1.6.3发布至正式版

修正workflows脚本中的几个小问题

.github/workflows/bin_update.yml

@@ -9,7 +9,7 @@ on:
 #   branches: 
 #       - master
     schedule:
-        - cron: 0 1 * * 2
+        - cron: 0 9 * * 2,6
 #   watch:
 #       types: [started]
     workflow_dispatch:
@@ -36,11 +36,11 @@ jobs:
         echo 下载官方面板
         curl -kfSL -o clashdb.zip  https://github.com/Dreamacro/clash-dashboard/archive/gh-pages.zip
         echo 下载Meta面板
-        curl -kfSL -o meta_db.zip  https://github.com/MetaCubeX/clash-dashboard/archive/gh-pages.zip
+        curl -kfSL -o meta_db.zip  https://github.com/MetaCubeX/Razord-meta/archive/gh-pages.zip
         echo 下载yacd面板
         curl -kfSL -o yacd.zip  https://github.com/haishanh/yacd/archive/gh-pages.zip 
         echo 下载meta魔改yacd面板
-        curl -kfSL -o meta_yacd.zip  https://github.com/MetaCubeX/yacd/archive/gh-pages.zip
+        curl -kfSL -o meta_yacd.zip  https://github.com/MetaCubeX/Yacd-meta/archive/gh-pages.zip
         echo 解压缩
         unzip -o clashdb.zip > /dev/null
         unzip -o yacd.zip > /dev/null
@@ -59,11 +59,11 @@ jobs:
         echo 解压缩
         unzip -o meta_db.zip > /dev/null
         unzip -o meta_yacd.zip > /dev/null
-        cd \clash-dashboard-gh-pages
+        cd \Razord-meta-gh-pages
         tar -zcvf meta_db.tar.gz * > /dev/null
         mv -f meta_db.tar.gz ../
         cd ..
-        cd \yacd-gh-pages
+        cd \Yacd-meta-gh-pages
         echo yacd特殊处理
         find -name '*.map' | xargs  rm -rf
         rm -rf report.html
@@ -77,33 +77,27 @@ jobs:
         rm -rf meta_yacd.zip
         rm -rf \clash-dashboard-gh-pages
         rm -rf \yacd-gh-pages
+        rm -rf \Razord-meta-gh-pages
+        rm -rf \Yacd-meta-gh-pages
         echo 面板更新完成！
         
     - name: Update GeoIP
       run: |
         cd \bin
         source version
-        curl -kfSL -O https://cdn.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/Country.mmdb
-        curl -kfSL -o cn_mini.mmdb https://cdn.jsdelivr.net/gh/Hackl0us/GeoIP2-CN@release/Country.mmdb
-        curl -kfSL -o china_ip_list.txt https://cdn.jsdelivr.net/gh/17mon/china_ip_list@master/china_ip_list.txt
-        curl -kfSL -O https://cdn.jsdelivr.net/gh/P3TERX/ca-certificates.crt@download/ca-certificates.crt
-        curl -kfSL -O https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat
+        curl -kfSL -O https://raw.githubusercontent.com/alecthw/mmdb_china_ip_list/release/Country.mmdb
+        curl -kfSL -o cn_mini.mmdb https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/Country.mmdb
+        curl -kfSL -o china_ip_list.txt https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt
+        curl -kfSL -O https://raw.githubusercontent.com/P3TERX/ca-certificates.crt/download/ca-certificates.crt
+        curl -kfSL -O https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat
         sed -i '/GeoIP_v*/'d version
         echo GeoIP_v=`date '+%Y%m%d'` >> version
         echo IP数据库及根证书文件更新完成！
 
-    - name: Update Core Version Info
-      run: |
-          chmod -R +x bin/clash*/
-          sed -i "s/meta_v=.*/meta_v=$(./bin/clash.meta/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
-          sed -i "s/clashnet_v=.*/clashnet_v=$(./bin/clash.net/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
-          sed -i "s/clash_v=.*/clash_v=$(./bin/clash/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
-          sed -i "s/clashpre_v=.*/clashpre_v=$(./bin/clashpre/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
-        
     - name: Commit and push
       run: |
         git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
-        git add . && git commit -m "自动更新最新Dashboard、地址库、根证书以及内核版本信息" || exit 0
+        git add . && git commit -m "自动更新最新Dashboard、地址库、根证书" || exit 0
         git push
         
     - name: Cleanup Workflow

.github/workflows/update_clash_core.yaml

@@ -0,0 +1,51 @@
+name: Update Clash Core
+on: 
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'version of Clash, such as v1.10.6'
+        required: true
+        type: string
+env:
+  download_version: ${{ github.event.inputs.version }}
+  download_url: https://github.com/Dreamacro/clash/releases/download
+jobs:
+  Update:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone Repository
+      uses: actions/checkout@main
+    - name: Init Dependencies
+      run: |
+        wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
+        wget https://github.com/upx/upx/releases/download/v3.93/upx-3.93-amd64_linux.tar.xz
+        tar xf upx-3.96-amd64_linux.tar.xz
+        tar xf upx-3.93-amd64_linux.tar.xz
+    - name: Download Core
+      run: |
+        archs="386 amd64 armv5 armv7 armv8 mips-softfloat mipsle-hardfloat mipsle-softfloat"
+        mkdir tmp
+        for arch in ${archs};do
+          wget "${download_url}/${download_version}/clash-linux-${arch}-${download_version}.gz" -O - | gunzip -c > ./tmp/clash-linux-${arch}
+          chmod +x ./tmp/clash-linux-${arch}
+          if [ "${arch}" != "armv5" ];then
+            if [[ ${arch} == mips* ]];then
+              ./upx-3.93-amd64_linux/upx ./tmp/clash-linux-${arch}
+            else
+              ./upx-3.96-amd64_linux/upx ./tmp/clash-linux-${arch}
+            fi
+          fi
+        done
+        rm -fr upx*
+    - name: Update
+      run: |
+        rm -fr ./bin/clash/*
+        cp ./tmp/* ./bin/clash/
+        rm -fr ./tmp
+        sed -i "s/clash_v=.*/clash_v=$(./bin/clash/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
+    - name: Commit and push
+      run: |
+        git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
+        git add . && git commit -m "更新Clash内核至${download_version}" || exit 0
+        git push
+        

