m$fw_wan_ports\033[0m"
+	echo -e "当前手动放行端口：\033[36m$fw_wan_ports\033[0m"
+	[ -n "$vms_port$sss_port" ] && 
+	echo -e "当前自动放行端口：\033[36m$vms_port $sss_port\033[0m"
 	echo -e "默认拦截端口：\033[33m$dns_port,$mix_port,$db_port\033[0m"
 	echo "-----------------------------------------------"
 	echo -e " 1 启用/关闭公网防火墙:	\033[36m$fw_wan\033[0m"
 	echo -e " 2 添加放行端口(可包含默认拦截端口)"
-	echo -e " 3 移除指定放行端口"
+	echo -e " 3 移除指定手动放行端口"
+	echo -e " 4 清空全部手动放行端口"
 	echo -e " 0 返回上级菜单"
 	echo "-----------------------------------------------"
 	read -p "请输入对应数字 > " num
@@ -122,10 +125,16 @@ set_fw_wan() {
 		fi
 		sleep 1
 		set_fw_wan
-		;;
+	;;
+	4)
+		fw_wan_ports=''
+		setconfig fw_wan_ports
+		sleep 1
+		set_fw_wan
+	;;
 	*)
 		errornum
-		;;
+	;;
 	esac
 }
 #tg_BOT相关
@@ -221,19 +230,24 @@ set_vmess(){
 	echo -e " 4 设置\033[36m秘钥-uuid\033[0m：	\033[36m$vms_uuid\033[0m"
 	echo -e " 5 一键生成\033[32m随机秘钥\033[0m"
 	gen_base64 1 >/dev/null 2>&1 &&
-	echo -e " 6 一键生成分享链接"
+	echo -e " 6 一键生成\033[36m分享链接\033[0m"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo "-----------------------------------------------"
 	read -p "请输入对应数字 > " num
 	case "$num" in
 	0) ;;
 	1)
-		if [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
+		if [ "$vms_service" = ON ];then
-			[ "$vms_service" = ON ] && vms_service=OFF || vms_service=ON
+			vms_service=OFF
 			setconfig vms_service "$vms_service"
 		else
-			echo -e "\033[31m请先完成必选设置！\033[0m"
+			if [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
-			sleep 1
+				vms_service=OFF
+				setconfig vms_service "$vms_service"
+			else
+				echo -e "\033[31m请先完成必选设置！\033[0m"
+				sleep 1
+			fi
 		fi
 		set_vmess
 	;;
@@ -245,8 +259,6 @@ set_vmess(){
 		elif check_port "$text"; then
 			vms_port="$text"
 			setconfig vms_port "$text" "$GT_CFG_PATH"
-			fw_wan_ports=$(echo "$fw_wan_ports,$vms_port" | sed "s/^,//")
-			setconfig fw_wan_ports "$fw_wan_ports"
 		else
 			sleep 1
 		fi
@@ -288,6 +300,7 @@ set_vmess(){
 	;;
 	6)
 		read -p "请输入本机公网IP(4/6)或域名 > " host_wan
+		read -p "请输入免流混淆host(可选) > " vms_host
 		if [ -n "$host_wan" ] && [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
 			[ -n "$vms_ws_path" ] && vms_net=ws
 			vms_json=$(cat <<EOF
@@ -300,7 +313,8 @@ set_vmess(){
   "aid": "0",
   "type": "auto",
   "net": "$vms_net",
-  "path": "$vms_ws_path"
+  "path": "$vms_ws_path",
+  "host": "$vms_host"
 }
 EOF
 )
@@ -317,7 +331,6 @@ EOF
 	esac		
 }
 set_shadowsocks(){
-	[ -z "$sss_cipher" ] && sss_cipher='xchacha20-ietf-poly1305'
 	echo "-----------------------------------------------"
 	echo -e "\033[31m注意：\033[0m设置的端口会添加到公网访问防火墙并自动放行！\n      脚本只提供基础功能，更多需求请用自定义配置文件功能！"
 	echo "-----------------------------------------------"
@@ -334,12 +347,17 @@ set_shadowsocks(){
 	case "$num" in
 	0) ;;
 	1)
-		if [ -n "$sss_port" ] && [ -n "$sss_pwd" ];then
+		if [ "$sss_service" = ON ];then
-			[ "$sss_service" = ON ] && sss_service=OFF || sss_service=ON
+			sss_service=OFF
 			setconfig sss_service "$sss_service"
 		else
-			echo -e "\033[31m请先完成必选设置！\033[0m"
+			if [ -n "$sss_port" ] && [ -n "$sss_cipher" ] && [ -n "$sss_pwd" ];then
-			sleep 1
+				sss_service=OFF
+				setconfig sss_service "$sss_service"
+			else
+				echo -e "\033[31m请先完成必选设置！\033[0m"
+				sleep 1
+			fi
 		fi
 		set_shadowsocks
 	;;
@@ -351,8 +369,6 @@ set_shadowsocks(){
 		elif check_port "$text"; then
 			sss_port="$text"
 			setconfig sss_port "$text" "$GT_CFG_PATH"
-			fw_wan_ports=$(echo "$fw_wan_ports,$sss_port" | sed "s/^,//")
-			setconfig fw_wan_ports "$fw_wan_ports"
 		else
 			sleep 1
 		fi
@@ -416,15 +432,14 @@ set_shadowsocks(){
 			sleep 1
 		else
 			read -p "请输入秘钥(输入0删除) > " text
-			[ "$text" = 0 ] && unset sss_pwd
+			[ "$text" = 0 ] && sss_pwd='' || sss_pwd="$text"
-			sss_pwd="$text"
 			setconfig sss_pwd "$text" "$GT_CFG_PATH"
 		fi
 		set_shadowsocks
 	;;
 	5)
 		read -p "请输入本机公网IP(4/6)或域名 > " text
-		if [ -n "$text" ] && [ -n "$sss_port" ] && [ -n "$sss_pwd" ];then
+		if [ -n "$text" ] && [ -n "$sss_port" ] && [ -n "$sss_cipher" ] && [ -n "$sss_pwd" ];then
 			ss_link="ss://$(gen_base64 "$sss_cipher":"$sss_pwd")@${text}:${sss_port}#ShellCrash_ss_in"
 			echo "-----------------------------------------------"
 			echo -e "你的分享链接是(请勿随意分享给他人):\n\033[32m$ss_link\033[0m"

