v1.4.1-正式版

适配：
~适配Padavan系统及梅林固件（限384以上版本）
~适配移动ax18等低版本内核设备
功能：
~更新最新版本Geoip数据库文件
~增加CN-IP绕过内核功能
~增加对谷歌dns的强制代理配置（用于解决奈飞TV端问题）
~本机代理功能增加iptables增强模式
~增加开启公网访问Dashboard面板及混合代理端口功能
~增加支持本机Docker代理(需docker网卡设置为bridge模式)
~增加clash -u卸载命令
~增加了部分fake-ip-filter地址
优化：
~优化更新机制，修复出错bug
~优化安装脚本及安装说明
~大量菜单描述相关优化
BUG修复：
~修复部分设备1.4.0覆盖更新后无法开机启动的bug
~修复mesh设备开机启动后clash无法正常工作的bug
~修复小闪存模式设为Github源时无法正常开机启动的bug
~修复加密DNS无法正确配置的bug
~修复保存设置时部分bug
~自定义host功能bug修复
~导入配置相关bug修复
~修复crontab命令偶尔报错的问题
~版本及安装源描述优化，增加HTTP专属源（感谢酱紫表同学提供服务器！）

README.md

@@ -37,21 +37,33 @@ opkg update && opkg install curl
 ##### ~Use curl:<br>
 
 ```Shell
-#Release version - by github
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
-#Release version - by jsdelivrCDN
-sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
-#Test version - by github
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
+#By github
+export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+#By jsdelivrCDN
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
 ```
 
 ##### ~Use wget：<br>
 
 ```sh
-#Release version - by jsdelivrCDN
-wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+#By jsdelivrCDN
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
+~**Use a low version of wget (prompt not to support https) local installation**:<br> First clone the project to the local under the window (or [click to download the project source code zip package](https://github.com/juewuy/ShellClash/archive/refs/heads/master.zip) to the local and decompress it) 
+
+```sh
+sh git clone https://github.com/juewuy/ShellClash.git
+```
+
+ Then open /project address/ShellClash/bin/hfs/hfs.exe Click menu-add directory from disk-{find the directory where ShellClash source code is located}-add as real directory Click on the menu-IP address-{choose the actual IP address of your LAN} Click ShellClash-click to copy to clipboard Then use the following command to install in SSH 
+
+```sh
+sh export url='Paste the copied address here' && wget -q -O /tmp/install.sh $url/install.sh && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+ Later, when updating the version, you need to update the local version library and open the hfs service, and then update in the SSH menu, and then you can build a local server through hfs to realize the function of uploading and updating the yaml configuration file 
+
 ~**After installation by non-root users**, please execute the following additional commands to read environment variables:<br>
 
 ```shell
@@ -63,6 +75,7 @@ source ~/.bashrc &> /dev/null
 ```Shell
 clash #normal mode
 clash -h #help
+clash -u #uninstall
 clash -t #test mode
 ```
 
@@ -98,9 +111,11 @@ ubus/iproute-doc	minimal		The host address of the machine cannot be obtained nor
 
 ### [See blog for details](https://juewuy.github.io)
 
-## Donate this project
+## Donate：
 
-### [Go to page](https://juewuy.github.io/yOF4Yf06Q/)
+​		Alipay									WeChat
+
+##### <img src="http://juewuy.github.io/post-images/1604390977172.png" style="zoom:50%;" /><img src="http://juewuy.github.io/post-images/1604391042406.png" style="zoom:50%;" />
 
 ## Friendly promotion: 
 

README_CN.md

@@ -21,13 +21,13 @@
 ~通过管理脚本在Shell环境下便捷使用[Clash](https://github.com/Dreamacro/clash)<br>
 ~支持在Shell环境下管理[Clash各种功能](https://lancellc.gitbook.io/clash)<br>
 ~支持在线导入[Clash](https://github.com/Dreamacro/clash)支持的分享、订阅及配置链接<br>~支持配置定时任务，支持配置文件定时更新<br>~支持在线安装及使用本地网页面板管理内置规则<br>
-~支持路由模式、本机模式等多种模式切换<br>~支持GNOME、KDE桌面自动配置本机模式<br>~支持在线更新<br>
+~支持路由模式、本机模式等多种模式切换<br>~支持在线更新<br>
 
 设备支持：
 --
 
 ~支持各种基于OpenWrt或使用OpenWrt二次定制开发的路由器设备<br>
-~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件<br>~兼容各类使用Linux内核定制开发的各类型设备<br>
+~支持各种运行标准Linux系统（如Debian/CenOS/Armbian等）的设备<br>~兼容Padavan固件（保守模式）、潘多拉固件以及华硕/梅林固件<br>~兼容各类使用Linux内核定制开发的各类型设备<br>
 
 ——————————<br>
 ~更多设备支持，请提issue或前往TG群反馈（需提供设备名称及运行uname -a返回的设备核心信息）<br>
@@ -36,10 +36,10 @@
 --
 ~确认路由器设备已经开启SSH并获取root权限（带GUI桌面的Linux设备可使用自带终端安装）<br>
 ~使用SSH连接工具（如putty，JuiceSSH，系统自带终端等）路由器或Linux设备的SSH管理界面或终端界面，并切换到root用户<br>
-~确认设备已经安装curl或者wget下载工具。如未安装，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
+~确认设备已经安装curl或者wget下载工具。**如未安装**，LInux设备请[参考此处](https://www.howtoing.com/install-curl-in-linux)安装curl，基于OpenWrt（小米官方系统、潘多拉、高恪等）的设备请使用如下命令安装curl：<br>
 
 ```shell
-opkg update && opkg install curl
+opkg update && opkg install curl #如已安装请忽略
 ```
 
 ~之后在SSH界面执行如下安装命令，并按照后续提示完成安装<br>
@@ -47,19 +47,24 @@ opkg update && opkg install curl
 ~**使用curl安装**：<br>
 
 ```Shell
-#Release版本-github直连
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" && source /etc/profile &> /dev/null
-#Release版本-jsdelivrCDN源
-sh -c "$(curl -kfsSl https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh)" && source /etc/profile &> /dev/null
-#Test版本-github直连
-sh -c "$(curl -kfsSl --resolve raw.githubusercontent.com:443:199.232.68.133 https://raw.githubusercontent.com/juewuy/ShellClash/master/install.sh)" -s 1 && source /etc/profile &> /dev/null
+#github直连
+export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+#jsdelivrCDN源
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
 ```
 
