v1.2.0-release

~新增自定义本机host地址的功能（7-6-8）
~新手引导流程中新增自动设置加密DNS功能（当检测到本地证书时自动配置）
~优化了合并自定义配置文件的流程，现在会在生成的规则中添加注释
~同步最新1.4.2版本官方核心及高级版核心
~同步最新数据库文件
~修复yacd面板无法自动配置host的问题
~修复部分情况下检测本机host失败的bug
~修复部分情况下导入包含“&”符号的配置文件失败的bug
~修复在导入包含“/”的自定义规则时报错的bug

README.md

@@ -1,101 +1,108 @@
+<h1 align="center">
+  <img src="https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt="Clash" width="200">
+  <br>ShellClash<br>
+</h1>
 
 
-# ShellClash（原Clash for Miwifi）
+  <p align="center">
+	<a target="_blank" href="https://github.com/Dreamacro/clash/releases">
+    <img src="https://img.shields.io/github/release/Dreamacro/Clash.svg?style=flat-square&label=Clash">
+  </a>
+  <a target="_blank" href="https://github.com/juewuy/ShellClash/releases">
+    <img src="https://img.shields.io/github/release/juewuy/ShellClash.svg?style=flat-square&label=ShellClash&colorB=green">
+  </a>
+</p>
 
-在Shell环境下一键部署及管理[Clash](https://github.com/Dreamacro/clash)
-=====
+[中文](README_CN.md) | English
 
-功能简介：
---
-~通过管理脚本在Shell环境下便捷使用[Clash](https://github.com/Dreamacro/clash)<br>
-~支持在Shell环境下管理[Clash各种功能](https://lancellc.gitbook.io/clash)<br>
-~支持在线导入[Clash](https://github.com/Dreamacro/clash)支持的节点、订阅及配置链接<br>~支持配置定时任务，以及定时更新订阅<br>~支持在线安装及使用网页面板管理规则组<br>
-~支持局域网透明代理/纯净模式等多种模式切换<br>~支持GNOME、KDE桌面自动配置本机系统级代理<br>~支持在线更新<br>
+## Function introduction: 
 
-设备支持：
+~Convenient use in Shell environment through management script [Clash](https://github.com/Dreamacro/clash)<br>~Support management of [Clash functions](https://lancellc.gitbook.io/clash)<br>~Support online import [Clash](https://github.com/Dreamacro/clash) supports sharing, subscription and configuration links<br>~Support configuration timing tasks, support configuration file timing updates<br>~Support online installation and Use local web panel to manage built-in rules<br>~Support routing mode, native mode and other mode switching<br>~Support GNOME, KDE desktop automatic configuration native mode<br>~Support online update<br>
+
+## Equipment support:
+
+~Support various router devices based on OpenWrt or secondary custom development using OpenWrt<br>~Support various devices running standard Linux systems (such as Debian/CenOS/Armbian, etc.)<br>~Compatible with Padavan firmware (conservative mode), Pandora firmware<br>~Compatible with various types of devices customized and developed using the Linux kernel<br>——————————<br>~For more device support, please submit an issue or go to the TG group for feedback (the device name and the device core information returned by running uname -a must be provided)<br>
+
+How to use:
 --
 
-~支持小米/红米全系使用官方系统或官方开发版系统的路由器设备<br>
-~支持各种基于OpenWrt或使用OpenWrt二次定制开发的路由器设备<br>
-~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件<br>——————————
-~更多设备支持，请提issue或前往TG群反馈（需提供设备名称及运行uname -a返回的设备核心信息）<br>
+~Confirm that the router device has enabled SSH and obtained root privileges (Linux devices with GUI desktops can be installed using their own terminal)<br>~Use SSH connection tools (such as putty, JuiceSSH, system built-in terminal, etc.) router or Linux device SSH management interface or terminal interface, and switch to the root user<br>~Confirm that the curl or wget download tool has been installed on the device. If not installed, please [refer to here](https://www.howtoforge.com/install-curl-in-linux) for LInux devices to install curl. For devices based on OpenWrt (Xiaomi official system, Pandora, Gaoke, etc.), please Use the following command to install curl:<br>
 
-使用方式：
---
-~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
-~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
-~确认设备已经安装curl或者wget下载工具。如未安装，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
-
-```shell
+```sh
 opkg update && opkg install curl
 ```
 
-~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
+~ Then execute the following installation commands on the SSH interface, and follow the subsequent prompts to complete the installation<br>
 
-~**使用curl安装**：<br>
+##### ~Use curl:<br>
 
 ```Shell
-#Release版本-github直连
+#Release version - by github
 sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
-#Release版本-jsdelivrCDN源
+#Release version - by jsdelivrCDN
 sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
-#Test版本-github直连
+#Test version - by github
 sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
 ```
 
-~**使用wget安装**：<br>
+##### ~Use wget：<br>
 
 ```sh
-#Release版本-jsdelivrCDN源
-wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh 2 && source /etc/profile &> /dev/null
+#Release version - by jsdelivrCDN
+wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
-~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>
+~**After installation by non-root users**, please execute the following additional commands to read environment variables:<br>
 
 ```shell
 source ~/.bashrc &> /dev/null
 ```
 