.github/workflows/update_dotnet_core.yaml

@@ -0,0 +1,51 @@
+name: Update DotNet Core
+on: 
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'version of Clash DotNet, such as v1.7.6'
+        required: true
+        type: string
+env:
+  download_version: ${{ github.event.inputs.version }}
+  download_url: https://github.com/ClashDotNetFramework/experimental-clash/releases/download
+jobs:
+  Update:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone Repository
+      uses: actions/checkout@main
+    - name: Init Dependencies
+      run: |
+        wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
+        wget https://github.com/upx/upx/releases/download/v3.93/upx-3.93-amd64_linux.tar.xz
+        tar xf upx-3.96-amd64_linux.tar.xz
+        tar xf upx-3.93-amd64_linux.tar.xz
+    - name: Download Core
+      run: |
+        archs="386 amd64 armv5 armv7 armv8 mips-softfloat mipsle-hardfloat mipsle-softfloat"
+        mkdir tmp
+        for arch in ${archs};do
+          wget "${download_url}/${download_version}/clash-linux-${arch}-${download_version}.gz" -O - | gunzip -c > ./tmp/clash-linux-${arch}
+          chmod +x ./tmp/clash-linux-${arch}
+          if [ "${arch}" != "armv5" ];then
+            if [[ ${arch} == mips* ]];then
+              ./upx-3.93-amd64_linux/upx ./tmp/clash-linux-${arch}
+            else
+              ./upx-3.96-amd64_linux/upx ./tmp/clash-linux-${arch}
+            fi
+          fi
+        done
+        rm -fr upx*
+    - name: Update
+      run: |
+        rm -fr ./bin/clash.net/*
+        cp ./tmp/* ./bin/clash.net/
+        rm -fr ./tmp
+        sed -i "s/clashnet_v=.*/clashnet_v=$(./bin/clash.net/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
+    - name: Commit and push
+      run: |
+        git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
+        git add . && git commit -m "更新DotNet内核至${download_version}" || exit 0
+        git push
+        

.github/workflows/update_meta_core.yaml

@@ -0,0 +1,59 @@
+name: Update Meta Core
+on: 
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'tag of Clash Meta, such as Prerelease-Alpha, Prerelease-Beta, v1.11.1'
+        required: true
+        type: string
+env:
+  download_tag: ${{ github.event.inputs.tag }}
+  download_version: ''
+  download_url: https://github.com/MetaCubeX/Clash.Meta/releases/download
+jobs:
+  Update:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone Repository
+      uses: actions/checkout@main
+    - name: Init Dependencies
+      run: |
+        wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
+        wget https://github.com/upx/upx/releases/download/v3.93/upx-3.93-amd64_linux.tar.xz
+        tar xf upx-3.96-amd64_linux.tar.xz
+        tar xf upx-3.93-amd64_linux.tar.xz
+    - name: Download Core
+      run: |
+        if [ "${download_tag}" = "Prerelease-Alpha" ] || [ "${download_tag}" = "Prerelease-Beta" ];then
+          download_version=$(curl -sL https://api.github.com/repos/MetaCubeX/Clash.Meta/releases/tags/${download_tag} | grep linux-arm64 | head -n 1 | sed 's_.gz.*__;s_.*arm64-__')
+        else
+          download_version=${download_tag}
+        fi
+        echo "download_version=${download_version}" >> ${GITHUB_ENV}
+        archs=(amd64-compatible armv5 armv7 arm64 mips-softfloat mipsle-hardfloat mipsle-softfloat)
+        new_name=(amd64 armv5 armv7 armv8 mips-softfloat mipsle-hardfloat mipsle-softfloat)
+        mkdir tmp
+        for((i=0;i<7;i++));do
+          wget "${download_url}/${download_tag}/Clash.Meta-linux-${archs[i]}-${download_version}.gz" -O - | gunzip -c > ./tmp/clash-linux-${new_name[i]}
+          chmod +x ./tmp/clash-linux-${new_name[i]}
+          if [ "${archs[i]}" != "armv5" ];then
+            if [[ ${archs[i]} = mips* ]];then
+              ./upx-3.93-amd64_linux/upx ./tmp/clash-linux-${new_name[i]}
+            else
+              ./upx-3.96-amd64_linux/upx ./tmp/clash-linux-${new_name[i]}
+            fi
+          fi
+        done
+        rm -fr upx*
+    - name: Update
+      run: |
+        rm -fr ./bin/clash.meta/*
+        cp ./tmp/* ./bin/clash.meta/
+        rm -fr ./tmp
+        sed -i "s/meta_v=.*/meta_v=$(./bin/clash.meta/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
+    - name: Commit and push
+      run: |
+        git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
+        git add . && git commit -m "更新Meta内核至${download_version}" || exit 0
+        git push
+        

