diff --git a/scripts/clash.sh b/scripts/clash.sh
index c3aa118..94d4a80 100644
--- a/scripts/clash.sh
+++ b/scripts/clash.sh
@@ -49,7 +49,6 @@ fi
 [ -z "$redir_port" ] && redir_port=7892
 [ -z "$db_port" ] && db_port=9999
 [ -z "$dns_port" ] && dns_port=1053
-[ -z "$secret" ] && secret=未设置
 #获取运行模式
 if [ -z "$redir_mod" ];then
 	sed -i "2i\redir_mod=Redir模式" $ccfg
@@ -148,6 +147,8 @@ setport(){
 		fi
 	}
 	source $ccfg
+	[ -z "$secret" ] && secret=未设置
+	[ -z "$authentication" ] && authentication=未设置
 	if [ -n "$(pidof clash)" ];then
 		echo -----------------------------------------------
 		echo -e "\033[33m检测到clash服务正在运行，需要先停止clash服务！\033[0m"
@@ -159,11 +160,12 @@ setport(){
 		fi
 	fi
 	echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-	echo -e " 1 修改Http/Sock5端口：\033[36m$mix_port\033[0m"
-	echo -e " 2 修改静态路由端口：\033[36m$redir_port\033[0m"
-	echo -e " 3 修改DNS监听端口：\033[36m$dns_port\033[0m"
-	echo -e " 4 修改面板访问端口：\033[36m$db_port\033[0m"
-	echo -e " 5 修改面板访问密码：\033[36m$secret\033[0m"
+	echo -e " 1 修改Http/Sock5端口：	\033[36m$mix_port\033[0m"
+	echo -e " 2 设置Http/Sock5密码：	\033[36m$authentication\033[0m"
+	echo -e " 3 修改静态路由端口：	\033[36m$redir_port\033[0m"
+	echo -e " 4 修改DNS监听端口：	\033[36m$dns_port\033[0m"
+	echo -e " 5 修改面板访问端口：	\033[36m$db_port\033[0m"
+	echo -e " 6 设置面板访问密码：	\033[36m$secret\033[0m"
 	echo -e " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 	if [ -z "$num" ]; then 
@@ -173,19 +175,41 @@ setport(){
 		xport=mix_port
 		inputport
 	elif [[ $num == 2 ]]; then
+		echo -----------------------------------------------
+		echo -e "格式必须是\033[32m 用户名:密码 \033[0m的形式，注意用小写冒号分隔！"
+		echo -e "请尽量不要使用特殊符号！可能会产生未知错误！"
+		echo "输入 0 删除密码"
+		echo -----------------------------------------------
+		read -p "请输入Http/Sock5用户名及密码 > " input
+		if [ "$input" = "0" ];then
+			authentication=""
+			sed -i "/authentication*/"d $ccfg
+			echo 密码已移除！
+		else
+			authentication=$(echo $input | grep :)
+			if [ -n "$authentication" ]; then
+				sed -i "/authentication*/"d $ccfg
+				sed -i "1i\authentication=\'$authentication\'" $ccfg
+				echo -e "\033[32m设置成功！！！\033[0m"
+			else
+				echo -e "\033[31m输入有误，请重新输入！\033[0m"
+			fi
+		fi
+		setport
+	elif [[ $num == 3 ]]; then
 		xport=redir_port
 		inputport
-	elif [[ $num == 3 ]]; then
+	elif [[ $num == 4 ]]; then
 		xport=dns_port
 		inputport
-	elif [[ $num == 4 ]]; then
+	elif [[ $num == 5 ]]; then
 		xport=db_port
 		inputport
-	elif [[ $num == 5 ]]; then
-		read -p "请输入面板访问密码 > " secret
+	elif [[ $num == 6 ]]; then
+		read -p "请输入面板访问密码(输入0删除密码) > " secret
 		if [ -n "$secret" ]; then
 			sed -i "/secret*/"d $ccfg
-			sed -i "1i\secret=$secret" $ccfg
+			[ "$secret" = "0" ] && secret="" || sed -i "1i\secret=$secret" $ccfg
 			echo -e "\033[32m设置成功！！！\033[0m"
 		fi
 		setport
@@ -669,7 +693,7 @@ echo -e " 1 不修饰config.yaml:	\033[36m$modify_yaml\033[0m	————用于
 echo -e " 2 启用ipv6支持:	\033[36m$ipv6_support\033[0m	————实验性功能，可能不可用"
 echo -e " 3 使用保守方式启动:	\033[36m$start_old\033[0m	————切换时会停止clash服务"
 echo -e " 4 代理本机流量:	\033[36m$local_proxy\033[0m	————配置本机代理环境变量"
-echo -e " 5 手动指定clash运行端口"
+echo -e " 5 手动指定clash运行端口及秘钥"
 echo -----------------------------------------------
 echo -e " 8 \033[31m重置\033[0m配置文件"
 echo -e " 9 \033[32m重启\033[0mclash服务"
@@ -1137,7 +1161,7 @@ if [[ $num -le 9 ]] > /dev/null 2>&1; then
 			exit;
 		elif [[ $num == 6 ]]; then
 			echo 注意：测试结果不保证一定准确！
-			delay=`curl -kx 127.0.0.1:$mix_port -o /dev/null -s -w '%{time_starttransfer}' 'https://google.tw' & { sleep 3 ; kill $! & }` > /dev/null 2>&1
+			delay=`curl -kx ${authentication}@127.0.0.1:$mix_port -o /dev/null -s -w '%{time_starttransfer}' 'https://google.tw' & { sleep 3 ; kill $! & }` > /dev/null 2>&1
 			delay=`echo |awk "{print $delay*1000}"` > /dev/null 2>&1
 			echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 			if [ `echo ${#delay}` -gt 1 ];then
