v1.3.2-test

~本机代理功能增加iptables增强模式（仅支持Linux系统）
~优化iptables增强模式机制，修复潜在报错
~修复mesh设备开机启动后shellclash无法正常工作的bug（待测试）

bin/version

@@ -1,4 +1,4 @@
 clash_v=1.6.0
 clashpre_v=2021.05.08
 GeoIP_v=20210514
-versionsh=1.3.1
+versionsh=1.3.2

install.sh

@@ -78,7 +78,6 @@ gettar(){
 			mv $clashdir/clash.service $sysdir/clash.service
 			sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
 			systemctl daemon-reload
-			useradd shellclash
 		else
 			#设为保守模式启动
 			sed -i '/start_old=*/'d $clashdir/mark

scripts/clash.service

@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=simple
 User=root
-ExecStart=su shellclash -c "/etc/clash/clash -d /etc/clash"
+ExecStart=/etc/clash/clash -d /etc/clash
 ExecStartPost=/etc/clash/start.sh afstart
 Restart=on-failure
 RestartSec=3s

scripts/clash.sh

@@ -492,6 +492,7 @@ localproxy(){
 				$clashdir/start.sh set_proxy $mix_port $db_port
 				echo -e "\033[32m已经成功使用$local_proxy_type方式配置本机代理~\033[0m"
 				[ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+				[ "$local_proxy_type" = "iptables增强模式" ] && $clashdir/start.sh start
 			fi		
 		else
 			local_proxy=未开启
@@ -505,7 +506,21 @@ localproxy(){
 		setconfig local_proxy_type $local_proxy_type
 		localproxy
 	elif [ "$num" = 3 ]; then
-		if  id shellclash >/dev/null 2>&1 ;then
+		[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
+		[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
+		if [ -n "$servdir" ];then
+			#检测用户如无则创建并提权
+			if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
+				userdel shellclash 2>/dev/null
+				useradd shellclash -u 7890
+				sed -Ei s/7890:7890/0:7890/g /etc/passwd
+			fi
+			#停止clash服务
+			$clashdir/start.sh stop
+			#修改service文件，使用shellclash用户运行clash服务
+			setconfig ExecStart "su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir
+			systemctl daemon-reload
+			#修改模式变量
 			local_proxy_type="iptables增强模式"
 			setconfig local_proxy_type $local_proxy_type
 		else

scripts/clashservice

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=92
+START=101
 
 SERVICE_DAEMONIZE=1
 SERVICE_WRITE_PID=1

scripts/getdate.sh

@@ -359,7 +359,7 @@ gettar(){
 			mv $clashdir/clash.service $sysdir/clash.service
 			sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
 			systemctl daemon-reload
-			useradd shellclash
+			#useradd shellclash
 		else
 			#设为保守模式启动
 			sed -i '/start_old=*/'d $clashdir/mark
@@ -854,7 +854,8 @@ update(){
 			rm -rf /etc/systemd/system/clash.service
 			rm -rf /usr/lib/systemd/system/clash.service
 			rm -rf /www/clash
-			userdel -r shellclash
+			sed -Ei s/0:7890/7890:7890/g /etc/passwd
+			userdel -r shellclash 2>/dev/null
 			echo -----------------------------------------------
 			echo -e "\033[36m已卸载ShellClash相关文件！有缘再会！\033[0m"
 			echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"

scripts/start.sh

@@ -420,7 +420,7 @@ start_udp(){
 start_output(){
 	#流量过滤规则
 	iptables -t nat -N clash_out
-	iptables -t nat -A clash_out -m owner --uid-owner shellclash -j RETURN
+	iptables -t nat -A clash_out -m owner --uid-owner 7890 -j RETURN
 	iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
 	iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
 	iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN