~优化保守模式守护进程

~1.9.4rc7.1 pkg
~修复TG-BOT因守护进程错乱导致的各种bug
2026-03-11 07:51:45 +00:00 · 2026-02-14 20:30:53 +08:00 · 2026-02-10 19:57:07 +08:00 · 2026-02-10 19:56:38 +08:00 · 2026-02-10 19:44:36 +08:00 · 2026-02-10 19:44:11 +08:00
103 changed files with 10237 additions and 8204 deletions
--- a/.github/workflows/core_auto_update.yml
+++ b/.github/workflows/core_auto_update.yml
@@ -6,43 +6,30 @@ on:
    workflow_dispatch:

 jobs:
-  check_version:
-    runs-on: ubuntu-latest
-    steps:
-      - name: checkout
-        uses: actions/checkout@v4
-        with:
-          repository: reF1nd/sing-box
-          ref: reF1nd-dev
-          fetch-depth: 0   
-      - name: Check version
-        run: |
-          git remote add sekai https://github.com/SagerNet/sing-box.git
-          git fetch --tags sekai
-          version_new=$(CGO_ENABLED=0 go run ./cmd/internal/read_tag)
-          version_old=$(curl -sSl https://github.com/juewuy/ShellCrash/releases/download/singbox_core_reF1nd/version)    
-          if [ "$version_old" != "$version_new" ];then
-            echo a=$version_old >> $GITHUB_ENV
-            echo b=$version_new >> $GITHUB_ENV
-          else
-            echo "未检查到版本更新，已退出！"
-            exit 1
-          fi
    
-  auto_update_singboxp_with_wg:
-    needs: check_version
-    if: ${{ success() }}
+  auto_update_singboxr_dev:
    permissions: write-all
    uses: juewuy/ShellCrash/.github/workflows/update_singbox_core.yaml@dev
    with:
      tag1: reF1nd/sing-box
      tag2: reF1nd-dev
-      tag3: singbox_core_reF1nd
-      tag5: with_quic,with_dhcp,with_wireguard,with_tailscale,with_shadowsocksr,with_utls,with_clash_api,with_gvisor
+      tag4: singboxr
+      tag5: with_gvisor,with_quic,with_dhcp,with_wireguard,with_utls,with_shadowsocksr,with_acme,with_clash_api,with_tailscale
+      tag6: gz
    secrets: inherit
-
+    
+  auto_update_meta_alpha:
+    permissions: write-all
+    uses: juewuy/ShellCrash/.github/workflows/update_meta_core.yaml@dev
+    with:
+      tag1: MetaCubeX/mihomo
+      tag2: Alpha
+      tag4: meta
+      tag5: with_gvisor
+      tag6: gz
+    secrets: inherit
+    
  cleanup:
-    needs: check_version
    runs-on: ubuntu-latest
    steps:
      - name: cleanup
--- a/.github/workflows/update_meta_core.yaml
+++ b/.github/workflows/update_meta_core.yaml
@@ -23,6 +23,31 @@ on:
        description: 'build tags'
        required: false
        type: string
+      tag6:
+        description: 'ziptype(tar.gz|upx|gz)'
+        required: true
+        type: string
+        
+  workflow_call:
+    inputs:
+      tag1:
+        required: true
+        type: string
+      tag2:
+        required: true
+        type: string
+      tag3:
+        required: false
+        type: string
+      tag4:
+        required: false
+        type: string
+      tag5:
+        required: false
+        type: string
+      tag6:
+        required: true
+        type: string
        