-~安装完成管理脚本后，执行如下命令以**运行管理脚本**<br>
+~After installing the management script, execute the following command to **run the management script**<br>
 
 ```Shell
-clash #正常模式运行
-clash -h #脚本帮助及说明
-clash -t #测试模式运行
+clash #normal mode
+clash -h #help
+clash -t #test mode
 ```
 
-~**运行时的额外依赖**：<br>
+~**Additional dependencies at runtime**：<br>
 
-`大部分的设备/系统都已经预装了以下的大部分依赖，使用时如无影响可以无视之`
+```
+Most of the equipment/systems are pre-installed with most of the following dependencies, you can ignore them if there is no impact when you use them.
+```
 
 ```sh
-bash/ash		必须		全部缺少时无法安装及运行脚本
-curl/wget		必须		全部缺少时无法在线安装及更新，无法使用节点保存功能
-iptables		重要		缺少时只能使用纯净模式
-systemd/rc.common	一般		全部缺少时只能使用保守模式
-iptables-mod-nat	一般		缺少时无法使用redir模式，混合模式
-ip6tables-mod-nat	较低		缺少时影响redir模式，混合模式对ipv6的支持
-crontab			较低		缺少时无法启用定时任务功能
-net-tools		极低		缺少时无法正常检测端口占用
-ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
+bash/ash		necessary		Cannot install and run scripts when all are missing
+curl/wget		necessary		When all are missing, it cannot be installed and updated online
+iptables		important		Only use pure mode when missing
+systemd/rc.common	general		Only use conservative mode when all are missing
+iptables-mod-nat	general		Cannot use redir mode, mixed mode when missing
+ip6tables-mod-nat	lower		Affects redir mode when missing, mixed mode support for ipv6
+crontab			lower		Cannot enable timing task function when missing
+net-tools		minimal		Cannot detect port occupancy normally when missing
+ubus/iproute-doc	minimal		The host address of the machine cannot be obtained normally when missing
 ```
 
 
 
-更新日志：
---
+## Update log: 
 
-### [点击查看](https://github.com/juewuy/ShellClash/releases)
+### [Click to view](https://github.com/juewuy/ShellClash/releases) 
 
-交流反馈：
---
-### [TG讨论组](https://t.me/clashfm) 
+## Exchange feedback: 
 
-相关Q&A：
---
+### [TG Discussion Group](https://t.me/clashfm)
 
-### [详见博客](https://juewuy.github.io)
+## Related Q&A:
+
+### [See blog for details](https://juewuy.github.io)
+
+## Donate this project
+
+### [Go to page](https://juewuy.github.io/yOF4Yf06Q/)
+
+## Friendly promotion: 
+
+### [Top 8K Airport-Dler](https://dler.best/auth/register?affid=89698)
 
-友情推广：
---
-### [顶级8K专线机场-墙洞](https://dler.best/auth/register?affid=89698)

README_CN.md

@@ -0,0 +1,117 @@
+<h1 align="center">
+  <img src="https://github.com/Dreamacro/clash/raw/master/docs/logo.png" alt="Clash" width="200">
+  <br>ShellClash<br>
+</h1>
+
+
+  <p align="center">
+	<a target="_blank" href="https://github.com/Dreamacro/clash/releases">
+    <img src="https://img.shields.io/github/release/Dreamacro/Clash.svg?style=flat-square&label=Clash">
+  </a>
+  <a target="_blank" href="https://github.com/juewuy/ShellClash/releases">
+    <img src="https://img.shields.io/github/release/juewuy/ShellClash.svg?style=flat-square&label=ShellClash&colorB=green">
+  </a>
+</p>
+
+中文 | [English](README.md) 
+
+功能简介：
+--
+
+~通过管理脚本在Shell环境下便捷使用[Clash](https://github.com/Dreamacro/clash)<br>
+~支持在Shell环境下管理[Clash各种功能](https://lancellc.gitbook.io/clash)<br>
+~支持在线导入[Clash](https://github.com/Dreamacro/clash)支持的分享、订阅及配置链接<br>~支持配置定时任务，支持配置文件定时更新<br>~支持在线安装及使用本地网页面板管理内置规则<br>
+~支持路由模式、本机模式等多种模式切换<br>~支持GNOME、KDE桌面自动配置本机模式<br>~支持在线更新<br>
+
+设备支持：
+--
+
+~支持各种基于OpenWrt或使用OpenWrt二次定制开发的路由器设备<br>
+~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件<br>~兼容各类使用Linux内核定制开发的各类型设备<br>
+
+——————————<br>
+~更多设备支持，请提issue或前往TG群反馈（需提供设备名称及运行uname -a返回的设备核心信息）<br>
+
+使用方式：
+--
+~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
+~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
+~确认设备已经安装curl或者wget下载工具。如未安装，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
+
+```shell
+opkg update && opkg install curl
+```
+
+~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
+
+~**使用curl安装**：<br>
+
+```Shell
+#Release版本-github直连
+sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
+#Release版本-jsdelivrCDN源
+sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
+#Test版本-github直连
+sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
+```
+
+~**使用wget安装**：<br>
+
+```sh
+#Release版本-jsdelivrCDN源
+wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>
+
+```shell
+source ~/.bashrc &> /dev/null
+```
+
+~安装完成管理脚本后，执行如下命令以**运行管理脚本**<br>
+
+```Shell
+clash #正常模式运行
+clash -h #脚本帮助及说明
+clash -t #测试模式运行
+```
+
+~**运行时的额外依赖**：<br>
+
+`大部分的设备/系统都已经预装了以下的大部分依赖，使用时如无影响可以无视之`
+
+```sh
+bash/ash		必须		全部缺少时无法安装及运行脚本
+curl/wget		必须		全部缺少时无法在线安装及更新，无法使用节点保存功能
+iptables		重要		缺少时只能使用纯净模式
+systemd/rc.common	一般		全部缺少时只能使用保守模式
+iptables-mod-nat	一般		缺少时无法使用redir模式，混合模式
+ip6tables-mod-nat	较低		缺少时影响redir模式，混合模式对ipv6的支持
+crontab			较低		缺少时无法启用定时任务功能
+net-tools		极低		缺少时无法正常检测端口占用
+ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
+```
+
+
+
+更新日志：
+--
+
+### [点击查看](https://github.com/juewuy/ShellClash/releases)
+
+交流反馈：
+--
+### [TG讨论组](https://t.me/clashfm) 
+
+相关Q&A：
+--
+
+### [详见博客](https://juewuy.github.io)
+
+## 捐赠此项目：
+
+### [前往页面](https://juewuy.github.io/yOF4Yf06Q/)
+
+友情推广：
+--
+### [顶级8K专线机场-墙洞](https://dler.best/auth/register?affid=89698)

