v1.4.1-正式版

适配：
~适配Padavan系统及梅林固件（限384以上版本）
~适配移动ax18等低版本内核设备
功能：
~更新最新版本Geoip数据库文件
~增加CN-IP绕过内核功能
~增加对谷歌dns的强制代理配置（用于解决奈飞TV端问题）
~本机代理功能增加iptables增强模式
~增加开启公网访问Dashboard面板及混合代理端口功能
~增加支持本机Docker代理(需docker网卡设置为bridge模式)
~增加clash -u卸载命令
~增加了部分fake-ip-filter地址
优化：
~优化更新机制，修复出错bug
~优化安装脚本及安装说明
~大量菜单描述相关优化
BUG修复：
~修复部分设备1.4.0覆盖更新后无法开机启动的bug
~修复mesh设备开机启动后clash无法正常工作的bug
~修复小闪存模式设为Github源时无法正常开机启动的bug
~修复加密DNS无法正确配置的bug
~修复保存设置时部分bug
~自定义host功能bug修复
~导入配置相关bug修复
~修复crontab命令偶尔报错的问题
~版本及安装源描述优化，增加HTTP专属源（感谢酱紫表同学提供服务器！）

README.md

@@ -37,21 +37,33 @@ opkg update && opkg install curl
 ##### ~Use curl:<br>
 
 ```Shell
-#Release version - by github
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
-#Release version - by jsdelivrCDN
-sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
-#Test version - by github
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
+#By github
+export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+#By jsdelivrCDN
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
 ```
 
 ##### ~Use wget：<br>
 
 ```sh
-#Release version - by jsdelivrCDN
-wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+#By jsdelivrCDN
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
+~**Use a low version of wget (prompt not to support https) local installation**:<br> First clone the project to the local under the window (or [click to download the project source code zip package](https://github.com/juewuy/ShellClash/archive/refs/heads/master.zip) to the local and decompress it) 
+
+```sh
+sh git clone https://github.com/juewuy/ShellClash.git
+```
+
+ Then open /project address/ShellClash/bin/hfs/hfs.exe Click menu-add directory from disk-{find the directory where ShellClash source code is located}-add as real directory Click on the menu-IP address-{choose the actual IP address of your LAN} Click ShellClash-click to copy to clipboard Then use the following command to install in SSH 
+
+```sh
+sh export url='Paste the copied address here' && wget -q -O /tmp/install.sh $url/install.sh && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+ Later, when updating the version, you need to update the local version library and open the hfs service, and then update in the SSH menu, and then you can build a local server through hfs to realize the function of uploading and updating the yaml configuration file 
+
 ~**After installation by non-root users**, please execute the following additional commands to read environment variables:<br>
 
 ```shell
@@ -63,6 +75,7 @@ source ~/.bashrc &> /dev/null
 ```Shell
 clash #normal mode
 clash -h #help
+clash -u #uninstall
 clash -t #test mode
 ```
 
@@ -98,9 +111,11 @@ ubus/iproute-doc	minimal		The host address of the machine cannot be obtained nor
 
 ### [See blog for details](https://juewuy.github.io)
 
-## Donate this project
+## Donate：
 
-### [Go to page](https://juewuy.github.io/yOF4Yf06Q/)
+​		Alipay									WeChat
+
+##### <img src="http://juewuy.github.io/post-images/1604390977172.png" style="zoom:50%;" /><img src="http://juewuy.github.io/post-images/1604391042406.png" style="zoom:50%;" />
 
 ## Friendly promotion: 
 

README_CN.md

@@ -21,13 +21,13 @@
 ~通过管理脚本在Shell环境下便捷使用[Clash](https://github.com/Dreamacro/clash)<br>
 ~支持在Shell环境下管理[Clash各种功能](https://lancellc.gitbook.io/clash)<br>
 ~支持在线导入[Clash](https://github.com/Dreamacro/clash)支持的分享、订阅及配置链接<br>~支持配置定时任务，支持配置文件定时更新<br>~支持在线安装及使用本地网页面板管理内置规则<br>
-~支持路由模式、本机模式等多种模式切换<br>~支持GNOME、KDE桌面自动配置本机模式<br>~支持在线更新<br>
+~支持路由模式、本机模式等多种模式切换<br>~支持在线更新<br>
 
 设备支持：
 --
 
 ~支持各种基于OpenWrt或使用OpenWrt二次定制开发的路由器设备<br>
-~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件<br>~兼容各类使用Linux内核定制开发的各类型设备<br>
+~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件以及华硕/梅林固件<br>~兼容各类使用Linux内核定制开发的各类型设备<br>
 
 ——————————<br>
 ~更多设备支持，请提issue或前往TG群反馈（需提供设备名称及运行uname -a返回的设备核心信息）<br>
@@ -36,10 +36,10 @@
 --
 ~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
 ~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
-~确认设备已经安装curl或者wget下载工具。如未安装，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
+~确认设备已经安装curl或者wget下载工具。**如未安装**，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
 
 ```shell
-opkg update && opkg install curl
+opkg update && opkg install curl #如已安装请忽略
 ```
 
 ~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
@@ -47,19 +47,24 @@ opkg update && opkg install curl
 ~**使用curl安装**：<br>
 
 ```Shell
-#Release版本-github直连
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
-#Release版本-jsdelivrCDN源
-sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
-#Test版本-github直连
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
+#github直连
+export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+#jsdelivrCDN源
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
 ```
 