 jobs:
  go:
@@ -50,6 +75,7 @@ jobs:
        id: meta
        run: |
          version=${{ github.event.inputs.tag2 }}
+          [ "$version" = Alpha ] && version="Alpha-$(date +"%Y%m%d")"
          echo version=$version >> $GITHUB_OUTPUT
          if [ -z "$TAGS" ];then
            echo tags='' >> $GITHUB_OUTPUT
@@ -119,22 +145,6 @@ jobs:
        uses: actions/setup-go@v6
        with:
          go-version: ${{needs.go.outputs.version}}
-          
-      - name: Set variables
-        run: |
-            VERSION="${GITHUB_REF_NAME,,}-$(git rev-parse --short HEAD)"
-            VERSION="${VERSION//\//-}"
-            PackageVersion="$(curl -s "https://api.github.com/repos/MetaCubeX/mihomo/releases/latest" | jq -r '.tag_name' | sed 's/v//g' | awk -F '.' '{$NF = $NF + 1; print}' OFS='.').${VERSION/-/.}"
-            if [ -n "${{ github.event.inputs.version }}" ]; then
-              VERSION=${{ github.event.inputs.version }}
-              PackageVersion="${VERSION#v}"
-            fi
-            echo "VERSION=${VERSION}" >> $GITHUB_ENV
-            echo "PackageVersion=${PackageVersion}" >> $GITHUB_ENV
-            echo "BUILDTIME=$(date)" >> $GITHUB_ENV
-            echo "CGO_ENABLED=0" >> $GITHUB_ENV
-            echo "BUILDTAG=-extldflags --static" >> $GITHUB_ENV
-            echo "GOTOOLCHAIN=local" >> $GITHUB_ENV    
        
      - name: Update CA
        run: |
@@ -145,13 +155,14 @@ jobs:
      - name: build core
        id: build
        run: |
-            go env
-            go build -v -tags "${TAGS}" -o meta -trimpath -ldflags "${BUILDTAG} -X 'github.com/metacubex/mihomo/constant.Version=${VERSION}' -X 'github.com/metacubex/mihomo/constant.BuildTime=${BUILDTIME}' -w -s -buildid="
+            go build -v -tags "${TAGS}" -o meta -trimpath -ldflags "-extldflags --static -X 'github.com/metacubex/mihomo/constant.Version=${VERSION}' -X 'github.com/metacubex/mihomo/constant.BuildTime=$(date)' -w -s -buildid="
+      
      - name: Upload file to workspace
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.name }}
          path: meta
+          overwrite: true
          
  push_to_git:
    needs: 
@@ -159,8 +170,9 @@ jobs:
      - meta
    runs-on: ubuntu-latest
    env: 
-      RELEASE: ${{ github.event.inputs.tag3 }}
-      PUSHDIR: ${{ github.event.inputs.tag4 }}
+      RELEASE: ${{ inputs.tag3 }}
+      PUSHDIR: ${{ inputs.tag4 }}
+      ZIPTYPE: ${{ inputs.tag6 }}    
      VERSION: ${{needs.meta.outputs.version}}
    steps:
      - name: Checkout ShellCrash
@@ -174,7 +186,30 @@ jobs:
        with:
          path: ./tmp
          
+      - name: Zip core by upx
+        if: env.ZIPTYPE == 'upx'
+        run: |    
+          wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
+          wget https://github.com/upx/upx/releases/download/v3.94/upx-3.94-amd64_linux.tar.xz
+          tar xf upx-3.96-amd64_linux.tar.xz
+          tar xf upx-3.94-amd64_linux.tar.xz
+          for arch in amd64 armv5 armv7 arm64 386 mips-softfloat mipsle-hardfloat mipsle-softfloat;do
+            [ ! -f ./tmp/linux-${arch}/meta ] && continue
+            mv -f ./tmp/linux-${arch}/meta ./tmp/clash-linux-${arch}.upx
+            chmod +x ./tmp/clash-linux-${arch}.upx
+            case "${arch}" in
+              armv5|mips* )
+                ./upx-3.94-amd64_linux/upx --no-lzma ./tmp/clash-linux-${arch}.upx
+              ;;
+              *)
+                ./upx-3.96-amd64_linux/upx --no-lzma ./tmp/clash-linux-${arch}.upx
+              ;;
+            esac
+          done
+          rm -rf upx-3.9*
+         
      - name: Zip core by tar
+        if: env.ZIPTYPE == 'tar.gz'
        run: |      
          for arch in amd64 armv5 armv7 arm64 386 mips-softfloat mipsle-hardfloat mipsle-softfloat;do
            [ ! -f ./tmp/linux-${arch}/meta ] && continue
@@ -183,15 +218,24 @@ jobs:
            tar --no-same-owner -zcvf ./tmp/clash-linux-${arch}.tar.gz -C ./tmp CrashCore
          done
          