bin/release_version

@@ -0,0 +1,8 @@
+1.2.0
+1.1.0
+1.0.0beta18.2
+1.0.0beta17
+1.0.0beta15
+1.0.0beta11
+1.0.0beta5
+0.9.7

bin/version

@@ -1,4 +1,4 @@
-clash_v=1.2.0
-versionsh=1.0.0beta16
-clashpre_v=2020.10.26
-GeoIP_v=20201031
+clash_v=1.4.2
+clashpre_v=2021.03.10
+GeoIP_v=20210322
+versionsh=1.2.0

install.sh

@@ -13,7 +13,7 @@ echo "***********************************************"
 #检查root权限
 if [ "$USER" != "root" ];then
 	echo 当前用户:$USER
-	$echo "\033[31m请尽量使用root用户执行安装!\033[0m"
+	$echo "\033[31m请尽量使用root用户（但绝对不要使用sudo命令！）执行安装!\033[0m"
 	echo -----------------------------------------------
 	read -p "仍要安装？可能会产生大量未知错误！(1/0) > " res
 	[ "$res" != "1" ] && exit
@@ -37,11 +37,11 @@ webget(){
 url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
 if [ "$test" -gt 0 ];then 
 	url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master"
-	[ "$test" -eq 2 ] && url="http://192.168.31.30:8080/clash-for-Miwifi"
+	[ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash"
 	[ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi"
 else
-	webget /tmp/clashrelease https://github.com.cnpmjs.org/juewuy/ShellClash/releases/latest echoon rediroff 2>/tmp/clashrelease
-	release_new=$( cat /tmp/clashrelease | grep -aoE "releases/tag/.*" | awk -F '[/" ]' '{print $3}')
+	webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
+	[ "$result" = "200" ] && release_new=$(cat /tmp/clashrelease | head -1)
 	[ -z "$release_new" ] && release_new=master
 	url=$url@$release_new
 fi
@@ -86,17 +86,22 @@ gettar(){
 	fi
 	#修饰文件及版本号
 	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
-	sed -i "s%#!/bin/sh%#!/bin/$shtype%g" $clashdir/start.sh
+	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
 	chmod  777 $clashdir/start.sh
 	sed -i '/versionsh_l=*/'d $clashdir/mark
 	echo versionsh_l=$release_new >> $clashdir/mark
 	#设置环境变量
 	[ -w ~/.bashrc ] && profile=~/.bashrc
 	[ -w /etc/profile ] && profile=/etc/profile
-	sed -i '/alias clash=*/'d $profile
-	echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
-	sed -i '/export clashdir=*/'d $profile
-	echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	if [ -n "$profile" ];then
+		sed -i '/alias clash=*/'d $profile
+		echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
+		sed -i '/export clashdir=*/'d $profile
+		echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	else
+		echo 无法写入环境变量！请检查安装权限！
+		exit 1
+	fi
 	#删除临时文件
 	rm -rf /tmp/clashfm.tar.gz 
 	rm -rf $clashdir/clashservice
@@ -110,13 +115,14 @@ echo -----------------------------------------------
 gettar
 echo -----------------------------------------------
 echo ShellClash 已经安装成功!
+[ "$USER" != "root" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
 echo -----------------------------------------------
 $echo "\033[33m输入\033[30;47m clash \033[0;33m命令即可管理！！！\033[0m"
 echo -----------------------------------------------
 }
 setdir(){		
 echo -----------------------------------------------
-$echo "\033[33m安装ShellClash至少需要预留约10MB的磁盘空间\033[0m"	
+$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
 $echo " 1 在\033[32m/etc目录\033[0m下安装(适合路由设备)"
 $echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合大多数设备)"
 $echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"

scripts/clashservice

@@ -7,6 +7,7 @@ SERVICE_WRITE_PID=1
 USE_PROCD=1
 #获取目录
 DIR=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
+[ -z "$DIR" ] && DIR=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
 BINDIR=$(cat $DIR/mark | grep bindir | awk -F "=" '{print $2}')
 [ -z "$BINDIR" ] && BINDIR=$DIR
 