 ~**使用wget安装**：<br>
 
 ```sh
 #Release版本-jsdelivrCDN源
-wget -q --no-check-certificate -O /tmp/install.sh https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+export url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+~**使用低版本wget（提示不支持https）安装**：<br>
+
+```sh
+#Test版本-酱紫表私人http源
+export url='http://sc.qust.me/' && wget -q -O /tmp/install.sh $url/install_n.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
 ~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>
@@ -73,6 +78,7 @@ source ~/.bashrc &> /dev/null
 ```Shell
 clash #正常模式运行
 clash -h #脚本帮助及说明
+clash -u #卸载脚本
 clash -t #测试模式运行
 ```
 
@@ -108,9 +114,11 @@ ubus/iproute-doc	极低		缺少时无法正常获取本机host地址
 
 ### [详见博客](https://juewuy.github.io)
 
-## 捐赠此项目：
+## 请喝杯茶：
 
-### [前往页面](https://juewuy.github.io/yOF4Yf06Q/)
+​		支付宝										微信
+
+##### <img src="http://juewuy.github.io/post-images/1604390977172.png" style="zoom:50%;" /><img src="http://juewuy.github.io/post-images/1604391042406.png" style="zoom:50%;" />
 
 友情推广：
 --

bin/ca-certificates.crt

@@ -1,7 +1,7 @@
 ##
 ## Bundle of CA Root Certificates
 ##
-## Certificate data from Mozilla as of: Tue Feb  9 22:06:19 2021 GMT
+## Certificate data from Mozilla as of: Sat Jun 12 22:07:57 2021 GMT
 ##
 ## This is a bundle of X.509 certificates of public Certificate Authorities
 ## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
 ## Just configure this file as the SSLCACertificateFile.
 ##
 ## Conversion done with mk-ca-bundle.pl version 1.28.
-## SHA256: 3bdc63d1de27058fec943a999a2a8a01fcc6806a611b19221a7727d3d9bbbdfd
+## SHA256: e292bd4e2d500c86df45b830d89417be5c42ee670408f1d2c454c63d8a782865
 ##
 
 
@@ -718,51 +718,6 @@ vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
 TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
 -----END CERTIFICATE-----
 
-GeoTrust Primary Certification Authority - G2
-=============================================
------BEGIN CERTIFICATE-----
-MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1
-OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
-MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl
-b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG
-BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc
-KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+
-EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m
-ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2
-npaqBA+K
------END CERTIFICATE-----
-
-VeriSign Universal Root Certification Authority
-===============================================
------BEGIN CERTIFICATE-----
-MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV
-UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
-cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj
-1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP
-MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72
-9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I
-AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR
-tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G
-CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
-a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
-DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3
-Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx
-Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx
-P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P
-wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
-mJO37M2CYfE45k+XmCpajQ==
------END CERTIFICATE-----
-
 NetLock Arany (Class Gold) Főtanúsítvány
 ========================================
 -----BEGIN CERTIFICATE-----
@@ -938,82 +893,6 @@ Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
 WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
 -----END CERTIFICATE-----
 
-Chambers of Commerce Root - 2008
-================================
------BEGIN CERTIFICATE-----
-MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD
-MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
-bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
-QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy
-Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl
-ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
-EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl
-cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA
-XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj
-h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/
-ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk
-NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g
-D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331
-lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
-0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
-ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2
-EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI
-G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ
-BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh
-bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh
-bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC
-CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
-AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1
-wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH
-3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU
-RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6
-M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1
-YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF
-9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
-zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG
-nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
-OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
------END CERTIFICATE-----
-
-Global Chambersign Root - 2008
-==============================
------BEGIN CERTIFICATE-----
-MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD
-MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
-bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
-QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx
-NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg
-Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
-QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
-aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf
-VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf
-XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0
-ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB
-/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA
-TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M
-H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe
-Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
-HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
-wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB
-AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT
-BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE
-BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
-aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
-aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp
-1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0
-dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG
-/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6
-ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s
-dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg
-9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH
-foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du
-qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
-P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq
-c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
-09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
------END CERTIFICATE-----
-
 Go Daddy Root Certificate Authority - G2
 ========================================
 -----BEGIN CERTIFICATE-----
@@ -1980,36 +1859,6 @@ uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
 yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
 -----END CERTIFICATE-----
 
-Staat der Nederlanden Root CA - G3
-==================================
------BEGIN CERTIFICATE-----
-MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
-CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
-Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC
-TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
-ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y
-olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t
-x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy
-EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K
-Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur
-mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5
-1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp
-07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo
-FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE
-41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB
-AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu
-yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD
-U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq
-KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1
-v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA
-8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b
-8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r
-mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq
-1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI
-JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV
-tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk=
------END CERTIFICATE-----
-
 Staat der Nederlanden EV Root CA
 ================================
 -----BEGIN CERTIFICATE-----
@@ -3226,3 +3075,64 @@ qqFJu3FS8r/2/yehNq+4tneI3TqkbZs0kNwUXTC/t+sX5Ie3cdCh13cV1ELX8vMxmV2b3RZtP+oG
 I/hGoiLtk/bdmuYqh7GYVPEi92tF4+KOdh2ajcQGjTa3FPOdVGm3jjzVpG2Tgbet9r1ke8LJaDmg
 kpzNNIaRkPpkUZ3+/uul9XXeifdy
 -----END CERTIFICATE-----
+
+AC RAIZ FNMT-RCM SERVIDORES SEGUROS
+===================================
+-----BEGIN CERTIFICATE-----
+MIICbjCCAfOgAwIBAgIQYvYybOXE42hcG2LdnC6dlTAKBggqhkjOPQQDAzB4MQswCQYDVQQGEwJF
+UzERMA8GA1UECgwIRk5NVC1SQ00xDjAMBgNVBAsMBUNlcmVzMRgwFgYDVQRhDA9WQVRFUy1RMjgy
+NjAwNEoxLDAqBgNVBAMMI0FDIFJBSVogRk5NVC1SQ00gU0VSVklET1JFUyBTRUdVUk9TMB4XDTE4
+MTIyMDA5MzczM1oXDTQzMTIyMDA5MzczM1oweDELMAkGA1UEBhMCRVMxETAPBgNVBAoMCEZOTVQt
+UkNNMQ4wDAYDVQQLDAVDZXJlczEYMBYGA1UEYQwPVkFURVMtUTI4MjYwMDRKMSwwKgYDVQQDDCNB
+QyBSQUlaIEZOTVQtUkNNIFNFUlZJRE9SRVMgU0VHVVJPUzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BPa6V1PIyqvfNkpSIeSX0oNnnvBlUdBeh8dHsVnyV0ebAAKTRBdp20LHsbI6GA60XYyzZl2hNPk2
+LEnb80b8s0RpRBNm/dfF/a82Tc4DTQdxz69qBdKiQ1oKUm8BA06Oi6NCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAG5L++/EYZg8k/QQW6rcx/n0m5JMAoGCCqG
+SM49BAMDA2kAMGYCMQCuSuMrQMN0EfKVrRYj3k4MGuZdpSRea0R7/DjiT8ucRRcRTBQnJlU5dUoD
+zBOQn5ICMQD6SmxgiHPz7riYYqnOK8LZiqZwMR2vsJRM60/G49HzYqc8/5MuB1xJAWdpEgJyv+c=
+-----END CERTIFICATE-----
+
+GlobalSign Root R46
+===================
+-----BEGIN CERTIFICATE-----
+MIIFWjCCA0KgAwIBAgISEdK7udcjGJ5AXwqdLdDfJWfRMA0GCSqGSIb3DQEBDAUAMEYxCzAJBgNV
+BAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJv
+b3QgUjQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAX
+BgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBSNDYwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsrHQy6LNl5brtQyYdpokNRbopiLKkHWPd08Es
+CVeJOaFV6Wc0dwxu5FUdUiXSE2te4R2pt32JMl8Nnp8semNgQB+msLZ4j5lUlghYruQGvGIFAha/
+r6gjA7aUD7xubMLL1aa7DOn2wQL7Id5m3RerdELv8HQvJfTqa1VbkNud316HCkD7rRlr+/fKYIje
+2sGP1q7Vf9Q8g+7XFkyDRTNrJ9CG0Bwta/OrffGFqfUo0q3v84RLHIf8E6M6cqJaESvWJ3En7YEt
+bWaBkoe0G1h6zD8K+kZPTXhc+CtI4wSEy132tGqzZfxCnlEmIyDLPRT5ge1lFgBPGmSXZgjPjHvj
+K8Cd+RTyG/FWaha/LIWFzXg4mutCagI0GIMXTpRW+LaCtfOW3T3zvn8gdz57GSNrLNRyc0NXfeD4
+12lPFzYE+cCQYDdF3uYM2HSNrpyibXRdQr4G9dlkbgIQrImwTDsHTUB+JMWKmIJ5jqSngiCNI/on
+ccnfxkF0oE32kRbcRoxfKWMxWXEM2G/CtjJ9++ZdU6Z+Ffy7dXxd7Pj2Fxzsx2sZy/N78CsHpdls