.github/workflows/update_premium_core.yaml

@@ -0,0 +1,51 @@
+name: Update Premium Core
+on: 
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'version of Clash Premium, such as 2022.05.18'
+        required: true
+        type: string
+env:
+  download_version: ${{ github.event.inputs.version }}
+  download_url: https://release.dreamacro.workers.dev
+jobs:
+  Update:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone Repository
+      uses: actions/checkout@main
+    - name: Init Dependencies
+      run: |
+        wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
+        wget https://github.com/upx/upx/releases/download/v3.93/upx-3.93-amd64_linux.tar.xz
+        tar xf upx-3.96-amd64_linux.tar.xz
+        tar xf upx-3.93-amd64_linux.tar.xz
+    - name: Download Core
+      run: |
+        archs="386 amd64 armv5 armv7 armv8 mips-softfloat mipsle-hardfloat mipsle-softfloat"
+        mkdir tmp
+        for arch in ${archs};do
+          wget "${download_url}/${download_version}/clash-linux-${arch}-${download_version}.gz" -O - | gunzip -c > ./tmp/clash-linux-${arch}
+          chmod +x ./tmp/clash-linux-${arch}
+          if [ "${arch}" != "armv5" ];then
+            if [[ ${arch} == mips* ]];then
+              ./upx-3.93-amd64_linux/upx ./tmp/clash-linux-${arch}
+            else
+              ./upx-3.96-amd64_linux/upx ./tmp/clash-linux-${arch}
+            fi
+          fi
+        done
+        rm -fr upx*
+    - name: Update
+      run: |
+        rm -fr ./bin/clashpre/*
+        cp ./tmp/* ./bin/clashpre/
+        rm -fr ./tmp
+        sed -i "s/clashpre_v=.*/clashpre_v=$(./bin/clashpre/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
+    - name: Commit and push
+      run: |
+        git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
+        git add . && git commit -m "更新Premium内核至${download_version}" || exit 0
+        git push
+        

README.md

@@ -39,17 +39,29 @@ opkg update && opkg install curl
 ```Shell
 #by fastgit.org
 export url='https://raw.fastgit.org/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+```
+
+```shell
 #by GitHub
 export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+```
+
+```shell
 #by jsDelivr-CDN
 export url='https://fastly.jsdelivr.net/gh/juewuy/ShellClash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
 ```
 
+
+
+
 ##### ~Use wget：<br>
 
 ```Shell
 #by GitHub
 export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+```shell
 #By jsDelivrCDN
 export url='https://fastly.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
@@ -57,8 +69,8 @@ export url='https://fastly.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q
 ~**Use a low version of wget (prompt not to support https) local installation**:<br>
 
 ```Shell
-#by shellclash.ga
-export url='http://shellclash.ga/' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+#by shellclash.cf
+export url='http://shellclash.cf/' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
 ~**After installation by non-root users**, please execute the following additional commands to read environment variables:<br>

README_CN.md

@@ -51,12 +51,21 @@ opkg update && opkg install curl #如已安装请忽略
 ```Shell
 #fastgit.org加速
 export url='https://raw.fastgit.org/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+```
+
+```shell
 #GitHub源
 export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+```
+
+```shell
 #jsDelivrCDN源
 export url='https://fastly.jsdelivr.net/gh/juewuy/ShellClash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+```
+
+```shell
 #作者私人源
-export url='https://shellclash.ga' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+export url='https://shellclash.cf' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
 ```
 
 ~**使用wget安装**：<br>
@@ -64,17 +73,23 @@ export url='https://shellclash.ga' && sh -c "$(curl -kfsSl $url/install.sh)" &&
 ```Shell
 #GitHub源
 export url='https://raw.githubusercontent.com/juewuy/ShellClash/master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+```shell
 #jsDelivrCDN源
 export url='https://fastly.jsdelivr.net/gh/juewuy/ShellClash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
-#作者私人源
-export url='http://shellclash.ga/' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+```
+
+```shell
+#fastgit.org加速
+export url='https://raw.fastgit.org/juewuy/ShellClash/master' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
 ~**使用低版本wget（提示不支持https）安装**：<br>
 