+      - name: Zip core by gz
+        if: env.ZIPTYPE == 'gz'
+        run: |        
+          for arch in amd64 armv5 armv7 arm64 386 mips-softfloat mipsle-hardfloat mipsle-softfloat;do
+            [ ! -f ./tmp/linux-${arch}/meta ] && continue
+            mv -f ./tmp/linux-${arch}/meta ./tmp/clash-linux-${arch}
+            chmod +x ./tmp/clash-linux-${arch}
+            gzip ./tmp/clash-linux-${arch}
+          done
+                    
      - name: Commit and push
        if: ${{ env.PUSHDIR != '' }}
        run: |
-          crashcore='meta'
+          [ "${{ inputs.tag1 }}" = MetaCubeX/mihomo ] && crashcore='meta'
          mkdir -p ./bin/${crashcore}
-          rm -fr ./bin/${crashcore}/*
-          mv -f ./tmp/clash-linux-*.tar.gz ./bin/${crashcore}/
+          mv -f ./tmp/clash-linux-* ./bin/${crashcore}/
          rm -fr ./tmp
-          sed -i "s/${crashcore}_v=.*/${crashcore}_v=${VERSION}/" ./bin/version
+          [ "${{ inputs.tag6 }}" = tar.gz ] && sed -i "s/${crashcore}_v=.*/${crashcore}_v=${VERSION}/" ./bin/version
          git config --global user.email "github-actions[bot]@users.noreply.github.com" && git config --global user.name "github-actions[bot]"
          git add . && git commit -m "更新${crashcore}内核至${VERSION}" || exit 0
          git push
@@ -219,3 +263,6 @@ jobs:
        with:
          retain_days: 1
          keep_minimum_runs: 2      
+
+
+
--- a/.github/workflows/update_singbox_core.yaml
+++ b/.github/workflows/update_singbox_core.yaml
@@ -23,6 +23,11 @@ on:
        description: 'build tags'
        required: false
        type: string
+      tag6:
+        description: 'ziptype(tar.gz|upx|gz)'
+        required: true
+        type: string
+        
  workflow_call:
    inputs:
      tag1:
@@ -40,6 +45,9 @@ on:
      tag5:
        required: false
        type: string
+      tag6:
+        required: true
+        type: string

 jobs:
  go:
@@ -80,6 +88,7 @@ jobs:
          git fetch --tags sekai
          version=$(CGO_ENABLED=0 go run ./cmd/internal/read_tag)
          [ -z "$version" ] &&  version=${{ inputs.tag2 }}
+          version=$(echo $version | sed 's/-reF1nd//')
          echo version=$version >> $GITHUB_OUTPUT
          if [ -z "$TAGS" ];then
            if [ "$REPO" = 'SagerNet/sing-box' ];then
@@ -117,11 +126,11 @@ jobs:
            goos: linux
            goarch: mips
            gomips: softfloat
-          - name: linux-mipsel-softfloat
+          - name: linux-mipsle-softfloat
            goos: linux
            goarch: mipsle
            gomips: softfloat
-          - name: linux-mipsel-hardfloat
+          - name: linux-mipsle-hardfloat
            goos: linux
            goarch: mipsle
            gomips: hardfloat   
@@ -171,6 +180,7 @@ jobs:
        with:
          name: ${{ matrix.name }}
          path: sing-box
+          overwrite: true
          
  push_to_git:
    needs: 
@@ -180,6 +190,7 @@ jobs:
    env: 
      RELEASE: ${{ inputs.tag3 }}
      PUSHDIR: ${{ inputs.tag4 }}
+      ZIPTYPE: ${{ inputs.tag6 }}
      VERSION: ${{needs.sing-box.outputs.version}}
    steps:
      - name: Checkout ShellCrash
@@ -194,18 +205,48 @@ jobs:
        with:
          path: ./tmp
          