 ~**使用wget安装**：<br>
 
 ```sh
 #Release版本-jsdelivrCDN源
-wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+~**使用低版本wget（提示不支持https）安装**：<br>
+
+```sh
+#Test版本-酱紫表私人http源
+export url='http://sc.qust.me/' && wget -q -O /tmp/install.sh $url/install_n.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
 ~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>
@@ -73,6 +78,7 @@ source ~/.bashrc &> /dev/null
 ```Shell
 clash #正常模式运行
 clash -h #脚本帮助及说明
+clash -u #卸载脚本
 clash -t #测试模式运行
 ```
 
@@ -108,9 +114,11 @@ ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
 
 ### [详见博客](https://juewuy.github.io)
 
-## 捐赠此项目：
+## 请喝杯茶：
 
-### [前往页面](https://juewuy.github.io/yOF4Yf06Q/)
+​		支付宝										微信
+
+##### <img src="http://juewuy.github.io/post-images/1604390977172.png" style="zoom:50%;" /><img src="http://juewuy.github.io/post-images/1604391042406.png" style="zoom:50%;" />
 
 友情推广：
 --

bin/ca-certificates.crt

@@ -1,7 +1,7 @@
 ##
 ## Bundle of CA Root Certificates
 ##
-## Certificate data from Mozilla as of: Tue Dec  8 22:06:48 2020 GMT
+## Certificate data from Mozilla as of: Sat Jun 12 22:07:57 2021 GMT
 ##
 ## This is a bundle of X.509 certificates of public Certificate Authorities
 ## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
 ## Just configure this file as the SSLCACertificateFile.
 ##
 ## Conversion done with mk-ca-bundle.pl version 1.28.
-## SHA256: d820b8696d8ffe42064a1384a56a8981cdc7e7e198036bbb5fa04a6c282dd9a2
+## SHA256: e292bd4e2d500c86df45b830d89417be5c42ee670408f1d2c454c63d8a782865
 ##
 
 
@@ -132,87 +132,6 @@ W3iDVuycNsMm4hH2Z0kdkquM++v/eu6FSqdQgPCnXEqULl8FmTxSQeDNtGPPAUO6nIPcj2A781q0
 tHuu2guQOHXvgR1m0vdXcDazv/wor3ElhVsT/h5/WrQ8
 -----END CERTIFICATE-----
 
-GeoTrust Global CA
-==================
------BEGIN CERTIFICATE-----
-MIIDVDCCAjygAwIBAgIDAjRWMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVTMRYwFAYDVQQK
-Ew1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9iYWwgQ0EwHhcNMDIwNTIxMDQw
-MDAwWhcNMjIwNTIxMDQwMDAwWjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5j
-LjEbMBkGA1UEAxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9mOSm9BXiLnTjo
-BbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIuT8rxh0PBFpVXLVDviS2Aelet
-8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6cJmTM386DGXHKTubU1XupGc1V3sjs0l44U+Vc
-T4wt/lAjNvxm5suOpDkZALeVAjmRCw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagU
-vTLrGAMoUgRx5aszPeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo1MwUTAPBgNVHRMBAf8EBTAD
-AQH/MB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrMTjAfBgNVHSMEGDAWgBTAephojYn7qwVk
-DBF9qn1luMrMTjANBgkqhkiG9w0BAQUFAAOCAQEANeMpauUvXVSOKVCUn5kaFOSPeCpilKInZ57Q
-zxpeR+nBsqTP3UEaBU6bS+5Kb1VSsyShNwrrZHYqLizz/Tt1kL/6cdjHPTfStQWVYrmm3ok9Nns4
-d0iXrKYgjy6myQzCsplFAMfOEVEiIuCl6rYVSAlk6l5PdPcFPseKUgzbFbS9bZvlxrFUaKnjaZC2
-mqUPuLk/IH2uSrW4nOQdtqvmlKXBx4Ot2/Unhw4EbNX/3aBd7YdStysVAq45pmp06drE57xNNB6p
-XE0zX5IJL4hmXXeXxx12E6nV5fEWCRE11azbJHFwLJhWC9kXtNHjUStedejV0NxPNO3CBWaAocvm
-Mw==
------END CERTIFICATE-----
-
-GeoTrust Universal CA
-=====================
------BEGIN CERTIFICATE-----
-MIIFaDCCA1CgAwIBAgIBATANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
-R2VvVHJ1c3QgSW5jLjEeMBwGA1UEAxMVR2VvVHJ1c3QgVW5pdmVyc2FsIENBMB4XDTA0MDMwNDA1
-MDAwMFoXDTI5MDMwNDA1MDAwMFowRTELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IElu
-Yy4xHjAcBgNVBAMTFUdlb1RydXN0IFVuaXZlcnNhbCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIP
-ADCCAgoCggIBAKYVVaCjxuAfjJ0hUNfBvitbtaSeodlyWL0AG0y/YckUHUWCq8YdgNY96xCcOq9t
-JPi8cQGeBvV8Xx7BDlXKg5pZMK4ZyzBIle0iN430SppyZj6tlcDgFgDgEB8rMQ7XlFTTQjOgNB0e
-RXbdT8oYN+yFFXoZCPzVx5zw8qkuEKmS5j1YPakWaDwvdSEYfyh3peFhF7em6fgemdtzbvQKoiFs
-7tqqhZJmr/Z6a4LauiIINQ/PQvE1+mrufislzDoR5G2vc7J2Ha3QsnhnGqQ5HFELZ1aD/ThdDc7d
-8Lsrlh/eezJS/R27tQahsiFepdaVaH/wmZ7cRQg+59IJDTWU3YBOU5fXtQlEIGQWFwMCTFMNaN7V
-qnJNk22CDtucvc+081xdVHppCZbW2xHBjXWotM85yM48vCR85mLK4b19p71XZQvk/iXttmkQ3Cga
-Rr0BHdCXteGYO8A3ZNY9lO4L4fUorgtWv3GLIylBjobFS1J72HGrH4oVpjuDWtdYAVHGTEHZf9hB
-Z3KiKN9gg6meyHv8U3NyWfWTehd2Ds735VzZC1U0oqpbtWpU5xPKV+yXbfReBi9Fi1jUIxaS5BZu
-KGNZMN9QAZxjiRqf2xeUgnA3wySemkfWWspOqGmJch+RbNt+nhutxx9z3SxPGWX9f5NAEC7S8O08
-ni4oPmkmM8V7AgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNq7LqqwDLiIJlF0
-XG0D08DYj3rWMB8GA1UdIwQYMBaAFNq7LqqwDLiIJlF0XG0D08DYj3rWMA4GA1UdDwEB/wQEAwIB
-hjANBgkqhkiG9w0BAQUFAAOCAgEAMXjmx7XfuJRAyXHEqDXsRh3ChfMoWIawC/yOsjmPRFWrZIRc
-aanQmjg8+uUfNeVE44B5lGiku8SfPeE0zTBGi1QrlaXv9z+ZhP015s8xxtxqv6fXIwjhmF7DWgh2
-qaavdy+3YL1ERmrvl/9zlcGO6JP7/TG37FcREUWbMPEaiDnBTzynANXH/KttgCJwpQzgXQQpAvvL
-oJHRfNbDflDVnVi+QTjruXU8FdmbyUqDWcDaU/0zuzYYm4UPFd3uLax2k7nZAY1IEKj79TiG8dsK
-xr2EoyNB3tZ3b4XUhRxQ4K5RirqNPnbiucon8l+f725ZDQbYKxek0nxru18UGkiPGkzns0ccjkxF
-KyDuSN/n3QmOGKjaQI2SJhFTYXNd673nxE0pN2HrrDktZy4W1vUAg4WhzH92xH3kt0tm7wNFYGm2
-DFKWkoRepqO1pD4r2czYG0eq8kTaT/kD6PAUyz/zg97QwVTjt+gKN02LIFkDMBmhLMi9ER/frslK
-xfMnZmaGrGiR/9nmUxwPi1xpZQomyB40w11Re9epnAahNt3ViZS82eQtDF4JbAiXfKM9fJP/P6EU
-p8+1Xevb2xzEdt+Iub1FBZUbrvxGakyvSOPOrg/SfuvmbJxPgWp6ZKy7PtXny3YuxadIwVyQD8vI
-P/rmMuGNG2+k5o7Y+SlIis5z/iw=
------END CERTIFICATE-----
-
-GeoTrust Universal CA 2
-=======================
------BEGIN CERTIFICATE-----
-MIIFbDCCA1SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMN
-R2VvVHJ1c3QgSW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwHhcNMDQwMzA0
-MDUwMDAwWhcNMjkwMzA0MDUwMDAwWjBHMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3Qg
-SW5jLjEgMB4GA1UEAxMXR2VvVHJ1c3QgVW5pdmVyc2FsIENBIDIwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQCzVFLByT7y2dyxUxpZKeexw0Uo5dfR7cXFS6GqdHtXr0om/Nj1XqduGdt0
-DE81WzILAePb63p3NeqqWuDW6KFXlPCQo3RWlEQwAx5cTiuFJnSCegx2oG9NzkEtoBUGFF+3Qs17
-j1hhNNwqCPkuwwGmIkQcTAeC5lvO0Ep8BNMZcyfwqph/Lq9O64ceJHdqXbboW0W63MOhBW9Wjo8Q
-JqVJwy7XQYci4E+GymC16qFjwAGXEHm9ADwSbSsVsaxLse4YuU6W3Nx2/zu+z18DwPw76L5GG//a
-QMJS9/7jOvdqdzXQ2o3rXhhqMcceujwbKNZrVMaqW9eiLBsZzKIC9ptZvTdrhrVtgrrY6slWvKk2
-WP0+GfPtDCapkzj4T8FdIgbQl+rhrcZV4IErKIM6+vR7IVEAvlI4zs1meaj0gVbi0IMJR1FbUGrP
-20gaXT73y/Zl92zxlfgCOzJWgjl6W70viRu/obTo/3+NjN8D8WBOWBFM66M/ECuDmgFz2ZRthAAn
-ZqzwcEAJQpKtT5MNYQlRJNiS1QuUYbKHsu3/mjX/hVTK7URDrBs8FmtISgocQIgfksILAAX/8sgC
-SqSqqcyZlpwvWOB94b67B9xfBHJcMTTD7F8t4D1kkCLm0ey4Lt1ZrtmhN79UNdxzMk+MBB4zsslG
-8dhcyFVQyWi9qLo2CQIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR281Xh+qQ2
-+/CfXGJx7Tz0RzgQKzAfBgNVHSMEGDAWgBR281Xh+qQ2+/CfXGJx7Tz0RzgQKzAOBgNVHQ8BAf8E
-BAMCAYYwDQYJKoZIhvcNAQEFBQADggIBAGbBxiPz2eAubl/oz66wsCVNK/g7WJtAJDday6sWSf+z
-dXkzoS9tcBc0kf5nfo/sm+VegqlVHy/c1FEHEv6sFj4sNcZj/NwQ6w2jqtB8zNHQL1EuxBRa3ugZ
-4T7GzKQp5y6EqgYweHZUcyiYWTjgAA1i00J9IZ+uPTqM1fp3DRgrFg5fNuH8KrUwJM/gYwx7WBr+
-mbpCErGR9Hxo4sjoryzqyX6uuyo9DRXcNJW2GHSoag/HtPQTxORb7QrSpJdMKu0vbBKJPfEncKpq
-A1Ihn0CoZ1Dy81of398j9tx4TuaYT1U6U+Pv8vSfx3zYWK8pIpe44L2RLrB27FcRz+8pRPPphXpg
-Y+RdM4kX2TGq2tbzGDVyz4crL2MjhF2EjD9XoIj8mZEoJmmZ1I+XRL6O1UixpCgp8RW04eWe3fiP
-pm8m1wk8OhwRDqZsN/etRIcsKMfYdIKz0G9KV7s1KSegi+ghp4dkNl3M2Basx7InQJJVOCiNUW7d
-FGdTbHFcJoRNdVq2fmBWqU2t+5sel/MN2dKXVHfaPRK34B7vCAas+YWH6aLcr34YEoP9VhdBLtUp
-gn2Z9DH2canPLAEnpQW5qrJITirvn5NSUZU8UnOOVkwXQMAJKOSLakhT2+zNVVXxxvjpoixMptEm
-X36vWkzaH6byHCx+rgIW0lbQL1dTR+iS
------END CERTIFICATE-----
-
 Comodo AAA Services root
 ========================
 -----BEGIN CERTIFICATE-----
@@ -596,78 +515,6 @@ DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
 DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
 -----END CERTIFICATE-----
 
-GeoTrust Primary Certification Authority
-========================================
------BEGIN CERTIFICATE-----
-MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx
-CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ
-cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN
-b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9
-nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge
-RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt
-tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI
-hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K
-Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN
-NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa
-Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
-1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
------END CERTIFICATE-----
-
-thawte Primary Root CA
-======================
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE
-BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
-aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3
-MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg
-SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv
-KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT
-FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
-oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ
-1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc
-q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K
-aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p
-afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF
-AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
-uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
-xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89
-jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH
-z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
------END CERTIFICATE-----
-
-VeriSign Class 3 Public Primary Certification Authority - G5
-============================================================
------BEGIN CERTIFICATE-----
-MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
-yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
-dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
-j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
-Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
-Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
-fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
-BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
-Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
-aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
-SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
-X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
-KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
-Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
-ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
------END CERTIFICATE-----
-
 SecureTrust CA
 ==============
 -----BEGIN CERTIFICATE-----
@@ -871,136 +718,6 @@ vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
 TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
 -----END CERTIFICATE-----
 
-GeoTrust Primary Certification Authority - G3
-=============================================
------BEGIN CERTIFICATE-----
-MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE
-BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0
-IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy
-eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz
-NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo
-YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
-LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j
-K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE
-c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C
-IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu
-dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC
-MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr
-2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9
-cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
-Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
-AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s
-t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
------END CERTIFICATE-----
-
-thawte Primary Root CA - G2
-===========================
------BEGIN CERTIFICATE-----
-MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC
-VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu
-IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg
-Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV
-MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG
-b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt
-IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS
-LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5
-8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
-mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN
-G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K
-rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
------END CERTIFICATE-----
-
-thawte Primary Root CA - G3
-===========================
------BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE
-BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
-aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w
-ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
-d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
-VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG
-A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At
-P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC
-+BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY
-7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW
-vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ
-KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
-A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
-t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC
-8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm
-er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
------END CERTIFICATE-----
-
-GeoTrust Primary Certification Authority - G2
-=============================================
------BEGIN CERTIFICATE-----
-MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1
-OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
-MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl
-b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG
-BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc
-KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+
-EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m
-ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2
-npaqBA+K
------END CERTIFICATE-----
-
-VeriSign Universal Root Certification Authority
-===============================================
------BEGIN CERTIFICATE-----
-MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV
-UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
-cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj
-1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP
-MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72
-9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I
-AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR
-tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G
-CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
-a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
-DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3
-Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx
-Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx
-P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P
-wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
-mJO37M2CYfE45k+XmCpajQ==
------END CERTIFICATE-----
-
-VeriSign Class 3 Public Primary Certification Authority - G4
-============================================================
------BEGIN CERTIFICATE-----
-MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC
-VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
-b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz
-ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo
-b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8
-Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz
-rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
-HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u
-Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD
-A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
-AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
------END CERTIFICATE-----
-
 NetLock Arany (Class Gold) Főtanúsítvány
 ========================================
 -----BEGIN CERTIFICATE-----
@@ -1176,82 +893,6 @@ Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
 WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
 -----END CERTIFICATE-----
 
-Chambers of Commerce Root - 2008
-================================
------BEGIN CERTIFICATE-----
-MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD
-MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
-bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
-QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy
-Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl
-ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
-EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl
-cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA
-XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj
-h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/
-ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk
-NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g
-D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331
-lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
-0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
-ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2
-EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI
-G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ
-BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh
-bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh
-bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC
-CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
-AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1
-wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH
-3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU
-RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6
-M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1
-YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF
-9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
-zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG
-nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
-OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
------END CERTIFICATE-----
-
-Global Chambersign Root - 2008
-==============================
------BEGIN CERTIFICATE-----
-MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD
-MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
-bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
-QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx
-NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg
-Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
-QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
-aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf
-VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf
-XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0
-ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB
-/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA
-TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M
-H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe
-Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
-HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
-wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB
-AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT
-BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE
-BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
-aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
-aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp
-1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0
-dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG
-/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6
-ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s
-dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg
-9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH
-foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du
-qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
-P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq
-c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
-09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
------END CERTIFICATE-----
-
 Go Daddy Root Certificate Authority - G2
 ========================================
 -----BEGIN CERTIFICATE-----
@@ -2218,36 +1859,6 @@ uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
 yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
 -----END CERTIFICATE-----
 
-Staat der Nederlanden Root CA - G3
-==================================
------BEGIN CERTIFICATE-----
-MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
-CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
-Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC
-TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
-ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y
-olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t
-x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy
-EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K
-Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur
-mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5
-1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp
-07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo
-FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE
-41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB
-AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu
-yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD
-U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq
-KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1
-v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA
-8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b
-8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r
-mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq
-1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI
-JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV
-tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk=
------END CERTIFICATE-----
-
 Staat der Nederlanden EV Root CA
 ================================
 -----BEGIN CERTIFICATE-----
@@ -3433,3 +3044,95 @@ HQ8BAf8EBQMDBwYAMB0GA1UdDgQWBBRVqYSJ0sEyvRjLbKYHTsjnnb6CkDAKBggqhkjOPQQDAwNn
 ADBkAjA3AZKXRRJ+oPM+rRk6ct30UJMDEr5E0k9BpIycnR+j9sKS50gU/k6bpZFXrsY3crsCMGcl
 CrEMXu6pY5Jv5ZAL/mYiykf9ijH3g/56vxC+GCsej/YpHpRZ744hN8tRmKVuSw==
 -----END CERTIFICATE-----
+
+NAVER Global Root Certification Authority
+=========================================
+-----BEGIN CERTIFICATE-----
+MIIFojCCA4qgAwIBAgIUAZQwHqIL3fXFMyqxQ0Rx+NZQTQ0wDQYJKoZIhvcNAQEMBQAwaTELMAkG
+A1UEBhMCS1IxJjAkBgNVBAoMHU5BVkVSIEJVU0lORVNTIFBMQVRGT1JNIENvcnAuMTIwMAYDVQQD
+DClOQVZFUiBHbG9iYWwgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0xNzA4MTgwODU4
+NDJaFw0zNzA4MTgyMzU5NTlaMGkxCzAJBgNVBAYTAktSMSYwJAYDVQQKDB1OQVZFUiBCVVNJTkVT
+UyBQTEFURk9STSBDb3JwLjEyMDAGA1UEAwwpTkFWRVIgR2xvYmFsIFJvb3QgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC21PGTXLVAiQqrDZBb
+UGOukJR0F0Vy1ntlWilLp1agS7gvQnXp2XskWjFlqxcX0TM62RHcQDaH38dq6SZeWYp34+hInDEW
++j6RscrJo+KfziFTowI2MMtSAuXaMl3Dxeb57hHHi8lEHoSTGEq0n+USZGnQJoViAbbJAh2+g1G7
+XNr4rRVqmfeSVPc0W+m/6imBEtRTkZazkVrd/pBzKPswRrXKCAfHcXLJZtM0l/aM9BhK4dA9WkW2
+aacp+yPOiNgSnABIqKYPszuSjXEOdMWLyEz59JuOuDxp7W87UC9Y7cSw0BwbagzivESq2M0UXZR4
+Yb8ObtoqvC8MC3GmsxY/nOb5zJ9TNeIDoKAYv7vxvvTWjIcNQvcGufFt7QSUqP620wbGQGHfnZ3z
+VHbOUzoBppJB7ASjjw2i1QnK1sua8e9DXcCrpUHPXFNwcMmIpi3Ua2FzUCaGYQ5fG8Ir4ozVu53B
+A0K6lNpfqbDKzE0K70dpAy8i+/Eozr9dUGWokG2zdLAIx6yo0es+nPxdGoMuK8u180SdOqcXYZai
+cdNwlhVNt0xz7hlcxVs+Qf6sdWA7G2POAN3aCJBitOUt7kinaxeZVL6HSuOpXgRM6xBtVNbv8ejy
+YhbLgGvtPe31HzClrkvJE+2KAQHJuFFYwGY6sWZLxNUxAmLpdIQM201GLQIDAQABo0IwQDAdBgNV
+HQ4EFgQU0p+I36HNLL3s9TsBAZMzJ7LrYEswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMB
+Af8wDQYJKoZIhvcNAQEMBQADggIBADLKgLOdPVQG3dLSLvCkASELZ0jKbY7gyKoNqo0hV4/GPnrK
+21HUUrPUloSlWGB/5QuOH/XcChWB5Tu2tyIvCZwTFrFsDDUIbatjcu3cvuzHV+YwIHHW1xDBE1UB
+jCpD5EHxzzp6U5LOogMFDTjfArsQLtk70pt6wKGm+LUx5vR1yblTmXVHIloUFcd4G7ad6Qz4G3bx
+hYTeodoS76TiEJd6eN4MUZeoIUCLhr0N8F5OSza7OyAfikJW4Qsav3vQIkMsRIz75Sq0bBwcupTg
+E34h5prCy8VCZLQelHsIJchxzIdFV4XTnyliIoNRlwAYl3dqmJLJfGBs32x9SuRwTMKeuB330DTH
+D8z7p/8Dvq1wkNoL3chtl1+afwkyQf3NosxabUzyqkn+Zvjp2DXrDige7kgvOtB5CTh8piKCk5XQ
+A76+AqAF3SAi428diDRgxuYKuQl1C/AH6GmWNcf7I4GOODm4RStDeKLRLBT/DShycpWbXgnbiUSY
+qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG
+I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg
+kpzNNIaRkPpkUZ3+/uul9XXeifdy
+-----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM SERVIDORES SEGUROS
+===================================
+-----BEGIN CERTIFICATE-----
+MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF
+UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy
+NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4
+MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
+UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB
+QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2
+LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG
+SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD
+zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c=
+-----END CERTIFICATE-----
+
+GlobalSign Root R46
+===================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv
+b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX
+BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es
+CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/
+r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje
+2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt
+bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj
+K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4
+12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on
+ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls
+eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9
+vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM
+BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
+JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy
+gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92
+CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm
+OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq
+JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye
+qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz
+nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7
+DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3
+QEUxeCp6
+-----END CERTIFICATE-----
+
+GlobalSign Root E46
+===================
+-----BEGIN CERTIFICATE-----
+MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT
+AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg
+RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV
+BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB
+jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj
+QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL
+gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk
+vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+
+CAezNIm8BZ/3Hobui3A=
+-----END CERTIFICATE-----

bin/release_version

@@ -1,6 +1,8 @@
-1.0.0beta18.2
+1.4.1
+1.3.0
+1.2.0
+1.1.0
 1.0.0beta17
-1.0.0beta15
 1.0.0beta11
 1.0.0beta5
 0.9.7

bin/version

@@ -1,4 +1,4 @@
-clash_v=1.3.0
-clashpre_v=2020.11.20
-GeoIP_v=20201218
-versionsh=1.0.0beta18.2
+clash_v=1.6.0
+clashpre_v=2021.05.08
+GeoIP_v=20210623
+versionsh=1.4.1

install.sh

@@ -2,7 +2,7 @@
 # Copyright (C) Juewuy
 
 echo='echo -e' && [ -n "$(echo -e|grep e)" ] && echo=echo
-[ -z "$1" ] && test=0 || test=$1
+#[ -z "$1" ] && test=0 || test=$1
 
 echo "***********************************************"
 echo "**                 欢迎使用                  **"
@@ -10,12 +10,14 @@ echo "**                ShellClash                 **"
 echo "**                             by  Juewuy    **"
 echo "***********************************************"
 
+[ -f "/etc/storage/started_script.sh" ] && systype=Padavan && initdir='/etc/storage/started_script.sh'
+[ -f "/jffs/.asusrouter" ] && systype=asusrouter && initdir='/jffs/.asusrouter'
 #检查root权限
-if [ "$USER" != "root" ];then
+if [ "$USER" != "root" -a -z "$systype" ];then
 	echo 当前用户:$USER
-	$echo "\033[31m请尽量使用root用户执行安装!\033[0m"
+	$echo "\033[31m请尽量使用root用户（不要直接使用sudo命令！）执行安装!\033[0m"
 	echo -----------------------------------------------
-	read -p "仍要安装？可能会产生大量未知错误！(1/0) > " res
+	read -p "仍要安装？可能会产生未知错误！(1/0) > " res
 	[ "$res" != "1" ] && exit
 fi
 webget(){
@@ -26,33 +28,46 @@ webget(){
 		[ -z "$4" ] && redirect='-L' || redirect=''
 		result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
 	else
-		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+		if wget --version > /dev/null 2>&1;then
+			[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+			[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+			certificate='--no-check-certificate'
+			timeout='--timeout=3'
+		fi
 		[ "$3" = "echoon" ] && progress=''
-		[ -z "$4" ] && redirect='' || redirect='--max-redirect=0'
-		wget -Y on $progress $redirect --no-check-certificate --timeout=5 -O $1 $2 
+		[ "$3" = "echooff" ] && progress='-q'
+		wget $progress $redirect $certificate $timeout -O $1 $2 
 		[ $? -eq 0 ] && result="200"
 	fi
 }
 #检查更新
-url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
-if [ "$test" -gt 0 ];then 
-	url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master"
-	[ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash"
-	[ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi"
-else
-	webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
-	[ "$result" = "200" ] && release_new=$(cat /tmp/clashrelease | head -1)
-	[ -z "$release_new" ] && release_new=master
-	url=$url@$release_new
+[ -z "$url" ] && url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
+#选择版本
+echo -----------------------------------------------
+$echo "\033[33m请选择想要安装的版本：\033[0m"	
+$echo " 1 \033[32mShellclash正式版\033[0m"
+$echo " 2 \033[31mShellclash测试版\033[0m"
+echo -----------------------------------------------
+read -p "请输入相应数字 > " num
+if [ -z $num ];then
+	echo 安装已取消
+	exit;
+elif [ "$num" = "1" ];then
+	webget /tmp/clashrelease $url/bin/release_version echoon rediroff 2>/tmp/clashrelease
+	if [ "$result" = "200" ];then
+		release_new=$(cat /tmp/clashrelease | head -1)
+		url2="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@$release_new"
+	else
+		echo "无法切换版本，尝试安装测试版！"
+	fi
 fi
-webget /tmp/clashversion $url/bin/version echooff
+[ -z "$url2" ] && url2=$url
+webget /tmp/clashversion "$url2/bin/version" echooff
 [ "$result" = "200" ] && versionsh=$(cat /tmp/clashversion | grep "versionsh" | awk -F "=" '{print $2}')
 [ -z "$release_new" ] && release_new=$versionsh
 rm -rf /tmp/clashversion
 rm -rf /tmp/clashrelease
-[ -z "$release_new" ] && echo "无法连接服务器！" && exit
-
-tarurl=$url/bin/clashfm.tar.gz
+tarurl=$url2/bin/clashfm.tar.gz
 
 gettar(){
 	webget /tmp/clashfm.tar.gz $tarurl
@@ -86,17 +101,29 @@ gettar(){
 	fi
 	#修饰文件及版本号
 	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
-	sed -i "s%#!/bin/sh%#!/bin/$shtype%g" $clashdir/start.sh
+	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
 	chmod  777 $clashdir/start.sh
 	sed -i '/versionsh_l=*/'d $clashdir/mark
 	echo versionsh_l=$release_new >> $clashdir/mark
-	#设置环境变量
+	#设置更新地址
+	sed -i '/update_url=*/'d $clashdir/mark
+	echo update_url=$url >> $clashdir/mark
+	#设置环境变量	
+	[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+	[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
 	[ -w ~/.bashrc ] && profile=~/.bashrc
 	[ -w /etc/profile ] && profile=/etc/profile
-	sed -i '/alias clash=*/'d $profile
-	echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
-	sed -i '/export clashdir=*/'d $profile
-	echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	if [ -n "$profile" ];then
+		sed -i '/alias clash=*/'d $profile
+		echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
+		sed -i '/export clashdir=*/'d $profile
+		echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	else
+		echo 无法写入环境变量！请检查安装权限！
+		exit 1
+	fi
+	#华硕/Padavan额外设置
+	[ -n "$systype" ] && sed -i '/ShellClash初始化/'d $initdir && echo "$clashdir/start.sh init #ShellClash初始化脚本" >> $initdir
 	#删除临时文件
 	rm -rf /tmp/clashfm.tar.gz 
 	rm -rf $clashdir/clashservice
@@ -110,50 +137,55 @@ echo -----------------------------------------------
 gettar
 echo -----------------------------------------------
 echo ShellClash 已经安装成功!
-[ "$USER" != "root" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
+[ "$profile" = "~/.bashrc" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
 echo -----------------------------------------------
 $echo "\033[33m输入\033[30;47m clash \033[0;33m命令即可管理！！！\033[0m"
 echo -----------------------------------------------
 }
-setdir(){		
-echo -----------------------------------------------
-$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
-$echo " 1 在\033[32m/etc目录\033[0m下安装(适合路由设备)"
-$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合大多数设备)"
-$echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
-$echo " 4 手动设置安装目录"
-$echo " 0 退出安装"
-echo -----------------------------------------------
-read -p "请输入相应数字 > " num
-#设置目录
-if [ -z $num ];then
-	echo 安装已取消
-	exit;
-elif [ "$num" = "1" ];then
-	dir=/etc
-elif [ "$num" = "2" ];then
-	dir=/usr/share
-elif [ "$num" = "3" ];then
-	dir=~/.local/share
-	mkdir -p ~/.config/systemd/user
-elif [ "$num" = "4" ];then
-	echo -----------------------------------------------
-	echo '可用路径 剩余空间:'
-	df -h | awk '{print $6,$4}'| sed 1d 
-	echo '路径是必须带 / 的格式，写入虚拟内存(/tmp,/sys,..)的文件会在重启后消失！！！'
-	read -p "请输入自定义路径 > " dir
-	if [ -z "$dir" ];then
-		$echo "\033[31m路径错误！请重新设置！\033[0m"
-		setdir
-	fi
+setdir(){
+if [ -n "$systype" ];then
+	[ "$systype" = "Padavan" ] && dir=/etc/storage
+	[ "$systype" = "asusrouter" ] && dir=/jffs
 else
-	echo 安装已取消！！！
-	exit;
+	echo -----------------------------------------------
+	$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
+	$echo " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
+	$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合Linux设备)"
+	$echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
+	$echo " 4 手动设置安装目录"
+	$echo " 0 退出安装"
+	echo -----------------------------------------------
+	read -p "请输入相应数字 > " num
+	#设置目录
+	if [ -z $num ];then
+		echo 安装已取消
+		exit;
+	elif [ "$num" = "1" ];then
+		dir=/etc
+	elif [ "$num" = "2" ];then
+		dir=/usr/share
+	elif [ "$num" = "3" ];then
+		dir=~/.local/share