 ```Shell
 #作者私人http源
-export url='http://shellclash.ga/' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+export url='http://shellclash.cf/' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
 ```
 
 ~**非root用户安装后**请额外执行以下命令以读取环境变量：<br>

bin/release_version

@@ -1,4 +1,4 @@
-1.6.0
+1.6.3
 1.5.1
 1.3.0
 1.2.0

bin/version

@@ -1,6 +1,6 @@
 clashnet_v=v1.7.6
 clashpre_v=2021.09.15
 clash_v=v1.7.1
-meta_v=v1.11.0
-GeoIP_v=20220529
-versionsh=1.6.0
+meta_v=v1.12.0
+versionsh=1.6.3
+GeoIP_v=20220709

install.sh

@@ -17,8 +17,11 @@ setconfig(){
 	[ -n "$(grep ${1} $configpath)" ] && sed -i "s#${1}=.*#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 [ -f "/etc/storage/started_script.sh" ] && systype=Padavan && initdir='/etc/storage/started_script.sh'
-[ -d "/jffs/scripts" ] && systype=asusrouter && initdir='/jffs/scripts/net-start'
-[ -f "/jffs/.asusrouter" ] && systype=asusrouter && initdir='/jffs/.asusrouter'
+[ -d "/jffs" ] && systype=asusrouter && { 
+	[ -f "/jffs/.asusrouter" ] && initdir='/jffs/.asusrouter'
+	[ -d "/jffs/scripts" ] && initdir='/jffs/scripts/nat-start' 
+	[ -z "$initdir" ] && initdir='/jffs/scripts/nat-start' && mkdir -p '/jffs/scripts'
+	}
 [ -f "/data/etc/crontabs/root" -a "$(dir_avail /etc)" = 0 ] && systype=mi_snapshot
 #检查root权限
 if [ "$USER" != "root" -a -z "$systype" ];then

rules/ShellClash_Mini.ini

@@ -12,9 +12,10 @@ ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/mast
 ruleset=🎯 全球直连,[]GEOIP,CN
 ruleset=🐟 漏网之鱼,[]FINAL
 
-custom_proxy_group=🚀 节点选择`select`[]♻️ 自动选择`[]📺 省流节点`[]👍 高级节点`select`.*
+custom_proxy_group=🚀 节点选择`select`[]🔯 故障转移`[]♻️ 自动选择`[]📺 省流节点`[]👍 高级节点`.*
 custom_proxy_group=♻️ 自动选择`url-test`.*`http://www.gstatic.com/generate_204`300,,50
-custom_proxy_group=🔯 故障转移`fallback`[]🚀 节点选择`[]♻️ 自动选择`http://www.gstatic.com/generate_204`180
+custom_proxy_group=🔯 故障转移首选`select`.*
+custom_proxy_group=🔯 故障转移`fallback`[]🔯 故障转移首选`[]👍 高级节点`[]♻️ 自动选择`http://www.gstatic.com/generate_204`180
 custom_proxy_group=🛑 广告拦截`select`[]DIRECT`[]REJECT
 custom_proxy_group=🎥 奈飞解锁`select`[]🎥 流媒体解锁`[]👍 高级节点`[]🔯 故障转移`[]🚀 节点选择
 custom_proxy_group=🎯 全球直连`select`[]DIRECT`[]🚀 节点选择`[]♻️ 自动选择

scripts/clash.sh

@@ -521,7 +521,7 @@ localproxy(){
 	echo -----------------------------------------------
 	echo -e " 1 \033[36m$proxy_set本机代理\033[0m"
 	echo -e " 2 使用\033[32m环境变量\033[0m方式配置(部分应用可能无法使用)"
-	echo -e " 3 使用\033[32miptables增强模式\033[0m配置(仅支持Linux系统)"
+	echo -e " 3 使用\033[32miptables增强模式\033[0m配置(支持docker)"
 	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
@@ -542,13 +542,19 @@ localproxy(){
 				setconfig local_proxy $local_proxy
 				setconfig local_type $local_type
 				echo -e "\033[32m已经成功使用$local_type方式配置本机代理~\033[0m"
-				[ "$local_type" = "环境变量" ] && $clashdir/start.sh set_proxy $mix_port $db_port &&echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
-				[ "$local_type" = "iptables增强模式" ] && $clashdir/start.sh start
+				if [ "$local_type" = "环境变量" ];then
+					$clashdir/start.sh set_proxy $mix_port $db_port
+					echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m"
+				else
+					echo -e "\033[36m请重新启动clash服务！\033[0m"
+				fi
+				sleep 1
 			fi		
 		else
 			local_proxy=未开启
 			setconfig local_proxy $local_proxy
 			setconfig local_type
+			sed -i '/user shellclash/d' /etc/init.d/clash 2>/dev/null
 			$clashdir/start.sh stop
 			echo -e "\033[33m已经停用本机代理规则并停止clash服务！！\033[0m"
 			[ "$local_type" = "环境变量" ] && echo -e "\033[36m如未生效，请重新启动终端或重新连接SSH！\033[0m" && sleep 1
@@ -562,6 +568,9 @@ localproxy(){
 		if [ -w /etc/systemd/system/clash.service -o -w /usr/lib/systemd/system/clash.service -o -x /bin/su ];then
 			local_type="iptables增强模式"
 			setconfig local_type $local_type
+		elif [ -f /etc/rc.common -a -w /etc/passwd ]; then
+			local_type="iptables增强模式"
+			setconfig local_type $local_type
 		else
 			echo -e "\033[31m当前设备无法使用增强模式！\033[0m"
 			sleep 1
@@ -1009,6 +1018,7 @@ clashadv(){