+      - name: Zip core by upx
+        if: env.ZIPTYPE == 'upx'
+        run: |    
+          wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
+          wget https://github.com/upx/upx/releases/download/v3.94/upx-3.94-amd64_linux.tar.xz
+          tar xf upx-3.96-amd64_linux.tar.xz
+          tar xf upx-3.94-amd64_linux.tar.xz
+          for arch in amd64 armv5 armv7 arm64 386 mips-softfloat mipsle-hardfloat mipsle-softfloat;do
+            [ ! -f ./tmp/linux-${arch}/sing-box ] && continue
+            mv -f ./tmp/linux-${arch}/sing-box ./tmp/singbox-linux-${arch}.upx
+            chmod +x ./tmp/singbox-linux-${arch}.upx
+            case "${arch}" in
+              armv5|mips* )
+                ./upx-3.94-amd64_linux/upx --no-lzma ./tmp/singbox-linux-${arch}.upx
+              ;;
+              *)
+                ./upx-3.96-amd64_linux/upx --no-lzma ./tmp/singbox-linux-${arch}.upx
+              ;;
+            esac
+          done
+          rm -rf upx-3.9*
+         
      - name: Zip core by tar
-        run: |      
-          for arch in amd64 armv5 armv7 arm64 386 mips-softfloat mipsel-hardfloat mipsel-softfloat;do
+        if: env.ZIPTYPE == 'tar.gz'
+        run: |        
+          for arch in amd64 armv5 armv7 arm64 386 mips-softfloat mipsle-hardfloat mipsle-softfloat;do
            [ ! -f ./tmp/linux-${arch}/sing-box ] && continue
            mv -f ./tmp/linux-${arch}/sing-box ./tmp/CrashCore
            chmod +x ./tmp/CrashCore
            tar --no-same-owner -zcvf ./tmp/singbox-linux-${arch}.tar.gz -C ./tmp CrashCore
          done
-          mv -f ./tmp/singbox-linux-mipsel-hardfloat.tar.gz ./tmp/singbox-linux-mipsle-hardfloat.tar.gz
-          mv -f ./tmp/singbox-linux-mipsel-softfloat.tar.gz ./tmp/singbox-linux-mipsle-softfloat.tar.gz
-          echo ${VERSION} > ./tmp/version
-
+          
+      - name: Zip core by gz
+        if: env.ZIPTYPE == 'gz'
+        run: |        
+          for arch in amd64 armv5 armv7 arm64 386 mips-softfloat mipsle-hardfloat mipsle-softfloat;do
+            [ ! -f ./tmp/linux-${arch}/sing-box ] && continue
+            mv -f ./tmp/linux-${arch}/sing-box ./tmp/singbox-linux-${arch}
+            chmod +x ./tmp/singbox-linux-${arch}
+            gzip ./tmp/singbox-linux-${arch}
+          done
+          
      - name: Commit and push
        if: ${{ env.PUSHDIR != '' }}
        run: |
@@ -213,10 +254,9 @@ jobs:
          [ "${{ inputs.tag1 }}" = PuerNya/sing-box ] && crashcore='singboxp'
          [ "${{ inputs.tag1 }}" = reF1nd/sing-box ] && crashcore='singboxr'
          mkdir -p ./bin/${crashcore}
-          rm -fr ./bin/${crashcore}/*
-          mv -f ./tmp/singbox-linux-*.tar.gz ./bin/${crashcore}/
+          mv -f ./tmp/singbox-linux-* ./bin/${crashcore}/
          rm -fr ./tmp
-          sed -i "s/${crashcore}_v=.*/${crashcore}_v=${VERSION}/" ./bin/version
+          [ "${{ inputs.tag6 }}" = tar.gz ] && sed -i "s/${crashcore}_v=.*/${crashcore}_v=${VERSION}/" ./bin/version
          git config --global user.email "github-actions[bot]@users.noreply.github.com" && git config --global user.name "github-actions[bot]"
          git add . && git commit -m "更新${crashcore}内核至${VERSION}" || exit 0
          git push
--- a/3
+++ b/3
@@ -57,8 +57,7 @@ RUN apk add --no-cache \
    ca-certificates \
    tzdata \
    nftables \
-    iproute2 \
-    dcron
+    iproute2