scripts/menus/9_upgrade.sh

@@ -202,7 +202,7 @@ switch_core(){ #clash与singbox内核切换
 	#singbox和clash内核切换时提示是否保留文件
 	[ "$core_new" != "$core_old" ] && {
 		[ "$dns_mod" = "redir_host" ] && [ "$core_old" = "clash" ] && setconfig dns_mod mix #singbox自动切换dns
-		[ "$dns_mod" = "mix" ] && [ "$crashcore" = 'clash' -o "$crashcore" = 'clashpre' ] && setconfig dns_mod fake-ip #singbox自动切换dns
+		[ "$dns_mod" = "mix" ] && [ "$crashcore" = 'clash' -o "$crashcore" = 'clashpre' ] && setconfig dns_mod redir_host #singbox自动切换dns
 		echo -e "\033[33m已从$core_old内核切换至$core_new内核\033[0m"
 		echo -e "\033[33m二者Geo数据库及yaml/json配置文件不通用\033[0m"
 		read -p "是否保留相关数据库文件？(1/0) > " res
@@ -795,8 +795,7 @@ setdb(){
 	0) ;;
 	1)
 		db_type=zashboard
-		echo $update_url
+		setconfig external_ui_url "https://github.com/Zephyruso/zashboard/releases/latest/download/dist-cdn-fonts.zip"
-		setconfig external_ui_url "https://raw.githubusercontent.com/juewuy/ShellCrash/update/bin/dashboard/zashboard.tar.gz"
 		dbdir
 		;;
 	2)