scripts/start.sh

@@ -4,14 +4,14 @@
 #脚本内部工具
 getconfig(){
 	#加载配置文件
-	[ -z "$clashdir" ] && source /etc/profile > /dev/null
-	[ -z "$clashdir" ] && source ~/.bashrc > /dev/null
+	[ -z "$clashdir" ] && clashdir=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
+	[ -z "$clashdir" ] && clashdir=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
 	ccfg=$clashdir/mark
 	[ -f $ccfg ] && source $ccfg
 	#默认设置
 	[ -z "$bindir" ] && bindir=$clashdir
 	[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod=Redir模式
-	[ -z "$redir_mod" ] && redir_mod=纯净模式
+	[ -z "$redir_mod" ] && redir_mod=Redir模式
 	[ -z "$skip_cert" ] && skip_cert=已开启
 	[ -z "$common_ports" ] && common_ports=已开启
 	[ -z "$dns_mod" ] && dns_mod=redir_host
@@ -26,31 +26,49 @@ getconfig(){
 	[ -z "$dns_port" ] && dns_port=1053
 	[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
 	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
+	[ -z "$multiport" ] && multiport='53,587,465,995,993,143,80,443'
 	#是否代理常用端口
-	[ "$common_ports" = "已开启" ] && ports='-m multiport --dports 53,587,465,995,993,143,80,443 '
+	[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
 	}
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
 	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
-	sed -i "/${1}*/"d $configpath
-	echo "${1}=${2}" >> $configpath
+	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
+}
+compare(){
+	if [ ! -f $1 -o ! -f $2 ];then
+		return 1
+	elif command -v cmp >/dev/null 2>&1;then
+		cmp -s $1 $2
+	else
+		[ "$(cat $1)" = "$(cat $2)" ] && return 0 || return 1
+	fi
 }
 webget(){
-	[ -n "$(pidof clash)" ] && export all_proxy="http://127.0.0.1:$mix_port" #设置临时http代理
+	[ -n "$(pidof clash)" ] && export all_proxy="http://$authentication@127.0.0.1:$mix_port" #设置临时http代理 
 	#参数【$1】代表下载目录，【$2】代表在线地址
 	#参数【$3】代表输出显示，【$4】不启用重定向
+	#参数【$5】代表验证证书
 	if curl --version > /dev/null 2>&1;then
 		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
-		[ -z "$4" ] && redirect='-L' || redirect=''
-		result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
+		[ "$4" = "rediroff" ] && redirect='' || redirect='-L'
+		[ "$5" = "skipceroff" ] && certificate='' || certificate='-k'
+		result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
+		[ "$result" != "200" ] && export all_proxy="" && result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
 	else
 		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
 		[ "$3" = "echoon" ] && progress=''
-		[ -z "$4" ] && redirect='' || redirect='--max-redirect=0'
-		wget -Y on $progress $redirect --no-check-certificate --timeout=5 -O $1 $2 
-		[ $? -eq 0 ] && result="200"
+		[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+		[ "$5" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
+		wget -Y on $progress $redirect $certificate --timeout=3 -O $1 $2 
+		if [ "$?" != "0" ];then
+			wget $progress $redirect $certificate --timeout=3 -O $1 $2
+			[ "$?" = "0" ] && result="200"
+		else
+			result="200"
+		fi
 	fi
-	export all_proxy=''
+	export all_proxy=""
 }
 logger(){
 	[ -n "$2" ] && echo -e "\033[$2m$1\033[0m"
@@ -71,6 +89,11 @@ mark_time(){
 	sed -i '/start_time*/'d $clashdir/mark
 	echo start_time=$start_time >> $clashdir/mark
 }
+gethost(){
+	[ -z "$host" ] && host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
+	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '\ 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
+	[ -n "$host" ] && lanhost="-s $(echo $host | grep -oE '^1(92|0|72)\.')0.0.0/8"
+}
 #配置文件相关
 getyaml(){
 	[ -z "$rule_link" ] && rule_link=1
@@ -79,7 +102,7 @@ getyaml(){
 	Server=`sed -n ""$server_link"p"<<EOF
 subcon.dlj.tf
 subconverter.herokuapp.com
-subcon.py6.pw
+subconverter-web.now.sh
 api.dler.io
 api.wcc.best
 EOF`
@@ -97,6 +120,7 @@ https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/ra
 https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/dlercloud_lige_platinum.ini
 https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/basic.ini
 https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/netease.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Full_Google.ini
 EOF`
 	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
 	if [ -z "$Https" ];then
@@ -141,8 +165,8 @@ EOF`
 		fi
 	else
 		Https=""
-		#检测节点
-		if [ -z "$(cat $yamlnew | grep 'server:' | grep -v 'nameserver')" ];then
+		#检测节点或providers
+		if [ -z "$(cat $yamlnew | grep -E 'server:|proxy-providers:' | grep -v 'nameserver' | head -n 1)" ];then
 			echo -----------------------------------------------
 			logger "获取到了配置文件，但似乎并不包含正确的节点信息！" 31
 			echo -----------------------------------------------
@@ -163,33 +187,38 @@ EOF`
 		#检测不支持的加密协议
 		if cat $yamlnew | grep 'cipher: chacha20,' >/dev/null;then
 			echo -----------------------------------------------
-			logger "不支持chacha20加密，请更换节点加密协议！！！" 31
+			logger "已停止支持chacha20加密，请更换更安全的节点加密协议！" 31
 			echo -----------------------------------------------
 			exit 1
 		fi
+		#检测是否存在高级版规则
+		if [ "$clashcore" = "clash" -a -n "$(cat $yamlnew | grep -E '^script:|proxy-providers|rule-providers')" ];then