 RUN ln -sf /usr/share/zoneinfo/${TZ} /etc/localtime && \
    echo "${TZ}" > /etc/timezone
--- a/README_CN.md
+++ b/README_CN.md
@@ -55,48 +55,48 @@

 ```shell
 sudo -i #切换到root用户，如果需要密码，请输入密码
-export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && bash /tmp/install.sh && source /etc/profile &> /dev/null
+export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && bash /tmp/install.sh && . /etc/profile &> /dev/null
 ```
 或者
 ```shell
 sudo -i #切换到root用户，如果需要密码，请输入密码
-export url='https://gh.jwsc.eu.org/master' && bash -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+export url='https://gh.jwsc.eu.org/master' && bash -c "$(curl -kfsSl $url/install.sh)" && . /etc/profile &> /dev/null
 ```

 ~**路由设备使用curl安装**：<br>

 ```shell
 #GitHub源(可能需要代理)
-export url='https://raw.githubusercontent.com/juewuy/ShellCrash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+export url='https://raw.githubusercontent.com/juewuy/ShellCrash/master' && sh -c "$(curl -kfsSl $url/install.sh)" && . /etc/profile &> /dev/null
 ```
 或者
 ```shell
 #jsDelivrCDN源
-export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && sh -c "$(curl -kfsSl $url/install.sh)" && . /etc/profile &> /dev/null
 ```
 或者
 ```shell
 #作者私人源
-export url='https://gh.jwsc.eu.org/master' && sh -c "$(curl -kfsSl $url/install.sh)" && source /etc/profile &> /dev/null
+export url='https://gh.jwsc.eu.org/master' && sh -c "$(curl -kfsSl $url/install.sh)" && . /etc/profile &> /dev/null
 ```

 ~**路由设备使用wget安装**：<br>

 ```Shell
 #GitHub源(可能需要代理)
-export url='https://raw.githubusercontent.com/juewuy/ShellCrash/master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+export url='https://raw.githubusercontent.com/juewuy/ShellCrash/master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && . /etc/profile &> /dev/null
 ```
 或者
 ```shell
 #jsDelivrCDN源
-export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && . /etc/profile &> /dev/null
 ```

 ~**老旧设备使用低版本wge安装**：<br>

 ```Shell
 #作者私人http内测源
-export url='http://t.jwsc.eu.org' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+export url='http://t.jwsc.eu.org' && wget -q -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && . /etc/profile &> /dev/null
 ```

 ##### ~**虚拟机安装：**<br>
@@ -107,7 +107,7 @@ export url='http://t.jwsc.eu.org' && wget -q -O /tmp/install.sh $url/install.sh
 #安装必要依赖
 apk add --no-cache wget openrc ca-certificates tzdata nftables iproute2 dcron
 #执行安装命令
-export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && source /etc/profile &> /dev/null
+export url='https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master' && wget -q --no-check-certificate -O /tmp/install.sh $url/install.sh  && sh /tmp/install.sh && . /etc/profile &> /dev/null
 ```

 ##### ~Docker安装：<br>
--- a/ShellCrash.tar.gz
+++ b/ShellCrash.tar.gz
--- a/bin/clashfm.tar.gz
+++ b/bin/clashfm.tar.gz
--- a/bin/version
+++ b/bin/version
@@ -1,4 +1,4 @@
 meta_v=v1.19.17
 singboxr_v=1.13.0-alpha.27
-versionsh=1.9.3release
+versionsh=1.9.4rc7.1
 GeoIP_v=20251205
--- a/docker/README.md
+++ b/docker/README.md
@@ -15,7 +15,7 @@ docker run -d \
  --name shellcrash \
  -p 7890:7890 \
  -p 9999:9999 \
-  shellcrash:latest
+  juewuy/shellcrash:latest
 ```