diff --git a/scripts/getdate.sh b/scripts/getdate.sh
index 527b21b..7a90f28 100644
--- a/scripts/getdate.sh
+++ b/scripts/getdate.sh
@@ -539,7 +539,7 @@ echo -e " 0 返回上级菜单"
 read -p "请输入对应数字 > " num
 	if [ "$num" = '1' ]; then
 		echo 'function FindProxyForURL(url, host) {' > $dir/pac
-		echo "    return \"SOCKS $host:$mix_port; PROXY $host:$mix_port; DIRECT;\"" >> $dir/pac
+		echo "    return \"SOCKS $authentication@$host:$mix_port; PROXY $authentication@$host:$mix_port; DIRECT;\"" >> $dir/pac
 		echo '}' >> $dir/pac
 		echo -e "\033[33mPAC文件已生成！\033[0m"
 		echo -e "PAC地址：\033[32m$pac\033[0m"
@@ -573,7 +573,7 @@ elif [[ $num == 1 ]]; then
 elif [[ $num == 2 ]]; then
 	update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash'
 elif [[ $num == 3 ]]; then
-	update_url='-x 127.0.0.1:'$mix_port' https://raw.githubusercontent.com/juewuy/ShellClash/master'
+	update_url='-x '$authentication'@127.0.0.1:'$mix_port' https://raw.githubusercontent.com/juewuy/ShellClash/master'
 elif [[ $num == 4 ]]; then
 	echo ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 	read -p "请输入个人源路径 > " update_url
diff --git a/scripts/start.sh b/scripts/start.sh
index 84acdc1..1ebeb65 100644
--- a/scripts/start.sh
+++ b/scripts/start.sh
@@ -160,12 +160,13 @@ external="external-controller: 0.0.0.0:$db_port"
 [ "$redir_mod" != "Redir模式" ] && tun='tun: {enable: true, stack: system}' || tun='tun: {enable: false}'
 exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
 #dns配置
+[ "$dns_over" = "未开启" ] && dns_local=', 127.0.0.1:53'
+dns_nameserver='114.114.114.114, 223.5.5.5'
+dns_fallback='1.0.0.1, 8.8.4.4'
 if [ "$dns_mod" = "fake-ip" ];then
-	dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org"], nameserver: [114.114.114.114, 223.5.5.5, 127.0.0.1:53], fallback: [tcp://1.0.0.1, 8.8.4.4], fallback-filter: {geoip: true}}'
-elif [ "$dns_over" = "已开启" ];then
-	dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, nameserver: [114.114.114.114, 223.5.5.5], fallback: [1.0.0.1, 8.8.4.4], fallback-filter: {geoip: true}}'
+	dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org"], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 else
-	dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, nameserver: [114.114.114.114, 223.5.5.5, 127.0.0.1:53], fallback: [1.0.0.1, 8.8.4.4], fallback-filter: {geoip: true}}'
+	dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, nameserver: ['$dns_nameserver$dns_local'], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 fi
 
 ###################################
@@ -177,22 +178,25 @@ fi
 	#添加配置
 	sed -i "1imixed-port:\ $mix_port" $yaml
 	sed -i "1aredir-port:\ $redir_port" $yaml
-	sed -i "2a$lan" $yaml
-	sed -i "3a$mode" $yaml
-	sed -i "4a$log" $yaml
-	sed -i "5a$ipv6" $yaml
-	sed -i "6aexternal-controller:\ :$db_port" $yaml
-	sed -i "7aexternal-ui:\ $db_ui" $yaml
-	sed -i "8asecret:\ $secret" $yaml
-	sed -i "9a$dns" $yaml
+	sed -i "2aauthentication:\ \[\"$authentication\"\]" $yaml
+	sed -i "3a$lan" $yaml
+	sed -i "4a$mode" $yaml
+	sed -i "5a$log" $yaml
+	sed -i "6a$ipv6" $yaml
+	sed -i "7aexternal-controller:\ :$db_port" $yaml
+	sed -i "8aexternal-ui:\ $db_ui" $yaml
+	sed -i "9asecret:\ $secret" $yaml
 	sed -i "10a$tun" $yaml
 	sed -i "11a$exper" $yaml
+	sed -i "12a$dns" $yaml
 	#跳过本地tls证书验证
 	if [ "$skip_cert" = "已开启" ];then
 	sed -i '10,99s/skip-cert-verify: false/skip-cert-verify: true/' $yaml
 	else
 	sed -i '10,99s/skip-cert-verify: true/skip-cert-verify: false/' $yaml
 	fi
+	#禁止fake-ip回环流量
+	sed -i '/rules:/a \ - IP-CIDR,192.168.0.0/16,REJECT' $yaml
 }
 mark_time(){
 	start_time=`date +%s`
@@ -371,7 +375,7 @@ stop)
 		web_save
 		#删除守护进程&面板配置自动保存
 		sed -i /clash保守模式守护进程/d $cronpath >/dev/null 2>&1
-		sed -i /面板配置自动保存/d $cronpath >/dev/null 2>&1
+		sed -i /保存节点配置/d $cronpath >/dev/null 2>&1
 		#多种方式结束进程
 		if [ -f /etc/rc.common ];then
 			/etc/init.d/clash stop >/dev/null 2>&1