+			echo -----------------------------------------------
+			logger "检测到高级版核心专属规则！将改为使用premium核心启动！" 33
+			rm -rf $bindir/clash
+			setconfig clashcore clashpre
+			echo -----------------------------------------------
+		fi
+		#使用核心内置test功能检测
+		if [ -x $bindir/clash ];then
+			$bindir/clash -t -d $bindir -f $yamlnew >/dev/null
+			if [ "$?" != "0" ];then
+				logger "配置文件加载失败！请查看报错信息！" 31
+				$bindir/clash -t -d $bindir -f $yamlnew
+				echo "$($bindir/clash -t -d $bindir -f $yamlnew)" >> $clashdir/log
+				exit 1
+			fi
+		fi
 		#如果不同则备份并替换文件
 		if [ -f $yaml ];then
-			cmp -s $yamlnew $yaml
-			[ "$?" = 0 ] && rm -f $yamlnew || mv -f $yaml $yaml.bak && mv -f $yamlnew $yaml
+			compare $yamlnew $yaml
+			[ "$?" = 0 ] || mv -f $yaml $yaml.bak && mv -f $yamlnew $yaml
 		else
 			mv -f $yamlnew $yaml
 		fi
-		echo 配置文件已生成！正在启动clash使其生效！
-		#重启clash服务
-		$0 stop
-		$0 start
-		if [ "$?" = 0 ];then
-			logger "配置文件获取成功！clash服务已启动！"
-			exit 0
-		else
-			if [ -f $yaml.bak ];then
-				$0 stop
-				mv -f $yaml.bak $yaml
-				$0 start
-				[ "$?" = 0 ] && logger "已还原配置文件并重启clash！" 32 && exit 0
-				logger "已还原配置文件但依然无法启动clash！" 31 && exit 1
-			fi
-		fi
+		echo -e "\033[32m已成功获取配置文件！\033[0m"
+		rm -rf $yamlnew
+		exit 0
 	fi
 }
 modify_yaml(){
@@ -203,13 +232,11 @@ modify_yaml(){
 	[ "$redir_mod" != "Redir模式" ] && tun='tun: {enable: true, stack: system}' || tun='tun: {enable: false}'
 	exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
 	#dns配置
-	[ "$dns_over" = "未开启" ] && dns_local=', 127.0.0.1:53'
 	if [ "$dns_mod" = "fake-ip" ];then
 		dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org"], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 	else
 		dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, nameserver: ['$dns_nameserver$dns_local'], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 	fi
-###################################
 	#设置目录
 	yaml=$clashdir/config.yaml
 	tmpdir=/tmp/clash_$USER
@@ -218,10 +245,11 @@ modify_yaml(){
 	b=$(grep -n "^prox" $yaml | head -1 | cut -d ":" -f 1)
 	b=$((b-1))
 	mkdir -p $tmpdir > /dev/null
-	sed "${a},${b}d" $yaml > $tmpdir/rule.yaml
+	sed "${a},${b}d" $yaml > $tmpdir/proxy.yaml
 	#跳过本地tls证书验证
-	[ "$skip_cert" = "已开启" ] && sed -i '10,99s/skip-cert-verify: false/skip-cert-verify: true/' $tmpdir/rule.yaml
+	[ "$skip_cert" = "已开启" ] && sed -i '10,99s/skip-cert-verify: false/skip-cert-verify: true/' $tmpdir/proxy.yaml
 	#添加配置
+###################################
 	cat > $tmpdir/set.yaml <<EOF
 mixed-port: $mix_port
 redir-port: $redir_port
@@ -236,17 +264,34 @@ secret: $secret
 $tun
 $exper
 $dns
+store-selected: false
 EOF
-	cat $tmpdir/set.yaml $tmpdir/rule.yaml > $tmpdir/config.yaml
-	if [ "$tmpdir" != "$bindir" ];then #如果没有使用小闪存模式
-		cmp -s $tmpdir/config.yaml $yaml
+###################################
+	[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
+	#合并文件
+	cut -c 1- $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml > $tmpdir/config.yaml
+	#插入自定义规则
+	sed -i "/#自定义规则/d" $tmpdir/config.yaml
+	if [ -f $clashdir/rules.yaml ];then
+		while read line;do
+			[ -z "$(echo "$line " | grep '#')" ] && \
+			[ -n "$(echo "$line" | grep '\-\ ')" ] && \
+			line=$(echo "$line" | sed 's#/#\\/#') && \
+			sed -i "/^rules:/a\ $line #自定义规则" $tmpdir/config.yaml
+		done < $clashdir/rules.yaml
+	fi
+	#如果没有使用小闪存模式
+	if [ "$tmpdir" != "$bindir" ];then
+		compare $tmpdir/config.yaml $yaml
 		[ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml
 	fi
 	rm -f $tmpdir/set.yaml
-	rm -f $tmpdir/rule.yaml
+	rm -f $tmpdir/proxy.yaml
 }
 #设置路由规则
 start_redir(){
+	#获取本地局域网地址段
+	gethost
 	#流量过滤规则
 	iptables -t nat -N clash
 	iptables -t nat -A clash -d 0.0.0.0/8 -j RETURN
@@ -257,19 +302,35 @@ start_redir(){
 	iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
-	for mac in $(cat $clashdir/mac); do
-		iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
-	done
-	#设置防火墙流量转发
-	iptables -t nat -A clash -p tcp $ports-j REDIRECT --to-ports $redir_port
-	iptables -t nat -A PREROUTING -p tcp -j clash
-	#设置ipv6转发
-	if [ -n "ip6_nat" -a "$ipv6_support" = "已开启" ];then
-		ip6tables -t nat -N clashv6
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
 		for mac in $(cat $clashdir/mac); do
-			ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN
+			iptables -t nat -A clash -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
 		done
-		ip6tables -t nat -A clashv6 -p tcp $ports-j REDIRECT --to-ports $redir_port
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t nat -A clash -p tcp $ports -j REDIRECT --to-ports $redir_port
+	fi
+	iptables -t nat -A PREROUTING -p tcp $lanhost -j clash
+	#设置ipv6转发
+	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
+	if [ -n "$ip6_nat" -a "$ipv6_support" = "已开启" ];then
+		ip6tables -t nat -N clashv6
+		if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+			#mac白名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6 -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
+			done
+		else
+			#mac黑名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6 -m mac --mac-source $mac -j RETURN
+			done