+eVR2bJ0cpm4O6XkMqCNqo98bMDGfsVR7/mrLZqrcZdCinkqaByFrgY/bxFn63iLABJzjqls2k+g9
+vXqhnQt2sQvHnf3PmKgGwvgqo6GDoLclcqUC4wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAYYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA1yrc4GHqMywptWU4jaWSf8FmSwwDQYJKoZIhvcNAQEM
+BQADggIBAHx47PYCLLtbfpIrXTncvtgdokIzTfnvpCo7RGkerNlFo048p9gkUbJUHJNOxO97k4Vg
+JuoJSOD1u8fpaNK7ajFxzHmuEajwmf3lH7wvqMxX63bEIaZHU1VNaL8FpO7XJqti2kM3S+LGteWy
+gxk6x9PbTZ4IevPuzz5i+6zoYMzRx6Fcg0XERczzF2sUyQQCPtIkpnnpHs6i58FZFZ8d4kuaPp92
+CC1r2LpXFNqD6v6MVenQTqnMdzGxRBF6XLE+0xRFFRhiJBPSy03OXIPBNvIQtQ6IbbjhVp+J3pZm
+OUdkLG5NrmJ7v2B0GbhWrJKsFjLtrWhV/pi60zTe9Mlhww6G9kuEYO4Ne7UyWHmRVSyBQ7N0H3qq
+JZ4d16GLuc1CLgSkZoNNiTW2bKg2SnkheCLQQrzRQDGQob4Ez8pn7fXwgNNgyYMqIgXQBztSvwye
+qiv5u+YfjyW6hY0XHgL+XVAEV8/+LbzvXMAaq7afJMbfc2hIkCwU9D9SGuTSyxTDYWnP4vkYxboz
+nxSjBF25cfe1lNj2M8FawTSLfJvdkzrnE6JwYZ+vj+vYxXX4M2bUdGc6N3ec592kD3ZDZopD8p/7
+DEJ4Y9HiD2971KE9dJeFt0g5QdYg/NA6s/rob8SKunE3vouXsXgxT7PntgMTzlSdriVZzH81Xwj3
+QEUxeCp6
+-----END CERTIFICATE-----
+
+GlobalSign Root E46
+===================
+-----BEGIN CERTIFICATE-----
+MIICCzCCAZGgAwIBAgISEdK7ujNu1LzmJGjFDYQdmOhDMAoGCCqGSM49BAMDMEYxCzAJBgNVBAYT
+AkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYDVQQDExNHbG9iYWxTaWduIFJvb3Qg
+RTQ2MB4XDTE5MDMyMDAwMDAwMFoXDTQ2MDMyMDAwMDAwMFowRjELMAkGA1UEBhMCQkUxGTAXBgNV
+BAoTEEdsb2JhbFNpZ24gbnYtc2ExHDAaBgNVBAMTE0dsb2JhbFNpZ24gUm9vdCBFNDYwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAScDrHPt+ieUnd1NPqlRqetMhkytAepJ8qUuwzSChDH2omwlwxwEwkB
+jtjqR+q+soArzfwoDdusvKSGN+1wCAB16pMLey5SnCNoIwZD7JIvU4Tb+0cUB+hflGddyXqBPCCj
+QjBAMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQxCpCPtsad0kRL
+gLWi5h+xEk8blTAKBggqhkjOPQQDAwNoADBlAjEA31SQ7Zvvi5QCkxeCmb6zniz2C5GMn0oUsfZk
+vLtoURMMA/cVi4RguYv/Uo7njLwcAjA8+RHUjE7AwWHCFUyqqx0LMV87HOIAl0Qx5v5zli/altP+
+CAezNIm8BZ/3Hobui3A=
+-----END CERTIFICATE-----

bin/release_version

@@ -1,8 +1,8 @@
+1.4.1
+1.3.0
 1.2.0
 1.1.0
-1.0.0beta18.2
 1.0.0beta17
-1.0.0beta15
 1.0.0beta11
 1.0.0beta5
 0.9.7

bin/version

@@ -1,4 +1,4 @@
 clash_v=1.6.0
 clashpre_v=2021.05.08
-GeoIP_v=20210514
-versionsh=1.3.0
+GeoIP_v=20210623
+versionsh=1.4.1

install.sh

@@ -2,7 +2,7 @@
 # Copyright (C) Juewuy
 
 echo='echo -e' && [ -n "$(echo -e|grep e)" ] && echo=echo
-[ -z "$1" ] && test=0 || test=$1
+#[ -z "$1" ] && test=0 || test=$1
 
 echo "***********************************************"
 echo "**                 欢迎使用                  **"
@@ -10,12 +10,14 @@ echo "**                ShellClash                 **"
 echo "**                             by  Juewuy    **"
 echo "***********************************************"
 
+[ -f "/etc/storage/started_script.sh" ] && systype=Padavan && initdir='/etc/storage/started_script.sh'
+[ -f "/jffs/.asusrouter" ] && systype=asusrouter && initdir='/jffs/.asusrouter'
 #检查root权限
-if [ "$USER" != "root" ];then
+if [ "$USER" != "root" -a -z "$systype" ];then
 	echo 当前用户:$USER
-	$echo "\033[31m请尽量使用root用户（但绝对不要使用sudo命令！）执行安装!\033[0m"
+	$echo "\033[31m请尽量使用root用户（不要直接使用sudo命令！）执行安装!\033[0m"
 	echo -----------------------------------------------
-	read -p "仍要安装？可能会产生大量未知错误！(1/0) > " res
+	read -p "仍要安装？可能会产生未知错误！(1/0) > " res
 	[ "$res" != "1" ] && exit
 fi
 webget(){
@@ -26,33 +28,46 @@ webget(){
 		[ -z "$4" ] && redirect='-L' || redirect=''
 		result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
 	else
-		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+		if wget --version > /dev/null 2>&1;then
+			[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+			[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+			certificate='--no-check-certificate'
+			timeout='--timeout=3'
+		fi
 		[ "$3" = "echoon" ] && progress=''
-		[ -z "$4" ] && redirect='' || redirect='--max-redirect=0'
-		wget -Y on $progress $redirect --no-check-certificate --timeout=5 -O $1 $2 
+		[ "$3" = "echooff" ] && progress='-q'
+		wget $progress $redirect $certificate $timeout -O $1 $2 
 		[ $? -eq 0 ] && result="200"
 	fi
 }
 #检查更新
-url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
-if [ "$test" -gt 0 ];then 
-	url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master"
-	[ "$test" -eq 2 ] && url="http://192.168.31.31:8080/ShellClash"
-	[ "$test" -eq 3 ] && url="http://192.168.123.90:8080/clash-for-Miwifi"
-else
-	webget /tmp/clashrelease $url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
-	[ "$result" = "200" ] && release_new=$(cat /tmp/clashrelease | head -1)
-	[ -z "$release_new" ] && release_new=master
-	url=$url@$release_new
+[ -z "$url" ] && url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
+#选择版本
+echo -----------------------------------------------
+$echo "\033[33m请选择想要安装的版本：\033[0m"	
+$echo " 1 \033[32mShellclash正式版\033[0m"
+$echo " 2 \033[31mShellclash测试版\033[0m"
+echo -----------------------------------------------
+read -p "请输入相应数字 > " num
+if [ -z $num ];then
+	echo 安装已取消
+	exit;
+elif [ "$num" = "1" ];then
+	webget /tmp/clashrelease $url/bin/release_version echoon rediroff 2>/tmp/clashrelease
+	if [ "$result" = "200" ];then
+		release_new=$(cat /tmp/clashrelease | head -1)
+		url2="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@$release_new"
+	else
+		echo "无法切换版本，尝试安装测试版！"
+	fi
 fi
-webget /tmp/clashversion $url/bin/version echooff
+[ -z "$url2" ] && url2=$url
+webget /tmp/clashversion "$url2/bin/version" echooff
 [ "$result" = "200" ] && versionsh=$(cat /tmp/clashversion | grep "versionsh" | awk -F "=" '{print $2}')
 [ -z "$release_new" ] && release_new=$versionsh
 rm -rf /tmp/clashversion
 rm -rf /tmp/clashrelease
-[ -z "$release_new" ] && echo "无法连接服务器！" && exit
-
-tarurl=$url/bin/clashfm.tar.gz
+tarurl=$url2/bin/clashfm.tar.gz
 
 gettar(){
 	webget /tmp/clashfm.tar.gz $tarurl
@@ -90,7 +105,12 @@ gettar(){
 	chmod  777 $clashdir/start.sh
 	sed -i '/versionsh_l=*/'d $clashdir/mark
 	echo versionsh_l=$release_new >> $clashdir/mark
-	#设置环境变量
+	#设置更新地址
+	sed -i '/update_url=*/'d $clashdir/mark
+	echo update_url=$url >> $clashdir/mark
+	#设置环境变量	
+	[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+	[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
 	[ -w ~/.bashrc ] && profile=~/.bashrc
 	[ -w /etc/profile ] && profile=/etc/profile
 	if [ -n "$profile" ];then
@@ -102,6 +122,8 @@ gettar(){
 		echo 无法写入环境变量！请检查安装权限！
 		exit 1
 	fi
+	#华硕/Padavan额外设置
+	[ -n "$systype" ] && sed -i '/ShellClash初始化/'d $initdir && echo "$clashdir/start.sh init #ShellClash初始化脚本" >> $initdir
 	#删除临时文件
 	rm -rf /tmp/clashfm.tar.gz 
 	rm -rf $clashdir/clashservice
@@ -115,50 +137,55 @@ echo -----------------------------------------------
 gettar
 echo -----------------------------------------------
 echo ShellClash 已经安装成功!
-[ "$USER" != "root" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
+[ "$profile" = "~/.bashrc" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
 echo -----------------------------------------------
 $echo "\033[33m输入\033[30;47m clash \033[0;33m命令即可管理！！！\033[0m"
 echo -----------------------------------------------
 }
-setdir(){		
-echo -----------------------------------------------
-$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
-$echo " 1 在\033[32m/etc目录\033[0m下安装(适合路由设备)"
-$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合大多数设备)"
-$echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
-$echo " 4 手动设置安装目录"
-$echo " 0 退出安装"
-echo -----------------------------------------------
-read -p "请输入相应数字 > " num
-#设置目录
-if [ -z $num ];then
-	echo 安装已取消
-	exit;
-elif [ "$num" = "1" ];then
-	dir=/etc
-elif [ "$num" = "2" ];then
-	dir=/usr/share
-elif [ "$num" = "3" ];then
-	dir=~/.local/share
-	mkdir -p ~/.config/systemd/user
-elif [ "$num" = "4" ];then
-	echo -----------------------------------------------
-	echo '可用路径 剩余空间:'
-	df -h | awk '{print $6,$4}'| sed 1d 
-	echo '路径是必须带 / 的格式，写入虚拟内存(/tmp,/sys,..)的文件会在重启后消失！！！'
-	read -p "请输入自定义路径 > " dir
-	if [ -z "$dir" ];then
-		$echo "\033[31m路径错误！请重新设置！\033[0m"
-		setdir
-	fi
+setdir(){
+if [ -n "$systype" ];then
+	[ "$systype" = "Padavan" ] && dir=/etc/storage
+	[ "$systype" = "asusrouter" ] && dir=/jffs
 else
-	echo 安装已取消！！！
-	exit;
+	echo -----------------------------------------------
+	$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
+	$echo " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
+	$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合Linux设备)"
+	$echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
+	$echo " 4 手动设置安装目录"
+	$echo " 0 退出安装"
+	echo -----------------------------------------------
+	read -p "请输入相应数字 > " num
+	#设置目录
+	if [ -z $num ];then
+		echo 安装已取消
+		exit;
+	elif [ "$num" = "1" ];then
+		dir=/etc
+	elif [ "$num" = "2" ];then
+		dir=/usr/share
+	elif [ "$num" = "3" ];then
+		dir=~/.local/share
+		mkdir -p ~/.config/systemd/user
+	elif [ "$num" = "4" ];then
+		echo -----------------------------------------------
+		echo '可用路径 剩余空间:'
+		df -h | awk '{print $6,$4}'| sed 1d 
+		echo '路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！'
+		read -p "请输入自定义路径 > " dir
+		if [ -z "$dir" ];then
+			$echo "\033[31m路径错误！请重新设置！\033[0m"
+			setdir
+		fi
+	else
+		echo 安装已取消！！！
+		exit;
+	fi
 fi
 if [ ! -w $dir ];then
 	$echo "\033[31m没有$dir目录写入权限！请重新设置！\033[0m" && sleep 1 && setdir
 else
-	echo 目标目录磁盘剩余：$(df -h $dir | awk '{print $4}' | sed 1d )
+	$echo "目标目录\033[32m$dir\033[0m空间剩余：$(df -h $dir | awk '{print $4}' | sed 1d )"
 	read -p "确认安装？(1/0) > " res
 	[ "$res" = "1" ] && clashdir=$dir/clash || setdir
 fi

install_n.sh

@@ -0,0 +1,225 @@
+#! /bin/bash
+# Copyright (C) Juewuy
+
+echo='echo -e' && [ -n "$(echo -e|grep e)" ] && echo=echo
+#[ -z "$1" ] && test=0 || test=$1
+
+echo "***********************************************"
+echo "**                 欢迎使用                  **"
+echo "**                ShellClash                 **"
+echo "**                             by  Juewuy    **"
+echo "***********************************************"
+
+[ -f "/etc/storage/started_script.sh" ] && systype=Padavan && initdir='/etc/storage/started_script.sh'
+[ -f "/jffs/.asusrouter" ] && systype=asusrouter && initdir='/jffs/.asusrouter'
+#检查root权限
+if [ "$USER" != "root" -a -z "$systype" ];then
+	echo 当前用户:$USER
+	$echo "\033[31m请尽量使用root用户（不要直接使用sudo命令！）执行安装!\033[0m"
+	echo -----------------------------------------------
+	read -p "仍要安装？可能会产生未知错误！(1/0) > " res
+	[ "$res" != "1" ] && exit
+fi
+webget(){
+	#参数【$1】代表下载目录，【$2】代表在线地址
+	#参数【$3】代表输出显示，【$4】不启用重定向
+	if curl --version > /dev/null 2>&1;then
+		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
+		[ -z "$4" ] && redirect='-L' || redirect=''
+		result=$(curl -w %{http_code} --connect-timeout 5 $progress $redirect -ko $1 $2)
+	else
+		if wget --version > /dev/null 2>&1;then
+			[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+			[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+			certificate='--no-check-certificate'
+			timeout='--timeout=3'
+		fi
+		[ "$3" = "echoon" ] && progress=''
+		[ "$3" = "echooff" ] && progress='-q'
+		wget $progress $redirect $certificate $timeout -O $1 $2 
+		[ $? -eq 0 ] && result="200"
+	fi
+}
+#检查更新
+[ -z "$url" ] && url="https://cdn.jsdelivr.net/gh/juewuy/ShellClash"
+#选择版本
+echo -----------------------------------------------
+$echo "\033[33m请选择想要安装的版本：\033[0m"	
+$echo " 1 \033[32mShellclash正式版\033[0m"
+$echo " 2 \033[31mShellclash测试版\033[0m"
+echo -----------------------------------------------
+read -p "请输入相应数字 > " num
+if [ -z $num ];then
+	echo 安装已取消
+	exit;
+elif [ "$num" = "1" ];then
+	webget /tmp/clashrelease $url/bin/release_version echoon rediroff 2>/tmp/clashrelease
+	if [ "$result" = "200" ];then
+		release_new=$(cat /tmp/clashrelease | head -1)
+		url2="https://cdn.jsdelivr.net/gh/juewuy/ShellClash@$release_new"
+	else
+		echo "无法切换版本，尝试安装测试版！"
+	fi
+fi
+[ -z "$url2" ] && url2=$url
+webget /tmp/clashversion "$url2/bin/version" echooff
+[ "$result" = "200" ] && versionsh=$(cat /tmp/clashversion | grep "versionsh" | awk -F "=" '{print $2}')