+		mkdir -p ~/.config/systemd/user
+	elif [ "$num" = "4" ];then
+		echo -----------------------------------------------
+		echo '可用路径 剩余空间:'
+		df -h | awk '{print $6,$4}'| sed 1d 
+		echo '路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！'
+		read -p "请输入自定义路径 > " dir
+		if [ -z "$dir" ];then
+			$echo "\033[31m路径错误！请重新设置！\033[0m"
+			setdir
+		fi
+	else
+		echo 安装已取消！！！
+		exit;
+	fi
 fi
 if [ ! -w $dir ];then
 	$echo "\033[31m没有$dir目录写入权限！请重新设置！\033[0m" && sleep 1 && setdir
 else
-	echo 目标目录磁盘剩余：$(df -h $dir | awk '{print $4}' | sed 1d )
+	$echo "目标目录\033[32m$dir\033[0m空间剩余：$(df -h $dir | awk '{print $4}' | sed 1d )"
 	read -p "确认安装？(1/0) > " res
 	[ "$res" = "1" ] && clashdir=$dir/clash || setdir
 fi

install_n.sh

@@ -0,0 +1,225 @@
+#! /bin/bash
+# Copyright (C) Juewuy
+
+echo='echo -e' && [ -n "$(echo -e|grep e)" ] && echo=echo
+#[ -z "$1" ] && test=0 || test=$1
+
+echo "***********************************************"
+echo "**                 欢迎使用                  **"
+echo "**                ShellClash                 **"
+echo "**                             by  Juewuy    **"
+echo "***********************************************"
+
+[ -f "/etc/storage/started_script.sh" ] && systype=Padavan && initdir='/etc/storage/started_script.sh'
+[ -f "/jffs/.asusrouter" ] && systype=asusrouter && initdir='/jffs/.asusrouter'
+#检查root权限
+if [ "$USER" != "root" -a -z "$systype" ];then
+	echo 当前用户:$USER
+	$echo "\033[31m请尽量使用root用户（不要直接使用sudo命令！）执行安装!\033[0m"
+	echo -----------------------------------------------
+	read -p "仍要安装？可能会产生未知错误！(1/0) > " res
+	[ "$res" != "1" ] && exit
+fi
+webget(){
+	#参数【$1】代表下载目录，【$2】代表在线地址
+	#参数【$3】代表输出显示，【$4】不启用重定向
+	if curl --version > /dev/null 2>&1;then
+		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
+		[ -z "$4" ] && redirect='-L' || redirect=''
+		result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
+	else
+		if wget --version > /dev/null 2>&1;then
+			[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+			[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+			certificate='--no-check-certificate'
+			timeout='--timeout=3'
+		fi
+		[ "$3" = "echoon" ] && progress=''
+		[ "$3" = "echooff" ] && progress='-q'
+		wget $progress $redirect $certificate $timeout -O $1 $2 
+		[ $? -eq 0 ] && result="200"
+	fi
+}
+#检查更新
+[ -z "$url" ] && url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
+#选择版本
+echo -----------------------------------------------
+$echo "\033[33m请选择想要安装的版本：\033[0m"	
+$echo " 1 \033[32mShellclash正式版\033[0m"
+$echo " 2 \033[31mShellclash测试版\033[0m"
+echo -----------------------------------------------
+read -p "请输入相应数字 > " num
+if [ -z $num ];then
+	echo 安装已取消
+	exit;
+elif [ "$num" = "1" ];then
+	webget /tmp/clashrelease $url/bin/release_version echoon rediroff 2>/tmp/clashrelease
+	if [ "$result" = "200" ];then
+		release_new=$(cat /tmp/clashrelease | head -1)
+		url2="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@$release_new"
+	else
+		echo "无法切换版本，尝试安装测试版！"
+	fi
+fi
+[ -z "$url2" ] && url2=$url
+webget /tmp/clashversion "$url2/bin/version" echooff
+[ "$result" = "200" ] && versionsh=$(cat /tmp/clashversion | grep "versionsh" | awk -F "=" '{print $2}')
+[ -z "$release_new" ] && release_new=$versionsh
+rm -rf /tmp/clashversion
+rm -rf /tmp/clashrelease
+tarurl=$url2/bin/clashfm.tar.gz
+
+gettar(){
+	webget /tmp/clashfm.tar.gz $tarurl
+	[ "$result" != "200" ] && echo "文件下载失败！" && exit 1
+	#解压
+	echo -----------------------------------------------
+	echo 开始解压文件！
+	mkdir -p $clashdir > /dev/null
+	tar -zxvf '/tmp/clashfm.tar.gz' -C $clashdir/
+	[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
+	#初始化文件目录
+	[ -f "$clashdir/mark" ] || echo '#标识clash运行状态的文件，不明勿动！' > $clashdir/mark
+	#判断系统类型写入不同的启动文件
+	if [ -f /etc/rc.common ];then
+			#设为init.d方式启动
+			mv $clashdir/clashservice /etc/init.d/clash
+			chmod  777 /etc/init.d/clash
+	else
+		[ -w /etc/systemd/system ] && sysdir=/etc/systemd/system
+		[ -w /usr/lib/systemd/system ] && sysdir=/usr/lib/systemd/system
+		if [ -n "$sysdir" ];then
+			#设为systemd方式启动
+			mv $clashdir/clash.service $sysdir/clash.service
+			sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
+			systemctl daemon-reload
+		else
+			#设为保守模式启动
+			sed -i '/start_old=*/'d $clashdir/mark
+			echo start_old=已开启 >> $clashdir/mark
+		fi
+	fi
+	#修饰文件及版本号
+	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
+	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
+	chmod  777 $clashdir/start.sh
+	sed -i '/versionsh_l=*/'d $clashdir/mark
+	echo versionsh_l=$release_new >> $clashdir/mark
+	#设置更新地址
+	sed -i '/update_url=*/'d $clashdir/mark
+	echo update_url=$url >> $clashdir/mark
+	#设置环境变量	
+	[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+	[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
+	[ -w ~/.bashrc ] && profile=~/.bashrc
+	[ -w /etc/profile ] && profile=/etc/profile
+	if [ -n "$profile" ];then
+		sed -i '/alias clash=*/'d $profile
+		echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
+		sed -i '/export clashdir=*/'d $profile
+		echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	else
+		echo 无法写入环境变量！请检查安装权限！
+		exit 1
+	fi
+	#华硕/Padavan额外设置
+	[ -n "$systype" ] && sed -i '/ShellClash初始化/'d $initdir && echo "$clashdir/start.sh init #ShellClash初始化脚本" >> $initdir
+	#删除临时文件
+	rm -rf /tmp/clashfm.tar.gz 
+	rm -rf $clashdir/clashservice
+	rm -rf $clashdir/clash.service
+}
+#下载及安装
+install(){
+echo -----------------------------------------------
+echo 开始从服务器获取安装文件！
+echo -----------------------------------------------
+gettar
+echo -----------------------------------------------
+echo ShellClash 已经安装成功!
+[ "$profile" = "~/.bashrc" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
+echo -----------------------------------------------
+$echo "\033[33m输入\033[30;47m clash \033[0;33m命令即可管理！！！\033[0m"
+echo -----------------------------------------------
+}
+setdir(){
+if [ -n "$systype" ];then
+	[ "$systype" = "Padavan" ] && dir=/etc/storage
+	[ "$systype" = "asusrouter" ] && dir=/jffs
+else
+	echo -----------------------------------------------
+	$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
+	$echo " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
+	$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合Linux设备)"
+	$echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
+	$echo " 4 手动设置安装目录"
+	$echo " 0 退出安装"
+	echo -----------------------------------------------
+	read -p "请输入相应数字 > " num
+	#设置目录
+	if [ -z $num ];then
+		echo 安装已取消
+		exit;
+	elif [ "$num" = "1" ];then
+		dir=/etc
+	elif [ "$num" = "2" ];then
+		dir=/usr/share
+	elif [ "$num" = "3" ];then
+		dir=~/.local/share
+		mkdir -p ~/.config/systemd/user
+	elif [ "$num" = "4" ];then
+		echo -----------------------------------------------
+		echo '可用路径 剩余空间:'
+		df -h | awk '{print $6,$4}'| sed 1d 
+		echo '路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！'
+		read -p "请输入自定义路径 > " dir
+		if [ -z "$dir" ];then
+			$echo "\033[31m路径错误！请重新设置！\033[0m"
+			setdir
+		fi
+	else
+		echo 安装已取消！！！
+		exit;
+	fi
+fi
+if [ ! -w $dir ];then
+	$echo "\033[31m没有$dir目录写入权限！请重新设置！\033[0m" && sleep 1 && setdir
+else
+	$echo "目标目录\033[32m$dir\033[0m空间剩余：$(df -h $dir | awk '{print $4}' | sed 1d )"
+	read -p "确认安装？(1/0) > " res
+	[ "$res" = "1" ] && clashdir=$dir/clash || setdir
+fi
+}
+
+#输出
+$echo "最新版本：\033[32m$release_new\033[0m"
+echo -----------------------------------------------
+$echo "\033[44m如遇问题请加TG群反馈：\033[42;30m t.me/clashfm \033[0m"
+$echo "\033[37m支持各种基于openwrt的路由器设备"
+$echo "\033[33m支持Debian、Centos等标准Linux系统\033[0m"
+
+if [ -n "$clashdir" ];then
+	echo -----------------------------------------------
+	$echo "检测到旧的安装目录\033[36m$clashdir\033[0m，是否覆盖安装？"
+	$echo "\033[32m覆盖安装时不会移除配置文件！\033[0m"
+	read -p "覆盖安装/卸载旧版本？(1/0) > " res
+	if [ "$res" = "1" ];then
+		install
+	elif [ "$res" = "0" ];then
+		rm -rf $clashdir
+		echo -----------------------------------------------
+		$echo "\033[31m 旧版本文件已卸载！\033[0m"
+		setdir
+		install
+	elif [ "$res" = "9" ];then
+		echo 测试模式，变更安装位置
+		setdir
+		install
+	else
+		$echo "\033[31m输入错误！已取消安装！\033[0m"
+		exit;
+	fi
+else
+	setdir
+	install
+fi

rules/ACL4SSR_Online_Full_Games.ini

@@ -0,0 +1,89 @@
+[custom]
+;不要随意改变关键字，否则会导致出错
+;acl4SSR规则
+
+;去广告：支持
+;自动测速：支持
+;微软分流：支持
+;苹果分流：支持
+;增强中国IP段：支持
+;增强国外GFW：支持
+
+;设置规则标志位
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/LocalAreaNetwork.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/UnBan.list
+ruleset=🛑 广告拦截,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanAD.list
+ruleset=🍃 应用净化,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanProgramAD.list
+ruleset=📢 谷歌FCM,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleFCM.list
+ruleset=📢 谷歌🇨🇳Play下载,[]DOMAIN-SUFFIX,xn--ngstr-lra8j.com
+ruleset=📢 谷歌🇨🇳Play服务,[]DOMAIN-SUFFIX,services.googleapis.cn
+ruleset=📢 谷歌🇨🇳Play服务,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleCNProxyIP.list
+ruleset=📢 谷歌🇨🇳,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleCN.list
+ruleset=📹 油管视频,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/YouTube.list
+ruleset=📢 谷歌,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Google.list
+ruleset=Ⓜ️ 微软云盘,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/OneDrive.list
+ruleset=Ⓜ️ 微软服务,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Microsoft.list
+ruleset=🍎 苹果服务,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Apple.list
+ruleset=📲 电报消息,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Telegram.list
+ruleset=🎶 网易音乐,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/NetEaseMusic.list
+ruleset=🎮 游戏平台,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Epic.list
+ruleset=🎮 游戏平台,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Sony.list
+ruleset=🎮 游戏平台,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Steam.list
+ruleset=🎮 游戏服务,https://raw.githubusercontent.com/LM-Firefly/Rules/master/Game.list
+ruleset=🎥 奈飞视频,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Netflix.list
+ruleset=📺 巴哈姆特,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Bahamut.list
+ruleset=📺 哔哩哔哩,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Bilibili.list
+ruleset=📺 哔哩哔哩,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/BilibiliHMT.list
+ruleset=🌏 国内媒体,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaMedia.list
+ruleset=🌍 国外媒体,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyMedia.list
+ruleset=🚀 节点选择,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyGFWlist.list
+;ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaIp.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaDomain.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaCompanyIp.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Download.list
+ruleset=🎯 全球直连,[]GEOIP,CN
+ruleset=🐟 漏网之鱼,[]FINAL
+;设置规则标志位
+
+;设置分组标志位
+custom_proxy_group=🚀 节点选择`select`[]♻️ 自动选择`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=🚀 手动切换`select`.*
+custom_proxy_group=♻️ 自动选择`url-test`.*`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=📲 电报消息`select`[]🚀 节点选择`[]♻️ 自动选择`[]🇸🇬 狮城节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=📢 谷歌FCM`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=📢 谷歌🇨🇳Play下载`select`[]🚀 节点选择`[]DIRECT`[]♻️ 自动选择`[]🇸🇬 狮城节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=📢 谷歌🇨🇳Play服务`select`[]🚀 节点选择`[]DIRECT`[]♻️ 自动选择`[]🇸🇬 狮城节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=📢 谷歌🇨🇳`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=📢 谷歌`select`[]🚀 节点选择`[]DIRECT`[]♻️ 自动选择`[]🇸🇬 狮城节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=📹 油管视频`select`[]🚀 节点选择`[]♻️ 自动选择`[]🇸🇬 狮城节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=🎥 奈飞视频`select`[]🎥 奈飞节点`[]🚀 节点选择`[]♻️ 自动选择`[]🇸🇬 狮城节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=📺 巴哈姆特`select`[]🇨🇳 台湾节点`[]🚀 节点选择`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=📺 哔哩哔哩`select`[]🎯 全球直连`[]🇨🇳 台湾节点`[]🇭🇰 香港节点
+custom_proxy_group=🌍 国外媒体`select`[]🚀 节点选择`[]♻️ 自动选择`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=🌏 国内媒体`select`[]DIRECT`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🚀 手动切换
+custom_proxy_group=Ⓜ️ 微软云盘`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=Ⓜ️ 微软服务`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=🍎 苹果服务`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=🎮 游戏平台`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=🎮 游戏服务`select`[]🎮 游戏节点`[]🎯 全球直连`.*
+custom_proxy_group=🎶 网易音乐`select`[]DIRECT`[]🚀 节点选择`[]♻️ 自动选择`(网易|音乐|解锁|Music|NetEase)
+custom_proxy_group=🎯 全球直连`select`[]DIRECT`[]🚀 节点选择`[]♻️ 自动选择
+custom_proxy_group=🛑 广告拦截`select`[]REJECT`[]DIRECT
+custom_proxy_group=🍃 应用净化`select`[]REJECT`[]DIRECT
+custom_proxy_group=🐟 漏网之鱼`select`[]🚀 节点选择`[]♻️ 自动选择`[]DIRECT`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 狮城节点`[]🇯🇵 日本节点`[]🇺🇲 美国节点`[]🇰🇷 韩国节点`[]🚀 手动切换
+custom_proxy_group=🎮 游戏节点`select`(游戏|Game|game|加速)`
+custom_proxy_group=🇭🇰 香港节点`url-test`(港|HK|Hong Kong)`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🇯🇵 日本节点`url-test`(日本|川日|东京|大阪|泉日|埼玉|沪日|深日|[^-]日|JP|Japan)`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🇺🇲 美国节点`url-test`(美|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|US|United States)`http://www.gstatic.com/generate_204`300,,150
+custom_proxy_group=🇨🇳 台湾节点`url-test`(台|新北|彰化|TW|Taiwan)`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🇸🇬 狮城节点`url-test`(新加坡|坡|狮城|SG|Singapore)`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🇰🇷 韩国节点`url-test`(KR|Korea|KOR|首尔|韩|韓)`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🎥 奈飞节点`select`(NF|奈飞|解锁|Netflix|NETFLIX|Media)
+;设置分组标志位
+
+enable_rule_generator=true
+overwrite_original_rules=true
+
+;clash_rule_base=https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/GeneralClashConfig.yml
+
+;luck

rules/ACL4SSR_Online_Games.ini

@@ -0,0 +1,45 @@
+[custom]
+;不要随意改变关键字，否则会导致出错
+;acl4SSR规则-在线更新版
+
+;去广告：支持
+;自动测速：支持
+;微软分流：支持
+;苹果分流：支持
+;增强中国IP段：不支持
+;增强国外GFW：不支持
+
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/LocalAreaNetwork.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/UnBan.list
+ruleset=🛑 全球拦截,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanAD.list
+ruleset=🍃 应用净化,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanProgramAD.list
+ruleset=📢 谷歌FCM,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleFCM.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/GoogleCN.list
+ruleset=Ⓜ️ 微软服务,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Microsoft.list
+ruleset=🍎 苹果服务,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Apple.list
+ruleset=📲 电报信息,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Telegram.list
+ruleset=🌍 国外媒体,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyMedia.list
+ruleset=🚀 节点选择,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyLite.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaDomain.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaCompanyIp.list
+ruleset=🎮 游戏服务,https://raw.githubusercontent.com/LM-Firefly/Rules/master/Game.list
+ruleset=🎯 全球直连,[]GEOIP,CN
+ruleset=🐟 漏网之鱼,[]FINAL
+
+custom_proxy_group=🚀 节点选择`select`[]♻️ 自动选择`[]DIRECT`.*
+custom_proxy_group=♻️ 自动选择`url-test`.*`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🎮 游戏服务`select`[]🎮 游戏节点`[]🎯 全球直连`.*
+custom_proxy_group=🎮 游戏节点`select`(游戏|Game|game|加速)`
+custom_proxy_group=🌍 国外媒体`select`[]🚀 节点选择`[]♻️ 自动选择`[]🎯 全球直连`.*
+custom_proxy_group=📲 电报信息`select`[]🚀 节点选择`[]🎯 全球直连`.*
+custom_proxy_group=Ⓜ️ 微软服务`select`[]🎯 全球直连`[]🚀 节点选择`.*
+custom_proxy_group=🍎 苹果服务`select`[]🚀 节点选择`[]🎯 全球直连`.*
+custom_proxy_group=📢 谷歌FCM`select`[]🚀 节点选择`[]🎯 全球直连`[]♻️ 自动选择`.*
+custom_proxy_group=🎯 全球直连`select`[]DIRECT`[]🚀 节点选择`[]♻️ 自动选择
+custom_proxy_group=🛑 全球拦截`select`[]REJECT`[]DIRECT
+custom_proxy_group=🍃 应用净化`select`[]REJECT`[]DIRECT
+custom_proxy_group=🐟 漏网之鱼`select`[]🚀 节点选择`[]🎯 全球直连`[]♻️ 自动选择`.*
+
+enable_rule_generator=true
+overwrite_original_rules=true
+

rules/ACL4SSR_Online_Mini_Games.ini

@@ -0,0 +1,35 @@
+[custom]
+;不要随意改变关键字，否则会导致出错
+;acl4SSR规则-在线版
+
+;去广告：支持
+;自动测速：支持
+;微软分流：不支持
+;苹果分流：不支持
+;增强中国IP段：不支持
+;增强国外GFW：不支持
+
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/LocalAreaNetwork.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/UnBan.list
+ruleset=🛑 全球拦截,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanAD.list
+ruleset=🛑 全球拦截,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanProgramAD.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/GoogleCN.list
+ruleset=🚀 节点选择,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Telegram.list
+ruleset=🚀 节点选择,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyMedia.list
+ruleset=🚀 节点选择,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyLite.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaDomain.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaCompanyIp.list
+ruleset=🎮 游戏服务,https://raw.githubusercontent.com/LM-Firefly/Rules/master/Game.list
+ruleset=🎯 全球直连,[]GEOIP,CN
+ruleset=🐟 漏网之鱼,[]FINAL
+
+custom_proxy_group=🚀 节点选择`select`[]♻️ 自动选择`[]DIRECT`.*
+custom_proxy_group=♻️ 自动选择`url-test`.*`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🎮 游戏服务`select`[]🎮 游戏节点`[]🎯 全球直连`.*
+custom_proxy_group=🎮 游戏节点`select`(游戏|Game|game|加速)`