scripts/menus/bot_tg_bind.sh

@@ -22,14 +22,26 @@ tg_push_token(){
 	setconfig chat_ID "$chat_ID"
 	"$CRASHDIR"/start.sh logger "已完成Telegram日志推送设置！" 32
 }
+get_chatid(){
+	i=1
+	chat_ID=''
+	while [ $i -le 3 ] && [ -z "$chat_ID" ]; do
+		sleep 1
+		echo -e "\033[33m第 $i 次尝试获取对话ID失败，正在重试...\033[0m"
+		chat=$(web_get_lite "$url_tg" 2>/dev/null)
+		if [ -n "$chat" ];then
+			chat_ID=$(echo $chat | sed 's/"update_id":/{\n"update_id":/g' | grep "$public_key" | head -n1 | grep -oE '"id":.*,"is_bot' | sed s'/"id"://' | sed s'/,"is_bot//')
+		fi
+		i=$((i + 1))
+	done
+}
 set_bot() {
 	public_key=$(cat /proc/sys/kernel/random/boot_id | sed 's/.*-//')
 	echo -e "发送此秘钥:        \033[30;46m$public_key\033[0m"
 	echo "-----------------------------------------------"
 	read -p "我已经发送完成(1/0) > " res
 	if [ "$res" = 1 ]; then
-		chat=$(web_get_lite $url_tg 2>/dev/null)
+		get_chatid
-		[ -n "$chat" ] && chat_ID=$(echo $chat | sed 's/"update_id":/{\n"update_id":/g' | grep "$public_key" | head -n1 | grep -oE '"id":.*,"is_bot' | sed s'/"id"://' | sed s'/,"is_bot//')
 		[ -z "$chat_ID" ] && [ "$TOKEN" != 'publictoken' ] && {
 			echo -e "\033[31m无法获取对话ID，请返回重新设置或手动输入ChatID！\033[0m"
 			echo -e "通常访问 \033[32;4m$url_tg\033[0m \n\033[36m即可看到ChatID\033[0m"

scripts/menus/bot_tg_service.sh

@@ -4,10 +4,14 @@
 bot_tg_start(){
 	. "$CRASHDIR"/starts/start_legacy.sh
 	start_legacy "$CRASHDIR/menus/bot_tg.sh" 'bot_tg'
-	cronset 'TG_BOT守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程"
+	bot_tg_cron
 }
 bot_tg_stop(){
 	cronset 'TG_BOT守护进程'
 	[ -f "$TMPDIR/bot_tg.pid" ] && kill -TERM "$(cat "$TMPDIR/bot_tg.pid")"
 	rm -f "$TMPDIR/bot_tg.pid"
-}
+}
+bot_tg_cron(){
+	cronset 'TG_BOT守护进程'
+	cronset 'TG_BOT守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程"
+}