+[ -z "$release_new" ] && release_new=$versionsh
+rm -rf /tmp/clashversion
+rm -rf /tmp/clashrelease
+tarurl=$url2/bin/clashfm.tar.gz
+
+gettar(){
+	webget /tmp/clashfm.tar.gz $tarurl
+	[ "$result" != "200" ] && echo "文件下载失败！" && exit 1
+	#解压
+	echo -----------------------------------------------
+	echo 开始解压文件！
+	mkdir -p $clashdir > /dev/null
+	tar -zxvf '/tmp/clashfm.tar.gz' -C $clashdir/
+	[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
+	#初始化文件目录
+	[ -f "$clashdir/mark" ] || echo '#标识clash运行状态的文件，不明勿动！' > $clashdir/mark
+	#判断系统类型写入不同的启动文件
+	if [ -f /etc/rc.common ];then
+			#设为init.d方式启动
+			mv $clashdir/clashservice /etc/init.d/clash
+			chmod  777 /etc/init.d/clash
+	else
+		[ -w /etc/systemd/system ] && sysdir=/etc/systemd/system
+		[ -w /usr/lib/systemd/system ] && sysdir=/usr/lib/systemd/system
+		if [ -n "$sysdir" ];then
+			#设为systemd方式启动
+			mv $clashdir/clash.service $sysdir/clash.service
+			sed -i "s%/etc/clash%$clashdir%g" $sysdir/clash.service
+			systemctl daemon-reload
+		else
+			#设为保守模式启动
+			sed -i '/start_old=*/'d $clashdir/mark
+			echo start_old=已开启 >> $clashdir/mark
+		fi
+	fi
+	#修饰文件及版本号
+	shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash 
+	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
+	chmod  777 $clashdir/start.sh
+	sed -i '/versionsh_l=*/'d $clashdir/mark
+	echo versionsh_l=$release_new >> $clashdir/mark
+	#设置更新地址
+	sed -i '/update_url=*/'d $clashdir/mark
+	echo update_url=$url >> $clashdir/mark
+	#设置环境变量	
+	[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+	[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
+	[ -w ~/.bashrc ] && profile=~/.bashrc
+	[ -w /etc/profile ] && profile=/etc/profile
+	if [ -n "$profile" ];then
+		sed -i '/alias clash=*/'d $profile
+		echo "alias clash=\"$shtype $clashdir/clash.sh\"" >> $profile #设置快捷命令环境变量
+		sed -i '/export clashdir=*/'d $profile
+		echo "export clashdir=\"$clashdir\"" >> $profile #设置clash路径环境变量
+	else
+		echo 无法写入环境变量！请检查安装权限！
+		exit 1
+	fi
+	#华硕/Padavan额外设置
+	[ -n "$systype" ] && sed -i '/ShellClash初始化/'d $initdir && echo "$clashdir/start.sh init #ShellClash初始化脚本" >> $initdir
+	#删除临时文件
+	rm -rf /tmp/clashfm.tar.gz 
+	rm -rf $clashdir/clashservice
+	rm -rf $clashdir/clash.service
+}
+#下载及安装
+install(){
+echo -----------------------------------------------
+echo 开始从服务器获取安装文件！
+echo -----------------------------------------------
+gettar
+echo -----------------------------------------------
+echo ShellClash 已经安装成功!
+[ "$profile" = "~/.bashrc" ] && echo "请执行【source ~/.bashrc &> /dev/null】命令以加载环境变量！"
+echo -----------------------------------------------
+$echo "\033[33m输入\033[30;47m clash \033[0;33m命令即可管理！！！\033[0m"
+echo -----------------------------------------------
+}
+setdir(){
+if [ -n "$systype" ];then
+	[ "$systype" = "Padavan" ] && dir=/etc/storage
+	[ "$systype" = "asusrouter" ] && dir=/jffs
+else
+	echo -----------------------------------------------
+	$echo "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
+	$echo " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
+	$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合Linux设备)"
+	$echo " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
+	$echo " 4 手动设置安装目录"
+	$echo " 0 退出安装"
+	echo -----------------------------------------------
+	read -p "请输入相应数字 > " num
+	#设置目录
+	if [ -z $num ];then
+		echo 安装已取消
+		exit;
+	elif [ "$num" = "1" ];then
+		dir=/etc
+	elif [ "$num" = "2" ];then
+		dir=/usr/share
+	elif [ "$num" = "3" ];then
+		dir=~/.local/share
+		mkdir -p ~/.config/systemd/user
+	elif [ "$num" = "4" ];then
+		echo -----------------------------------------------
+		echo '可用路径 剩余空间:'
+		df -h | awk '{print $6,$4}'| sed 1d 
+		echo '路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！'
+		read -p "请输入自定义路径 > " dir
+		if [ -z "$dir" ];then
+			$echo "\033[31m路径错误！请重新设置！\033[0m"
+			setdir
+		fi
+	else
+		echo 安装已取消！！！
+		exit;
+	fi
+fi
+if [ ! -w $dir ];then
+	$echo "\033[31m没有$dir目录写入权限！请重新设置！\033[0m" && sleep 1 && setdir
+else
+	$echo "目标目录\033[32m$dir\033[0m空间剩余：$(df -h $dir | awk '{print $4}' | sed 1d )"
+	read -p "确认安装？(1/0) > " res
+	[ "$res" = "1" ] && clashdir=$dir/clash || setdir
+fi
+}
+
+#输出
+$echo "最新版本：\033[32m$release_new\033[0m"
+echo -----------------------------------------------
+$echo "\033[44m如遇问题请加TG群反馈：\033[42;30m t.me/clashfm \033[0m"
+$echo "\033[37m支持各种基于openwrt的路由器设备"
+$echo "\033[33m支持Debian、Centos等标准Linux系统\033[0m"
+
+if [ -n "$clashdir" ];then
+	echo -----------------------------------------------
+	$echo "检测到旧的安装目录\033[36m$clashdir\033[0m，是否覆盖安装？"
+	$echo "\033[32m覆盖安装时不会移除配置文件！\033[0m"
+	read -p "覆盖安装/卸载旧版本？(1/0) > " res
+	if [ "$res" = "1" ];then
+		install
+	elif [ "$res" = "0" ];then
+		rm -rf $clashdir
+		echo -----------------------------------------------
+		$echo "\033[31m 旧版本文件已卸载！\033[0m"
+		setdir
+		install
+	elif [ "$res" = "9" ];then
+		echo 测试模式，变更安装位置
+		setdir
+		install
+	else
+		$echo "\033[31m输入错误！已取消安装！\033[0m"
+		exit;
+	fi
+else
+	setdir
+	install
+fi

scripts/clash.sh

@@ -93,7 +93,7 @@ getconfig(){
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
 	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
-	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=\(.*\)#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
+	[ -n "$(grep -E "^${1}=" $configpath)" ] && sed -i "s#^${1}=\(.*\)#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 #启动相关
 errornum(){
@@ -245,7 +245,7 @@ setport(){
 			setconfig host $host
 			echo -e "\033[32m已经移除自定义host地址，请重新运行脚本以自动获取host！！！\033[0m"
 			exit 0
-		elif [ -n "$(echo $host | grep -Po '(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|[1-9])(\.(1\d{2}|2[0-4]\d|25[0-5]|[1-9]\d|\d)){3}')" ]; then
+		elif [ -n "$(echo $host |grep -E -o '\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[01][0-9]|22[0-3])\>(\.\<([0-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>){2}\.\<([1-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-4])\>' )" ]; then
 			setconfig host $host
 			echo -e "\033[32m设置成功！！！\033[0m"
 		else
@@ -306,12 +306,16 @@ setdns(){
 		echo -e "\033[33m已禁用内置DNS！！！\033[0m"
 		setdns
 	elif [ "$num" = 5 ]; then
-		source $clashdir/getdate.sh
-		webget /tmp/ssl_test https://baidu.com echooff rediron skipceroff
-		if [ "$result" != "200" ];then
+		$clashdir/start.sh webget /tmp/ssl_test https://www.baidu.com echooff rediron skipceroff
+		if [ "$？" = "1" ];then
 			echo -----------------------------------------------
-			echo -e "\033[31m当前设备缺少本地根证书，请先安装证书！\033[0m"
-			setcrt
+			if openssl version >/dev/null 2>&1;then
+				echo -e "\033[31m当前设备缺少本地根证书，请先安装证书！\033[0m"
+				source $clashdir/getdate.sh
+				setcrt
+			else
+				echo -e "\033[31m当前设备未安装OpenSSL，无法启用加密DNS，Linux系统请自行搜索安装方式！\033[0m"
+			fi
 		else
 			dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
 			dns_fallback='tls://1.0.0.1:853, tls://8.8.4.4:853, https://doh.opendns.com/dns-query'
@@ -414,10 +418,17 @@ macfilter(){
 	[ -z "$dhcpdir" ] && [ -f /tmp/dnsmasq.leases ] && dhcpdir='/tmp/dnsmasq.leases'
 	[ -z "$dhcpdir" ] && dhcpdir='/dev/null'
 	[ -z "$macfilter_type" ] && macfilter_type='黑名单' 
-	[ "$macfilter_type" = "黑名单" ] && macfilter_over='白名单' || macfilter_over='黑名单'
+	if [ "$macfilter_type" = "黑名单" ];then
+		macfilter_over='白名单'
+		macfilter_scrip='不'
+	else
+		macfilter_over='黑名单'
+		macfilter_scrip=''
+	fi
 	######
 	echo -e "\033[30;47m请在此添加或移除设备\033[0m"
 	echo -e "当前过滤方式为：\033[33m$macfilter_type模式\033[0m"
+	echo -e "仅列表内设备\033[36m$macfilter_scrip经过\033[0mClash内核"
 	if [ -n "$(cat $clashdir/mac)" ]; then
 		echo -----------------------------------------------
 		echo -e "当前已过滤设备为：\033[36m"
@@ -444,7 +455,7 @@ macfilter(){
 		macfilter_type=$macfilter_over
 		setconfig macfilter_type $macfilter_type
 		echo -----------------------------------------------
-		echo -e "\033[31m已切换为$macfilter_type模式！\033[0m"
+		echo -e "\033[32m已切换为$macfilter_type模式！\033[0m"
 		macfilter
 	elif [ "$num" = 2 ]; then	
 		add_mac
@@ -464,15 +475,14 @@ macfilter(){
 }
 localproxy(){
 	[ -z "$local_proxy" ] && local_proxy='未开启'
-	[ -z "$local_proxy_type" ] && local_proxy_type='环境变量'
+	[ -z "$local_type" ] && local_type='环境变量'
 	[ "$local_proxy" = "已开启" ] && proxy_set='禁用' || proxy_set='启用'
 	echo -----------------------------------------------
-	echo -e "\033[33m当前本机代理配置方式为：\033[32m$local_proxy_type\033[0m"
+	echo -e "\033[33m当前本机代理配置方式为：\033[32m$local_type\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
 	echo -e " 2 使用\033[32m环境变量\033[0m方式配置"
-	echo -e " 3 使用\033[32mGNOME桌面API\033[0m配置"
-	echo -e " 4 使用\033[32mKDE桌面API\033[0m配置"
+	echo -e " 3 使用\033[32miptables增强模式\033[0m配置（仅支持Linux系统）"
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -490,36 +500,29 @@ localproxy(){
 				localproxy
 			else
 				local_proxy=已开启
-				$clashdir/start.sh set_proxy $mix_port $db_port
-				echo -e "\033[32m已经成功使用$local_proxy_type方式配置本机代理~\033[0m"
-				[ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+				setconfig local_proxy $local_proxy
+				echo -e "\033[32m已经成功使用$local_type方式配置本机代理~\033[0m"
+				[ "$local_type" = "环境变量" ] && $clashdir/start.sh set_proxy $mix_port $db_port &&echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+				[ "$local_type" = "iptables增强模式" ] && $clashdir/start.sh start
 			fi		
 		else
 			local_proxy=未开启
-			$clashdir/start.sh unset_proxy
-			echo -e "\033[33m已经停用本机代理规则！！\033[0m"
-			[ "$local_proxy_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+			setconfig local_proxy $local_proxy
+			$clashdir/start.sh stop
+			echo -e "\033[33m已经停用本机代理规则并停止clash服务！！\033[0m"
+			[ "$local_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
 		fi
-		setconfig local_proxy $local_proxy
+
 	elif [ "$num" = 2 ]; then
-		local_proxy_type="环境变量"
-		setconfig local_proxy_type $local_proxy_type
+		local_type="环境变量"
+		setconfig local_type $local_type
 		localproxy
 	elif [ "$num" = 3 ]; then
-		if  gsettings --version >/dev/null 2>&1 ;then
-			local_proxy_type="GNOME"
-			setconfig local_proxy_type $local_proxy_type
+		if [ -w /etc/systemd/system/clash.service -o -w /usr/lib/systemd/system/clash.service -o -x /bin/su ];then
+			local_type="iptables增强模式"
+			setconfig local_type $local_type
 		else
-			echo -e "\033[31m没有找到GNOME桌面，无法设置！\033[0m"
-			sleep 1
-		fi
-		localproxy
-	elif [ "$num" = 4 ]; then
-		if  kwriteconfig5 -h >/dev/null 2>&1 ;then
-			local_proxy_type="KDE"
-			setconfig local_proxy_type $local_proxy_type
-		else
-			echo -e "\033[31m没有找到KDE桌面，无法设置！\033[0m"
+			echo -e "\033[31m当前设备无法使用增强模式！\033[0m"
 			sleep 1
 		fi
 		localproxy
@@ -650,6 +653,7 @@ clashcfg(){
 	[ -z "$common_ports" ] && common_ports=已开启
 	[ -z "$dns_mod" ] && dns_mod=redir_host
 	[ -z "$dns_over" ] && dns_over=已开启
+	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
 	[ -z "$(cat $clashdir/mac)" ] && mac_return=未开启 || mac_return=已启用
 	#
 	echo -----------------------------------------------
@@ -659,8 +663,9 @@ clashcfg(){
 	echo -e " 2 切换DNS运行模式：	\033[36m$dns_mod\033[0m"
 	echo -e " 3 跳过本地证书验证：	\033[36m$skip_cert\033[0m   ————解决节点证书验证错误"
 	echo -e " 4 只代理常用端口： 	\033[36m$common_ports\033[0m   ————用于过滤P2P流量"
-	echo -e " 5 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑名单/白名单进行过滤"
-	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m	————使用环境变量或GUI/api配置本机代理"
+	echo -e " 5 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑/白名单进行过滤"
+	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m   ————使本机流量经过clash内核"
+	echo -e " 7 CN_IP绕过内核:	\033[36m$cn_ip_route\033[0m   ————优化性能，不兼容Fake-ip"
 	echo -----------------------------------------------
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
@@ -672,8 +677,8 @@ clashcfg(){
 	elif [ "$num" = 1 ]; then
 		if [ "$USER" != "root" -a "$USER" != "admin" ];then
 			echo -----------------------------------------------
-			echo -e "\033[33m非root用户无法启用静态路由，仅可以使用纯净模式！\033[0m"