+custom_proxy_group=🎯 全球直连`select`[]DIRECT`[]🚀 节点选择`[]♻️ 自动选择
+custom_proxy_group=🛑 全球拦截`select`[]REJECT`[]DIRECT
+custom_proxy_group=🐟 漏网之鱼`select`[]🚀 节点选择`[]🎯 全球直连`[]♻️ 自动选择`.*
+
+enable_rule_generator=true
+overwrite_original_rules=true

scripts/clash.sh

@@ -27,8 +27,8 @@ getconfig(){
 	#检查mac地址记录
 	[ ! -f $clashdir/mac ] && touch $clashdir/mac
 	#获取本机host地址
-	host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
-	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '192.|10.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
+	[ -z "$host" ] && host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
+	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '\ 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
 	[ -z "$host" ] && host=127.0.0.1
 	#dashboard目录位置
 	[ -d $clashdir/ui ] && dbdir=$clashdir/ui && hostdir=":$db_port/ui"
@@ -93,7 +93,7 @@ getconfig(){
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
 	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
-	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
+	[ -n "$(grep -E "^${1}=" $configpath)" ] && sed -i "s#^${1}=\(.*\)#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 #启动相关
 errornum(){
@@ -166,6 +166,7 @@ setport(){
 	echo -e " 5 修改面板访问端口：	\033[36m$db_port\033[0m"
 	echo -e " 6 设置面板访问密码：	\033[36m$secret\033[0m"
 	echo -e " 7 修改默认端口过滤：	\033[36m$multiport\033[0m"
+	echo -e " 8 指定本机host地址：	\033[36m$host\033[0m"
 	echo -e " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 	if [ -z "$num" ]; then 
@@ -233,6 +234,26 @@ setport(){
 			echo -e "\033[32m设置成功！！！\033[0m"
 		fi
 		setport
+	elif [ "$num" = 8 ]; then
+		echo -----------------------------------------------
+		echo -e "\033[33m此处可以更改脚本内置的host地址\033[0m"
+		echo -e "\033[31m设置后如本机host地址有变动，请务必手动修改！\033[0m"
+		echo -----------------------------------------------
+		read -p "请输入自定义host地址(输入0移除自定义host) > " host
+		if [ "$host" = "0" ];then
+			host=""
+			setconfig host $host
+			echo -e "\033[32m已经移除自定义host地址，请重新运行脚本以自动获取host！！！\033[0m"
+			exit 0
+		elif [ -n "$(echo $host |grep -E -o '\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[01][0-9]|22[0-3])\>(\.\<([0-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>){2}\.\<([1-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-4])\>' )" ]; then
+			setconfig host $host
+			echo -e "\033[32m设置成功！！！\033[0m"
+		else
+			host=""
+			echo -e "\033[31m输入错误，请仔细核对！！！\033[0m"
+		fi
+		sleep 1
+		setport
 	fi	
 }
 setdns(){
@@ -285,14 +306,19 @@ setdns(){
 		echo -e "\033[33m已禁用内置DNS！！！\033[0m"
 		setdns
 	elif [ "$num" = 5 ]; then
-		source $clashdir/getdate.sh
-		webget /tmp/ssl_test https://baidu.com echooff rediron skipceroff
-		if [ "$result" != "200" ];then
+		$clashdir/start.sh webget /tmp/ssl_test https://www.baidu.com echooff rediron skipceroff
+		if [ "$？" = "1" ];then
 			echo -----------------------------------------------
-			echo -e "\033[31m当前设备未安装openssl服务或者没有根证书，无法启用！\033[0m"
+			if openssl version >/dev/null 2>&1;then
+				echo -e "\033[31m当前设备缺少本地根证书，请先安装证书！\033[0m"
+				source $clashdir/getdate.sh
+				setcrt
+			else
+				echo -e "\033[31m当前设备未安装OpenSSL，无法启用加密DNS，Linux系统请自行搜索安装方式！\033[0m"
+			fi
 		else
 			dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
-			dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query'
+			dns_fallback='tls://1.0.0.1:853, tls://8.8.4.4:853, https://doh.opendns.com/dns-query'
 			setconfig dns_nameserver \'"$dns_nameserver"\'
 			setconfig dns_fallback \'"$dns_fallback"\' 
 			echo -e "\033[32m设置成功！！！\033[0m"
@@ -392,10 +418,17 @@ macfilter(){
 	[ -z "$dhcpdir" ] && [ -f /tmp/dnsmasq.leases ] && dhcpdir='/tmp/dnsmasq.leases'
 	[ -z "$dhcpdir" ] && dhcpdir='/dev/null'
 	[ -z "$macfilter_type" ] && macfilter_type='黑名单' 
-	[ "$macfilter_type" = "黑名单" ] && macfilter_over='白名单' || macfilter_over='黑名单'
+	if [ "$macfilter_type" = "黑名单" ];then
+		macfilter_over='白名单'
+		macfilter_scrip='不'
+	else
+		macfilter_over='黑名单'
+		macfilter_scrip=''
+	fi
 	######
 	echo -e "\033[30;47m请在此添加或移除设备\033[0m"
 	echo -e "当前过滤方式为：\033[33m$macfilter_type模式\033[0m"
+	echo -e "仅列表内设备\033[36m$macfilter_scrip经过\033[0mClash内核"
 	if [ -n "$(cat $clashdir/mac)" ]; then
 		echo -----------------------------------------------
 		echo -e "当前已过滤设备为：\033[36m"
@@ -422,7 +455,7 @@ macfilter(){
 		macfilter_type=$macfilter_over
 		setconfig macfilter_type $macfilter_type
 		echo -----------------------------------------------
-		echo -e "\033[31m已切换为$macfilter_type模式！\033[0m"
+		echo -e "\033[32m已切换为$macfilter_type模式！\033[0m"
 		macfilter
 	elif [ "$num" = 2 ]; then	
 		add_mac
@@ -442,15 +475,14 @@ macfilter(){
 }
 localproxy(){
 	[ -z "$local_proxy" ] && local_proxy='未开启'
-	[ -z "$local_proxy_type" ] && local_proxy_type='环境变量'
+	[ -z "$local_type" ] && local_type='环境变量'
 	[ "$local_proxy" = "已开启" ] && proxy_set='禁用' || proxy_set='启用'
 	echo -----------------------------------------------
-	echo -e "\033[33m当前本机代理配置方式为：\033[32m$local_proxy_type\033[0m"
+	echo -e "\033[33m当前本机代理配置方式为：\033[32m$local_type\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
 	echo -e " 2 使用\033[32m环境变量\033[0m方式配置"
-	echo -e " 3 使用\033[32mGNOME桌面API\033[0m配置"
-	echo -e " 4 使用\033[32mKDE桌面API\033[0m配置"
+	echo -e " 3 使用\033[32miptables增强模式\033[0m配置（仅支持Linux系统）"
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -468,36 +500,29 @@ localproxy(){
 				localproxy
 			else
 				local_proxy=已开启
-				$clashdir/start.sh set_proxy $mix_port $db_port
-				echo -e "\033[32m已经成功使用$local_proxy_type方式配置本机代理~\033[0m"
-				[ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+				setconfig local_proxy $local_proxy
+				echo -e "\033[32m已经成功使用$local_type方式配置本机代理~\033[0m"
+				[ "$local_type" = "环境变量" ] && $clashdir/start.sh set_proxy $mix_port $db_port &&echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+				[ "$local_type" = "iptables增强模式" ] && $clashdir/start.sh start
 			fi		
 		else
 			local_proxy=未开启
-			$clashdir/start.sh unset_proxy
-			echo -e "\033[33m已经停用本机代理规则！！\033[0m"
-			[ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+			setconfig local_proxy $local_proxy
+			$clashdir/start.sh stop
+			echo -e "\033[33m已经停用本机代理规则并停止clash服务！！\033[0m"
+			[ "$local_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
 		fi
-		setconfig local_proxy $local_proxy
+
 	elif [ "$num" = 2 ]; then
-		local_proxy_type="环境变量"
-		setconfig local_proxy_type $local_proxy_type
+		local_type="环境变量"
+		setconfig local_type $local_type
 		localproxy
 	elif [ "$num" = 3 ]; then
-		if  gsettings --version >/dev/null 2>&1 ;then
-			local_proxy_type="GNOME"
-			setconfig local_proxy_type $local_proxy_type
+		if [ -w /etc/systemd/system/clash.service -o -w /usr/lib/systemd/system/clash.service -o -x /bin/su ];then
+			local_type="iptables增强模式"
+			setconfig local_type $local_type
 		else
-			echo -e "\033[31m没有找到GNOME桌面，无法设置！\033[0m"
-			sleep 1
-		fi
-		localproxy
-	elif [ "$num" = 4 ]; then
-		if  kwriteconfig5 -h >/dev/null 2>&1 ;then
-			local_proxy_type="KDE"
-			setconfig local_proxy_type $local_proxy_type
-		else
-			echo -e "\033[31m没有找到KDE桌面，无法设置！\033[0m"
+			echo -e "\033[31m当前设备无法使用增强模式！\033[0m"
 			sleep 1
 		fi
 		localproxy
@@ -519,14 +544,14 @@ clashcfg(){
 		echo -e "\033[36mTun及混合模式必须使用clashpre核心！\033[0m"
 		echo -----------------------------------------------
 		echo -e " 1 Redir模式：CPU以及内存\033[33m占用较低\033[0m"
-		echo -e "              但\033[31m不支持UDP\033[0m流量转发"
-		echo -e "              适合\033[32m非游戏用户\033[0m使用"
-		echo -e " 2 Tun模式：  \033[33m支持UDP转发\033[0m且延迟最低"
-		echo -e "              \033[31mCPU占用极高\033[0m，只支持fake-ip模式"
-		echo -e "              适合\033[32m游戏用户、非大流量用户\033[0m"
-		echo -e " 3 混合模式： 使用redir转发TCP，Tun转发UPD"
+		echo -e "              但\033[31m不支持UDP\033[0m，不支持fake-ip模式"
+		echo -e "              适合\033[32m非外服游戏用户\033[0m使用"
+		echo -e " 2 混合模式： 使用redir转发TCP，Tun转发UDP流量"
 		echo -e "              \033[33m速度较快\033[0m，\033[31m内存占用略高\033[0m"
 		echo -e "              适合\033[32m游戏用户、综合用户\033[0m"
+		echo -e " 3 Tun模式：  \033[33m支持UDP转发\033[0m且延迟最低"
+		echo -e "              \033[31mCPU占用极高\033[0m，只支持fake-ip模式"
+		echo -e "              \033[33m如非必要不推荐使用\033[0m"
 		echo -e " 4 纯净模式： 不设置iptables静态路由"
 		echo -e "              必须\033[33m手动配置\033[0mhttp/sock5代理"
 		echo -e "              或使用内置的PAC文件配置代理"
@@ -538,9 +563,10 @@ clashcfg(){
 			i=
 		elif [ "$num" = 1 ]; then
 			redir_mod=Redir模式
+			dns_mod=redir_host
 			set_redir_config
-		elif [ "$num" = 2 ]; then
-			modinfo tun >/dev/null 2>&1
+		elif [ "$num" = 3 ]; then
+			ip tuntap >/dev/null 2>&1
 			if [ "$?" != 0 ];then
 				echo -----------------------------------------------
 				echo -e "\033[31m当前设备内核可能不支持开启Tun/混合模式！\033[0m"
@@ -552,17 +578,13 @@ clashcfg(){
 				else
 					set_redir_mod
 				fi
-			elif [ "$clashcore" = "clash" ] || [ "$clashcore" = "clashr" ];then
-				echo -----------------------------------------------
-				echo -e "\033[31m当前核心不支持开启Tun模式！请先切换clash核心！！！\033[0m"
-				sleep 1
 			else	
 				redir_mod=Tun模式
 				dns_mod=fake-ip
 				set_redir_config
 			fi
-		elif [ "$num" = 3 ]; then
-			modinfo tun >/dev/null 2>&1
+		elif [ "$num" = 2 ]; then
+			ip tuntap >/dev/null 2>&1
 			if [ "$?" != 0 ];then
 				echo -e "\033[31m当前设备内核可能不支持开启Tun/混合模式！\033[0m"
 				read -p "是否强制开启？可能无法正常使用！(1/0) > " res
@@ -572,10 +594,6 @@ clashcfg(){
 				else
 					set_redir_mod
 				fi
-			elif [ "$clashcore" = "clash" ] || [ "$clashcore" = "clashr" ];then
-				echo -----------------------------------------------
-				echo -e "\033[31m当前核心不支持开启Tun模式！请先切换clash核心！！！\033[0m"
-				sleep 1
 			else	
 				redir_mod=混合模式	
 				set_redir_config
@@ -601,9 +619,9 @@ clashcfg(){
 		echo -e "\033[33m切换模式后需要手动重启clash服务以生效！\033[0m"
 		echo -----------------------------------------------
 		echo -e " 1 fake-ip模式：   \033[32m响应速度更快\033[0m"
-		echo -e "                   可能与某些局域网设备有冲突"
+		echo -e "                   不支持Redir模式，兼容性略差"
 		echo -e " 2 redir_host模式：\033[32m兼容性更好\033[0m"
-		echo -e "                   不支持Tun模式，可能存在DNS污染"
+		echo -e "                   不支持Tun模式，抗污染能力略差"
 		echo " 0 返回上级菜单"
 		read -p "请输入对应数字 > " num
 		if [ -z "$num" ]; then
@@ -611,10 +629,15 @@ clashcfg(){
 		elif [ "$num" = 0 ]; then
 			i=
 		elif [ "$num" = 1 ]; then
-			dns_mod=fake-ip
-			setconfig dns_mod $dns_mod 
-			echo -----------------------------------------------	
-			echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
+			if [ "$redir_mod" = "Redir模式" ];then
+				echo -----------------------------------------------	
+				echo -e "\033[36mfake-ip与Redir模式兼容性较差，请使用其他模式！！\033[0m"		
+			else
+				dns_mod=fake-ip
+				setconfig dns_mod $dns_mod 
+				echo -----------------------------------------------	
+				echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
+			fi
 		elif [ "$num" = 2 ]; then
 			dns_mod=redir_host
 			setconfig dns_mod $dns_mod 
@@ -630,20 +653,20 @@ clashcfg(){
 	[ -z "$common_ports" ] && common_ports=已开启
 	[ -z "$dns_mod" ] && dns_mod=redir_host
 	[ -z "$dns_over" ] && dns_over=已开启
+	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
 	[ -z "$(cat $clashdir/mac)" ] && mac_return=未开启 || mac_return=已启用
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用功能设置菜单：\033[0m"
-	echo -e "\033[32m修改配置后请手动重启clash服务！\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 切换Clash运行模式: 	\033[36m$redir_mod\033[0m"
 	echo -e " 2 切换DNS运行模式：	\033[36m$dns_mod\033[0m"
 	echo -e " 3 跳过本地证书验证：	\033[36m$skip_cert\033[0m   ————解决节点证书验证错误"
 	echo -e " 4 只代理常用端口： 	\033[36m$common_ports\033[0m   ————用于过滤P2P流量"
-	echo -e " 5 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑名单/白名单进行过滤"
-	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m	————使用环境变量或GUI/api配置本机代理"
+	echo -e " 5 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑/白名单进行过滤"
+	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m   ————使本机流量经过clash内核"
+	echo -e " 7 CN_IP绕过内核:	\033[36m$cn_ip_route\033[0m   ————优化性能，不兼容Fake-ip"
 	echo -----------------------------------------------
-	echo -e " 9 \033[32m重启\033[0mclash服务"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -654,8 +677,8 @@ clashcfg(){
 	elif [ "$num" = 1 ]; then
 		if [ "$USER" != "root" -a "$USER" != "admin" ];then
 			echo -----------------------------------------------
-			echo -e "\033[33m非root用户无法启用静态路由，仅可以使用纯净模式！\033[0m"
-			sleep 1
+			read -p "非root用户可能无法正确配置其他模式！依然尝试吗？(1/0) > " res
+			[ "$res" = 1 ] && set_redir_mod
 		else
 			set_redir_mod
 		fi
@@ -698,6 +721,28 @@ clashcfg(){
 		sleep 1
 		clashcfg
 		
+	elif [ "$num" = 7 ]; then
+		echo -----------------------------------------------
+		if ! ipset -v >/dev/null 2>&1;then
+			echo -e "\033[31m当前设备缺少ipset模块，无法启用绕过功能！！\033[0m"
+			sleep 1
+		elif [ "$dns_mod" = "fake-ip" ];then
+			echo -e "\033[31m不支持fake-ip模式，请将DNS模式更换为Redir-host！！\033[0m"
+			sleep 1
+			clashcfg
+		else
+			if [ "$cn_ip_route" = "未开启" ]; then 
+				echo -e "\033[32m已开启CN_IP绕过内核功能！！\033[0m"
+				cn_ip_route=已开启
+				sleep 1
+			else
+				echo -e "\033[33m已禁用CN_IP绕过内核功能！！\033[0m"
+				cn_ip_route=未开启
+			fi
+			setconfig cn_ip_route $cn_ip_route
+		fi
+			clashcfg  	
+		
 	elif [ "$num" = 9 ]; then	
 		clashstart
 	else
@@ -710,23 +755,23 @@ clashadv(){
 	[ -z "$ipv6_support" ] && ipv6_support=未开启
 	[ -z "$start_old" ] && start_old=未开启
 	[ -z "$tproxy_mod" ] && tproxy_mod=未开启
+	[ -z "$public_support" ] && public_support=未开启
 	[ "$bindir" = "/tmp/clash_$USER" ] && mini_clash=已开启 || mini_clash=未开启
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用进阶模式菜单：\033[0m"
-	echo -e "\033[33m如您不是很了解clash的运行机制，请勿更改！\033[0m"
-	echo -e "\033[32m修改配置后请手动重启clash服务！\033[0m"
+	echo -e "\033[33m如您并不了解clash的运行机制，请勿更改本页面功能！\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 使用保守方式启动:	\033[36m$start_old\033[0m	————切换时会停止clash服务"
 	echo -e " 2 启用ipv6支持:	\033[36m$ipv6_support\033[0m	————实验性功能，可能不稳定"
 	echo -e " 3 Redir模式udp转发:	\033[36m$tproxy_mod\033[0m	————依赖iptables-mod-tproxy"
-	echo -e " 4 启用小闪存模式:	\033[36m$mini_clash\033[0m	————启动时方下载核心及数据库文件"
-	echo -e " 5 配置内置DNS服务	\033[36m$dns_no\033[0m"
-	echo -e " 6 手动指定相关服务端口及秘钥"
+	echo -e " 4 启用小闪存模式:	\033[36m$mini_clash\033[0m	————不保存核心及数据库文件"
+	echo -e " 5 允许公网访问:	\033[36m$public_support\033[0m	————需要路由拨号+公网IP"
+	echo -e " 6 配置内置DNS服务	\033[36m$dns_no\033[0m"
 	echo -e " 7 使用自定义配置"
+	echo -e " 8 手动指定相关端口、秘钥及本机host"
 	echo -----------------------------------------------
-	echo -e " 8 \033[31m重置\033[0m配置文件"
-	echo -e " 9 \033[32m重启\033[0mclash服务"
+	echo -e " 9 \033[31m重置\033[0m配置文件"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -808,6 +853,7 @@ clashadv(){
 				read -p "确认停用此功能？(1/0) > " res
 				[ "$res" = 1 ] && bindir="$clashdir" && echo -e "\033[33m已经停用小闪存功能！\033[0m"
 			else
+				rm -rf /tmp/clash_$USER
 				bindir="$clashdir"
 				echo -e "\033[33m已经停用小闪存功能！\033[0m"
 			fi
@@ -817,6 +863,22 @@ clashadv(){
 		clashadv
 		
 	elif [ "$num" = 5 ]; then
+		if [ "$public_support" = "未开启" ]; then 
+			echo -e "\033[32m已开启公网访问Dashboard端口及Http/Sock5代理端口！！\033[0m"
+			echo -e "\033[33m安全起见建议设置相关访问密码！！\033[0m"
+			public_support=已开启
+			setconfig public_support $public_support
+			sleep 1
+		else
+			echo -e "\033[32m已禁止公网访问Dashboard端口及Http/Sock5代理端口！！\033[0m"
+			echo -e "\033[33m如果你的防火墙默认放行公网流量，可能禁用失败！\033[0m"
+			public_support=未开启
+			setconfig public_support $public_support
+			sleep 1
+		fi
+			clashadv
+		
+	elif [ "$num" = 6 ]; then
 		source $ccfg
 		if [ "$dns_no" = "已禁用" ];then
 			read -p "检测到内置DNS已被禁用，是否启用内置DNS？(1/0) > " res
@@ -829,7 +891,7 @@ clashadv(){
 		fi
 		clashadv	
 		
-	elif [ "$num" = 6 ]; then
+	elif [ "$num" = 8 ]; then
 		source $ccfg
 		if [ -n "$(pidof clash)" ];then
 			echo -----------------------------------------------
@@ -854,7 +916,7 @@ clashadv(){
 EOF
 		[ ! -f $clashdir/rules.yaml ] && cat > $clashdir/rules.yaml <<EOF
 #用于编写自定义规则(此处规则将优先生效)，(可参考https://lancellc.gitbook.io/clash/clash-config-file/rules)：
-#例如“🚀 节点选择”、“🎯 全球直连”这样的自定义规则组必须与config.yaml中的代理规则组相匹配，否则将无法运行！
+#例如“🚀 节点选择”、“🎯 全球直连”这样的自定义规则组必须与config.yaml中的代理规则组相匹配，否则将无法运行
 # - DOMAIN-SUFFIX,google.com,🚀 节点选择
 # - DOMAIN-KEYWORD,baidu,🎯 全球直连
 # - DOMAIN,ad.com,REJECT
@@ -865,14 +927,13 @@ EOF
 # - SRC-PORT,7777,DIRECT
 EOF
 		echo -e "\033[32m已经启用自定义配置功能！\033[0m"
-		echo -e "Shell下(部分旧设备可能不显示中文)可\n使用【\033[36mvi $clashdir/user.yaml\033[0m】编辑自定义设定文件;\n使用【\033[36mvi $clashdir/rules.yaml\033[0m】编辑自定义规则文件。"
 		echo -e "Windows下请\n使用\033[33mwinscp软件\033[0m进入$clashdir目录后手动编辑！\033[0m"
-		echo -e "其他设备请\n使用\033[32mscp命令\033[0m下载文件编辑后上传到$clashdir目录！\033[0m"
+		echo -e "Shell下(\033[31m部分旧设备可能不显示中文\033[0m)可\n使用【\033[36mvi $clashdir/user.yaml\033[0m】编辑自定义设定文件;\n使用【\033[36mvi $clashdir/rules.yaml\033[0m】编辑自定义规则文件。"
 		echo -e "如需自定义节点，可以在config.yaml文件中修改或者直接替换config.yaml文件！\033[0m"
 		sleep 3
 		clashadv
 		
-	elif [ "$num" = 8 ]; then	
+	elif [ "$num" = 9 ]; then	
 		read -p "确认重置配置文件？(1/0) > " res
 		if [ "$res" = "1" ];then
 			echo "versionsh_l=$versionsh_l" > $ccfg
@@ -882,16 +943,129 @@ EOF
 			exit
 		fi
 		clashadv
+
+	else
+		errornum
+	fi
+}
+tools(){
+	ssh_tools(){
+		[ -n "$(cat /etc/firewall.user 2>1 | grep '启用外网访问SSH服务')" ] && ssh_ol=禁止 || ssh_ol=开启
+		[ -z "$ssh_port" ] && ssh_port=10022
+		echo -----------------------------------------------