scripts/menus/dns.sh

@@ -2,43 +2,29 @@
 # Copyright (C) Juewuy
 
 set_dns_mod() { #DNS模式设置
+	[ -z "$hosts_opt" ] && hosts_opt=ON
+    [ -z "$dns_protect" ] && dns_protect=ON
     echo "-----------------------------------------------"
     echo -e "当前DNS运行模式为：\033[47;30m $dns_mod \033[0m"
     echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
     echo "-----------------------------------------------"
-    echo -e " 1 fake-ip模式：   响应快，\033[33m兼容性较差\033[0m"
+	echo -e " 1 MIX模式：  \033[32m防污染防泄露，响应快，推荐！\033[0m"
-    echo -e "                   不支持CN-IP绕过功能"
+	echo -e "              cn域名realip其他fakeip分流"
-    echo -e " 2 redir_host模式：\033[33m不安全，易被污染\033[0m"
+	echo -e " 2 Route模式：\033[32m防污染防泄露，全真实IP\033[0m"
-    echo -e "                   建议搭配第三方DNS服务使用"
+	echo -e "              cn域名realip其他dns2proxy分流"
-    if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
+    echo -e " 3 Redir模式：\033[33m不安全，易被污染\033[0m"
-        echo -e " 3 mix混合模式：   \033[32m防污染防泄露，响应快，推荐！\033[0m"
+    echo -e "              建议搭配第三方DNS服务使用"
-        echo -e "                   cn域名realip其他fakeip分流"
-        echo -e " 4 route模式：     \033[32m防污染防泄露，全真实IP\033[0m"
-        echo -e "                   cn域名realip其他dns2proxy分流"
-    fi
 	echo "-----------------------------------------------"
-    [ "$dns_mod" = "fake-ip" ] || [ "$dns_mod" = "mix" ] &&
+    echo -e " 4 DNS防泄漏：  \033[36m$dns_protect\033[0m	———启用时少量网站可能连接卡顿"
-    echo -e " 8 管理Fake-ip过滤列表"
+    echo -e " 5 Hosts优化：  \033[36m$hosts_opt\033[0m	———调用本机hosts并劫持NTP服务"
+    [ "$dns_mod" = "mix" ] &&
+    echo -e " 8 管理MIX模式Fake-ip过滤列表"
     echo -e " 9 \033[36mDNS进阶设置\033[0m"
     echo " 0 返回上级菜单"
     read -p "请输入对应数字 > " num
     case "$num" in
     0) ;;
     1)
-        dns_mod=fake-ip
-        setconfig dns_mod $dns_mod
-        echo "-----------------------------------------------"
-        echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
-		set_dns_mod
-    ;;
-    2)
-        dns_mod=redir_host
-        setconfig dns_mod $dns_mod
-        echo "-----------------------------------------------"
-        echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
-		set_dns_mod
-    ;;
-    3)
         if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
             dns_mod=mix
             setconfig dns_mod $dns_mod
@@ -50,7 +36,7 @@ set_dns_mod() { #DNS模式设置
         fi
 		set_dns_mod
     ;;
-    4)
+    2)
         if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
             dns_mod=route
             setconfig dns_mod $dns_mod
@@ -62,6 +48,23 @@ set_dns_mod() { #DNS模式设置
         fi
 		set_dns_mod
     ;;
+    3)
+        dns_mod=redir_host
+        setconfig dns_mod $dns_mod
+        echo "-----------------------------------------------"
+        echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
+		set_dns_mod
+    ;;
+    4)
+        [ "$dns_protect" = "ON" ] && dns_protect=OFF || dns_protect=ON
+        setconfig dns_protect $dns_protect
+        set_dns_mod
+	;;
+    5)
+		[ "$hosts_opt" = "ON" ] && hosts_opt=OFF || hosts_opt=ON
+        setconfig hosts_opt $hosts_opt
+        set_dns_mod
+	;;
     8)
         echo "-----------------------------------------------"
         fake_ip_filter
@@ -113,9 +116,6 @@ set_dns_adv() { #DNS详细设置
     [ -z "$dns_nameserver" ] && dns_nameserver='223.5.5.5, 1.2.4.8'
     [ -z "$dns_fallback" ] && dns_fallback="1.1.1.1, 8.8.8.8"
     [ -z "$dns_resolver" ] && dns_resolver="223.5.5.5, 2400:3200::1"
-    [ -z "$hosts_opt" ] && hosts_opt=已启用
-    [ -z "$dns_protect" ] && dns_protect=ON
-    [ -z "$dns_redir" ] && dns_redir=未开启
     [ -z "$dns_no" ] && dns_no=未禁用
     echo "-----------------------------------------------"
     echo -e "当前基础DNS：\033[32m$dns_nameserver\033[0m"
@@ -128,10 +128,8 @@ set_dns_adv() { #DNS详细设置
     echo -e " 1 修改\033[32m基础DNS\033[0m"
     echo -e " 2 修改\033[36mPROXY-DNS\033[0m(该DNS查询会经过节点)"
     echo -e " 3 修改\033[33m解析DNS\033[0m(必须是IP,用于解析其他DNS)"
-    echo -e " 4 DNS防泄漏：  \033[36m$dns_protect\033[0m	———启用时少量网站可能连接卡顿"
+    echo -e " 4 一键配置\033[32m加密DNS\033[0m"
-    echo -e " 5 hosts优化：  \033[36m$hosts_opt\033[0m	———调用本机hosts并劫持NTP服务"
     echo -e " 7 禁用DNS劫持：\033[36m$dns_no\033[0m	———搭配第三方DNS使用"
-    echo -e " 8 一键配置\033[32m加密DNS\033[0m"
     echo -e " 9 \033[33m重置\033[0m默认DNS配置"
     echo -e " 0 返回上级菜单"
     echo "-----------------------------------------------"
@@ -170,43 +168,6 @@ set_dns_adv() { #DNS详细设置
         sleep 1
         set_dns_adv
 	;;
-    4)
-        [ "$dns_protect" = "ON" ] && dns_protect=OFF || dns_protect=ON
-        setconfig dns_protect $dns_protect
-        set_dns_adv
-	;;
-    5)
-        echo "-----------------------------------------------"
-        if [ "$hosts_opt" = "已启用" ]; then
-            hosts_opt=未启用
-            echo -e "\033[32m已禁用hosts优化功能！！！\033[0m"
-        else
-            hosts_opt=已启用
-            echo -e "\033[33m已启用hosts优化功能！！！\033[0m"
-        fi
-        setconfig hosts_opt $hosts_opt
-        sleep 1
-        set_dns_adv
-	;;
-    6)
-        echo "-----------------------------------------------"
-        if [ "$dns_redir" = "未开启" ]; then
-            echo -e "\033[31m将使用OpenWrt中Dnsmasq插件自带的DNS转发功能转发DNS请求至内核！\033[0m"
-            echo -e "\033[33m启用后将禁用本插件自带的iptables转发功能\033[0m"
-            dns_redir=已开启
-            echo -e "\033[32m已启用Dnsmasq转发DNS功能！！！\033[0m"
-        else
-            uci del dhcp.@dnsmasq[-1].server
-            uci set dhcp.@dnsmasq[0].noresolv=0
-            uci commit dhcp
-            /etc/init.d/dnsmasq restart
-            echo -e "\033[33m禁用成功！！如有报错请重启设备！\033[0m"
-            dns_redir=未开启
-        fi
-        setconfig dns_redir $dns_redir
-        sleep 1
-        set_dns_adv
-	;;
     7)
         echo "-----------------------------------------------"
         if [ "$dns_no" = "未禁用" ]; then
@@ -221,7 +182,7 @@ set_dns_adv() { #DNS详细设置
         sleep 1
         set_dns_adv
 	;;
-    8)
+    4)
         echo "-----------------------------------------------"
         openssldir="$(openssl version -d 2>&1 | awk -F '"' '{print $2}')"
         if [ -s "$openssldir/certs/ca-certificates.crt" ] || [ -s "/etc/ssl/certs/ca-certificates.crt" ] ||