-			sleep 1
+			read -p "非root用户可能无法正确配置其他模式！依然尝试吗？(1/0) > " res
+			[ "$res" = 1 ] && set_redir_mod
 		else
 			set_redir_mod
 		fi
@@ -716,6 +721,28 @@ clashcfg(){
 		sleep 1
 		clashcfg
 		
+	elif [ "$num" = 7 ]; then
+		echo -----------------------------------------------
+		if ! ipset -v >/dev/null 2>&1;then
+			echo -e "\033[31m当前设备缺少ipset模块，无法启用绕过功能！！\033[0m"
+			sleep 1
+		elif [ "$dns_mod" = "fake-ip" ];then
+			echo -e "\033[31m不支持fake-ip模式，请将DNS模式更换为Redir-host！！\033[0m"
+			sleep 1
+			clashcfg
+		else
+			if [ "$cn_ip_route" = "未开启" ]; then 
+				echo -e "\033[32m已开启CN_IP绕过内核功能！！\033[0m"
+				cn_ip_route=已开启
+				sleep 1
+			else
+				echo -e "\033[33m已禁用CN_IP绕过内核功能！！\033[0m"
+				cn_ip_route=未开启
+			fi
+			setconfig cn_ip_route $cn_ip_route
+		fi
+			clashcfg  	
+		
 	elif [ "$num" = 9 ]; then	
 		clashstart
 	else
@@ -728,8 +755,8 @@ clashadv(){
 	[ -z "$ipv6_support" ] && ipv6_support=未开启
 	[ -z "$start_old" ] && start_old=未开启
 	[ -z "$tproxy_mod" ] && tproxy_mod=未开启
+	[ -z "$public_support" ] && public_support=未开启
 	[ "$bindir" = "/tmp/clash_$USER" ] && mini_clash=已开启 || mini_clash=未开启
-	[ -n "$(cat /etc/crontabs/root | grep otapredownload)" ] && mi_update=禁用 || mi_update=启用
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用进阶模式菜单：\033[0m"
@@ -739,10 +766,10 @@ clashadv(){
 	echo -e " 2 启用ipv6支持:	\033[36m$ipv6_support\033[0m	————实验性功能，可能不稳定"
 	echo -e " 3 Redir模式udp转发:	\033[36m$tproxy_mod\033[0m	————依赖iptables-mod-tproxy"
 	echo -e " 4 启用小闪存模式:	\033[36m$mini_clash\033[0m	————不保存核心及数据库文件"
-	echo -e " 5 配置内置DNS服务	\033[36m$dns_no\033[0m"
-	echo -e " 6 手动指定相关端口、秘钥及本机host"
+	echo -e " 5 允许公网访问:	\033[36m$public_support\033[0m	————需要路由拨号+公网IP"
+	echo -e " 6 配置内置DNS服务	\033[36m$dns_no\033[0m"
 	echo -e " 7 使用自定义配置"
-	[ -x /usr/sbin/otapredownload ] && echo -e " 8 \033[33m$mi_update\033[0m小米系统自动更新"
+	echo -e " 8 手动指定相关端口、秘钥及本机host"
 	echo -----------------------------------------------
 	echo -e " 9 \033[31m重置\033[0m配置文件"
 	echo -e " 0 返回上级菜单 \033[0m"
@@ -836,6 +863,22 @@ clashadv(){
 		clashadv
 		
 	elif [ "$num" = 5 ]; then
+		if [ "$public_support" = "未开启" ]; then 
+			echo -e "\033[32m已开启公网访问Dashboard端口及Http/Sock5代理端口！！\033[0m"
+			echo -e "\033[33m安全起见建议设置相关访问密码！！\033[0m"
+			public_support=已开启
+			setconfig public_support $public_support
+			sleep 1
+		else
+			echo -e "\033[32m已禁止公网访问Dashboard端口及Http/Sock5代理端口！！\033[0m"
+			echo -e "\033[33m如果你的防火墙默认放行公网流量，可能禁用失败！\033[0m"
+			public_support=未开启
+			setconfig public_support $public_support
+			sleep 1
+		fi
+			clashadv
+		
+	elif [ "$num" = 6 ]; then
 		source $ccfg
 		if [ "$dns_no" = "已禁用" ];then
 			read -p "检测到内置DNS已被禁用，是否启用内置DNS？(1/0) > " res
@@ -848,7 +891,7 @@ clashadv(){
 		fi
 		clashadv	
 		
-	elif [ "$num" = 6 ]; then
+	elif [ "$num" = 8 ]; then
 		source $ccfg
 		if [ -n "$(pidof clash)" ];then
 			echo -----------------------------------------------
@@ -873,7 +916,7 @@ clashadv(){
 EOF
 		[ ! -f $clashdir/rules.yaml ] && cat > $clashdir/rules.yaml <<EOF
 #用于编写自定义规则(此处规则将优先生效)，(可参考https://lancellc.gitbook.io/clash/clash-config-file/rules)：
-#例如“🚀 节点选择”、“🎯 全球直连”这样的自定义规则组必须与config.yaml中的代理规则组相匹配，否则将无法运行！
+#例如“🚀 节点选择”、“🎯 全球直连”这样的自定义规则组必须与config.yaml中的代理规则组相匹配，否则将无法运行
 # - DOMAIN-SUFFIX,google.com,🚀 节点选择
 # - DOMAIN-KEYWORD,baidu,🎯 全球直连
 # - DOMAIN,ad.com,REJECT
@@ -884,20 +927,12 @@ EOF
 # - SRC-PORT,7777,DIRECT
 EOF
 		echo -e "\033[32m已经启用自定义配置功能！\033[0m"
-		echo -e "Shell下(部分旧设备可能不显示中文)可\n使用【\033[36mvi $clashdir/user.yaml\033[0m】编辑自定义设定文件;\n使用【\033[36mvi $clashdir/rules.yaml\033[0m】编辑自定义规则文件。"
 		echo -e "Windows下请\n使用\033[33mwinscp软件\033[0m进入$clashdir目录后手动编辑！\033[0m"
-		echo -e "其他设备请\n使用\033[32mscp命令\033[0m下载文件编辑后上传到$clashdir目录！\033[0m"
+		echo -e "Shell下(\033[31m部分旧设备可能不显示中文\033[0m)可\n使用【\033[36mvi $clashdir/user.yaml\033[0m】编辑自定义设定文件;\n使用【\033[36mvi $clashdir/rules.yaml\033[0m】编辑自定义规则文件。"
 		echo -e "如需自定义节点，可以在config.yaml文件中修改或者直接替换config.yaml文件！\033[0m"
 		sleep 3
 		clashadv
 		
-	elif [ -x /usr/sbin/otapredownload ] && [ "$num" = 8 ]; then	
-		[ "$mi_update" = "禁用" ] && sed -i "/otapredownload/d" /etc/crontabs/root || echo "15 3,4,5 * * * /usr/sbin/otapredownload >/dev/null 2>&1" >> /etc/crontabs/root	
-		echo -----------------------------------------------
-		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动启动，如未生效，请在官方APP中同步设置！"
-		sleep 1
-		clashadv
-		
 	elif [ "$num" = 9 ]; then	
 		read -p "确认重置配置文件？(1/0) > " res
 		if [ "$res" = "1" ];then
@@ -926,7 +961,7 @@ tools(){
 		echo -----------------------------------------------
 		echo -e " 0 返回上级菜单 \033[0m"
 		echo -----------------------------------------------
-		read -p "请输入对应数字 > " num	
+		read -p "请输入对应数字 > " num
 			if [ -z "$num" ]; then
 				errornum
 			elif [ "$num" = 0 ]; then
@@ -980,6 +1015,7 @@ tools(){
 	[ -f "/etc/firewall.user" ] && echo -e " 2 \033[32m配置\033[0m外网访问SSH"
 	#echo -e " 3 配置DDNS服务:	\033[36m$ipv6_support\033[0m	————待施工"
 	[ -x /usr/sbin/otapredownload ] && echo -e " 3 \033[33m$mi_update\033[0m小米系统自动更新"
+	#[ -w "/etc/config/firewall" ] && echo -e " 4 \033[32修复\033[0mRedir_host模式Netflix访问"
 	echo -----------------------------------------------
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
@@ -1003,13 +1039,33 @@ tools(){
 		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动启动，如未生效，请在官方APP中同步设置！"
 		sleep 1
 		tools
-
+		
+	elif [ "$num" = 4 ]; then
+		sed -i "s/drop_invalid\ \'1\'/drop_invalid\ \'0\'/g" /etc/config/firewall
+		echo -----------------------------------------------
+		read -P "已修复，是否立即重启设备使其生效？(1/0) > " res
+		[ "$res" = 1 ] && reboot
+		sleep 1
+		tools
+		
 	else
 		errornum
 	fi
 }
 clashcron(){
-
+	croncmd(){
+		if [ -n "$(crontab -h 2>&1 | grep '\-l')" ];then
+			crontab $1
+		else
+			crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
+			[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
+			[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
+			[ ! -w "$crondir" ] && crondir="/var/spool/cron"
+			[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请前往 https://t.me/clashfm 申请适配！"
+			[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
+			[ -f "$1" ] && cat $1 > $crondir/$USER
+		fi
+	}
 	setcron(){
 		setcrontab(){
 			#设置具体时间
@@ -1038,11 +1094,14 @@ clashcron(){
 						read -p  "是否确认添加定时任务？(1/0) > " res
 						if [ "$res" = '1' ]; then
 							cronwords="$min $hour * * $week $cronset >/dev/null 2>&1 #$week1的$hour点$min分$cronname"
-							crontab -l > /tmp/conf
-							sed -i "/$cronname/d" /tmp/conf
-							sed -i '/^$/d' /tmp/conf
-							echo "$cronwords" >> /tmp/conf && crontab /tmp/conf
-							rm -f /tmp/conf
+							tmpcron=/tmp/cron_$USER
+							croncmd -l > $tmpcron
+							sed -i "/$cronname/d" $tmpcron
+							sed -i '/^$/d' $tmpcron
+							echo "$cronwords" >> $tmpcron
+							croncmd $tmpcron
+							#华硕/Padavan固件存档在本地,其他则删除
+							[ "$clashdir" = "/jffs/clash" -o "$clashdir" = "/etc/storage/clash" ] && mv -f $tmpcron $clashdir/cron || rm -f $tmpcron
 							echo -----------------------------------------------
 							echo -e "\033[31m定时任务已添加！！！\033[0m"
 						fi
@@ -1065,7 +1124,8 @@ clashcron(){
 		elif [ "$num" = 0 ]; then
 			i=
 		elif [ "$num" = 9 ]; then
-			crontab -l > /tmp/conf && sed -i "/$cronname/d" /tmp/conf && crontab /tmp/conf
+			croncmd -l > /tmp/conf && sed -i "/$cronname/d" /tmp/conf && croncmd /tmp/conf
+			sed -i "/$cronname/d" $clashdir/cron 2>/dev/null
 			rm -f /tmp/conf
 			echo -----------------------------------------------
 			echo -e "\033[31m定时任务：$cronname已删除！\033[0m"
@@ -1087,7 +1147,7 @@ clashcron(){
 	echo -e "\033[44m 实验性功能，遇问题请加TG群反馈：\033[42;30m t.me/clashfm \033[0m"
 	echo -----------------------------------------------
 	echo  -e "\033[33m已添加的定时任务：\033[36m"
-	crontab -l | grep -oE ' #.*' 
+	croncmd -l | grep -oE ' #.*' 
 	echo -e "\033[0m"-----------------------------------------------
 	echo -e " 1 设置\033[33m定时重启\033[0mclash服务"
 	echo -e " 2 设置\033[31m定时停止\033[0mclash服务"
@@ -1173,6 +1233,7 @@ clashsh(){
 			localproxy
 		elif [ "$autostart" = "enable_rc" ]; then
 			/etc/init.d/clash disable
+			cd /etc/rc.d && rm -rf *clash > /dev/null 2>&1 && cd - >/dev/null
 			echo -e "\033[33m已禁止Clash开机启动！\033[0m"
 		elif [ "$autostart" = "disable_rc" ]; then
 			/etc/init.d/clash enable
@@ -1233,6 +1294,7 @@ case "$1" in
 		echo -----------------------------------------
 		echo "	-t 测试模式"
 		echo "	-h 帮助列表"
+		echo "	-u 卸载脚本"
 		echo -----------------------------------------
 		echo "在线求助：t.me/clashfm"
 		echo "官方博客：juewuy.github.io"
@@ -1243,8 +1305,37 @@ case "$1" in
 		shtype=sh && [ -n "$(ls -l /bin/sh|grep -o dash)" ] && shtype=bash
 		$shtype -x $clashdir/clash.sh
 	;;
+	-u)
+		read -p "确认卸载ShellClash？（警告：该操作不可逆！）[1/0] " res
+		if [ "$res" = '1' ]; then
+			$clashdir/start.sh stop
+			$clashdir/start.sh cronset "clash服务"
+			$clashdir/start.sh cronset "订阅链接"
+			[ -w ~/.bashrc ] && profile=~/.bashrc
+			[ -w /etc/profile ] && profile=/etc/profile
+			sed -i '/alias clash=*/'d $profile
+			sed -i '/export clashdir=*/'d $profile
+			sed -i '/all_proxy/'d $profile
+			sed -i '/ALL_PROXY/'d $profile
+			sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+			sed -i '/ShellClash初始化/'d /etc/storage/started_script.sh 2>/dev/null
+			sed -i '/ShellClash初始化/'d /jffs/.asusrouter 2>/dev/null
+			rm -rf $clashdir
+			rm -rf /etc/init.d/clash
+			rm -rf /etc/systemd/system/clash.service
+			rm -rf /usr/lib/systemd/system/clash.service
+			rm -rf /www/clash
+			sed -Ei s/0:7890/7890:7890/g /etc/passwd
+			userdel -r shellclash 2>/dev/null
+			echo -----------------------------------------------
+			echo -e "\033[36m已卸载ShellClash相关文件！有缘再会！\033[0m"
+			echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"
+			echo -----------------------------------------------
+			exit
+		fi
+		echo -e "\033[31m操作已取消！\033[0m"
+	;;
 	*)
-		echo "	-t 测试模式"
-		echo "	-h 帮助列表"	
+		$0 -h
 	;;
 esac

scripts/clashservice

@@ -1,6 +1,6 @@
 #!/bin/sh /etc/rc.common
 
-START=92
+START=101
 
 SERVICE_DAEMONIZE=1
 SERVICE_WRITE_PID=1

scripts/getdate.sh

@@ -1,32 +1,6 @@
 #!/bin/bash
 # Copyright (C) Juewuy
 
-webget(){
-	[ -n "$(pidof clash)" ] && export all_proxy="http://$authentication@127.0.0.1:$mix_port" #设置临时http代理 
-	#参数【$1】代表下载目录，【$2】代表在线地址
-	#参数【$3】代表输出显示，【$4】不启用重定向
-	#参数【$5】代表验证证书
-	if curl --version > /dev/null 2>&1;then
-		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
-		[ "$4" = "rediroff" ] && redirect='' || redirect='-L'
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='-k'
-		result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-		[ "$result" != "200" ] && export all_proxy="" && result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-	else
-		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
-		[ "$3" = "echoon" ] && progress=''
-		[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
-		wget -Y on $progress $redirect $certificate --timeout=3 -O $1 $2 
-		if [ "$?" != "0" ];then
-			wget $progress $redirect $certificate --timeout=3 -O $1 $2
-			[ "$?" = "0" ] && result="200"
-		else
-			result="200"
-		fi
-	fi
-	export all_proxy=""
-}
 #导入订阅、配置文件相关
 linkconfig(){
 	echo -----------------------------------------------
@@ -220,7 +194,7 @@ getlink2(){
 	read -p "请输入完整链接 > " link
 	test=$(echo $link | grep -iE "tp.*://" )
 	link=`echo ${link/\ \(*\)/''}`   #删除恶心的超链接内容
-	link=`echo ${link//\&/\\\&}`   #为分隔符 & 添加转义
+	link=`echo ${link//\&/\%26}`   #将分隔符 & 替换成urlcode：%26
 	if [ -n "$link" -a -n "$test" ];then
 		echo -----------------------------------------------
 		echo -e 请检查输入的链接是否正确：
@@ -279,11 +253,9 @@ clashlink(){
 			fi
 		fi
 		getlink
-		clashlink
 	  
 	elif [ "$num" = 2 ];then
 		getlink2
-		clashlink
 		
 	elif [ "$num" = 3 ];then
 		yamlbak=$yaml.bak
@@ -328,16 +300,14 @@ clashlink(){
 		
 	elif [ "$num" = 5 ];then
 		clashcron
-		clashlink
 	else
 		errornum
-		clashlink
 	fi
 }
 #下载更新相关
 gettar(){