+		echo -e "\033[33m此功能仅针对使用Openwrt系统的设备生效，且不依赖clash服务\033[0m"
+		echo -----------------------------------------------
+		echo -e " 1 \033[32m修改\033[0m外网访问端口：\033[36m$ssh_port\033[0m"
+		echo -e " 2 \033[32m修改\033[0mSSH访问密码(请连续输入2次后回车)"
+		echo -e " 3 \033[33m$ssh_ol\033[0m外网访问SSH"
+		echo -----------------------------------------------
+		echo -e " 0 返回上级菜单 \033[0m"
+		echo -----------------------------------------------
+		read -p "请输入对应数字 > " num
+			if [ -z "$num" ]; then
+				errornum
+			elif [ "$num" = 0 ]; then
+				i=
+				
+			elif [ "$num" = 1 ]; then
+				read -p "请输入端口号(1000-65535) > " num
+					if [ -z "$num" ]; then
+						errornum
+					elif [ $num -gt 65535 -o $num -le 999 ]; then
+						echo -e "\033[31m输入错误！请输入正确的数值(1000-65535)！\033[0m"
+					elif [ -n "$(netstat -ntul |grep :$num)" ];then
+						echo -e "\033[31m当前端口已被其他进程占用，请重新输入！\033[0m"
+					else
+						ssh_port=$num
+						setconfig ssh_port $ssh_port
+						sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+						echo -e "\033[32m设置成功，请重新开启外网访问SSH功能！！！\033[0m"
+					fi
+				sleep 1
+				ssh_tools
+				
+			elif [ "$num" = 2 ]; then
+				passwd
+				sleep 1
+				ssh_tools
+				
+			elif [ "$num" = 3 ]; then	 
+				if [ "$ssh_ol" = "开启" ];then
+					iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22
+					echo "iptables -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >> /etc/firewall.user
+					echo -----------------------------------------------
+					echo -e "已开启外网访问SSH功能！"
+				else
+					sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+					echo -----------------------------------------------
+					echo -e "已禁止外网访问SSH！"
+				fi
+			else
+				errornum
+			fi
+			}
+	#获取设置默认显示
+	[ -n "$(cat /etc/crontabs/root 2>1| grep otapredownload)" ] && mi_update=禁用 || mi_update=启用
+	#
+	echo -----------------------------------------------
+	echo -e "\033[30;47m欢迎使用其他工具菜单：\033[0m"
+	echo -e "\033[33m本页工具可能无法兼容全部Linux设备，请酌情使用！\033[0m"
+	echo -----------------------------------------------
+	echo -e " 1 ShellClash测试菜单"
+	[ -f "/etc/firewall.user" ] && echo -e " 2 \033[32m配置\033[0m外网访问SSH"
+	#echo -e " 3 配置DDNS服务:	\033[36m$ipv6_support\033[0m	————待施工"
+	[ -x /usr/sbin/otapredownload ] && echo -e " 3 \033[33m$mi_update\033[0m小米系统自动更新"
+	#[ -w "/etc/config/firewall" ] && echo -e " 4 \033[32修复\033[0mRedir_host模式Netflix访问"
+	echo -----------------------------------------------
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	if [ -z "$num" ]; then
+		errornum
+	elif [ "$num" = 0 ]; then
+		i=
 		
-	elif [ "$num" = 9 ]; then	
-		clashstart
+	elif [ "$num" = 1 ]; then
+		source $clashdir/getdate.sh && testcommand  
+		
+	elif [ "$num" = 2 ]; then
+		ssh_tools
 		sleep 1
+		tools  
+		
+	elif [ -x /usr/sbin/otapredownload ] && [ "$num" = 3 ]; then	
+		[ "$mi_update" = "禁用" ] && sed -i "/otapredownload/d" /etc/crontabs/root || echo "15 3,4,5 * * * /usr/sbin/otapredownload >/dev/null 2>&1" >> /etc/crontabs/root	
+		echo -----------------------------------------------
+		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动启动，如未生效，请在官方APP中同步设置！"
+		sleep 1
+		tools
+		
+	elif [ "$num" = 4 ]; then
+		sed -i "s/drop_invalid\ \'1\'/drop_invalid\ \'0\'/g" /etc/config/firewall
+		echo -----------------------------------------------
+		read -P "已修复，是否立即重启设备使其生效？(1/0) > " res
+		[ "$res" = 1 ] && reboot
+		sleep 1
+		tools
+		
 	else
 		errornum
 	fi
 }
 clashcron(){
-
+	croncmd(){
+		if [ -n "$(crontab -h 2>&1 | grep '\-l')" ];then
+			crontab $1
+		else
+			crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
+			[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
+			[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
+			[ ! -w "$crondir" ] && crondir="/var/spool/cron"
+			[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请前往 https://t.me/clashfm 申请适配！"
+			[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
+			[ -f "$1" ] && cat $1 > $crondir/$USER
+		fi
+	}
 	setcron(){
 		setcrontab(){
 			#设置具体时间
@@ -906,11 +1080,11 @@ clashcron(){
 			else	
 				hour=$num
 				echo -----------------------------------------------
-				read -p "请输入分钟（0-60） > " num
+				read -p "请输入分钟（0-59） > " num
 				if [ -z "$num" ]; then 
 					errornum
 					setcron
-				elif [ $num -gt 60 ] || [ $num -lt 0 ]; then 
+				elif [ $num -gt 59 ] || [ $num -lt 0 ]; then 
 					errornum
 					setcron
 				else	
@@ -920,10 +1094,14 @@ clashcron(){
 						read -p  "是否确认添加定时任务？(1/0) > " res
 						if [ "$res" = '1' ]; then
 							cronwords="$min $hour * * $week $cronset >/dev/null 2>&1 #$week1的$hour点$min分$cronname"
-							crontab -l > /tmp/conf
-							sed -i "/$cronname/d" /tmp/conf
-							echo "$cronwords" >> /tmp/conf && crontab /tmp/conf
-							rm -f /tmp/conf
+							tmpcron=/tmp/cron_$USER
+							croncmd -l > $tmpcron
+							sed -i "/$cronname/d" $tmpcron
+							sed -i '/^$/d' $tmpcron
+							echo "$cronwords" >> $tmpcron
+							croncmd $tmpcron
+							#华硕/Padavan固件存档在本地,其他则删除
+							[ "$clashdir" = "/jffs/clash" -o "$clashdir" = "/etc/storage/clash" ] && mv -f $tmpcron $clashdir/cron || rm -f $tmpcron
 							echo -----------------------------------------------
 							echo -e "\033[31m定时任务已添加！！！\033[0m"
 						fi
@@ -932,9 +1110,10 @@ clashcron(){
 		}
 		echo -----------------------------------------------
 		echo -e " 正在设置：\033[32m$cronname\033[0m定时任务"
-		echo -e " 输入  1-7  对应\033[33m每周相应天\033[0m运行"
-		echo -e " 输入   8   设为\033[33m每天定时\033[0m运行"
-		echo -e " 输入 1,3,6 代表\033[36m每周1,3,6\033[0m运行(注意用小写逗号分隔)"
+		echo -e " 输入  1~7  对应\033[33m每周的指定某天\033[0m运行"
+		echo -e " 输入   8   设为\033[33m每天\033[0m定时运行"
+		echo -e " 输入 1,3,6 代表\033[36m指定每周1,3,6\033[0m运行(小写逗号分隔)"
+		echo -e " 输入 a,b,c 代表\033[36m指定每周a,b,c\033[0m运行(1<=abc<=7)"
 		echo -----------------------------------------------
 		echo -e " 输入   9   \033[31m删除定时任务\033[0m"
 		echo -e " 输入   0   返回上级菜单"
@@ -945,7 +1124,8 @@ clashcron(){
 		elif [ "$num" = 0 ]; then
 			i=
 		elif [ "$num" = 9 ]; then
-			crontab -l > /tmp/conf && sed -i "/$cronname/d" /tmp/conf && crontab /tmp/conf
+			croncmd -l > /tmp/conf && sed -i "/$cronname/d" /tmp/conf && croncmd /tmp/conf
+			sed -i "/$cronname/d" $clashdir/cron 2>/dev/null
 			rm -f /tmp/conf
 			echo -----------------------------------------------
 			echo -e "\033[31m定时任务：$cronname已删除！\033[0m"
@@ -967,7 +1147,7 @@ clashcron(){
 	echo -e "\033[44m 实验性功能，遇问题请加TG群反馈：\033[42;30m t.me/clashfm \033[0m"
 	echo -----------------------------------------------
 	echo  -e "\033[33m已添加的定时任务：\033[36m"
-	crontab -l | grep -oE ' #.*' 
+	croncmd -l | grep -oE ' #.*' 
 	echo -e "\033[0m"-----------------------------------------------
 	echo -e " 1 设置\033[33m定时重启\033[0mclash服务"
 	echo -e " 2 设置\033[31m定时停止\033[0mclash服务"
@@ -1016,7 +1196,7 @@ clashsh(){
 	echo -e " 5 设置\033[33m定时任务\033[0m$cronoff"
 	echo -e " 6 导入\033[32m配置文件\033[0m"
 	echo -e " 7 clash\033[31m进阶设置\033[0m"
-	echo -e " 8 \033[35m测试菜单\033[0m"
+	echo -e " 8 \033[35m其他工具\033[0m"
 	echo -e " 9 \033[36m更新/卸载\033[0m"
 	echo -----------------------------------------------
 	echo -e " 0 \033[0m退出脚本\033[0m"
@@ -1053,6 +1233,7 @@ clashsh(){
 			localproxy
 		elif [ "$autostart" = "enable_rc" ]; then
 			/etc/init.d/clash disable
+			cd /etc/rc.d && rm -rf *clash > /dev/null 2>&1 && cd - >/dev/null
 			echo -e "\033[33m已禁止Clash开机启动！\033[0m"
 		elif [ "$autostart" = "disable_rc" ]; then
 			/etc/init.d/clash enable
@@ -1086,7 +1267,8 @@ clashsh(){
 		clashsh
 
 	elif [ "$num" = 8 ]; then
-		source $clashdir/getdate.sh && testcommand
+		tools
+		clashsh
 
 	elif [ "$num" = 9 ]; then
 		checkcfg=$(cat $ccfg)
@@ -1112,6 +1294,7 @@ case "$1" in
 		echo -----------------------------------------
 		echo "	-t 测试模式"
 		echo "	-h 帮助列表"
+		echo "	-u 卸载脚本"
 		echo -----------------------------------------
 		echo "在线求助：t.me/clashfm"
 		echo "官方博客：juewuy.github.io"
@@ -1122,8 +1305,37 @@ case "$1" in
 		shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash
 		$shtype -x $clashdir/clash.sh
 	;;
+	-u)
+		read -p "确认卸载ShellClash？（警告：该操作不可逆！）[1/0] " res
+		if [ "$res" = '1' ]; then
+			$clashdir/start.sh stop
+			$clashdir/start.sh cronset "clash服务"
+			$clashdir/start.sh cronset "订阅链接"
+			[ -w ~/.bashrc ] && profile=~/.bashrc
+			[ -w /etc/profile ] && profile=/etc/profile
+			sed -i '/alias clash=*/'d $profile
+			sed -i '/export clashdir=*/'d $profile
+			sed -i '/all_proxy/'d $profile
+			sed -i '/ALL_PROXY/'d $profile
+			sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+			sed -i '/ShellClash初始化/'d /etc/storage/started_script.sh 2>/dev/null
+			sed -i '/ShellClash初始化/'d /jffs/.asusrouter 2>/dev/null
+			rm -rf $clashdir
+			rm -rf /etc/init.d/clash
+			rm -rf /etc/systemd/system/clash.service
+			rm -rf /usr/lib/systemd/system/clash.service
+			rm -rf /www/clash
+			sed -Ei s/0:7890/7890:7890/g /etc/passwd
+			userdel -r shellclash 2>/dev/null
+			echo -----------------------------------------------
+			echo -e "\033[36m已卸载ShellClash相关文件！有缘再会！\033[0m"
+			echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"
+			echo -----------------------------------------------
+			exit
+		fi
+		echo -e "\033[31m操作已取消！\033[0m"
+	;;
 	*)
-		echo "	-t 测试模式"
-		echo "	-h 帮助列表"	
+		$0 -h
 	;;
 esac

scripts/clashservice

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=92
+START=101
 
 SERVICE_DAEMONIZE=1
 SERVICE_WRITE_PID=1

scripts/getdate.sh

@@ -1,32 +1,6 @@
 #!/bin/bash
 # Copyright (C) Juewuy
 
-webget(){
-	[ -n "$(pidof clash)" ] && export all_proxy="http://$authentication@127.0.0.1:$mix_port" #设置临时http代理 
-	#参数【$1】代表下载目录，【$2】代表在线地址
-	#参数【$3】代表输出显示，【$4】不启用重定向
-	#参数【$5】代表验证证书
-	if curl --version > /dev/null 2>&1;then
-		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
-		[ "$4" = "rediroff" ] && redirect='' || redirect='-L'
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='-k'
-		result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-		[ "$result" != "200" ] && export all_proxy="" && result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-	else
-		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
-		[ "$3" = "echoon" ] && progress=''
-		[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
-		wget -Y on $progress $redirect $certificate --timeout=3 -O $1 $2 
-		if [ "$?" != "0" ];then
-			wget $progress $redirect $certificate --timeout=3 -O $1 $2
-			[ "$?" = "0" ] && result="200"
-		else
-			result="200"
-		fi
-	fi
-	export all_proxy=""
-}
 #导入订阅、配置文件相关
 linkconfig(){
 	echo -----------------------------------------------
@@ -44,14 +18,18 @@ linkconfig(){
 	echo 11	李哥规则-墙洞专用
 	echo 12	基础规则-仅Geoip CN+Final
 	echo 13	网易云解锁-仅规则分组
+	echo 14	ACL4SSR重度全分组+谷歌优化
+	echo 15	ACL4SSR通用版+LM-Firefly游戏规则
+	echo 16	ACL4SSR精简版+LM-Firefly游戏规则
+	echo 17	ACL4SSR重度+LM-Firefly游戏规则
 	echo -----------------------------------------------
 	echo 0 返回上级菜单
 	read -p "请输入对应数字 > " num
-	if [ -z "$num" ] || [ "$num" -gt 13 ];then
+	if [ -z "$num" ] || [ "$num" -gt 17 ];then
 		errornum
 	elif [ "$num" = 0 ];then
 		echo 
-	elif [ "$num" -le 13 ];then
+	elif [ "$num" -le 17 ];then
 		#将对应标记值写入mark
 		rule_link=$num
 		setconfig rule_link $rule_link
@@ -64,10 +42,10 @@ linkserver(){
 	echo -e "\033[36m以下为互联网采集的第三方服务器，具体安全性请自行斟酌！\033[0m"
 	echo 当前使用后端为：$server_link
 	echo 1 subcon.dlj.tf
-	echo 2 subconverter.herokuapp.com
-	echo 3 subconverter-web.now.sh
-	echo 4 api.dler.io
-	echo 5 api.wcc.best
+	echo 2 api.dler.io
+	echo 3 api.wcc.best
+	echo 4 api2.tsutsu.cc
+	echo 5 api.v1.mk
 	echo -----------------------------------------------
 	echo 0 返回上级菜单
 	read -p "请输入对应数字 > " num
@@ -216,6 +194,7 @@ getlink2(){
 	read -p "请输入完整链接 > " link
 	test=$(echo $link | grep -iE "tp.*://" )
 	link=`echo ${link/\ \(*\)/''}`   #删除恶心的超链接内容
+	link=`echo ${link//\&/\%26}`   #将分隔符 & 替换成urlcode：%26
 	if [ -n "$link" -a -n "$test" ];then
 		echo -----------------------------------------------
 		echo -e 请检查输入的链接是否正确：
@@ -274,11 +253,9 @@ clashlink(){
 			fi
 		fi
 		getlink
-		clashlink
 	  
 	elif [ "$num" = 2 ];then
 		getlink2
-		clashlink
 		
 	elif [ "$num" = 3 ];then
 		yamlbak=$yaml.bak
@@ -323,16 +300,14 @@ clashlink(){
 		
 	elif [ "$num" = 5 ];then
 		clashcron
-		clashlink
 	else
 		errornum
-		clashlink
 	fi
 }
 #下载更新相关
 gettar(){
-	webget /tmp/clashfm.tar.gz $tarurl
-	[ "$result" != "200" ] && echo "文件下载失败！" && exit 1
+	$clashdir/start.sh webget /tmp/clashfm.tar.gz $tarurl
+	[ "$?" = "1" ] && echo "文件下载失败！" && exit 1
 	#解压
 	echo -----------------------------------------------
 	echo 开始解压文件！
@@ -362,17 +337,26 @@ gettar(){
 	fi
 	#修饰文件及版本号
 	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
-	sed -i "s%#!/bin/sh%#!/bin/$shtype%g" $clashdir/start.sh
+	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
 	chmod  777 $clashdir/start.sh
 	sed -i '/versionsh_l=*/'d $clashdir/mark
 	echo versionsh_l=$release_new >> $clashdir/mark
-	#设置环境变量
+	#设置环境变量	
+	[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+	[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
 	[ -w ~/.bashrc ] && profile=~/.bashrc
 	[ -w /etc/profile ] && profile=/etc/profile
-	sed -i '/alias clash=*/'d $profile
-	echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
-	sed -i '/export clashdir=*/'d $profile
-	echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	if [ -n "$profile" ];then
+		sed -i '/alias clash=*/'d $profile
+		echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
+		sed -i '/export clashdir=*/'d $profile
+		echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	else
+		echo 无法写入环境变量！请检查安装权限！
+		exit 1
+	fi
+	#华硕/Padavan额外设置
+	[ -n "$systype" ] && sed -i '/ShellClash初始化/'d $initdir && echo "$clashdir/start.sh init #ShellClash初始化脚本" >> $initdir
 	#删除临时文件
 	rm -rf /tmp/clashfm.tar.gz 
 	rm -rf $clashdir/clashservice
@@ -436,8 +420,8 @@ getcore(){
 	#获取在线clash核心文件
 	echo -----------------------------------------------
 	echo 正在在线获取clash核心文件……
-	webget /tmp/clash.new $corelink
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/clash.new $corelink
+	if [ "$?" = "1" ];then
 		echo -e "\033[31m核心文件下载失败！\033[0m"
 	else
 		echo -e "\033[32m$clashcore核心下载成功！\033[0m"
@@ -490,15 +474,15 @@ setcore(){
 getgeo(){
 	echo -----------------------------------------------
 	echo 正在从服务器获取数据库文件…………
-	webget /tmp/Country.mmdb $update_url/bin/$geotype
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/$geoname $update_url/bin/$geotype
+	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 		exit 1
 	else
-		mv -f /tmp/Country.mmdb $bindir/Country.mmdb
+		mv -f /tmp/$geoname $bindir/$geoname
 		echo -----------------------------------------------
-		echo -e "\033[32mGeoIP数据库文件下载成功！\033[0m"
+		echo -e "\033[32mGeoIP/CN_IP数据库文件下载成功！\033[0m"
 		Geo_v=$GeoIP_v
 		setconfig Geo_v $GeoIP_v
 		setconfig geotype $geotype
@@ -508,19 +492,32 @@ setgeo(){
 	echo -----------------------------------------------
 	[ "$geotype" = "Country.mmdb" ] && geo_type=全球版 || geo_type=精简版
 	[ -n "$geo_type" ] && echo -e "当前使用的是\033[47;30m$geo_type数据库\033[0m"
-	echo -e "\033[36m请选择需要更新的GeoIP数据库：\033[0m"
+	echo -e "\033[36m请选择需要更新/切换的GeoIP/CN_IP数据库：\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 由\033[32malecthw\033[0m提供的全球版GeoIP数据库(约4mb)"
 	echo -e " 2 由\033[32mHackl0us\033[0m提供的精简版CN-IP数据库(约0.1mb)"
+	echo -e " 3 由\033[32m17mon\033[0m提供的CN-IP文件(需启用CN_IP绕过内核功能，约0.1mb)"
 	echo " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
 	if [ "$num" = '1' ]; then
 		geotype=Country.mmdb
+		geoname=Country.mmdb
 		getgeo
 	elif [ "$num" = '2' ]; then
 		geotype=cn_mini.mmdb
+		geoname=Country.mmdb
 		getgeo
+	elif [ "$num" = '3' ]; then
+		if [ "$cn_ip_route" = "已开启" ]; then
+			geotype=china_ip_list.txt
+			geoname=cn_ip.txt
+			getgeo
+		else
+			echo -----------------------------------------------
+			echo -e "\033[31m未开启绕过内核功能，无需更新CN-IP文件！！\033[0m"	
+			sleep 1
+		fi
 	else
 		update
 	fi
@@ -540,8 +537,8 @@ getdb(){
 	dblink="${update_url}/bin/${db_type}.tar.gz"
 	echo -----------------------------------------------
 	echo 正在连接服务器获取安装文件…………
-	webget /tmp/clashdb.tar.gz $dblink
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/clashdb.tar.gz $dblink
+	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 		echo -----------------------------------------------
@@ -550,13 +547,16 @@ getdb(){
 		echo -e "\033[33m下载成功，正在解压文件！\033[0m"
 		mkdir -p $dbdir > /dev/null
 		tar -zxvf "/tmp/clashdb.tar.gz" -C $dbdir > /dev/null
-		[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
+		if [ $? -ne 0 ];then
+			tar -zxvf "/tmp/clashdb.tar.gz" --no-same-permissions -C $dbdir > /dev/null
+			[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
+		fi
 		#修改默认host和端口
 		if [ "$db_type" = "clashdb" ];then
-			sed -i "s/127.0.0.1/${host}/g" $dbdir/static/js/*.js
-			sed -i "s/9090/${db_port}/g" $dbdir/static/js/*.js
+			sed -i "s/127.0.0.1/${host}/g" $dbdir/assets/*.js
+			sed -i "s/9090/${db_port}/g" $dbdir/assets/*.js
 		else
-			sed -i "s/127.0.0.1:9090/${host}:${db_port}/g" $dbdir/app*.js
+			sed -i "s/127.0.0.1:9090/${host}:${db_port}/g" $dbdir/*.html
 			#sed -i "s/7892/${db_port}/g" $dbdir/app*.js
 		fi
 		#如果clash在运行则重启clash服务
@@ -577,7 +577,7 @@ setdb(){
 			echo -e "请选择面板\033[33m安装目录：\033[0m"