+			ip6tables -t nat -A clashv6 -p tcp $ports -j REDIRECT --to-ports $redir_port
+		fi
 		ip6tables -t nat -A PREROUTING -p tcp -j clashv6
 	fi
 }
@@ -281,30 +342,50 @@ start_dns(){
 	fi
 	#设置dns转发
 	iptables -t nat -N clash_dns
-	for mac in $(cat $clashdir/mac); do
-		iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
-	done
-	iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to $dns_port
-	iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			iptables -t nat -A clash_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns -m mac --mac-source $mac -j RETURN
+		done	
+		iptables -t nat -A clash_dns -p udp --dport 53 -j REDIRECT --to $dns_port
+		iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
+	fi
 	iptables -t nat -A PREROUTING -p udp -j clash_dns
 	#Google home DNS特殊处理
 	iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash_dns
 	iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j clash_dns
 	#ipv6DNS
-	ip6_nat=$(ip6tables -t nat -L 2>&1|grep -o 'Chain')
-	if [ -n "ip6_nat" ];then
+	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
+	if [ -n "$ip6_nat" ];then
 		ip6tables -t nat -N clashv6_dns > /dev/null 2>&1
-		for mac in $(cat $clashdir/mac); do
-			ip6tables -t nat -A clashv6_dns -m mac --mac-source $mac -j RETURN > /dev/null 2>&1
-		done
-		ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port > /dev/null 2>&1
-		ip6tables -t nat -A PREROUTING -p udp -j clashv6_dns > /dev/null 2>&1
+		if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+			#mac白名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6_dns -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+				ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			done
+		else
+			#mac黑名单
+			for mac in $(cat $clashdir/mac); do
+				ip6tables -t nat -A clashv6_dns -m mac --mac-source $mac -j RETURN
+			done	
+			ip6tables -t nat -A clashv6_dns -p udp --dport 53 -j REDIRECT --to $dns_port
+			ip6tables -t nat -A clashv6_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
+		fi
+		ip6tables -t nat -A PREROUTING -p udp -j clashv6_dns
 	else
-		ip6tables -I INPUT -p tcp --dport 53 -j REJECT
-		ip6tables -I INPUT -p udp --dport 53 -j REJECT
+		ip6tables -I INPUT -p tcp --dport 53 -j REJECT > /dev/null 2>&1
+		ip6tables -I INPUT -p udp --dport 53 -j REJECT > /dev/null 2>&1
 	fi
 }
 start_udp(){
+	gethost	#获取本地局域网地址段
 	ip rule add fwmark 1 table 100
 	ip route add local default dev lo table 100
 	iptables -t mangle -N clash
@@ -316,32 +397,46 @@ start_udp(){
 	iptables -t mangle -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t mangle -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t mangle -A clash -d 240.0.0.0/4 -j RETURN
-	iptables -t mangle -A clash -p udp -j TPROXY --on-port $redir_port --tproxy-mark 1
-	iptables -t mangle -A PREROUTING -p udp -j clash
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t mangle -A clash -p udp -m mac --mac-source $mac -j TPROXY --on-port $redir_port --tproxy-mark 1
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t mangle -A clash -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t mangle -A clash -p udp -j TPROXY --on-port $redir_port --tproxy-mark 1
+	fi
+	iptables -t mangle -A PREROUTING -p udp $lanhost -j clash
 }
 stop_iptables(){
+	gethost #获取本地局域网地址段
     #重置iptables规则
-	iptables -t nat -D PREROUTING -p tcp -j clash > /dev/null 2>&1
-	iptables -t nat -D PREROUTING -p udp -j clash_dns > /dev/null 2>&1
-	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash_dns > /dev/null 2>&1
-	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash_dns > /dev/null 2>&1
-	iptables -t nat -F clash > /dev/null 2>&1
-	iptables -t nat -X clash > /dev/null 2>&1
-	iptables -t nat -F clash_dns > /dev/null 2>&1
-	iptables -t nat -X clash_dns > /dev/null 2>&1
-	iptables -D FORWARD -o utun -j ACCEPT > /dev/null 2>&1
+	ip rule del fwmark 1 table 100  2> /dev/null
+	ip route del local default dev lo table 100 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp $lanhost -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -p udp -j clash_dns 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash_dns 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash_dns 2> /dev/null
+	iptables -t nat -F clash 2> /dev/null
+	iptables -t nat -X clash 2> /dev/null
+	iptables -t nat -F clash_dns 2> /dev/null
+	iptables -t nat -X clash_dns 2> /dev/null
+	iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
 	#重置udp规则
-	iptables -t mangle -D PREROUTING -p udp -j clash > /dev/null 2>&1
-	iptables -t mangle -F clash > /dev/null 2>&1
-	iptables -t mangle -X clash > /dev/null 2>&1
+	iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null
+	iptables -t mangle -F clash 2> /dev/null
+	iptables -t mangle -X clash 2> /dev/null
 	#重置ipv6规则
-	ip6tables -t nat -D PREROUTING -p tcp -j clashv6 > /dev/null 2>&1
-	ip6tables -t nat -D PREROUTING -p udp -j clashv6_dns > /dev/null 2>&1
-	ip6tables -t nat -F clashv6 > /dev/null 2>&1
-	ip6tables -t nat -X clashv6 > /dev/null 2>&1
-	ip6tables -t nat -F clashv6_dns > /dev/null 2>&1
-	ip6tables -t nat -X clashv6_dns > /dev/null 2>&1