-	webget /tmp/clashfm.tar.gz $tarurl
-	[ "$result" != "200" ] && echo "文件下载失败！" && exit 1
+	$clashdir/start.sh webget /tmp/clashfm.tar.gz $tarurl
+	[ "$?" = "1" ] && echo "文件下载失败！" && exit 1
 	#解压
 	echo -----------------------------------------------
 	echo 开始解压文件！
@@ -371,7 +341,9 @@ gettar(){
 	chmod  777 $clashdir/start.sh
 	sed -i '/versionsh_l=*/'d $clashdir/mark
 	echo versionsh_l=$release_new >> $clashdir/mark
-	#设置环境变量
+	#设置环境变量	
+	[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+	[ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
 	[ -w ~/.bashrc ] && profile=~/.bashrc
 	[ -w /etc/profile ] && profile=/etc/profile
 	if [ -n "$profile" ];then
@@ -383,6 +355,8 @@ gettar(){
 		echo 无法写入环境变量！请检查安装权限！
 		exit 1
 	fi
+	#华硕/Padavan额外设置
+	[ -n "$systype" ] && sed -i '/ShellClash初始化/'d $initdir && echo "$clashdir/start.sh init #ShellClash初始化脚本" >> $initdir
 	#删除临时文件
 	rm -rf /tmp/clashfm.tar.gz 
 	rm -rf $clashdir/clashservice
@@ -446,8 +420,8 @@ getcore(){
 	#获取在线clash核心文件
 	echo -----------------------------------------------
 	echo 正在在线获取clash核心文件……
-	webget /tmp/clash.new $corelink
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/clash.new $corelink
+	if [ "$?" = "1" ];then
 		echo -e "\033[31m核心文件下载失败！\033[0m"
 	else
 		echo -e "\033[32m$clashcore核心下载成功！\033[0m"
@@ -500,15 +474,15 @@ setcore(){
 getgeo(){
 	echo -----------------------------------------------
 	echo 正在从服务器获取数据库文件…………
-	webget /tmp/Country.mmdb $update_url/bin/$geotype
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/$geoname $update_url/bin/$geotype
+	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 		exit 1
 	else
-		mv -f /tmp/Country.mmdb $bindir/Country.mmdb
+		mv -f /tmp/$geoname $bindir/$geoname
 		echo -----------------------------------------------
-		echo -e "\033[32mGeoIP数据库文件下载成功！\033[0m"
+		echo -e "\033[32mGeoIP/CN_IP数据库文件下载成功！\033[0m"
 		Geo_v=$GeoIP_v
 		setconfig Geo_v $GeoIP_v
 		setconfig geotype $geotype
@@ -518,19 +492,32 @@ setgeo(){
 	echo -----------------------------------------------
 	[ "$geotype" = "Country.mmdb" ] && geo_type=全球版 || geo_type=精简版
 	[ -n "$geo_type" ] && echo -e "当前使用的是\033[47;30m$geo_type数据库\033[0m"
-	echo -e "\033[36m请选择需要更新的GeoIP数据库：\033[0m"
+	echo -e "\033[36m请选择需要更新/切换的GeoIP/CN_IP数据库：\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 由\033[32malecthw\033[0m提供的全球版GeoIP数据库(约4mb)"
 	echo -e " 2 由\033[32mHackl0us\033[0m提供的精简版CN-IP数据库(约0.1mb)"
+	echo -e " 3 由\033[32m17mon\033[0m提供的CN-IP文件(需启用CN_IP绕过内核功能，约0.1mb)"
 	echo " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
 	if [ "$num" = '1' ]; then
 		geotype=Country.mmdb
+		geoname=Country.mmdb
 		getgeo
 	elif [ "$num" = '2' ]; then
 		geotype=cn_mini.mmdb
+		geoname=Country.mmdb
 		getgeo
+	elif [ "$num" = '3' ]; then
+		if [ "$cn_ip_route" = "已开启" ]; then
+			geotype=china_ip_list.txt
+			geoname=cn_ip.txt
+			getgeo
+		else
+			echo -----------------------------------------------
+			echo -e "\033[31m未开启绕过内核功能，无需更新CN-IP文件！！\033[0m"	
+			sleep 1
+		fi
 	else
 		update
 	fi
@@ -550,8 +537,8 @@ getdb(){
 	dblink="${update_url}/bin/${db_type}.tar.gz"
 	echo -----------------------------------------------
 	echo 正在连接服务器获取安装文件…………
-	webget /tmp/clashdb.tar.gz $dblink
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/clashdb.tar.gz $dblink
+	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 		echo -----------------------------------------------
@@ -647,15 +634,15 @@ getcrt(){
 	crtlink="${update_url}/bin/ca-certificates.crt"
 	echo -----------------------------------------------
 	echo 正在连接服务器获取安装文件…………
-	webget /tmp/ca-certificates.crt $crtlink
-	if [ "$result" != "200" ];then
+	$clashdir/start.sh webget /tmp/ca-certificates.crt $crtlink
+	if [ "$?" = "1" ];then
 		echo -----------------------------------------------
 		echo -e "\033[31m文件下载失败！\033[0m"
 	else
 		echo -----------------------------------------------
 		mv -f /tmp/ca-certificates.crt $crtdir
-		webget /tmp/ssl_test https://baidu.com echooff rediron skipceroff
-		if [ "$result" != "200" ];then
+		$clashdir/start.sh webget /tmp/ssl_test https://baidu.com echooff rediron skipceroff
+		if [ "$?" = "1" ];then
 			export CURL_CA_BUNDLE=$crtdir
 			echo "export CURL_CA_BUNDLE=$crtdir" >> /etc/profile
 		fi
@@ -700,27 +687,31 @@ setserver(){
 		release_new=""
 	}
 	echo -----------------------------------------------
-	echo -e "\033[30;47m您可以在此处切换在线更新时使用的资源地址\033[0m"
-	echo -e "当前源：\033[4;32m$update_url\033[0m"
+	echo -e "\033[30;47m切换ShellClash版本及更新源地址\033[0m"
+	echo -e "当前源地址：\033[4;32m$update_url\033[0m"
 	echo -----------------------------------------------
-	echo -e " 1 Jsdelivr-CDN源(test版本)"
-	echo -e " 2 Jsdelivr-CDN源(release版本)"
-	echo -e " 3 Github源(test版本，需开启clash服务)"
-	echo -e " 5 自定义输入(请务必确保路径正确)"
-	echo -e " 6 切换版本(仅支持切换至release分支)"
+	echo -e " 1 \033[32m正式版\033[0m&Jsdelivr-CDN源(推荐)"
+	echo -e " 2 \033[36m测试版\033[0m&Jsdelivr-CDN源"
+	echo -e " 3 \033[36m测试版\033[0m&Github源(需开启clash服务）"
+	[ -z "$(curl -V 2>/dev/null)" ] && [ -n "$(wget -V 2>&1 | grep BusyBox)" ] && echo -e " 4 \033[33mHttp专用源\033[0m@Qust.me(感谢\033[32m酱紫表\033[0m提供及维护)"
+	echo -e " 5 自定义源地址(用于本地源或自建源)"
+	echo -e " 6 \033[31m版本回退\033[0m"
 	echo -e " 0 返回上级菜单"
 	read -p "请输入对应数字 > " num
 	if	[ -z "$num" ]; then 
 		errornum
 	elif [ "$num" = 1 ]; then
-		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master'
+		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash'
 		saveserver
 	elif [ "$num" = 2 ]; then
-		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash'
+		update_url='https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master'
 		saveserver
 	elif [ "$num" = 3 ]; then
 		update_url='https://raw.githubusercontent.com/juewuy/ShellClash/master'
 		saveserver
+	elif [ "$num" = 4 ]; then
+		update_url='http://sc.qust.me'
+		saveserver
 	elif [ "$num" = 5 ]; then
 		echo -----------------------------------------------
 		read -p "请输入个人源路径 > " update_url
@@ -732,8 +723,8 @@ setserver(){
 		fi
 	elif [ "$num" = 6 ]; then
 		echo -----------------------------------------------
-		webget /tmp/clashrelease https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/bin/release_version echooff rediroff 2>/tmp/clashrelease
-		echo -e "\033[32m请选择想要更新至的版本：\033[0m"
+		$clashdir/start.sh webget /tmp/clashrelease https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master/bin/release_version echooff rediroff 2>/tmp/clashrelease
+		echo -e "\033[31m请选择想要回退至的release版本：\033[0m"
 		cat /tmp/clashrelease | awk '{print " "NR" "$1}'
 		echo -e " 0 返回上级菜单"
 		read -p "请输入对应数字 > " num
@@ -749,7 +740,7 @@ setserver(){
 		fi
 		
 	elif [ "$num" = 9 ]; then
-		update_url='http://192.168.31.31:8080/ShellClash'
+		update_url='http://192.168.123.90:8080/ShellClash'
 	else
 		errornum
 	fi
@@ -757,16 +748,14 @@ setserver(){
 checkupdate(){
 if [ -z "$release_new" ];then
 	if [ "$update_url" = "https://cdn.jsdelivr.net/gh/juewuy/ShellClash" ];then
-		webget /tmp/clashrelease $update_url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
-		[ "$result" = "200" ] && release_new=$(cat /tmp/clashrelease | head -1)
-		[ -z "$release_new" ] && release_new=master
+		$clashdir/start.sh webget /tmp/clashversion $update_url@master/bin/release_version echoon rediroff 2>/tmp/clashrelease
+		[ "$?" = "0" ] && release_new=$(cat /tmp/clashversion | head -1)
 		update_url=$update_url@$release_new
-	fi
-	webget /tmp/clashversion $update_url/bin/version echooff
-	[ "$result" = "200" ] && source /tmp/clashversion || echo -e "\033[31m检查更新失败！请检查网络连接或切换安装源！\033[0m"
-	[ -z "$release_new" ] && release_new=$versionsh
+	fi	
+	$clashdir/start.sh webget /tmp/clashversion $update_url/bin/version echooff 
+	[ "$?" = "0" ] && release_new=$(cat /tmp/clashversion | grep versionsh | awk -F'=' '{ print $2 }')
+	[ -n "$release_new" ] &&source /tmp/clashversion || echo -e "\033[31m检查更新失败！请检查网络连接或切换安装源！\033[0m"
 	rm -rf /tmp/clashversion
-	rm -rf /tmp/clashrelease
 fi
 }
 update(){
@@ -780,12 +769,12 @@ update(){
 	echo -----------------------------------------------
 	echo -e " 1 更新\033[36m管理脚本  	\033[33m$versionsh_l\033[0m > \033[32m$versionsh\033[0m"
 	echo -e " 2 切换\033[33mclash核心 	\033[33m$clash_v\033[0m > \033[32m$clash_n\033[0m"
-	echo -e " 3 更新\033[32mGeoIP数据库	\033[33m$Geo_v\033[0m > \033[32m$GeoIP_v\033[0m"
+	echo -e " 3 更新\033[32mGeoIP/CN-IP	\033[33m$Geo_v\033[0m > \033[32m$GeoIP_v\033[0m"
 	echo -e " 4 安装本地\033[35mDashboard\033[0m面板"
 	echo -e " 5 安装/更新本地\033[33m根证书文件\033[0m"
 	echo -e " 6 查看\033[32mPAC\033[0m自动代理配置"
 	echo -----------------------------------------------
-	echo -e " 7 切换\033[36m安装源\033[0m地址"
+	echo -e " 7 切换\033[36m安装源\033[0m及\033[36m安装版本\033[0m"
 	echo -e " 8 鸣谢"
 	echo -e " 9 \033[31m卸载\033[34mShellClash\033[0m"
 	echo -e " 0 返回上级菜单" 
@@ -830,36 +819,15 @@ update(){
 		echo -e "感谢：\033[32mClash \033[0m作者\033[36m Dreamacro\033[0m 项目地址：\033[32mhttps://github.com/Dreamacro/clash\033[0m"
 		echo -e "感谢：\033[32msubconverter \033[0m作者\033[36m tindy2013\033[0m 项目地址：\033[32mhttps://github.com/tindy2013/subconverter\033[0m"
 		echo -e "感谢：\033[32malecthw提供的GeoIP数据库\033[0m 项目地址：\033[32mhttps://github.com/alecthw/mmdb_china_ip_list\033[0m"
+		echo -e "感谢：\033[32mHackl0us提供的GeoIP精简数据库\033[0m 项目地址：\033[32mhttps://github.com/Hackl0us/GeoIP2-CN\033[0m"
+		echo -e "感谢：\033[32m17mon提供的CN-IP列表\033[0m 项目地址：\033[32mhttps://github.com/17mon/china_ip_list\033[0m"
 		echo -e "感谢：\033[32myacd \033[0m作者\033[36m haishanh\033[0m 项目地址：\033[32mhttps://github.com/haishanh/yacd\033[0m"
 		echo -e "感谢：\033[32m更多的帮助过我的人！\033[0m"
 		sleep 2
 		update
 		
 	elif [ "$num" = 9 ]; then
-		read -p "确认卸载ShellClash？（警告：该操作不可逆！）[1/0] " res
-		if [ "$res" = '1' ]; then
-			$clashdir/start.sh stop
-			$clashdir/start.sh cronset "clash服务"
-			$clashdir/start.sh cronset "订阅链接"
-			[ -w ~/.bashrc ] && profile=~/.bashrc
-			[ -w /etc/profile ] && profile=/etc/profile
-			sed -i '/alias clash=*/'d $profile
-			sed -i '/export clashdir=*/'d $profile
-			sed -i '/all_proxy/'d $profile
-			sed -i '/ALL_PROXY/'d $profile
-			sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
-			rm -rf $clashdir
-			rm -rf /etc/init.d/clash
-			rm -rf /etc/systemd/system/clash.service
-			rm -rf /usr/lib/systemd/system/clash.service
-			rm -rf /www/clash
-			echo -----------------------------------------------
-			echo -e "\033[36m已卸载ShellClash相关文件！有缘再会！\033[0m"
-			echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"
-			echo -----------------------------------------------
-			exit
-		fi
-		echo -e "\033[31m操作已取消！\033[0m"
+		$0 -u
 		update
 	else
 		errornum
@@ -871,7 +839,7 @@ userguide(){
 		echo -----------------------------------------------
 		echo -e "\033[33m是否需要代理UDP流量(主要用于游戏)？ \033[0m"
 		echo -----------------------------------------------
-		echo -e " 1 \033[33m不代理UDP流量\033[0m(可能会导致一部分游戏/应用无法连接)"
+		echo -e " 1 \033[33m不代理UDP流量\033[0m(可能会导致一部分外服游戏/应用无法连接)"
 		ip tuntap >/dev/null 2>&1 && [ "$?" = 0 ] && \
 		echo -e " 2 \033[32m使用Tun虚拟网卡\033[0m代理UDP流量(更低的延迟但更多的CPU消耗)" || \
 		echo -e " - \033[0m使用Tun模式(你的设备不支持此模式，如为虚拟机运行请调整虚拟网卡设置)\033[0m"
@@ -901,10 +869,8 @@ userguide(){
 		echo -e "\033[33m请先选择你的使用环境： \033[0m"
 		echo -e "\033[0m(你之后依然可以在设置中更改各种配置)\033[0m"
 		echo -----------------------------------------------
-		echo -e " 1 \033[32m各类路由设备\033[0m，配置局域网透明路由"
-		echo -e " 2 \033[36m桌面版Linux系统\033[0m，仅配置本机路由"
-		echo -e " 3 \033[32m服务器Linux系统\033[0m，仅配置本机路由"
-		echo -e " 4 \033[36m多功能设备\033[0m，配置本机及局域网路由"
+		echo -e " 1 \033[32m主路由或旁路由\033[0m"
+		echo -e " 2 \033[36mLinux本机代理\033[0m"
 		echo -----------------------------------------------
 		read -p "请输入对应数字 > " num
 		if [ -z "$num" ] || [ "$num" -gt 4 ];then
@@ -912,24 +878,35 @@ userguide(){
 			forwhat
 		elif [ "$num" = 1 ];then
 			whichmod
-		elif [ "$num" = 2 -o "$num" = 3 ];then
+			#检测IP转发
+			if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "0" ];then