 			echo -----------------------------------------------
 			echo -e " 1 在$clashdir/ui目录安装"
-			echo -e " 2 在/www/clash目录安装(推荐！)"
+			echo -e " 2 在/www/clash目录安装"
 			echo -----------------------------------------------
 			echo " 0 返回上级菜单"
 			read -p "请输入对应数字 > " num
@@ -634,13 +634,19 @@ getcrt(){
 	crtlink="${update_url}/bin/ca-certificates.crt"
 	echo -----------------------------------------------
 	echo 正在连接服务器获取安装文件…………
-	webget /tmp/ca-certificates.crt $crtlink
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/ca-certificates.crt $crtlink
+	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 	else
 		echo -----------------------------------------------
 		mv -f /tmp/ca-certificates.crt $crtdir
+		$clashdir/start.sh webget /tmp/ssl_test https://baidu.com echooff rediron skipceroff
+		if [ "$?" = "1" ];then
+			export CURL_CA_BUNDLE=$crtdir
+			echo "export CURL_CA_BUNDLE=$crtdir" >> /etc/profile
+		fi
+		rm -rf /tmp/ssl_test
 		echo -e "\033[32m证书安装成功！\033[0m"
 		sleep 1
 	fi
@@ -681,27 +687,31 @@ setserver(){
 		release_new=""
 	}
 	echo -----------------------------------------------
-	echo -e "\033[30;47m您可以在此处切换在线更新时使用的资源地址\033[0m"
-	echo -e "当前源：\033[4;32m$update_url\033[0m"
+	echo -e "\033[30;47m切换ShellClash版本及更新源地址\033[0m"
+	echo -e "当前源地址：\033[4;32m$update_url\033[0m"
 	echo -----------------------------------------------
-	echo -e " 1 Jsdelivr-CDN源(test版本)"
-	echo -e " 2 Jsdelivr-CDN源(release版本)"
-	echo -e " 3 Github源(test版本，需开启clash服务)"
-	echo -e " 5 自定义输入(请务必确保路径正确)"
-	echo -e " 6 切换版本(仅支持切换至release分支)"
+	echo -e " 1 \033[32m正式版\033[0m&Jsdelivr-CDN源(推荐)"
+	echo -e " 2 \033[36m测试版\033[0m&Jsdelivr-CDN源"
+	echo -e " 3 \033[36m测试版\033[0m&Github源(需开启clash服务）"
+	[ -z "$(curl -V 2>/dev/null)" ] && [ -n "$(wget -V 2>&1 | grep BusyBox)" ] && echo -e " 4 \033[33mHttp专用源\033[0m@Qust.me(感谢\033[32m酱紫表\033[0m提供及维护)"
+	echo -e " 5 自定义源地址(用于本地源或自建源)"
+	echo -e " 6 \033[31m版本回退\033[0m"
 	echo -e " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 	if	[ -z "$num" ]; then 
 		errornum
 	elif [ "$num" = 1 ]; then
-		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master'
+		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash'
 		saveserver
 	elif [ "$num" = 2 ]; then
-		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash'
+		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master'
 		saveserver
 	elif [ "$num" = 3 ]; then
 		update_url='https://raw.githubusercontent.com/juewuy/ShellClash/master'
 		saveserver
+	elif [ "$num" = 4 ]; then
+		update_url='http://sc.qust.me'
+		saveserver
 	elif [ "$num" = 5 ]; then
 		echo -----------------------------------------------
 		read -p "请输入个人源路径 > " update_url
@@ -713,8 +723,8 @@ setserver(){
 		fi
 	elif [ "$num" = 6 ]; then
 		echo -----------------------------------------------
-		webget /tmp/clashrelease https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/bin/release_version echooff rediroff 2>/tmp/clashrelease
-		echo -e "\033[32m请选择想要更新至的版本：\033[0m"
+		$clashdir/start.sh webget /tmp/clashrelease https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/bin/release_version echooff rediroff 2>/tmp/clashrelease
+		echo -e "\033[31m请选择想要回退至的release版本：\033[0m"
 		cat /tmp/clashrelease | awk '{print " "NR" "$1}'
 		echo -e " 0 返回上级菜单"
 		read -p "请输入对应数字 > " num
@@ -730,7 +740,7 @@ setserver(){
 		fi
 		
 	elif [ "$num" = 9 ]; then
-		update_url='http://192.168.31.31:8080/ShellClash'
+		update_url='http://192.168.123.90:8080/ShellClash'
 	else
 		errornum
 	fi
@@ -738,16 +748,14 @@ setserver(){
 checkupdate(){
 if [ -z "$release_new" ];then
 	if [ "$update_url" = "https://cdn.jsdelivr.net/gh/juewuy/ShellClash" ];then
-		webget /tmp/clashrelease $update_url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
-		[ "$result" = "200" ] && release_new=$(cat /tmp/clashrelease | head -1)
-		[ -z "$release_new" ] && release_new=master
+		$clashdir/start.sh webget /tmp/clashversion $update_url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
+		[ "$?" = "0" ] && release_new=$(cat /tmp/clashversion | head -1)
 		update_url=$update_url@$release_new
-	fi
-	webget /tmp/clashversion $update_url/bin/version echooff
-	[ "$result" = "200" ] && source /tmp/clashversion || echo -e "\033[31m检查更新失败！请检查网络连接或切换安装源！\033[0m"
-	[ -z "$release_new" ] && release_new=$versionsh
+	fi	
+	$clashdir/start.sh webget /tmp/clashversion $update_url/bin/version echooff 
+	[ "$?" = "0" ] && release_new=$(cat /tmp/clashversion | grep versionsh | awk -F'=' '{ print $2 }')
+	[ -n "$release_new" ] &&source /tmp/clashversion || echo -e "\033[31m检查更新失败！请检查网络连接或切换安装源！\033[0m"
 	rm -rf /tmp/clashversion
-	rm -rf /tmp/clashrelease
 fi
 }
 update(){
@@ -761,12 +769,12 @@ update(){
 	echo -----------------------------------------------
 	echo -e " 1 更新\033[36m管理脚本  	\033[33m$versionsh_l\033[0m > \033[32m$versionsh\033[0m"
 	echo -e " 2 切换\033[33mclash核心 	\033[33m$clash_v\033[0m > \033[32m$clash_n\033[0m"
-	echo -e " 3 更新\033[32mGeoIP数据库	\033[33m$Geo_v\033[0m > \033[32m$GeoIP_v\033[0m"
+	echo -e " 3 更新\033[32mGeoIP/CN-IP	\033[33m$Geo_v\033[0m > \033[32m$GeoIP_v\033[0m"
 	echo -e " 4 安装本地\033[35mDashboard\033[0m面板"
 	echo -e " 5 安装/更新本地\033[33m根证书文件\033[0m"
 	echo -e " 6 查看\033[32mPAC\033[0m自动代理配置"
 	echo -----------------------------------------------
-	echo -e " 7 切换\033[36m安装源\033[0m地址"
+	echo -e " 7 切换\033[36m安装源\033[0m及\033[36m安装版本\033[0m"
 	echo -e " 8 鸣谢"
 	echo -e " 9 \033[31m卸载\033[34mShellClash\033[0m"
 	echo -e " 0 返回上级菜单" 
@@ -811,35 +819,15 @@ update(){
 		echo -e "感谢：\033[32mClash \033[0m作者\033[36m Dreamacro\033[0m 项目地址：\033[32mhttps://github.com/Dreamacro/clash\033[0m"
 		echo -e "感谢：\033[32msubconverter \033[0m作者\033[36m tindy2013\033[0m 项目地址：\033[32mhttps://github.com/tindy2013/subconverter\033[0m"
 		echo -e "感谢：\033[32malecthw提供的GeoIP数据库\033[0m 项目地址：\033[32mhttps://github.com/alecthw/mmdb_china_ip_list\033[0m"
+		echo -e "感谢：\033[32mHackl0us提供的GeoIP精简数据库\033[0m 项目地址：\033[32mhttps://github.com/Hackl0us/GeoIP2-CN\033[0m"
+		echo -e "感谢：\033[32m17mon提供的CN-IP列表\033[0m 项目地址：\033[32mhttps://github.com/17mon/china_ip_list\033[0m"
 		echo -e "感谢：\033[32myacd \033[0m作者\033[36m haishanh\033[0m 项目地址：\033[32mhttps://github.com/haishanh/yacd\033[0m"
 		echo -e "感谢：\033[32m更多的帮助过我的人！\033[0m"
 		sleep 2
 		update
 		
 	elif [ "$num" = 9 ]; then
-		read -p "确认卸载ShellClash？（警告：该操作不可逆！）[1/0] " res
-		if [ "$res" = '1' ]; then
-			$clashdir/start.sh stop
-			$clashdir/start.sh cronset "clash服务"
-			$clashdir/start.sh cronset "订阅链接"
-			[ -w ~/.bashrc ] && profile=~/.bashrc
-			[ -w /etc/profile ] && profile=/etc/profile
-			sed -i '/alias clash=*/'d $profile
-			sed -i '/export clashdir=*/'d $profile
-			sed -i '/all_proxy/'d $profile
-			sed -i '/ALL_PROXY/'d $profile
-			rm -rf $clashdir
-			rm -rf /etc/init.d/clash
-			rm -rf /etc/systemd/system/clash.service
-			rm -rf /usr/lib/systemd/system/clash.service
-			rm -rf /www/clash
-			echo -----------------------------------------------
-			echo -e "\033[36m已卸载ShellClash相关文件！有缘再会！\033[0m"
-			echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"
-			echo -----------------------------------------------
-			exit
-		fi
-		echo -e "\033[31m操作已取消！\033[0m"
+		$0 -u
 		update
 	else
 		errornum
@@ -851,8 +839,8 @@ userguide(){
 		echo -----------------------------------------------
 		echo -e "\033[33m是否需要代理UDP流量(主要用于游戏)？ \033[0m"
 		echo -----------------------------------------------
-		echo -e " 1 \033[33m不代理UDP流量\033[0m(可能会导致一部分游戏/应用无法连接)"
-		modinfo tun >/dev/null 2>&1 && [ "$?" = 0 ] && \
+		echo -e " 1 \033[33m不代理UDP流量\033[0m(可能会导致一部分外服游戏/应用无法连接)"
+		ip tuntap >/dev/null 2>&1 && [ "$?" = 0 ] && \
 		echo -e " 2 \033[32m使用Tun虚拟网卡\033[0m代理UDP流量(更低的延迟但更多的CPU消耗)" || \
 		echo -e " - \033[0m使用Tun模式(你的设备不支持此模式，如为虚拟机运行请调整虚拟网卡设置)\033[0m"
 		[ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && \
@@ -881,10 +869,8 @@ userguide(){
 		echo -e "\033[33m请先选择你的使用环境： \033[0m"
 		echo -e "\033[0m(你之后依然可以在设置中更改各种配置)\033[0m"
 		echo -----------------------------------------------
-		echo -e " 1 \033[32m各类路由设备\033[0m，配置局域网透明路由"
-		echo -e " 2 \033[36m桌面版Linux系统\033[0m，仅配置本机路由"
-		echo -e " 3 \033[32m服务器Linux系统\033[0m，仅配置本机路由"
-		echo -e " 4 \033[36m多功能设备\033[0m，配置本机及局域网路由"
+		echo -e " 1 \033[32m主路由或旁路由\033[0m"
+		echo -e " 2 \033[36mLinux本机代理\033[0m"
 		echo -----------------------------------------------
 		read -p "请输入对应数字 > " num
 		if [ -z "$num" ] || [ "$num" -gt 4 ];then
@@ -892,14 +878,32 @@ userguide(){
 			forwhat
 		elif [ "$num" = 1 ];then
 			whichmod
-		elif [ "$num" = 2 -o "$num" = 3 ];then
+			#检测IP转发
+			if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "0" ];then
+				echo -----------------------------------------------
+				echo -e "\033[33m检测到你的设备尚未开启ip转发，局域网设备将无法正常连接网络，是否立即开启？\033[0m"
+				read -p "是否开启？(1/0) > " res
+				[ "$res" = 1 ] && echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
+				[ "$?" = 0 ] && /etc/init.d/procps restart && echo "已成功开启ipv4转发，如未正常开启，请手动重启设备！" || echo "开启失败！请自行谷歌查找当前设备的开启方法！"
+			fi
+		elif [ "$num" = 2 ];then
 			setconfig redir_mod "纯净模式"
 			setconfig clashcore "clash"
 			echo -----------------------------------------------
 			echo -e "\033[36m请选择设置本机代理的方式\033[0m"
-			localproxy
-		elif [ "$num" = 4 ];then
-			whichmod
+			echo -e " 1 使用\033[32m环境变量\033[0m方式配置(不支持部分应用)"
+			echo -e " 2 使用\033[32miptables增强模式\033[0m配置(不支持OpenWrt)"
+			echo -e " 0 稍后设置"
+			read -p "请输入对应数字 > " num
+			if [ "$num" = 1 ]; then
+				local_proxy=已开启
+				local_type=环境变量
+			elif [ "$num" = 2 ]; then
+				local_proxy=已开启
+				local_type=iptables增强模式
+			fi
+			setconfig local_proxy $local_proxy
+			setconfig local_type $local_type
 		fi
 	}
 	forwhat
@@ -928,6 +932,15 @@ userguide(){
 		read -p "是否下载并安装根证书？(1/0) > " res
 		[ "$res" = 1 ] && checkupdate && getcrt
 	fi
+	#设置加密DNS
+	$clashdir/start.sh webget /tmp/ssl_test https://www.baidu.com echooff rediron skipceroff
+	if [ "$?" = "0" ];then
+		dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
+		dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query'
+		setconfig dns_nameserver \'"$dns_nameserver"\'
+		setconfig dns_fallback \'"$dns_fallback"\' 
+	fi
+	rm -rf /tmp/ssl_test
 	#提示导入订阅或者配置文件
 	echo -----------------------------------------------
 	echo -e "\033[32m是否导入配置文件？\033[0m(这是运行前的最后一步)"
@@ -1025,4 +1038,4 @@ testcommand(){
 		errornum
 		clashsh
 	fi
-}
+}

scripts/start.sh

@@ -4,6 +4,8 @@
 #脚本内部工具
 getconfig(){
 	#加载配置文件
+	[ -d "/etc/storage/clash" ] && clashdir=/etc/storage/clash
+	[ -d "/jffs/clash" ] && clashdir=/jffs/clash
 	[ -z "$clashdir" ] && clashdir=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
 	[ -z "$clashdir" ] && clashdir=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
 	ccfg=$clashdir/mark
@@ -24,9 +26,11 @@ getconfig(){
 	[ -z "$redir_port" ] && redir_port=7892
 	[ -z "$db_port" ] && db_port=9999
 	[ -z "$dns_port" ] && dns_port=1053
+	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
+	[ -z "$public_support" ] && public_support=未开启
 	[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
 	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
-	[ -z "$multiport" ] && multiport='53,587,465,995,993,143,80,443'
+	[ -z "$multiport" ] && multiport='22,53,587,465,995,993,143,80,443,8080'
 	#是否代理常用端口
 	[ "$common_ports" = "已开启" ] && ports="-m multiport --dports $multiport"
 	}
@@ -44,51 +48,44 @@ compare(){
 		[ "$(cat $1)" = "$(cat $2)" ] && return 0 || return 1
 	fi
 }
-webget(){
-	[ -n "$(pidof clash)" ] && export all_proxy="http://$authentication@127.0.0.1:$mix_port" #设置临时http代理 
-	#参数【$1】代表下载目录，【$2】代表在线地址
-	#参数【$3】代表输出显示，【$4】不启用重定向
-	#参数【$5】代表验证证书
-	if curl --version > /dev/null 2>&1;then
-		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
-		[ "$4" = "rediroff" ] && redirect='' || redirect='-L'
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='-k'
-		result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-		[ "$result" != "200" ] && export all_proxy="" && result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-	else
-		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
-		[ "$3" = "echoon" ] && progress=''
-		[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
-		wget -Y on $progress $redirect $certificate --timeout=3 -O $1 $2 
-		if [ "$?" != "0" ];then
-			wget $progress $redirect $certificate --timeout=3 -O $1 $2
-			[ "$?" = "0" ] && result="200"
-		else
-			result="200"
-		fi
-	fi
-	export all_proxy=""
-}
 logger(){
 	[ -n "$2" ] && echo -e "\033[$2m$1\033[0m"
 	echo `date "+%G-%m-%d %H:%M:%S"` $1 >> $clashdir/log
 	[ "$(wc -l $clashdir/log | awk '{print $1}')" -gt 30 ] && sed -i '1,5d' $clashdir/log
 }
+croncmd(){
+	if [ -n "$(crontab -h 2>&1 | grep '\-l')" ];then
+		crontab $1
+	else
+		crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
+		[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
+		[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
+		[ ! -w "$crondir" ] && crondir="/var/spool/cron"
+		[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请前往 https://t.me/clashfm 申请适配！"
+		[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
+		[ -f "$1" ] && cat $1 > $crondir/$USER
+	fi
+}
 cronset(){
 	# 参数1代表要移除的关键字,参数2代表要添加的任务语句
-	crondir=/tmp/cron_$USER
-	crontab -l > $crondir
-	sed -i "/$1/d" $crondir
-	echo "$2" >> $crondir
-	crontab $crondir
-	rm -f $crondir
+	tmpcron=/tmp/cron_$USER
+	croncmd -l > $tmpcron 
+	sed -i "/$1/d" $tmpcron
+	sed -i '/^$/d' $tmpcron
+	echo "$2" >> $tmpcron
+	croncmd $tmpcron
+	rm -f $tmpcron
 }
 mark_time(){
 	start_time=`date +%s`
 	sed -i '/start_time*/'d $clashdir/mark
 	echo start_time=$start_time >> $clashdir/mark
 }
+gethost(){
+	[ -z "$host" ] && host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
+	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '\ 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
+	[ -n "$host" ] && lanhost="-s $(echo $host | grep -oE '^1(92|0|72)\.')0.0.0/8"
+}
 #配置文件相关
 getyaml(){
 	[ -z "$rule_link" ] && rule_link=1
@@ -96,10 +93,10 @@ getyaml(){
 	#前后端订阅服务器地址索引，可在此处添加！
 	Server=`sed -n ""$server_link"p"<<EOF
 subcon.dlj.tf
-subconverter.herokuapp.com
-subconverter-web.now.sh
 api.dler.io
 api.wcc.best
+api2.tsutsu.cc
+api.v1.mk
 EOF`
 	Config=`sed -n ""$rule_link"p"<<EOF
 https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_NoReject.ini
@@ -115,9 +112,15 @@ https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/ra
 https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/dlercloud_lige_platinum.ini
 https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/basic.ini
 https://subconverter.oss-ap-southeast-1.aliyuncs.com/Rules/RemoteConfig/special/netease.ini
+https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Full_Google.ini
+https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Games.ini
+https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Mini_Games.ini
+https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Full_Games.ini
 EOF`
+	Https=$(echo ${Https//\%26/\&})   #将%26替换回&
 	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
 	if [ -z "$Https" ];then
+		#[ -n "$(echo $Url | grep -o 'https://dler')" ] && Server='api.dler.io'
 		Https="https://$Server/sub?target=clash&insert=true&new_name=true&scv=true&exclude=$exclude&include=$include&url=$Url&config=$Config"
 		markhttp=1
 	fi
@@ -130,12 +133,12 @@ EOF`
 	yaml=$clashdir/config.yaml
 	yamlnew=/tmp/clash_config_$USER.yaml
 	rm -rf $yamlnew
-	webget $yamlnew $Https
-	if [ "$result" != "200" ];then
+	$0 webget $yamlnew $Https 0 0 0 1
+	if [ "$?" = "1" ];then
 		if [ -z "$markhttp" ];then
 			echo -----------------------------------------------
 			logger "配置文件获取失败！" 31
-			echo -e "\033[31m请尝试使用【导入订阅】功能！\033[0m"
+			echo -e "\033[31m请尝试使用【在线生成配置文件】功能！\033[0m"
 			echo -----------------------------------------------
 			exit 1
 		else
@@ -146,7 +149,7 @@ EOF`
 				retry=$((retry+1))
 				logger "配置文件获取失败！" 31
 				echo -e "\033[32m尝试使用其他服务器获取配置！\033[0m"
-				logger "正在重试第$retry次/共5次！" 32
+				logger "正在重试第$retry次/共5次！" 33
 				sed -i '/server_link=*/'d $ccfg
 				if [ "$server_link" -ge 5 ]; then
 					server_link=0
@@ -160,7 +163,7 @@ EOF`
 	else
 		Https=""
 		#检测节点或providers
-		if [ -z "$(cat $yamlnew | grep -E 'server:|proxy-providers:' | grep -v 'nameserver')" ];then
+		if [ -z "$(cat $yamlnew | grep -E 'server|proxy-providers' | grep -v 'nameserver' | head -n 1)" ];then
 			echo -----------------------------------------------
 			logger "获取到了配置文件，但似乎并不包含正确的节点信息！" 31
 			echo -----------------------------------------------
@@ -227,7 +230,7 @@ modify_yaml(){
 	exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
 	#dns配置
 	if [ "$dns_mod" = "fake-ip" ];then
-		dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org"], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
+		dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org","*.sgcc.com.cn","*.alicdn.com","*.aliyuncs.com"], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 	else
 		dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, nameserver: ['$dns_nameserver$dns_local'], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 	fi
@@ -239,9 +242,11 @@ modify_yaml(){