 ------
@@ -57,9 +57,10 @@ docker run -d \
  --cap-add NET_ADMIN \
  --cap-add NET_RAW \
  --cap-add SYS_ADMIN \
+  --sysctl net.ipv4.ip_forward=1 \
  --device /dev/net/tun:/dev/net/tun \
  --restart unless-stopped \
-  shellcrash:latest
+  juewuy/shellcrash:latest
 ```

 ### 3. 配置需要路由的设备
@@ -87,14 +88,10 @@ mkdir -p /root/ShellCrash
 ```shell
 docker run -d \
  ………………
-  -v /root/ShellCrash:/etc/ShellCrash \
+  -v shellcrash_configs:/etc/ShellCrash/configs \
  ………………
 ```

------
-
-
-
 ------

 ## Compose Deployment（Compose部署）
@@ -102,8 +99,8 @@ docker run -d \
 ### 1. 创建宿主机目录并进入目录

 ```shell
-mkdir -p /root/ShellCrash
-cd /root/ShellCrash
+mkdir -p /tmp/ShellCrash
+cd /tmp/ShellCrash
 ```

 ### 2. 下载Compose模版
@@ -126,8 +123,29 @@ docker compose up -d

 ------

-### Notes
+## Delete（移除容器镜像或删除卷）

+### Docker删除容器
+
+```shell
+docker rm -f shellcrash
+```
+
+### Docker删除卷
+
+```shell
+docker volume rm shellcrash_configs
+```
+
+### Compose删除容器&卷
+
+```shell
+docker-compose down -v
+```
+
+## Notes
+
+- 内置公网防火墙功能无法管理宿主机网络，请自行做好宿主机7890/9999端口的网络防护！
 - 旁路由模式需要宿主机支持 `TUN`
 - macvlan 网络下宿主机默认无法直接访问容器 IP
 - 透明代理场景可能需要额外的网络规划
--- a/docker/compose.yml
+++ b/docker/compose.yml
@@ -2,8 +2,8 @@ version: "3.9"

 services:
  shellclash:
-    image: shellclash:latest
-    container_name: shellclash
+    image: juewuy/shellcrash:latest
+    container_name: shellcrash
    networks:
      macvlan_lan:
        ipv4_address: 192.168.31.222
@@ -14,11 +14,15 @@ services:
    devices:
      - "/dev/net/tun:/dev/net/tun"
    sysctls:
-      net.ipv4.ip_forward: 1
+      - net.ipv4.ip_forward: 1
+      # - net.ipv6.conf.all.forwarding=1
    volumes:
-      - /etc/ShellCrash:/root/ShellCrash
+      - shellcrash_configs:/etc/ShellCrash/configs:rw
    restart: unless-stopped
    
+volumes:
+  shellcrash_configs:
+  
 networks:
  macvlan_lan:
    name: macvlan_lan
--- a/install.sh
+++ b/install.sh
@@ -1,4 +1,4 @@
-#! /bin/bash
+#!/usr/bin/env bash
 # Copyright (C) Juewuy

 [ -z "$url" ] && url="https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@dev"
@@ -9,10 +9,13 @@ echo "**                 欢迎使用                  **"
 echo "**                ShellCrash                 **"
 echo "**                             by  Juewuy    **"
 echo "***********************************************"
-#内置工具
+
+# Check available capacity
 dir_avail() {
-    df $2 $1 | awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' | grep -E 'Ava|可用' | awk '{print $2}'