-	ip6tables -D FORWARD -o utun -j ACCEPT > /dev/null 2>&1
+	ip6tables -t nat -D PREROUTING -p tcp -j clashv6 2> /dev/null
+	ip6tables -t nat -D PREROUTING -p udp -j clashv6_dns 2> /dev/null
+	ip6tables -t nat -F clashv6 2> /dev/null
+	ip6tables -t nat -X clashv6 2> /dev/null
+	ip6tables -t nat -F clashv6_dns 2> /dev/null
+	ip6tables -t nat -X clashv6_dns 2> /dev/null
+	ip6tables -D FORWARD -o utun -j ACCEPT 2> /dev/null
 }
 #面板配置保存相关
 web_save(){
@@ -357,10 +452,18 @@ web_save(){
 		fi
 	}
 	#使用get_save获取面板节点设置
-	get_save http://localhost:${db_port}/proxies | awk -F "{" '{for(i=1;i<=NF;i++) print $i}' | grep -E '^"all".*"Selector"' | grep -oE '"name".*"now".*",' | sed 's/"name"://g' | sed 's/"now"://g'| sed 's/"//g' > /tmp/clash_web_save_$USER
-	#对比文件，如果有变动则写入磁盘，否则清除缓存
-	cmp -s /tmp/clash_web_save_$USER $clashdir/web_save
-	[ "$?" = 0 ] && rm -rf /tmp/clash_web_save_$USER || mv -f /tmp/clash_web_save_$USER $clashdir/web_save
+	get_save http://localhost:${db_port}/proxies | awk -F "{" '{for(i=1;i<=NF;i++) print $i}' | grep -E '^"all".*"Selector"' > /tmp/clash_web_check_$USER
+	while read line ;do
+		def=$(echo $line | awk -F "[[,]" '{print $2}')
+		now=$(echo $line | grep -oE '"now".*",' | sed 's/"now"://g'| sed 's/,//g')
+		[ "$def" != "$now" ] && echo $line | grep -oE '"name".*"now".*",' | sed 's/"name"://g' | sed 's/"now"://g'| sed 's/"//g' >> /tmp/clash_web_save_$USER
+	done < /tmp/clash_web_check_$USER
+	rm -rf /tmp/clash_web_check_$USER
+	#对比文件，如果有变动且不为空则写入磁盘，否则清除缓存
+	if [ -s /tmp/clash_web_save_$USER ];then
+		compare /tmp/clash_web_save_$USER $clashdir/web_save
+		[ "$?" = 0 ] && rm -rf /tmp/clash_web_save_$USER || mv -f /tmp/clash_web_save_$USER $clashdir/web_save
+	fi
 }
 web_restore(){
 	put_save(){
@@ -372,8 +475,7 @@ web_restore(){
 	}
 	#设置循环检测clash面板端口
 	i=1
-	while [ $i -lt 10 ]
-	do
+	while [ $i -lt 10 ];do
 		sleep 1
 		if curl --version > /dev/null 2>&1;then
 			test=$(curl -s http://localhost:${db_port})
@@ -390,13 +492,10 @@ web_restore(){
 		now_name=$(awk -F ',' 'NR=="'${i}'" {print $2}' $clashdir/web_save)
 		put_save http://localhost:${db_port}/proxies/${group_name} "{\"name\":\"${now_name}\"}"
 	done
-	exit 0
 }
 #启动相关
 catpac(){
-	host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
-	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '192.|10.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
-	[ -z "$host" ] && host=127.0.0.1
+	gethost
 	cat > /tmp/clash_pac <<EOF
 function FindProxyForURL(url, host) {
 	if (
@@ -411,22 +510,26 @@ function FindProxyForURL(url, host) {
 	)
 		return "DIRECT";
 	else
-		return "SOCKS5 $host:$mix_port; PROXY $host:$mix_port; DIRECT;"
+		return "PROXY $host:$mix_port; DIRECT; SOCKS5 $host:$mix_port"
 }
 EOF
-	cmp -s /tmp/clash_pac $bindir/ui/pac
+	compare /tmp/clash_pac $bindir/ui/pac
 	[ "$?" = 0 ] && rm -rf /tmp/clash_pac || mv -f /tmp/clash_pac $bindir/ui/pac
 }
 bfstart(){
+	#读取配置文件
+	getconfig
 	[ ! -d $bindir/ui ] && mkdir -p $bindir/ui
 	[ -z "$update_url" ] && update_url=https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master
 	#检查clash核心
 	if [ ! -f $bindir/clash ];then
 		if [ -f $clashdir/clash ];then
-			mv $clashdir/clash $bindir/clash && chmod 777 $bindir/clash
+			mv $clashdir/clash $bindir/clash && chmod +x $bindir/clash
 		else
 			logger "未找到clash核心，正在下载！" 33
-			[ -z "$clashcore" ] && clashcore=clash
+			if [ -z "$clashcore" ];then
+				[ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ] && clashcore=clashpre || clashcore=clash
+			fi
 			[ -z "$cpucore" ] && source $clashdir/getdate.sh && getcpucore
 			[ -z "$cpucore" ] && logger 找不到设备的CPU信息，请手动指定处理器架构类型！ 31 && setcpucore
 			webget $bindir/clash "$update_url/bin/$clashcore/clash-linux-$cpucore"
@@ -442,10 +545,11 @@ bfstart(){
 			mv $clashdir/Country.mmdb $bindir/Country.mmdb
 		else
 			logger "未找到GeoIP数据库，正在下载！" 33
-			webget $bindir/Country.mmdb $update_url/bin/Country.mmdb
+			[ -z "$geotype" ] && geotype=cn_mini.mmdb
+			webget $bindir/Country.mmdb $update_url/bin/$geotype
 			[ "$?" = 1 ] && logger "数据库下载失败，已退出！" 31 && rm -f $bindir/Country.mmdb && exit 1
-			GeoIP_v=$(date +"%Y%m%d")
-			setconfig GeoIP_v $GeoIP_v
+			Geo_v=$(date +"%Y%m%d")
+			setconfig Geo_v $Geo_v
 		fi
 	fi
 	#检查dashboard文件
@@ -466,11 +570,12 @@ bfstart(){
 	fi
 }
 afstart(){
+
 	#读取配置文件
 	getconfig
 	$bindir/clash -t -d $bindir >/dev/null
 	if [ "$?" = 0 ];then
-		#修改iptables规则使流量进入clash
+		#设置iptables转发规则
 		[ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && start_dns
 		[ "$redir_mod" != "纯净模式" ] && [ "$redir_mod" != "Tun模式" ] && start_redir
 		[ "$redir_mod" = "Redir模式" ] && [ "$tproxy_mod" = "已开启" ] && start_udp
@@ -483,17 +588,17 @@ afstart(){
 		[ -f $clashdir/web_save ] && web_restore & #后台还原面板配置
 	else
 		logger "clash服务启动失败！请查看报错信息！" 31
-		logger `$bindir/clash -t -d $bindir 1>&0` 0
-		$0 stop &
+		$bindir/clash -t -d $bindir
+		echo "$($bindir/clash -t -d $bindir)" >> $clashdir/log
+		$0 stop
 		exit 1
 	fi
-	exit 0
 }
 start_old(){
 	#使用传统后台执行二进制文件的方式执行
 	$bindir/clash -d $bindir >/dev/null &
 	afstart
-	daemon
+	$0 daemon
 }
 