 	b=$(grep -n "^prox" $yaml | head -1 | cut -d ":" -f 1)
 	b=$((b-1))
 	mkdir -p $tmpdir > /dev/null
-	sed "${a},${b}d" $yaml > $tmpdir/proxy.yaml
+	[ "$b" != "0" ] && sed "${a},${b}d" $yaml > $tmpdir/proxy.yaml
 	#跳过本地tls证书验证
-	[ "$skip_cert" = "已开启" ] && sed -i '10,99s/skip-cert-verify: false/skip-cert-verify: true/' $tmpdir/proxy.yaml
+	[ "$skip_cert" = "已开启" ] && sed -i '1,99s/skip-cert-verify: false/skip-cert-verify: true/' $tmpdir/proxy.yaml
+	#检测是否使用script规则
+	[ -n "$(cat $yaml | grep -E '^script:')" ] && mode='mode: Script'
 	#添加配置
 ###################################
 	cat > $tmpdir/set.yaml <<EOF
@@ -258,30 +263,54 @@ secret: $secret
 $tun
 $exper
 $dns
+store-selected: $restore
 EOF
 ###################################
 	[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
 	#合并文件
 	cut -c 1- $tmpdir/set.yaml $yaml_user $tmpdir/proxy.yaml > $tmpdir/config.yaml
 	#插入自定义规则
+	sed -i "/#自定义规则/d" $tmpdir/config.yaml
 	if [ -f $clashdir/rules.yaml ];then
+		sed -i '/^$/d' $clashdir/rules.yaml && echo >> $clashdir/rules.yaml #处理换行
+		space=$(sed -n '/^rules/{n;p}' $tmpdir/proxy.yaml | grep -oE '^\ *') #获取空格数
 		while read line;do
-			[ -z "$(echo "$line" | grep '#')" ] && \
+			[ -z "$(echo "$line " | grep '#')" ] && \
 			[ -n "$(echo "$line" | grep '\-\ ')" ] && \
-			sed -i "/$line/d" $tmpdir/config.yaml && \
-			sed -i "/^rules:/a\ $line" $tmpdir/config.yaml
+			line=$(echo "$line" | sed 's#/#\\/#') && \
+			sed -i "/^rules:/a\\$space$line #自定义规则" $tmpdir/config.yaml
 		done < $clashdir/rules.yaml
 	fi
 	#如果没有使用小闪存模式
 	if [ "$tmpdir" != "$bindir" ];then
-		compare $tmpdir/config.yaml $yaml
+		cmp -s $tmpdir/config.yaml $yaml >/dev/null 2>&1
 		[ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml
 	fi
 	rm -f $tmpdir/set.yaml
 	rm -f $tmpdir/proxy.yaml
 }
 #设置路由规则
+cn_ip_route(){	
+	if [ ! -f $bindir/cn_ip.txt ];then
+		if [ -f $clashdir/cn_ip.txt ];then
+			mv $clashdir/cn_ip.txt $bindir/cn_ip.txt
+		else
+			logger "未找到cn_ip列表，正在下载！" 33
+			$0 webget $bindir/cn_ip.txt "$update_url/bin/china_ip_list.txt"
+			[ "$?" = "1" ] && rm -rf $bindir/cn_ip.txt && logger "列表下载失败，已退出！" 31 && exit 1
+		fi
+	fi
+	if [ -f $bindir/cn_ip.txt ];then
+	echo "create cn_ip hash:net family inet hashsize 1024 maxelem 65536" > /tmp/cn_$USER.ipset
+	awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' $bindir/cn_ip.txt >> /tmp/cn_$USER.ipset
+	ipset -! flush cn_ip 2>/dev/null
+	ipset -! restore < /tmp/cn_$USER.ipset
+	rm -rf cn_$USER.ipset
+	fi
+}
 start_redir(){
+	#获取本地局域网地址段
+	gethost
 	#流量过滤规则
 	iptables -t nat -N clash
 	iptables -t nat -A clash -d 0.0.0.0/8 -j RETURN
@@ -292,6 +321,7 @@ start_redir(){
 	iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 		#mac白名单
 		for mac in $(cat $clashdir/mac); do
@@ -304,7 +334,16 @@ start_redir(){
 		done
 		iptables -t nat -A clash -p tcp $ports -j REDIRECT --to-ports $redir_port
 	fi
-	iptables -t nat -A PREROUTING -p tcp -j clash
+	iptables -t nat -A PREROUTING -p tcp $lanhost -j clash
+	if [ "$public_support" = "已开启" ];then
+		iptables -I INPUT -p tcp --dport $mix_port -j ACCEPT
+		iptables -I INPUT -p tcp --dport $db_port -j ACCEPT
+	fi
+	#Google home DNS特殊处理
+	iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash
+	iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j clash
+	#Docker特殊处理
+	iptables -t nat -I PREROUTING -s 172.16.0.0/12  -j clash
 	#设置ipv6转发
 	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
 	if [ -n "$ip6_nat" -a "$ipv6_support" = "已开启" ];then
@@ -347,9 +386,6 @@ start_dns(){
 		iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
 	fi
 	iptables -t nat -A PREROUTING -p udp -j clash_dns
-	#Google home DNS特殊处理
-	iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash_dns
-	iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j clash_dns
 	#ipv6DNS
 	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
 	if [ -n "$ip6_nat" ];then
@@ -375,6 +411,7 @@ start_dns(){
 	fi
 }
 start_udp(){
+	gethost	#获取本地局域网地址段
 	ip rule add fwmark 1 table 100
 	ip route add local default dev lo table 100
 	iptables -t mangle -N clash
@@ -386,6 +423,7 @@ start_udp(){
 	iptables -t mangle -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t mangle -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t mangle -A clash -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t mangle -A clash -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 		#mac白名单
 		for mac in $(cat $clashdir/mac); do
@@ -398,23 +436,79 @@ start_udp(){
 		done
 		iptables -t mangle -A clash -p udp -j TPROXY --on-port $redir_port --tproxy-mark 1
 	fi
-	iptables -t mangle -A PREROUTING -p udp -j clash
+	iptables -t mangle -A PREROUTING -p udp $lanhost -j clash
+}
+start_output(){
+	#流量过滤规则
+	iptables -t nat -N clash_out
+	iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN
+	iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
+	iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_out -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_out -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t nat -A clash_out -p tcp $ports -j REDIRECT --to-ports $redir_port
+	fi
+	iptables -t nat -A OUTPUT -p tcp -j clash_out
+	#设置dns转发
+	iptables -t nat -N clash_dns_out
+	iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns_out -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			iptables -t nat -A clash_dns_out -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns_out -m mac --mac-source $mac -j RETURN
+		done	
+		iptables -t nat -A clash_dns_out -p udp --dport 53 -j REDIRECT --to $dns_port
+		iptables -t nat -A clash_dns_out -p tcp --dport 53 -j REDIRECT --to $dns_port
+	fi
+	iptables -t nat -A OUTPUT -p udp -j clash_dns_out
 }
 stop_iptables(){
+	gethost #获取本地局域网地址段
     #重置iptables规则
 	ip rule del fwmark 1 table 100  2> /dev/null
 	ip route del local default dev lo table 100 2> /dev/null
-	iptables -t nat -D PREROUTING -p tcp -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp $lanhost -j clash 2> /dev/null
+	iptables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
+	iptables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
 	iptables -t nat -D PREROUTING -p udp -j clash_dns 2> /dev/null
-	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash_dns 2> /dev/null
-	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash_dns 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -s 172.16.0.0/12  -j clash 2> /dev/null
 	iptables -t nat -F clash 2> /dev/null
 	iptables -t nat -X clash 2> /dev/null
 	iptables -t nat -F clash_dns 2> /dev/null
 	iptables -t nat -X clash_dns 2> /dev/null
 	iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+	#重置output规则
+	iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
+	iptables -t nat -F clash_out 2> /dev/null
+	iptables -t nat -X clash_out 2> /dev/null	
+	iptables -t nat -D OUTPUT -p udp -j clash_dns_out 2> /dev/null
+	iptables -t nat -F clash_dns_out 2> /dev/null
+	iptables -t nat -X clash_dns_out 2> /dev/null
 	#重置udp规则
-	iptables -t mangle -D PREROUTING -p udp -j clash 2> /dev/null
+	iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null
 	iptables -t mangle -F clash 2> /dev/null
 	iptables -t mangle -X clash 2> /dev/null
 	#重置ipv6规则
@@ -425,6 +519,8 @@ stop_iptables(){
 	ip6tables -t nat -F clashv6_dns 2> /dev/null
 	ip6tables -t nat -X clashv6_dns 2> /dev/null
 	ip6tables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+	#清理ipset规则
+	ipset destroy cn_ip >/dev/null 2>&1
 }
 #面板配置保存相关
 web_save(){
@@ -433,16 +529,12 @@ web_save(){
 			curl -s -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1"
 		elif [ -n "$(wget --help 2>&1|grep '\-\-method')" ];then
 			wget -q --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" -O - "$1"
-		else
-			logger 当前系统未安装curl且wget的版本太低，无法保存节点配置！ 31
-			getconfig
-			cronset '保存节点配置'
 		fi
 	}
 	#使用get_save获取面板节点设置
 	get_save http://localhost:${db_port}/proxies | awk -F "{" '{for(i=1;i<=NF;i++) print $i}' | grep -E '^"all".*"Selector"' > /tmp/clash_web_check_$USER
 	while read line ;do
-		def=$(echo $line | awk -F "[\[,]" '{print $2}')
+		def=$(echo $line | awk -F "[[,]" '{print $2}')
 		now=$(echo $line | grep -oE '"now".*",' | sed 's/"now"://g'| sed 's/,//g')
 		[ "$def" != "$now" ] && echo $line | grep -oE '"name".*"now".*",' | sed 's/"name"://g' | sed 's/"now"://g'| sed 's/"//g' >> /tmp/clash_web_save_$USER
 	done < /tmp/clash_web_check_$USER
@@ -457,7 +549,7 @@ web_restore(){
 	put_save(){
 		if curl --version > /dev/null 2>&1;then
 			curl -sS -X PUT -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1" -d "$2" >/dev/null
-		else
+		elif wget --version > /dev/null 2>&1;then
 			wget -q --method=PUT --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" --body-data="$2" "$1" >/dev/null
 		fi
 	}
@@ -483,9 +575,7 @@ web_restore(){
 }
 #启动相关
 catpac(){
-	host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
-	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E '192.|10.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
-	[ -z "$host" ] && host=127.0.0.1
+	gethost
 	cat > /tmp/clash_pac <<EOF
 function FindProxyForURL(url, host) {
 	if (
@@ -500,7 +590,7 @@ function FindProxyForURL(url, host) {
 	)
 		return "DIRECT";
 	else
-		return "PROXY 192.168.31.1:7890; DIRECT; SOCKS5 192.168.31.1:7890"
+		return "PROXY $host:$mix_port; DIRECT; SOCKS5 $host:$mix_port"
 }
 EOF
 	compare /tmp/clash_pac $bindir/ui/pac
@@ -510,7 +600,7 @@ bfstart(){
 	#读取配置文件
 	getconfig
 	[ ! -d $bindir/ui ] && mkdir -p $bindir/ui
-	[ -z "$update_url" ] && update_url=https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master
+	[ -z "$update_url" ] || [ -n "$(echo $update_url | grep 'github')" ] && update_url=https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master
 	#检查clash核心
 	if [ ! -f $bindir/clash ];then
 		if [ -f $clashdir/clash ];then
@@ -522,8 +612,8 @@ bfstart(){
 			fi
 			[ -z "$cpucore" ] && source $clashdir/getdate.sh && getcpucore
 			[ -z "$cpucore" ] && logger 找不到设备的CPU信息，请手动指定处理器架构类型！ 31 && setcpucore
-			webget $bindir/clash "$update_url/bin/$clashcore/clash-linux-$cpucore"
-			[ "$?" = 1 ] && logger "核心下载失败，已退出！" 31 && rm -f $bindir/clash && exit 1
+			$0 webget $bindir/clash "$update_url/bin/$clashcore/clash-linux-$cpucore"
+			[ "$?" = "1" ] && rm -rf $bindir/clash && logger "核心下载失败，已退出！" 31 && exit 1
 			[ ! -x $bindir/clash ] && chmod +x $bindir/clash 	#检测可执行权限
 			clashv=$($bindir/clash -v | awk '{print $2}')
 			setconfig clashv $clashv
@@ -536,8 +626,8 @@ bfstart(){
 		else
 			logger "未找到GeoIP数据库，正在下载！" 33
 			[ -z "$geotype" ] && geotype=cn_mini.mmdb
-			webget $bindir/Country.mmdb $update_url/bin/$geotype
-			[ "$?" = 1 ] && logger "数据库下载失败，已退出！" 31 && rm -f $bindir/Country.mmdb && exit 1
+			$0 webget $bindir/Country.mmdb $update_url/bin/$geotype
+			[ "$?" = "1" ] && rm -rf $bindir/Country.mmdb && logger "数据库下载失败，已退出！" 31 && exit 1
 			Geo_v=$(date +"%Y%m%d")
 			setconfig Geo_v $Geo_v
 		fi
@@ -546,7 +636,12 @@ bfstart(){
 	if [ -f $clashdir/ui/index.html -a ! -f $bindir/ui/index.html ];then
 		cp -rf $clashdir/ui $bindir
 	fi
-	catpac #生成pac文件
+	#检查curl或wget支持
+	curl --version > /dev/null 2>&1
+	[ "$?" = 1 ] && wget --version > /dev/null 2>&1
+	[ "$?" = 1 ] && restore=true || restore=false
+	#生成pac文件
+	catpac
 	#检查yaml配置文件
 	if [ ! -f $clashdir/config.yaml ];then
 		if [ -n "$Url" -o -n "$Https" ];then
@@ -558,6 +653,20 @@ bfstart(){
 			exit 1
 		fi
 	fi
+	#本机代理准备
+	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
+		if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
+			userdel shellclash 2>/dev/null
+			useradd shellclash -u 7890
+			sed -Ei s/7890:7890/0:7890/g /etc/passwd
+		fi
+		if [ "$start_old" != "已开启" ];then
+			[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
+			[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
+			setconfig ExecStart "/bin/su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir
+			systemctl daemon-reload >/dev/null
+		fi
+	fi
 }
 afstart(){
 
@@ -566,16 +675,22 @@ afstart(){
 	$bindir/clash -t -d $bindir >/dev/null
 	if [ "$?" = 0 ];then
 		#设置iptables转发规则
+		[ "$dns_mod" = "redir_host" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route
 		[ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && start_dns
 		[ "$redir_mod" != "纯净模式" ] && [ "$redir_mod" != "Tun模式" ] && start_redir
 		[ "$redir_mod" = "Redir模式" ] && [ "$tproxy_mod" = "已开启" ] && start_udp
+		[ "$local_proxy" = "已开启" ] && [ "$local_type" = "iptables增强模式" ] && start_output
 		#标记启动时间
 		mark_time
 		#设置本机代理
 		[ "$local_proxy" = "已开启" ] && $0 set_proxy $mix_port $db_port
+		#加载定时任务
+		[ -f $clashdir/cron ] && croncmd $clashdir/cron
 		#启用面板配置自动保存
-		cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置"
-		[ -f $clashdir/web_save ] && web_restore & #后台还原面板配置
+		if [ "$restore" = false ];then
+			cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"\$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置"
+			[ -f $clashdir/web_save ] && web_restore & #后台还原面板配置
+		fi
 	else
 		logger "clash服务启动失败！请查看报错信息！" 31
 		$bindir/clash -t -d $bindir
@@ -586,7 +701,11 @@ afstart(){
 }
 start_old(){
 	#使用传统后台执行二进制文件的方式执行
-	$bindir/clash -d $bindir >/dev/null &
+	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
+		su shellclash -c "$bindir/clash -d $bindir >/dev/null" &
+	else
+		$bindir/clash -d $bindir >/dev/null &
+	fi
 	afstart
 	$0 daemon
 }
@@ -620,7 +739,7 @@ start)
 	;;
 stop)	
 		getconfig
-		[ -n "$(pidof clash)" ] && web_save #保存面板配置
+		[ -n "$(pidof clash)" ] && [ "$restore" = false ] && web_save #保存面板配置
 		#删除守护进程&面板配置自动保存
 		cronset "clash保守模式守护进程"
 		cronset "保存节点配置"
@@ -632,12 +751,19 @@ stop)
 		fi
 		PID=$(pidof clash) && [ -n "$PID" ] &&  kill -9 $PID >/dev/null 2>&1
 		stop_iptables #清理iptables
-		[ "$local_proxy" = "已开启" ] && $0 unset_proxy #禁用本机代理
+		$0 unset_proxy #禁用本机代理
         ;;
 restart)
         $0 stop
         $0 start
         ;;
+init)
+        [ -d "/etc/storage/clash" ] && clashdir=/etc/storage/clash && profile=/opt/etc/profile
+		[ -d "/jffs/clash" ] && clashdir=/jffs/clash && profile=/jffs/configs/profile.add
+		echo "alias clash=\"$clashdir/clash.sh\"" >> $profile 
+		echo "export clashdir=\"$clashdir\"" >> $profile 
+		$0 start
+        ;;
 getyaml)	
 		getconfig
 		getyaml
@@ -647,47 +773,63 @@ updateyaml)
 		$0 restart
 		;;
 webget)
-		webget $2 $3 $4 $5
+		#设置临时http代理 
+		[ -n "$(pidof clash)" ] && getconfig && export all_proxy="http://$authentication@127.0.0.1:$mix_port"
+		#参数【$2】代表下载目录，【$3】代表在线地址
+		#参数【$4】代表输出显示，【$4】不启用重定向
+		#参数【$6】代表验证证书，【$7】使用clash文件头
+		if curl --version > /dev/null 2>&1;then
+			[ "$4" = "echooff" ] && progress='-s' || progress='-#'
+			[ "$5" = "rediroff" ] && redirect='' || redirect='-L'
+			[ "$6" = "skipceroff" ] && certificate='' || certificate='-k'
+			#[ -n "$7" ] && agent='-A "clash"'
+			result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3")
+			[ "$?" != "0" ] && export all_proxy="" && result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3")
+		else
+			if wget --version > /dev/null 2>&1;then
+				[ "$4" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+				[ "$5" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+				[ "$6" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
+				timeout='--timeout=3 -t 2'
+				#[ -n "$7" ] && agent='--user-agent="clash"'
+			fi
+			[ "$4" = "echoon" ] && progress=''
+			[ "$4" = "echooff" ] && progress='-q'
+			wget -Y on $agent $progress $redirect $certificate $timeout -O "$2" "$3"
+			if [ "$?" != "0" ];then
+				wget -Y off $agent $progress $redirect $certificate $timeout -O "$2" "$3"
+				[ "$?" = "0" ] && result="200"
+			else
+				result="200"
+			fi
+		fi
+		[ "$result" = "200" ] && exit 0 || exit 1
 		;;
 web_save)
 		getconfig
 		web_save
 	;;
+web_restore)
+		getconfig
+		web_restore
+	;;
 daemon)
 		getconfig
-		cronset '#clash保守模式守护进程' "*/1 * * * * test -z \"$(pidof clash)\" && $clashdir/start.sh restart #clash保守模式守护进程"
+		cronset '#clash保守模式守护进程' "*/1 * * * * test -z \"\$(pidof clash)\" && $clashdir/start.sh restart #clash保守模式守护进程"
 	;;
 cronset)
 		cronset $2 $3
 	;;
 set_proxy)
 		getconfig
-		#GNOME配置
-		if  [ "$local_proxy_type" = "GNOME" ];then
-			gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac"
-			gsettings set org.gnome.system.proxy mode "auto"
-		#KDE配置
-		elif  [ "$local_proxy_type" = "KDE" ];then
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac"
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2
-		#环境变量方式
-		else
+		if  [ "$local_type" = "环境变量" ];then
 			[ -w ~/.bashrc ] && profile=~/.bashrc
 			[ -w /etc/profile ] && profile=/etc/profile
 			echo 'export all_proxy=http://127.0.0.1:'"$mix_port" >> $profile
 			echo 'export ALL_PROXY=$all_proxy' >>  $profile
 		fi
 	;;
-unset_proxy)
-		#GNOME配置
-		if  gsettings --version >/dev/null 2>&1 ;then
-			gsettings set org.gnome.system.proxy mode "none"
-		fi
-		#KDE配置
-		if  kwriteconfig5 -h >/dev/null 2>&1 ;then
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0
-		fi
-		#环境变量方式
+unset_proxy)	
 		[ -w ~/.bashrc ] && profile=~/.bashrc
 		[ -w /etc/profile ] && profile=/etc/profile
 		sed -i '/all_proxy/'d  $profile