scripts/start.sh

@@ -70,8 +70,6 @@ stop)
     cronset '保守模式守护进程'
     cronset '运行时每'
     cronset '流媒体预解析'
-	#停止tg机器人
-	. "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_stop
     #多种方式结束进程
 	if [ -f "$TMPDIR/shellcrash.pid" ];then
 		kill -TERM "$(cat "$TMPDIR/shellcrash.pid")"

scripts/starts/afstart.sh

@@ -21,6 +21,8 @@ if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
 	[ "$start_old" = "已开启" ] && rm -rf "$TMPDIR"/CrashCore               #删除缓存目录内核文件
 	. "$CRASHDIR"/starts/fw_start.sh										#配置防火墙流量劫持
 	date +%s >"$TMPDIR"/crash_start_time                                    #标记启动时间
+	#TG机器人守护进程
+	[ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_cron
 	#后台还原面板配置
 	[ -s "$CRASHDIR"/configs/web_save ] && {
 		. "$CRASHDIR"/libs/web_restore.sh
@@ -50,8 +52,6 @@ if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
 		line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1)
 		sed -i "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
 	} &
-	#启动TG机器人
-	[ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_start
 	exit 0
 else
 	. "$CRASHDIR"/starts/start_error.sh

scripts/starts/clash_modify.sh

@@ -82,7 +82,7 @@ $find_process
 routing-mark: $routing_mark
 EOF
     #读取本机hosts并生成配置文件
-    if [ "$hosts_opt" != "未启用" ] && [ -z "$(grep -aE '^hosts:' "$CRASHDIR"/yamls/user.yaml 2>/dev/null)" ]; then
+    if [ "$hosts_opt" != "OFF" ] && [ -z "$(grep -aE '^hosts:' "$CRASHDIR"/yamls/user.yaml 2>/dev/null)" ]; then
         #NTP劫持
         cat >"$TMPDIR"/hosts.yaml <<EOF
 use-system-hosts: true