 case "$1" in
@@ -509,6 +614,7 @@ start)
 		getconfig
 		#检测必须文件并下载
 		bfstart
+		stop_iptables #清理iptables
 		#使用内置规则强行覆盖config配置文件
 		[ "$modify_yaml" != "已开启" ] && modify_yaml
 		#使用不同方式启动clash服务
@@ -524,7 +630,7 @@ start)
 	;;
 stop)	
 		getconfig
-		web_save #保存面板配置
+		[ -n "$(pidof clash)" ] && web_save #保存面板配置
 		#删除守护进程&面板配置自动保存
 		cronset "clash保守模式守护进程"
 		cronset "保存节点配置"
@@ -546,17 +652,28 @@ getyaml)
 		getconfig
 		getyaml
 		;;
+updateyaml)	
+		$0 getyaml
+		$0 restart
+		;;
 webget)
-		webget $1 $2 $3 $4
+		webget $2 $3 $4 $5
 		;;
 web_save)
 		getconfig
 		web_save
 	;;
+web_restore)
+		getconfig
+		web_restore
+	;;
 daemon)
 		getconfig
 		cronset '#clash保守模式守护进程' "*/1 * * * * test -z \"$(pidof clash)\" && $clashdir/start.sh restart #clash保守模式守护进程"
 	;;
+cronset)
+		cronset $2 $3
+	;;
 set_proxy)
 		getconfig
 		#GNOME配置