 		[ ! -f $clashdir/user.yaml ] && cat > $clashdir/user.yaml <<EOF
 #用于编写自定义设定(可参考https://lancellc.gitbook.io/clash)，例如
 #新版已经支持直接读取系统hosts(/etc/hosts)并写入配置文件，无需在此处添加！
+#新版meta内核已经支持yaml-v3，所有能在脚本中修改的条目请勿在此处配置以免报错！
 #port: 7890
 EOF
 		[ ! -f $clashdir/rules.yaml ] && cat > $clashdir/rules.yaml <<EOF
@@ -1295,7 +1305,7 @@ tools(){
 	elif [ -x /usr/sbin/otapredownload ] && [ "$num" = 5 ]; then	
 		[ "$mi_update" = "禁用" ] && sed -i "/otapredownload/d" /etc/crontabs/root || echo "15 3,4,5 * * * /usr/sbin/otapredownload >/dev/null 2>&1" >> /etc/crontabs/root	
 		echo -----------------------------------------------
-		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动启动，如未生效，请在官方APP中同步设置！"
+		echo -e "已\033[33m$mi_update\033[0m小米路由器的自动更新，如未生效，请在官方APP中同步设置！"
 		sleep 1
 		tools	
 		
@@ -1424,6 +1434,7 @@ clashcron(){
 	echo -e " 2 设置\033[31m定时停止\033[0mclash服务"
 	echo -e " 3 设置\033[32m定时开启\033[0mclash服务"
 	echo -e " 4 设置\033[33m定时更新\033[0m订阅并重启服务"
+	echo -e " 5 设置\033[33m定时更新\033[0m订阅但不重启服务"
 	echo -----------------------------------------------
 	echo -e " 0 返回上级菜单" 
 	read -p "请输入对应数字 > " num
@@ -1448,6 +1459,11 @@ clashcron(){
 		clashcron
 	elif [ "$num" = 4 ]; then	
 		cronname=更新订阅链接
+		cronset="$clashdir/start.sh getyaml && $clashdir/start.sh restart"
+		setcron	
+		clashcron
+	elif [ "$num" = 5 ]; then	
+		cronname=更新订阅但不重启
 		cronset="$clashdir/start.sh updateyaml"
 		setcron	
 		clashcron

scripts/getdate.sh

@@ -37,7 +37,7 @@ linkserver(){
 	echo -e "\033[32m感谢以下作者的无私奉献！！！\033[0m"
 	echo 当前使用后端为：$server_link
 	echo 1 api.dler.io			（墙洞提供）
-	echo 2 sub.shellclash.ga	（作者提供）
+	echo 2 sub.shellclash.cf	（作者提供）
 	echo 3 sub.xeton.dev		（SUB作者T大提供）
 	echo 4 sub.id9.cc			（品云提供）
 	echo 5 sub.maoxiongnet.com	（猫熊提供）
@@ -333,7 +333,7 @@ gettar(){
 	if [ -f /etc/rc.common ];then
 			#设为init.d方式启动
 			cp -f $clashdir/clashservice /etc/init.d/clash
-			chmod 755 /etc/init.d/clash
+			chmod +x /etc/init.d/clash
 	else
 		[ -w /etc/systemd/system ] && sysdir=/etc/systemd/system
 		[ -w /usr/lib/systemd/system ] && sysdir=/usr/lib/systemd/system
@@ -350,7 +350,7 @@ gettar(){
 	#修饰文件及版本号
 	shtype=sh && [ -n "$(ls -l /bin/sh|grep -oE 'dash|show|bash')" ] && shtype=bash 
 	sed -i "s|/bin/sh|/bin/$shtype|" $clashdir/start.sh
-	chmod 755 $clashdir/start.sh
+	chmod +x $clashdir/start.sh
 	setconfig versionsh_l $release_new
 	#设置更新地址
 	[ -n "$url" ] && setconfig update_url $url
@@ -375,7 +375,7 @@ gettar(){
 		}
 	#小米镜像化OpenWrt额外设置
 	if [ "$systype" = "mi_snapshot" ];then
-		chmod 755 $clashdir/misnap_init.sh
+		chmod +x $clashdir/misnap_init.sh
 		uci set firewall.ShellClash=include
 		uci set firewall.ShellClash.type='script'
 		uci set firewall.ShellClash.path='/data/clash/misnap_init.sh'
@@ -452,13 +452,20 @@ getcore(){
 	$clashdir/start.sh webget /tmp/clash.new $corelink
 	if [ "$?" = "1" ];then
 		echo -e "\033[31m核心文件下载失败！\033[0m"
+		rm -rf /tmp/clash.new
+	else
+		chmod +x /tmp/clash.new && /tmp/clash.new -v >/dev/null 2>&1
+		if [ "$?" != 0 ];then
+			echo -e "\033[31m核心文件下载失败！\033[0m"
+			rm -rf /tmp/clash.new
 		else
 			echo -e "\033[32m$clashcore核心下载成功！\033[0m"
 			mv -f /tmp/clash.new $bindir/clash
-		chmod 777 $bindir/clash  #授予权限
+			chmod +x $bindir/clash 
 			setconfig clashcore $clashcore
 			setconfig clashv $version
 		fi
+	fi
 }
 setcore(){
 	#获取核心及版本信息
@@ -604,7 +611,7 @@ getdb(){
 			[ $? -ne 0 ] && echo "文件解压失败！" && rm -rf /tmp/clashfm.tar.gz && exit 1 
 		fi
 		#修改默认host和端口
-		if [ "$db_type" = "clashdb" ];then
+		if [ "$db_type" = "clashdb" -o "$db_type" = "meta_db" ];then
 			sed -i "s/127.0.0.1/${host}/g" $dbdir/assets/*.js
 			sed -i "s/9090/${db_port}/g" $dbdir/assets/*.js
 		else
@@ -776,7 +783,7 @@ setserver(){
 		release_url=''
 		saveserver
 	elif [ "$num" = 4 ]; then
-		update_url='https://gh.shellclash.ga/master'
+		update_url='https://gh.shellclash.cf/master'
 		release_url=''
