v1.6.1

~同步v1.11.1版本meta内核
~本机代理增强模式适配更多设备
~重新本机代理部分逻辑，优化docker兼容性，修复bug
~修复版本回退功能bug

bin/release_version

@@ -1,4 +1,4 @@
-1.6.0
+1.6.1
 1.5.1
 1.3.0
 1.2.0

bin/version

@@ -1,6 +1,6 @@
 clashnet_v=v1.7.6
 clashpre_v=2021.09.15
 clash_v=v1.7.1
-meta_v=v1.11.0
+GeoIP_v=20220531
-GeoIP_v=20220529
+meta_v=1.11.1
-versionsh=1.6.0
+versionsh=1.6.1

scripts/clash.sh

@@ -521,7 +521,7 @@ localproxy(){
 	echo -----------------------------------------------
 	echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
 	echo -e " 2 使用\033[32m环境变量\033[0m方式配置(部分应用可能无法使用)"
-	echo -e " 3 使用\033[32miptables增强模式\033[0m配置(仅支持Linux系统)"
+	echo -e " 3 使用\033[32miptables增强模式\033[0m配置(支持docker)"
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -542,13 +542,19 @@ localproxy(){
 				setconfig local_proxy $local_proxy
 				setconfig local_type $local_type
 				echo -e "\033[32m已经成功使用$local_type方式配置本机代理~\033[0m"
-				[ "$local_type" = "环境变量" ] && $clashdir/start.sh set_proxy $mix_port $db_port &&echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
+				if [ "$local_type" = "环境变量" ];then
-				[ "$local_type" = "iptables增强模式" ] && $clashdir/start.sh start
+					$clashdir/start.sh set_proxy $mix_port $db_port
+					echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m"
+				else
+					echo -e "\033[36m请重新启动clash服务！\033[0m"
+				fi
+				sleep 1
 			fi		
 		else
 			local_proxy=未开启
 			setconfig local_proxy $local_proxy
 			setconfig local_type
+			sed -i '/user shellclash/d' /etc/init.d/clash 2>/dev/null
 			$clashdir/start.sh stop
 			echo -e "\033[33m已经停用本机代理规则并停止clash服务！！\033[0m"
 			[ "$local_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
@@ -562,6 +568,9 @@ localproxy(){
 		if [ -w /etc/systemd/system/clash.service -o -w /usr/lib/systemd/system/clash.service -o -x /bin/su ];then
 			local_type="iptables增强模式"
 			setconfig local_type $local_type
+		elif [ -f /etc/rc.common -a -w /etc/passwd ]; then
+			local_type="iptables增强模式"
+			setconfig local_type $local_type
 		else
 			echo -e "\033[31m当前设备无法使用增强模式！\033[0m"
 			sleep 1
@@ -1295,7 +1304,7 @@ tools(){
 	elif [ -x /usr/sbin/otapredownload ] && [ "$num" = 5 ]; then	
 		[ "$mi_update" = "禁用" ] && sed -i "/otapredownload/d" /etc/crontabs/root || echo "15 3,4,5 * * * /usr/sbin/otapredownload >/dev/null 2>&1" >> /etc/crontabs/root	
 		echo -----------------------------------------------
-		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动启动，如未生效，请在官方APP中同步设置！"
+		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动更新，如未生效，请在官方APP中同步设置！"
 		sleep 1
 		tools	
 		

scripts/getdate.sh

@@ -604,7 +604,7 @@ getdb(){
 			[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
 		fi
 		#修改默认host和端口
-		if [ "$db_type" = "clashdb" ];then
+		if [ "$db_type" = "clashdb" -o "$db_type" = "meta_db" ];then
 			sed -i "s/127.0.0.1/${host}/g" $dbdir/assets/*.js
 			sed -i "s/9090/${db_port}/g" $dbdir/assets/*.js
 		else
@@ -812,7 +812,7 @@ setserver(){
 			setserver
 		elif [ $num -le $(cat /tmp/clashrelease | awk 'END{print NR}') 2>/dev/null ]; then
 			release_version=$(cat /tmp/clashrelease | awk '{print $1}' | sed -n "$num"p)
-			update_url="https://raw.githubusercontents.com/juewuy/ShellClash/master/$release_version"
+			update_url="https://raw.githubusercontents.com/juewuy/ShellClash/$release_version"
 			saveserver
 			release_url=''
 		else