+				echo -----------------------------------------------
+				echo -e "\033[33m检测到你的设备尚未开启ip转发，局域网设备将无法正常连接网络，是否立即开启？\033[0m"
+				read -p "是否开启？(1/0) > " res
+				[ "$res" = 1 ] && echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
+				[ "$?" = 0 ] && /etc/init.d/procps restart && echo "已成功开启ipv4转发，如未正常开启，请手动重启设备！" || echo "开启失败！请自行谷歌查找当前设备的开启方法！"
+			fi
+		elif [ "$num" = 2 ];then
 			setconfig redir_mod "纯净模式"
 			setconfig clashcore "clash"
 			echo -----------------------------------------------
 			echo -e "\033[36m请选择设置本机代理的方式\033[0m"
-			localproxy
-		elif [ "$num" = 4 ];then
-			whichmod
+			echo -e " 1 使用\033[32m环境变量\033[0m方式配置(不支持部分应用)"
+			echo -e " 2 使用\033[32miptables增强模式\033[0m配置(不支持OpenWrt)"
+			echo -e " 0 稍后设置"
+			read -p "请输入对应数字 > " num
+			if [ "$num" = 1 ]; then
+				local_proxy=已开启
+				local_type=环境变量
+			elif [ "$num" = 2 ]; then
+				local_proxy=已开启
+				local_type=iptables增强模式
+			fi
+			setconfig local_proxy $local_proxy
+			setconfig local_type $local_type
 		fi
 	}
 	forwhat
-	#检测IP转发
-	if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "0" ];then
-		echo -----------------------------------------------
-		echo -e "\033[33m检测到你的设备尚未开启ip转发，局域网设备将无法正常连接网络，是否立即开启？\033[0m"
-		read -p "是否开启？(1/0) > " res
-		[ "$res" = 1 ] && echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf && /etc/init.d/procps restart && echo "已成功开启ipv4转发，如未正常开启，请手动重启设备！"
-	fi
 	#检测小内存模式
 	dir_size=$(df $clashdir | awk '{print $4}' | sed 1d)
 	if [ "$dir_size" -lt 10240 ];then
@@ -956,8 +933,8 @@ userguide(){
 		[ "$res" = 1 ] && checkupdate && getcrt
 	fi
 	#设置加密DNS
-	webget /tmp/ssl_test https://baidu.com echooff rediron skipceroff
-	if [ "$result" = "200" ];then
+	$clashdir/start.sh webget /tmp/ssl_test https://www.baidu.com echooff rediron skipceroff
+	if [ "$?" = "0" ];then
 		dns_nameserver='https://223.5.5.5/dns-query, https://doh.pub/dns-query, tls://dns.rubyfish.cn:853'
 		dns_fallback='https://1.0.0.1/dns-query, https://8.8.4.4/dns-query, https://doh.opendns.com/dns-query'
 		setconfig dns_nameserver \'"$dns_nameserver"\'
@@ -1061,4 +1038,4 @@ testcommand(){
 		errornum
 		clashsh
 	fi
-}
+}

scripts/start.sh

@@ -4,6 +4,8 @@
 #脚本内部工具
 getconfig(){
 	#加载配置文件
+	[ -d "/etc/storage/clash" ] && clashdir=/etc/storage/clash
+	[ -d "/jffs/clash" ] && clashdir=/jffs/clash
 	[ -z "$clashdir" ] && clashdir=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
 	[ -z "$clashdir" ] && clashdir=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
 	ccfg=$clashdir/mark
@@ -24,6 +26,8 @@ getconfig(){
 	[ -z "$redir_port" ] && redir_port=7892
 	[ -z "$db_port" ] && db_port=9999
 	[ -z "$dns_port" ] && dns_port=1053
+	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
+	[ -z "$public_support" ] && public_support=未开启
 	[ -z "$dns_nameserver" ] && dns_nameserver='114.114.114.114, 223.5.5.5'
 	[ -z "$dns_fallback" ] && dns_fallback='1.0.0.1, 8.8.4.4'
 	[ -z "$multiport" ] && multiport='22,53,587,465,995,993,143,80,443,8080'
@@ -44,46 +48,33 @@ compare(){
 		[ "$(cat $1)" = "$(cat $2)" ] && return 0 || return 1
 	fi
 }
-webget(){
-	[ -n "$(pidof clash)" ] && export all_proxy="http://$authentication@127.0.0.1:$mix_port" #设置临时http代理 
-	#参数【$1】代表下载目录，【$2】代表在线地址
-	#参数【$3】代表输出显示，【$4】不启用重定向
-	#参数【$5】代表验证证书
-	if curl --version > /dev/null 2>&1;then
-		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
-		[ "$4" = "rediroff" ] && redirect='' || redirect='-L'
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='-k'
-		result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-		[ "$result" != "200" ] && export all_proxy="" && result=$(curl -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o $1 $2)
-	else
-		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
-		[ "$3" = "echoon" ] && progress=''
-		[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
-		[ "$5" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
-		wget -Y on $progress $redirect $certificate --timeout=3 -O $1 $2 
-		if [ "$?" != "0" ];then
-			wget $progress $redirect $certificate --timeout=3 -O $1 $2
-			[ "$?" = "0" ] && result="200"
-		else
-			result="200"
-		fi
-	fi
-	export all_proxy=""
-}
 logger(){
 	[ -n "$2" ] && echo -e "\033[$2m$1\033[0m"
 	echo `date "+%G-%m-%d %H:%M:%S"` $1 >> $clashdir/log
 	[ "$(wc -l $clashdir/log | awk '{print $1}')" -gt 30 ] && sed -i '1,5d' $clashdir/log
 }
+croncmd(){
+	if [ -n "$(crontab -h 2>&1 | grep '\-l')" ];then
+		crontab $1
+	else
+		crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}')"
+		[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
+		[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
+		[ ! -w "$crondir" ] && crondir="/var/spool/cron"
+		[ ! -w "$crondir" ] && echo "你的设备不支持定时任务配置，脚本大量功能无法启用，请前往 https://t.me/clashfm 申请适配！"
+		[ "$1" = "-l" ] && cat $crondir/$USER 2>/dev/null
+		[ -f "$1" ] && cat $1 > $crondir/$USER
+	fi
+}
 cronset(){
 	# 参数1代表要移除的关键字,参数2代表要添加的任务语句
-	crondir=/tmp/cron_$USER
-	crontab -l > $crondir
-	sed -i "/$1/d" $crondir
-	sed -i '/^$/d' $crondir
-	echo "$2" >> $crondir
-	crontab $crondir
-	rm -f $crondir
+	tmpcron=/tmp/cron_$USER
+	croncmd -l > $tmpcron 
+	sed -i "/$1/d" $tmpcron
+	sed -i '/^$/d' $tmpcron
+	echo "$2" >> $tmpcron
+	croncmd $tmpcron
+	rm -f $tmpcron
 }
 mark_time(){
 	start_time=`date +%s`
@@ -126,8 +117,10 @@ https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Games.ini
 https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Mini_Games.ini
 https://github.com/juewuy/ShellClash/raw/master/rules/ACL4SSR_Online_Full_Games.ini
 EOF`
+	Https=$(echo ${Https//\%26/\&})   #将%26替换回&
 	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
 	if [ -z "$Https" ];then
+		#[ -n "$(echo $Url | grep -o 'https://dler')" ] && Server='api.dler.io'
 		Https="https://$Server/sub?target=clash&insert=true&new_name=true&scv=true&exclude=$exclude&include=$include&url=$Url&config=$Config"
 		markhttp=1
 	fi
@@ -140,12 +133,12 @@ EOF`
 	yaml=$clashdir/config.yaml
 	yamlnew=/tmp/clash_config_$USER.yaml
 	rm -rf $yamlnew
-	webget $yamlnew $Https
-	if [ "$result" != "200" ];then
+	$0 webget $yamlnew $Https 0 0 0 1
+	if [ "$?" = "1" ];then
 		if [ -z "$markhttp" ];then
 			echo -----------------------------------------------
 			logger "配置文件获取失败！" 31
-			echo -e "\033[31m请尝试使用【导入订阅】功能！\033[0m"
+			echo -e "\033[31m请尝试使用【在线生成配置文件】功能！\033[0m"
 			echo -----------------------------------------------
 			exit 1
 		else
@@ -156,7 +149,7 @@ EOF`
 				retry=$((retry+1))
 				logger "配置文件获取失败！" 31
 				echo -e "\033[32m尝试使用其他服务器获取配置！\033[0m"
-				logger "正在重试第$retry次/共5次！" 32
+				logger "正在重试第$retry次/共5次！" 33
 				sed -i '/server_link=*/'d $ccfg
 				if [ "$server_link" -ge 5 ]; then
 					server_link=0
@@ -170,7 +163,7 @@ EOF`
 	else
 		Https=""
 		#检测节点或providers
-		if [ -z "$(cat $yamlnew | grep -E 'server:|proxy-providers:' | grep -v 'nameserver' | head -n 1)" ];then
+		if [ -z "$(cat $yamlnew | grep -E 'server|proxy-providers' | grep -v 'nameserver' | head -n 1)" ];then
 			echo -----------------------------------------------
 			logger "获取到了配置文件，但似乎并不包含正确的节点信息！" 31
 			echo -----------------------------------------------
@@ -237,7 +230,7 @@ modify_yaml(){
 	exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
 	#dns配置
 	if [ "$dns_mod" = "fake-ip" ];then
-		dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org"], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
+		dns='dns: {enable: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, fake-ip-range: 198.18.0.1/16, enhanced-mode: fake-ip, fake-ip-filter: ["*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org","*.sgcc.com.cn","*.alicdn.com","*.aliyuncs.com"], nameserver: ['$dns_nameserver', 127.0.0.1:53], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 	else
 		dns='dns: {enable: true, ipv6: true, listen: 0.0.0.0:'$dns_port', use-hosts: true, enhanced-mode: redir-host, nameserver: ['$dns_nameserver$dns_local'], fallback: ['$dns_fallback'], fallback-filter: {geoip: true}}'
 	fi
@@ -251,7 +244,7 @@ modify_yaml(){
 	mkdir -p $tmpdir > /dev/null
 	[ "$b" != "0" ] && sed "${a},${b}d" $yaml > $tmpdir/proxy.yaml
 	#跳过本地tls证书验证
-	[ "$skip_cert" = "已开启" ] && sed -i '10,99s/skip-cert-verify: false/skip-cert-verify: true/' $tmpdir/proxy.yaml
+	[ "$skip_cert" = "已开启" ] && sed -i '1,99s/skip-cert-verify: false/skip-cert-verify: true/' $tmpdir/proxy.yaml
 	#检测是否使用script规则
 	[ -n "$(cat $yaml | grep -E '^script:')" ] && mode='mode: Script'
 	#添加配置
@@ -270,7 +263,7 @@ secret: $secret
 $tun
 $exper
 $dns
-store-selected: false
+store-selected: $restore
 EOF
 ###################################
 	[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
@@ -279,22 +272,42 @@ EOF
 	#插入自定义规则
 	sed -i "/#自定义规则/d" $tmpdir/config.yaml
 	if [ -f $clashdir/rules.yaml ];then
+		sed -i '/^$/d' $clashdir/rules.yaml && echo >> $clashdir/rules.yaml #处理换行
+		space=$(sed -n '/^rules/{n;p}' $tmpdir/proxy.yaml | grep -oE '^\ *') #获取空格数
 		while read line;do
 			[ -z "$(echo "$line " | grep '#')" ] && \
 			[ -n "$(echo "$line" | grep '\-\ ')" ] && \
 			line=$(echo "$line" | sed 's#/#\\/#') && \
-			sed -i "/^rules:/a\ $line #自定义规则" $tmpdir/config.yaml
+			sed -i "/^rules:/a\\$space$line #自定义规则" $tmpdir/config.yaml
 		done < $clashdir/rules.yaml
 	fi
 	#如果没有使用小闪存模式
 	if [ "$tmpdir" != "$bindir" ];then
-		compare $tmpdir/config.yaml $yaml
+		cmp -s $tmpdir/config.yaml $yaml >/dev/null 2>&1
 		[ "$?" != 0 ] && mv -f $tmpdir/config.yaml $yaml || rm -f $tmpdir/config.yaml
 	fi
 	rm -f $tmpdir/set.yaml
 	rm -f $tmpdir/proxy.yaml
 }
 #设置路由规则
+cn_ip_route(){	
+	if [ ! -f $bindir/cn_ip.txt ];then
+		if [ -f $clashdir/cn_ip.txt ];then
+			mv $clashdir/cn_ip.txt $bindir/cn_ip.txt
+		else
+			logger "未找到cn_ip列表，正在下载！" 33
+			$0 webget $bindir/cn_ip.txt "$update_url/bin/china_ip_list.txt"
+			[ "$?" = "1" ] && rm -rf $bindir/cn_ip.txt && logger "列表下载失败，已退出！" 31 && exit 1
+		fi
+	fi
+	if [ -f $bindir/cn_ip.txt ];then
+	echo "create cn_ip hash:net family inet hashsize 1024 maxelem 65536" > /tmp/cn_$USER.ipset
+	awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' $bindir/cn_ip.txt >> /tmp/cn_$USER.ipset
+	ipset -! flush cn_ip 2>/dev/null
+	ipset -! restore < /tmp/cn_$USER.ipset
+	rm -rf cn_$USER.ipset
+	fi
+}
 start_redir(){
 	#获取本地局域网地址段
 	gethost
@@ -308,6 +321,7 @@ start_redir(){
 	iptables -t nat -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t nat -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t nat -A clash -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 		#mac白名单
 		for mac in $(cat $clashdir/mac); do
@@ -321,6 +335,15 @@ start_redir(){
 		iptables -t nat -A clash -p tcp $ports -j REDIRECT --to-ports $redir_port
 	fi
 	iptables -t nat -A PREROUTING -p tcp $lanhost -j clash
+	if [ "$public_support" = "已开启" ];then
+		iptables -I INPUT -p tcp --dport $mix_port -j ACCEPT
+		iptables -I INPUT -p tcp --dport $db_port -j ACCEPT
+	fi
+	#Google home DNS特殊处理
+	iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash
+	iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j clash
+	#Docker特殊处理
+	iptables -t nat -I PREROUTING -s 172.16.0.0/12  -j clash
 	#设置ipv6转发
 	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
 	if [ -n "$ip6_nat" -a "$ipv6_support" = "已开启" ];then
@@ -363,9 +386,6 @@ start_dns(){
 		iptables -t nat -A clash_dns -p tcp --dport 53 -j REDIRECT --to $dns_port
 	fi
 	iptables -t nat -A PREROUTING -p udp -j clash_dns
-	#Google home DNS特殊处理
-	iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j clash_dns
-	iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j clash_dns
 	#ipv6DNS
 	ip6_nat=$(ip6tables -t nat -L 2>&1 | grep -o 'Chain')
 	if [ -n "$ip6_nat" ];then
@@ -403,6 +423,7 @@ start_udp(){
 	iptables -t mangle -A clash -d 192.168.0.0/16 -j RETURN
 	iptables -t mangle -A clash -d 224.0.0.0/4 -j RETURN