 		saveserver
 	elif [ "$num" = 5 ]; then
@@ -788,7 +795,7 @@ setserver(){
 		release_url=''
 		saveserver
 	elif [ "$num" = 7 ]; then
-		update_url='http://test.shellclash.ga'
+		update_url='http://test.shellclash.cf'
 		release_url=''
 		saveserver
 	elif [ "$num" = 8 ]; then
@@ -812,7 +819,7 @@ setserver(){
 			setserver
 		elif [ $num -le $(cat /tmp/clashrelease | awk 'END{print NR}') 2>/dev/null ]; then
 			release_version=$(cat /tmp/clashrelease | awk '{print $1}' | sed -n "$num"p)
-			update_url="https://raw.githubusercontents.com/juewuy/ShellClash/master/$release_version"
+			update_url="https://raw.githubusercontents.com/juewuy/ShellClash/$release_version"
 			saveserver
 			release_url=''
 		else

scripts/start.sh

@@ -70,6 +70,13 @@ cronset(){
 	croncmd $tmpcron
 	rm -f $tmpcron
 }
+put_save(){
+	if curl --version > /dev/null 2>&1;then
+		curl -sS -X PUT -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1" -d "$2" >/dev/null
+	elif wget --version > /dev/null 2>&1;then
+		wget -q --method=PUT --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" --body-data="$2" "$1" >/dev/null
+	fi
+}
 mark_time(){
 	start_time=`date +%s`
 	sed -i '/start_time*/'d $clashdir/mark
@@ -137,7 +144,7 @@ getyaml(){
 	#前后端订阅服务器地址索引，可在此处添加！
 	Server=`sed -n ""$server_link"p"<<EOF
 https://api.dler.io
-https://sub.shellclash.ga
+https://sub.shellclash.cf
 https://sub.xeton.dev
 https://sub.id9.cc
 https://sub.maoxiongnet.com
@@ -164,7 +171,7 @@ EOF`
 	Https=$(echo ${Https//\%26/\&})   #将%26替换回&
 	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
 	if [ -z "$Https" ];then
-		[ -n "$(echo $Url | grep -o 'vless')" ] && Server='https://sub.shellclash.ga'
+		[ -n "$(echo $Url | grep -o 'vless')" ] && Server='https://sub.shellclash.cf'
 		Https="$Server/sub?target=clash&insert=true&new_name=true&scv=true&udp=true&exclude=$exclude&include=$include&url=$Url&config=$Config"
 		url_type=true
 	fi
@@ -275,7 +282,6 @@ EOF`
 			mv -f $yamlnew $yaml
 		fi
 		echo -e "\033[32m已成功获取配置文件！\033[0m"
-		exit 0
 	fi
 }
 modify_yaml(){
@@ -286,7 +292,6 @@ modify_yaml(){
 	#默认fake-ip过滤列表
 	fake_ft_df='"*.lan", "time.windows.com", "time.nist.gov", "time.apple.com", "time.asia.apple.com", "*.ntp.org.cn", "*.openwrt.pool.ntp.org", "time1.cloud.tencent.com", "time.ustc.edu.cn", "pool.ntp.org", "ntp.ubuntu.com", "ntp.aliyun.com", "ntp1.aliyun.com", "ntp2.aliyun.com", "ntp3.aliyun.com", "ntp4.aliyun.com", "ntp5.aliyun.com", "ntp6.aliyun.com", "ntp7.aliyun.com", "time1.aliyun.com", "time2.aliyun.com", "time3.aliyun.com", "time4.aliyun.com", "time5.aliyun.com", "time6.aliyun.com", "time7.aliyun.com", "*.time.edu.cn", "time1.apple.com", "time2.apple.com", "time3.apple.com", "time4.apple.com", "time5.apple.com", "time6.apple.com", "time7.apple.com", "time1.google.com", "time2.google.com", "time3.google.com", "time4.google.com", "music.163.com", "*.music.163.com", "*.126.net", "musicapi.taihe.com", "music.taihe.com", "songsearch.kugou.com", "trackercdn.kugou.com", "*.kuwo.cn", "api-jooxtt.sanook.com", "api.joox.com", "joox.com", "y.qq.com", "*.y.qq.com", "streamoc.music.tc.qq.com", "mobileoc.music.tc.qq.com", "isure.stream.qqmusic.qq.com", "dl.stream.qqmusic.qq.com", "aqqmusic.tc.qq.com", "amobile.music.tc.qq.com", "*.xiami.com", "*.music.migu.cn", "music.migu.cn", "*.msftconnecttest.com", "*.msftncsi.com", "localhost.ptlogin2.qq.com", "*.*.*.srv.nintendo.net", "*.*.stun.playstation.net", "xbox.*.*.microsoft.com", "*.*.xboxlive.com", "proxy.golang.org","*.sgcc.com.cn","*.alicdn.com","*.aliyuncs.com"'
 	lan='allow-lan: true'
-	#mode='mode: Rule'
 	log='log-level: info'
 	[ "$ipv6_support" = "已开启" ] && ipv6='ipv6: true' || ipv6='ipv6: false'
 	[ "$ipv6_dns" = "已开启" ] && dns_v6='ipv6: true' || dns_v6=$ipv6
@@ -351,13 +356,12 @@ store-selected: $restore
 hosts:
 EOF
 ###################################
-	[ -f $clashdir/user.yaml ] && yaml_user=$clashdir/user.yaml