scripts/start.sh

@@ -443,8 +443,6 @@ start_redir(){
 	fi
 	#将PREROUTING链指向clash链
 	iptables -t nat -A PREROUTING -p tcp $ports -j clash
-	#Docker特殊处理
-	[ "$local_proxy" = "已开启" ] && iptables -t nat -I PREROUTING -s 172.16.0.0/12  -j clash
 	#禁用QUIC
 	if [ "$quic_rj" = 已启用 ] && [ "$tproxy_mod" = "已开启" ];then
 		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
@@ -547,22 +545,40 @@ start_udp(){
 	iptables -t mangle -A PREROUTING -p udp -j clash
 }
 start_output(){
-	#流量过滤规则
+	#流量过滤
 	iptables -t nat -N clash_out
 	iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN
+	iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 100.64.0.0/10 -j RETURN
 	iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
-	iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
-	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
+	iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
+	iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
+	iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	iptables -t nat -A clash_out -p tcp -j REDIRECT --to-ports $redir_port
-	iptables -t nat -A OUTPUT -p tcp -s 127.0.0.0/8 -j clash_out
+	#
-	iptables -t nat -A OUTPUT -p tcp -s 172.16.0.0/12 -j clash_out
+	iptables -t nat -A OUTPUT -p tcp -j clash_out
-	iptables -t nat -A OUTPUT -p tcp -d 198.18.0.0/16 -j clash_out
 	#设置dns转发
+	[ "$dns_no" != "已禁用" ] && {
 	iptables -t nat -N clash_dns_out
 	iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN
 	iptables -t nat -A clash_dns_out -p udp -j REDIRECT --to $dns_port
-	iptables -t nat -A OUTPUT -p udp --dport 53 -s 127.0.0.0/8 -j clash_dns_out
+	iptables -t nat -A OUTPUT -p udp --dport 53 -j clash_dns_out
-	iptables -t nat -A OUTPUT -p udp --dport 53 -s 172.16.0.0/12 -j clash_dns_out
+	}
+	#Docker转发
+	type docker &>/dev/null && {
+	iptables -t nat -N clash_docker
+	iptables -t nat -A clash_docker -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_docker -d 127.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_docker -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash_docker -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_docker -p tcp -j REDIRECT --to-ports $redir_port
+	iptables -t nat -A PREROUTING -p tcp -s 172.16.0.0/12 -j clash_docker
+	[ "$dns_no" != "已禁用" ] && iptables -t nat -A PREROUTING -p udp --dport 53 -s 172.16.0.0/12 -j REDIRECT --to $dns_port
+	}
 }
 start_tun(){
 	if [ "$quic_rj" = 已启用 ];then
@@ -598,7 +614,6 @@ stop_iptables(){
 	iptables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
 	iptables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
 	iptables -t nat -D PREROUTING -p udp --dport 53 -j clash_dns 2> /dev/null
-	iptables -t nat -D PREROUTING -s 172.16.0.0/12  -j clash 2> /dev/null
 	iptables -t nat -F clash 2> /dev/null
 	iptables -t nat -X clash 2> /dev/null
 	iptables -t nat -F clash_dns 2> /dev/null
@@ -609,15 +624,17 @@ stop_iptables(){
 	iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	#重置output规则
-	iptables -t nat -D OUTPUT -p tcp -s 127.0.0.0/8 -j clash_out 2> /dev/null
+	iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p tcp -s 172.16.0.0/12 -j clash_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p tcp -d 198.18.0.0/16 -j clash_out 2> /dev/null
 	iptables -t nat -F clash_out 2> /dev/null
 	iptables -t nat -X clash_out 2> /dev/null	
-	iptables -t nat -D OUTPUT -p udp --dport 53 -s 127.0.0.0/8 -j clash_dns_out 2> /dev/null
+	iptables -t nat -D OUTPUT -p udp --dport 53 -j clash_dns_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p udp --dport 53 -s 172.16.0.0/12 -j clash_dns_out 2> /dev/null
 	iptables -t nat -F clash_dns_out 2> /dev/null
 	iptables -t nat -X clash_dns_out 2> /dev/null
+	#重置docker规则
+	iptables -t nat -F clash_docker 2> /dev/null
+	iptables -t nat -X clash_docker 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -s 172.16.0.0/12 -j clash_docker 2> /dev/null
+	iptables -t nat -D PREROUTING -p udp --dport 53 -s 172.16.0.0/12 -j REDIRECT --to $dns_port 2> /dev/null
 	#重置udp规则
 	iptables -t mangle -D PREROUTING -p udp -j clash 2> /dev/null
 	iptables -t mangle -F clash 2> /dev/null
@@ -806,18 +823,27 @@ bfstart(){
 	#本机代理准备
 	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
 		if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
+			if type userdel useradd groupmod &>/dev/null; then
 				userdel shellclash 2>/dev/null
 				useradd shellclash -u 7890
 				groupmod shellclash -g 7890
 				sed -Ei s/7890:7890/0:7890/g /etc/passwd
+			else
+				grep -qw shellclash /etc/passwd || echo "shellclash:x:0:7890:::" >> /etc/passwd
+			fi
 		fi
 		if [ "$start_old" != "已开启" ];then
 			[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
 			[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
+			if [ -w /etc/init.d/clash ]; then
+				[ -z "$(grep 'procd_set_param user shellclash' /etc/init.d/clash)" ] && \
+    			sed -i '/procd_close_instance/i\\t\tprocd_set_param user shellclash' /etc/init.d/clash
+			elif [ -w "$servdir" ]; then
 				setconfig ExecStart "/bin/su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir
 				systemctl daemon-reload >/dev/null
 			fi
 		fi
+	fi
 }
 afstart(){