 	iptables -t mangle -A clash -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t mangle -A clash -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
 		#mac白名单
 		for mac in $(cat $clashdir/mac); do
@@ -417,20 +438,75 @@ start_udp(){
 	fi
 	iptables -t mangle -A PREROUTING -p udp $lanhost -j clash
 }
+start_output(){
+	#流量过滤规则
+	iptables -t nat -N clash_out
+	iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN
+	iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
+	iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_out -p tcp $ports -m mac --mac-source $mac -j REDIRECT --to-ports $redir_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_out -m mac --mac-source $mac -j RETURN
+		done
+		iptables -t nat -A clash_out -p tcp $ports -j REDIRECT --to-ports $redir_port
+	fi
+	iptables -t nat -A OUTPUT -p tcp -j clash_out
+	#设置dns转发
+	iptables -t nat -N clash_dns_out
+	iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN
+	if [ "$macfilter_type" = "白名单" -a -n "$(cat $clashdir/mac)" ];then
+		#mac白名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns_out -p udp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+			iptables -t nat -A clash_dns_out -p tcp --dport 53 -m mac --mac-source $mac -j REDIRECT --to $dns_port
+		done
+	else
+		#mac黑名单
+		for mac in $(cat $clashdir/mac); do
+			iptables -t nat -A clash_dns_out -m mac --mac-source $mac -j RETURN
+		done	
+		iptables -t nat -A clash_dns_out -p udp --dport 53 -j REDIRECT --to $dns_port
+		iptables -t nat -A clash_dns_out -p tcp --dport 53 -j REDIRECT --to $dns_port
+	fi
+	iptables -t nat -A OUTPUT -p udp -j clash_dns_out
+}
 stop_iptables(){
 	gethost #获取本地局域网地址段
     #重置iptables规则
 	ip rule del fwmark 1 table 100  2> /dev/null
 	ip route del local default dev lo table 100 2> /dev/null
 	iptables -t nat -D PREROUTING -p tcp $lanhost -j clash 2> /dev/null
+	iptables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
+	iptables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
 	iptables -t nat -D PREROUTING -p udp -j clash_dns 2> /dev/null
-	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash_dns 2> /dev/null
-	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash_dns 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.8.8 -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -d 8.8.4.4 -j clash 2> /dev/null
+	iptables -t nat -D PREROUTING -s 172.16.0.0/12  -j clash 2> /dev/null
 	iptables -t nat -F clash 2> /dev/null
 	iptables -t nat -X clash 2> /dev/null
 	iptables -t nat -F clash_dns 2> /dev/null
 	iptables -t nat -X clash_dns 2> /dev/null
 	iptables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+	#重置output规则
+	iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
+	iptables -t nat -F clash_out 2> /dev/null
+	iptables -t nat -X clash_out 2> /dev/null	
+	iptables -t nat -D OUTPUT -p udp -j clash_dns_out 2> /dev/null
+	iptables -t nat -F clash_dns_out 2> /dev/null
+	iptables -t nat -X clash_dns_out 2> /dev/null
 	#重置udp规则
 	iptables -t mangle -D PREROUTING -p udp $lanhost -j clash 2> /dev/null
 	iptables -t mangle -F clash 2> /dev/null
@@ -443,6 +519,8 @@ stop_iptables(){
 	ip6tables -t nat -F clashv6_dns 2> /dev/null
 	ip6tables -t nat -X clashv6_dns 2> /dev/null
 	ip6tables -D FORWARD -o utun -j ACCEPT 2> /dev/null
+	#清理ipset规则
+	ipset destroy cn_ip >/dev/null 2>&1
 }
 #面板配置保存相关
 web_save(){
@@ -451,10 +529,6 @@ web_save(){
 			curl -s -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1"
 		elif [ -n "$(wget --help 2>&1|grep '\-\-method')" ];then
 			wget -q --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" -O - "$1"
-		else
-			logger 当前系统未安装curl且wget的版本太低，无法保存节点配置！ 31
-			getconfig
-			cronset '保存节点配置'
 		fi
 	}
 	#使用get_save获取面板节点设置
@@ -475,7 +549,7 @@ web_restore(){
 	put_save(){
 		if curl --version > /dev/null 2>&1;then
 			curl -sS -X PUT -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1" -d "$2" >/dev/null
-		else
+		elif wget --version > /dev/null 2>&1;then
 			wget -q --method=PUT --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" --body-data="$2" "$1" >/dev/null
 		fi
 	}
@@ -526,7 +600,7 @@ bfstart(){
 	#读取配置文件
 	getconfig
 	[ ! -d $bindir/ui ] && mkdir -p $bindir/ui
-	[ -z "$update_url" ] && update_url=https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master
+	[ -z "$update_url" ] || [ -n "$(echo $update_url | grep 'github')" ] && update_url=https://cdn.jsdelivr.net/gh/juewuy/ShellClash@master
 	#检查clash核心
 	if [ ! -f $bindir/clash ];then
 		if [ -f $clashdir/clash ];then
@@ -538,8 +612,8 @@ bfstart(){
 			fi
 			[ -z "$cpucore" ] && source $clashdir/getdate.sh && getcpucore
 			[ -z "$cpucore" ] && logger 找不到设备的CPU信息，请手动指定处理器架构类型！ 31 && setcpucore
-			webget $bindir/clash "$update_url/bin/$clashcore/clash-linux-$cpucore"
-			[ "$?" = 1 ] && logger "核心下载失败，已退出！" 31 && rm -f $bindir/clash && exit 1
+			$0 webget $bindir/clash "$update_url/bin/$clashcore/clash-linux-$cpucore"
+			[ "$?" = "1" ] && rm -rf $bindir/clash && logger "核心下载失败，已退出！" 31 && exit 1
 			[ ! -x $bindir/clash ] && chmod +x $bindir/clash 	#检测可执行权限
 			clashv=$($bindir/clash -v | awk '{print $2}')
 			setconfig clashv $clashv
@@ -552,8 +626,8 @@ bfstart(){
 		else
 			logger "未找到GeoIP数据库，正在下载！" 33
 			[ -z "$geotype" ] && geotype=cn_mini.mmdb
-			webget $bindir/Country.mmdb $update_url/bin/$geotype
-			[ "$?" = 1 ] && logger "数据库下载失败，已退出！" 31 && rm -f $bindir/Country.mmdb && exit 1
+			$0 webget $bindir/Country.mmdb $update_url/bin/$geotype
+			[ "$?" = "1" ] && rm -rf $bindir/Country.mmdb && logger "数据库下载失败，已退出！" 31 && exit 1
 			Geo_v=$(date +"%Y%m%d")
 			setconfig Geo_v $Geo_v
 		fi
@@ -562,7 +636,12 @@ bfstart(){
 	if [ -f $clashdir/ui/index.html -a ! -f $bindir/ui/index.html ];then
 		cp -rf $clashdir/ui $bindir
 	fi
-	catpac #生成pac文件
+	#检查curl或wget支持
+	curl --version > /dev/null 2>&1
+	[ "$?" = 1 ] && wget --version > /dev/null 2>&1
+	[ "$?" = 1 ] && restore=true || restore=false
+	#生成pac文件
+	catpac
 	#检查yaml配置文件
 	if [ ! -f $clashdir/config.yaml ];then
 		if [ -n "$Url" -o -n "$Https" ];then
@@ -574,6 +653,20 @@ bfstart(){
 			exit 1
 		fi
 	fi
+	#本机代理准备
+	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
+		if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
+			userdel shellclash 2>/dev/null
+			useradd shellclash -u 7890
+			sed -Ei s/7890:7890/0:7890/g /etc/passwd
+		fi
+		if [ "$start_old" != "已开启" ];then
+			[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
+			[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
+			setconfig ExecStart "/bin/su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir
+			systemctl daemon-reload >/dev/null
+		fi
+	fi
 }
 afstart(){
 
@@ -582,16 +675,22 @@ afstart(){
 	$bindir/clash -t -d $bindir >/dev/null
 	if [ "$?" = 0 ];then
 		#设置iptables转发规则
+		[ "$dns_mod" = "redir_host" ] && [ "$cn_ip_route" = "已开启" ] && cn_ip_route
 		[ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && start_dns
 		[ "$redir_mod" != "纯净模式" ] && [ "$redir_mod" != "Tun模式" ] && start_redir
 		[ "$redir_mod" = "Redir模式" ] && [ "$tproxy_mod" = "已开启" ] && start_udp
+		[ "$local_proxy" = "已开启" ] && [ "$local_type" = "iptables增强模式" ] && start_output
 		#标记启动时间
 		mark_time
 		#设置本机代理
 		[ "$local_proxy" = "已开启" ] && $0 set_proxy $mix_port $db_port
+		#加载定时任务
+		[ -f $clashdir/cron ] && croncmd $clashdir/cron
 		#启用面板配置自动保存
-		cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置"
-		[ -f $clashdir/web_save ] && web_restore & #后台还原面板配置
+		if [ "$restore" = false ];then
+			cronset '#每10分钟保存节点配置' "*/10 * * * * test -n \"\$(pidof clash)\" && $clashdir/start.sh web_save #每10分钟保存节点配置"
+			[ -f $clashdir/web_save ] && web_restore & #后台还原面板配置
+		fi
 	else
 		logger "clash服务启动失败！请查看报错信息！" 31
 		$bindir/clash -t -d $bindir
@@ -602,7 +701,11 @@ afstart(){
 }
 start_old(){
 	#使用传统后台执行二进制文件的方式执行
-	$bindir/clash -d $bindir >/dev/null &
+	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
+		su shellclash -c "$bindir/clash -d $bindir >/dev/null" &
+	else
+		$bindir/clash -d $bindir >/dev/null &
+	fi
 	afstart
 	$0 daemon
 }
@@ -636,7 +739,7 @@ start)
 	;;
 stop)	
 		getconfig
-		[ -n "$(pidof clash)" ] && web_save #保存面板配置
+		[ -n "$(pidof clash)" ] && [ "$restore" = false ] && web_save #保存面板配置
 		#删除守护进程&面板配置自动保存
 		cronset "clash保守模式守护进程"
 		cronset "保存节点配置"
@@ -648,12 +751,19 @@ stop)
 		fi
 		PID=$(pidof clash) && [ -n "$PID" ] &&  kill -9 $PID >/dev/null 2>&1
 		stop_iptables #清理iptables
-		[ "$local_proxy" = "已开启" ] && $0 unset_proxy #禁用本机代理
+		$0 unset_proxy #禁用本机代理
         ;;
 restart)
         $0 stop
         $0 start
         ;;
+init)
+        [ -d "/etc/storage/clash" ] && clashdir=/etc/storage/clash && profile=/opt/etc/profile
+		[ -d "/jffs/clash" ] && clashdir=/jffs/clash && profile=/jffs/configs/profile.add
+		echo "alias clash=\"$clashdir/clash.sh\"" >> $profile 
+		echo "export clashdir=\"$clashdir\"" >> $profile 
+		$0 start
+        ;;
 getyaml)	
 		getconfig
 		getyaml
@@ -663,7 +773,37 @@ updateyaml)
 		$0 restart
 		;;
 webget)
-		webget $2 $3 $4 $5
+		#设置临时http代理 
+		[ -n "$(pidof clash)" ] && getconfig && export all_proxy="http://$authentication@127.0.0.1:$mix_port"
+		#参数【$2】代表下载目录，【$3】代表在线地址
+		#参数【$4】代表输出显示，【$4】不启用重定向
+		#参数【$6】代表验证证书，【$7】使用clash文件头
+		if curl --version > /dev/null 2>&1;then
+			[ "$4" = "echooff" ] && progress='-s' || progress='-#'
+			[ "$5" = "rediroff" ] && redirect='' || redirect='-L'
+			[ "$6" = "skipceroff" ] && certificate='' || certificate='-k'
+			#[ -n "$7" ] && agent='-A "clash"'
+			result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3")
+			[ "$?" != "0" ] && export all_proxy="" && result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3")
+		else
+			if wget --version > /dev/null 2>&1;then
+				[ "$4" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+				[ "$5" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+				[ "$6" = "skipceroff" ] && certificate='' || certificate='--no-check-certificate'
+				timeout='--timeout=3 -t 2'
+				#[ -n "$7" ] && agent='--user-agent="clash"'
+			fi
+			[ "$4" = "echoon" ] && progress=''
+			[ "$4" = "echooff" ] && progress='-q'
+			wget -Y on $agent $progress $redirect $certificate $timeout -O "$2" "$3"
+			if [ "$?" != "0" ];then
+				wget -Y off $agent $progress $redirect $certificate $timeout -O "$2" "$3"
+				[ "$?" = "0" ] && result="200"
+			else
+				result="200"
+			fi
+		fi
+		[ "$result" = "200" ] && exit 0 || exit 1
 		;;
 web_save)
 		getconfig
@@ -675,39 +815,21 @@ web_restore)
 	;;
 daemon)
 		getconfig
-		cronset '#clash保守模式守护进程' "*/1 * * * * test -z \"$(pidof clash)\" && $clashdir/start.sh restart #clash保守模式守护进程"
+		cronset '#clash保守模式守护进程' "*/1 * * * * test -z \"\$(pidof clash)\" && $clashdir/start.sh restart #clash保守模式守护进程"
 	;;
 cronset)
 		cronset $2 $3
 	;;
 set_proxy)
 		getconfig
-		#GNOME配置
-		if  [ "$local_proxy_type" = "GNOME" ];then
-			gsettings set org.gnome.system.proxy autoconfig-url "http://127.0.0.1:$db_port/ui/pac"
-			gsettings set org.gnome.system.proxy mode "auto"
-		#KDE配置
-		elif  [ "$local_proxy_type" = "KDE" ];then
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "Proxy Config Script" "http://127.0.0.1:$db_port/ui/pac"
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 2
-		#环境变量方式
-		else
+		if  [ "$local_type" = "环境变量" ];then
 			[ -w ~/.bashrc ] && profile=~/.bashrc
 			[ -w /etc/profile ] && profile=/etc/profile
 			echo 'export all_proxy=http://127.0.0.1:'"$mix_port" >> $profile
 			echo 'export ALL_PROXY=$all_proxy' >>  $profile
 		fi
 	;;
-unset_proxy)
-		#GNOME配置
-		if  gsettings --version >/dev/null 2>&1 ;then
-			gsettings set org.gnome.system.proxy mode "none"
-		fi
-		#KDE配置
-		if  kwriteconfig5 -h >/dev/null 2>&1 ;then
-			kwriteconfig5 --file kioslaverc --group "Proxy Settings" --key "ProxyType" 0
-		fi
-		#环境变量方式
+unset_proxy)	
 		[ -w ~/.bashrc ] && profile=~/.bashrc
 		[ -w /etc/profile ] && profile=/etc/profile
 		sed -i '/all_proxy/'d  $profile