 	#读取本机hosts并生成配置文件
 	hosts_dir=/etc/hosts
 	if [ "$redir_mod" != "纯净模式" ] && [ "$dns_no" != "已禁用" ] && [ -f $hosts_dir ];then
 		while read line;do
-			[ -n "$(echo "$line")" ] && \
-			[ -z "$(echo "$line" | grep '#')" ] && \
+			[ -n "$(echo "$line" | grep -oE "([0-9]{1,3}[\.]){3}" )" ] && \
+			[ -z "$(echo "$line" | grep -oE '^#')" ] && \
 			hosts_ip=$(echo $line | awk '{print $1}')  && \
 			hosts_domain=$(echo $line | awk '{print $2}') && \
 			echo "   '$hosts_domain': $hosts_ip" >> $tmpdir/hosts.yaml
@@ -443,8 +447,6 @@ start_redir(){
 	fi
 	#将PREROUTING链指向clash链
 	iptables -t nat -A PREROUTING -p tcp $ports -j clash
-	#Docker特殊处理
-	[ "$local_proxy" = "已开启" ] && iptables -t nat -I PREROUTING -s 172.16.0.0/12  -j clash
 	#禁用QUIC
 	if [ "$quic_rj" = 已启用 ] && [ "$tproxy_mod" = "已开启" ];then
 		[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
@@ -547,22 +549,40 @@ start_udp(){
 	iptables -t mangle -A PREROUTING -p udp -j clash
 }
 start_output(){
-	#流量过滤规则
+	#流量过滤
 	iptables -t nat -N clash_out
 	iptables -t nat -A clash_out -m owner --gid-owner 7890 -j RETURN
+	iptables -t nat -A clash_out -d 0.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_out -d 100.64.0.0/10 -j RETURN
 	iptables -t nat -A clash_out -d 127.0.0.0/8 -j RETURN
-	iptables -t nat -A clash_out -d 172.16.0.0/12 -j RETURN
-	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
+	iptables -t nat -A clash_out -d 169.254.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_out -d 224.0.0.0/4 -j RETURN
+	iptables -t nat -A clash_out -d 240.0.0.0/4 -j RETURN
+	[ "$dns_mod" = "redir_host" -a "$cn_ip_route" = "已开启" ] && \
+	iptables -t nat -A clash_out -m set --match-set cn_ip dst -j RETURN >/dev/null 2>&1 #绕过大陆IP
 	iptables -t nat -A clash_out -p tcp -j REDIRECT --to-ports $redir_port
-	iptables -t nat -A OUTPUT -p tcp -s 127.0.0.0/8 -j clash_out
-	iptables -t nat -A OUTPUT -p tcp -s 172.16.0.0/12 -j clash_out
-	iptables -t nat -A OUTPUT -p tcp -d 198.18.0.0/16 -j clash_out
+	#
+	iptables -t nat -A OUTPUT -p tcp -j clash_out
 	#设置dns转发
+	[ "$dns_no" != "已禁用" ] && {
 	iptables -t nat -N clash_dns_out
 	iptables -t nat -A clash_dns_out -m owner --gid-owner 7890 -j RETURN
 	iptables -t nat -A clash_dns_out -p udp -j REDIRECT --to $dns_port
-	iptables -t nat -A OUTPUT -p udp --dport 53 -s 127.0.0.0/8 -j clash_dns_out
-	iptables -t nat -A OUTPUT -p udp --dport 53 -s 172.16.0.0/12 -j clash_dns_out
+	iptables -t nat -A OUTPUT -p udp --dport 53 -j clash_dns_out
+	}
+	#Docker转发
+	type docker &>/dev/null && {
+	iptables -t nat -N clash_docker
+	iptables -t nat -A clash_docker -d 10.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_docker -d 127.0.0.0/8 -j RETURN
+	iptables -t nat -A clash_docker -d 172.16.0.0/12 -j RETURN
+	iptables -t nat -A clash_docker -d 192.168.0.0/16 -j RETURN
+	iptables -t nat -A clash_docker -p tcp -j REDIRECT --to-ports $redir_port
+	iptables -t nat -A PREROUTING -p tcp -s 172.16.0.0/12 -j clash_docker
+	[ "$dns_no" != "已禁用" ] && iptables -t nat -A PREROUTING -p udp --dport 53 -s 172.16.0.0/12 -j REDIRECT --to $dns_port
+	}
 }
 start_tun(){
 	if [ "$quic_rj" = 已启用 ];then
@@ -598,7 +618,6 @@ stop_iptables(){
 	iptables -D INPUT -p tcp --dport $mix_port -j ACCEPT 2> /dev/null
 	iptables -D INPUT -p tcp --dport $db_port -j ACCEPT 2> /dev/null
 	iptables -t nat -D PREROUTING -p udp --dport 53 -j clash_dns 2> /dev/null
-	iptables -t nat -D PREROUTING -s 172.16.0.0/12  -j clash 2> /dev/null
 	iptables -t nat -F clash 2> /dev/null
 	iptables -t nat -X clash 2> /dev/null
 	iptables -t nat -F clash_dns 2> /dev/null
@@ -609,15 +628,17 @@ stop_iptables(){
 	iptables -D INPUT -p udp --dport 443 -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	iptables -D FORWARD -p udp --dport 443 -o utun -m comment --comment "ShellClash QUIC REJECT" $set_cn_ip -j REJECT >/dev/null 2>&1
 	#重置output规则