scripts/starts/fw_iptables.sh

@@ -133,8 +133,8 @@ start_ipt_wan() { #iptables公网防火墙
 	ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
 	ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
 	ipt_wan_accept(){
-		$iptable -I INPUT -p "$1" -m multiport --dports "$fw_wan_ports" -j ACCEPT
+		$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
-		ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$fw_wan_ports" -j ACCEPT
+		ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
 	}
 	ipt_wan_reject(){
 		$iptable -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
@@ -145,7 +145,9 @@ start_ipt_wan() { #iptables公网防火墙
 	ipt_wan_reject tcp
 	ipt_wan_reject udp
 	#端口放行
-    [ -n "$fw_wan_ports" ] && {
+	[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
+	accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$//")
+    [ -n "$accept_ports" ] && {
 		ipt_wan_accept tcp
 		ipt_wan_accept udp
 	}

scripts/starts/fw_nftables.sh

@@ -136,8 +136,10 @@ start_nft_wan() { #nftables公网防火墙
     nft add chain inet shellcrash input { type filter hook input priority -100 \; }
     nft add rule inet shellcrash input iif lo accept #本机请求全放行
 	#端口放行
-    [ -n "$fw_wan_ports" ] && {
+	[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
-		fw_wan_nfports="{ $(echo "$fw_wan_ports" | sed 's/,/, /g') }"
+	accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /")
+    [ -n "$accept_ports" ] && {
+		fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }"
 		nft add rule inet shellcrash input tcp dport $fw_wan_nfports accept
 		nft add rule inet shellcrash input udp dport $fw_wan_nfports accept
 	}

scripts/starts/shellcrash.procd

@@ -33,7 +33,6 @@ start_service() {
 	fi
 }
 stop_service() {
-	killall bot_tg.sh 2>/dev/null
 	procd_close_instance
 	"$CRASHDIR"/starts/fw_stop.sh
 }

scripts/starts/singbox_modify.sh

@@ -66,7 +66,7 @@ modify_json() {
 { "log": { "level": "info", "timestamp": true } }
 EOF
     #生成add_hosts.json
-    if [ "$hosts_opt" != "未启用" ]; then #本机hosts
+    if [ "$hosts_opt" != "OFF" ]; then #本机hosts
         sys_hosts=/etc/hosts
         [ -s /data/etc/custom_hosts ] && sys_hosts=/data/etc/custom_hosts
         #NTP劫持

scripts/starts/snapshot_init.sh

@@ -52,7 +52,7 @@ auto_clean(){
 }
 auto_start(){
 	#设置init.d服务
-	cp -f "$CRASHDIR"/shellcrash.procd /etc/init.d/shellcrash
+	cp -f "$CRASHDIR"/starts/shellcrash.procd /etc/init.d/shellcrash
 	chmod 755 /etc/init.d/shellcrash
 	#初始化环境变量
 	. "$CRASHDIR"/libs/set_profile.sh && set_profile '/etc/profile' 

scripts/starts/start_legacy_wd.sh

@@ -6,12 +6,13 @@ if [ -f "$PIDFILE" ]; then
 	PID="$(cat "$PIDFILE")"
 	if [ -n "$PID" ] && kill -0 "$PID" 2>/dev/null; then
 		return 0
-	else
-		if [ "$1" = shellcrash ];then
-			"$CRASHDIR"/start.sh start
-		else
-			. "$CRASHDIR"/starts/start_legacy.sh
-			start_legacy "$CRASHDIR/menus/bot_tg.sh" "$1"
-		fi
 	fi
 fi
+#如果没有进程则拉起
+if [ "$1" = shellcrash ];then
+	"$CRASHDIR"/start.sh start
+else
+	. "$CRASHDIR"/starts/start_legacy.sh
+	start_legacy "$CRASHDIR/menus/bot_tg.sh" "$1"
+fi
+