-	iptables -t nat -D OUTPUT -p tcp -s 127.0.0.0/8 -j clash_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p tcp -s 172.16.0.0/12 -j clash_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p tcp -d 198.18.0.0/16 -j clash_out 2> /dev/null
+	iptables -t nat -D OUTPUT -p tcp -j clash_out 2> /dev/null
 	iptables -t nat -F clash_out 2> /dev/null
 	iptables -t nat -X clash_out 2> /dev/null	
-	iptables -t nat -D OUTPUT -p udp --dport 53 -s 127.0.0.0/8 -j clash_dns_out 2> /dev/null
-	iptables -t nat -D OUTPUT -p udp --dport 53 -s 172.16.0.0/12 -j clash_dns_out 2> /dev/null
+	iptables -t nat -D OUTPUT -p udp --dport 53 -j clash_dns_out 2> /dev/null
 	iptables -t nat -F clash_dns_out 2> /dev/null
 	iptables -t nat -X clash_dns_out 2> /dev/null
+	#重置docker规则
+	iptables -t nat -F clash_docker 2> /dev/null
+	iptables -t nat -X clash_docker 2> /dev/null
+	iptables -t nat -D PREROUTING -p tcp -s 172.16.0.0/12 -j clash_docker 2> /dev/null
+	iptables -t nat -D PREROUTING -p udp --dport 53 -s 172.16.0.0/12 -j REDIRECT --to $dns_port 2> /dev/null
 	#重置udp规则
 	iptables -t mangle -D PREROUTING -p udp -j clash 2> /dev/null
 	iptables -t mangle -F clash 2> /dev/null
@@ -678,13 +699,7 @@ web_save(){
 	fi
 }
 web_restore(){
-	put_save(){
-		if curl --version > /dev/null 2>&1;then
-			curl -sS -X PUT -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1" -d "$2" >/dev/null
-		elif wget --version > /dev/null 2>&1;then
-			wget -q --method=PUT --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" --body-data="$2" "$1" >/dev/null
-		fi
-	}
+
 	#设置循环检测clash面板端口
 	i=1
 	while [ -z "$test" -a "$i" -lt 60 ];do
@@ -739,8 +754,6 @@ bfstart(){
 	[ ! -d $bindir/ui ] && mkdir -p $bindir/ui
 	update_url=https://ghproxy.com/https://raw.githubusercontent.com/juewuy/ShellClash/master
 	#检查clash核心
-	$bindir/clash -v >/dev/null 2>&1
-	[ "$?" != 0 ] && rm -rf $bindir/clash
 	if [ ! -f $bindir/clash ];then
 		if [ -f $clashdir/clash ];then
 			mv $clashdir/clash $bindir/clash && chmod +x $bindir/clash
@@ -806,18 +819,27 @@ bfstart(){
 	#本机代理准备
 	if [ "$local_proxy" = "已开启" -a "$local_type" = "iptables增强模式" ];then
 		if [ -z "$(id shellclash 2>/dev/null | grep 'root')" ];then
+			if type userdel useradd groupmod &>/dev/null; then
 				userdel shellclash 2>/dev/null
 				useradd shellclash -u 7890
 				groupmod shellclash -g 7890
 				sed -Ei s/7890:7890/0:7890/g /etc/passwd
+			else
+				grep -qw shellclash /etc/passwd || echo "shellclash:x:0:7890:::" >> /etc/passwd
+			fi
 		fi
 		if [ "$start_old" != "已开启" ];then
 			[ -w /etc/systemd/system/clash.service ] && servdir=/etc/systemd/system/clash.service
 			[ -w /usr/lib/systemd/system/clash.service ] && servdir=/usr/lib/systemd/system/clash.service
+			if [ -w /etc/init.d/clash ]; then
+				[ -z "$(grep 'procd_set_param user shellclash' /etc/init.d/clash)" ] && \
+    			sed -i '/procd_close_instance/i\\t\tprocd_set_param user shellclash' /etc/init.d/clash
+			elif [ -w "$servdir" ]; then
 				setconfig ExecStart "/bin/su\ shellclash\ -c\ \"$bindir/clash\ -d\ $bindir\"" $servdir
 				systemctl daemon-reload >/dev/null
 			fi
 		fi
+	fi
 }
 afstart(){
 
@@ -953,8 +975,10 @@ getyaml)
 		getyaml
 		;;
 updateyaml)	
-		$0 getyaml
-		$0 restart
+		getconfig
+		getyaml
+		modify_yaml
+		put_save http://localhost:${db_port}/configs "{\"path\":\"${clashdir}/config.yaml\"}"
 		;;
 webget)
 		#设置临时http代理 
@@ -967,7 +991,7 @@ webget)
 			[ "$5" = "rediroff" ] && redirect='' || redirect='-L'
 			[ "$6" = "skipceroff" ] && certificate='' || certificate='-k'
 			#[ -n "$7" ] && agent='-A "clash"'
-			result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3")
+			result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3" 2>/dev/null)
 			[ "$result" != "200" ] && export all_proxy="" && result=$(curl $agent -w %{http_code} --connect-timeout 3 $progress $redirect $certificate -o "$2" "$3")
 		else
 			if wget --version > /dev/null 2>&1;then