+	df -h >/dev/null 2>&1 && h="$2"
+    df -P $h "${1:-.}" 2>/dev/null | awk 'NR==2 {print $4}'
 }
+
 ckcmd() { #检查命令
    if command -v sh >/dev/null 2>&1;then
        command -v "$1" >/dev/null 2>&1
@@ -45,6 +48,7 @@ error_down() {
    $echo "请参考 \033[32mhttps://github.com/juewuy/ShellCrash/blob/master/README_CN.md"
    $echo "\033[33m使用其他安装源重新安装！\033[0m"
 }
+
 #安装及初始化
 set_alias() {
    echo "-----------------------------------------------"
@@ -60,6 +64,7 @@ set_alias() {
    1) my_alias=crash ;;
    2) my_alias=sc ;;
    3) my_alias=mm ;;
+    0) echo "安装已取消"; exit 1 ;;
    *) my_alias=$res ;;
    esac
    cmd=$(ckcmd "$my_alias" | grep 'menu.sh')
@@ -69,6 +74,7 @@ set_alias() {
        set_alias
    }
 }
+
 gettar() {
    webget /tmp/ShellCrash.tar.gz "$url/ShellCrash.tar.gz"
    if [ "$result" != "200" ]; then
--- a/public/fake_ip_filter.list
+++ b/public/fake_ip_filter.list
@@ -72,6 +72,7 @@ localhost.ptlogin2.qq.com
 localhost.sec.qq.com
 #微信登录
 localhost.*.weixin.qq.com
+.kk-rays.com
 #Game
 #Steam
 +.steamcontent.com
@@ -154,4 +155,6 @@ ps.res.netease.com
 +.orayimg.com
 #LOL语音
 +.gcloudcs.com
-+.gcloudsdk.com
+.gcloudsdk.com
+#ddns
+.dynv6.net
--- a/public/task.list
+++ b/public/task.list
@@ -3,9 +3,9 @@
 101#$CRASHDIR/start.sh start#启动ShellCrash服务
 102#$CRASHDIR/start.sh stop#停止ShellCrash服务
 103#$CRASHDIR/start.sh restart#重启ShellCrash服务
-104#$CRASHDIR/start.sh update_config#更新在线订阅并重启服务
-105#$CRASHDIR/start.sh hotupdate#热更新在线订阅(不重启)
-106#$CRASHDIR/start.sh web_save#自动保存面板配置
+104#$CRASHDIR/task/task.sh update_config#更新在线订阅并重启服务
+105#$CRASHDIR/task/task.sh hotupdate#热更新在线订阅(不重启)
+106#$CRASHDIR/task/task.sh web_save_auto#自动保存面板配置
 107#$CRASHDIR/task/task.sh ntp#自动同步ntp时间

 111#$CRASHDIR/task/task.sh update_core#自动更新内核
--- a/rules/clash_providers/ShellCrash_RS_Full_BanAds.yaml
+++ b/rules/clash_providers/ShellCrash_RS_Full_BanAds.yaml
@@ -1,4 +1,4 @@
-#ShellCrash-ruleset全分组规则+去广告
+#ShellCrash-ruleset 全分组规则+去广告 For mihomo By Maozai 260107

 #此版本为Maozai根据ACL4SSR规则修改优化而来，尽量在保持原有的基础上进行优化。
 #数据源采用了DustinWin/ruleset_geodata和MetaCubeX/meta-rules-dat两个开源项目的规则，感谢原作者的辛勤付出。
@@ -8,49 +8,52 @@

 #代理组
 proxy-groups:
-  - { name: 🚀 节点选择, type: select, proxies: [♻️ 自动选择, ✨ 自动选择（去高倍率）, 🛠️ 手动切换, ⚖️ 负载均衡, 🚑 故障转移, 🎯 全球直连, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🛠️ 手动切换, type: select, include-all: true, exclude-type: direct }
-  - { name: ♻️ 自动选择, type: url-test, interval: 600, tolerance: 50, include-all: true, exclude-type: direct }
-  - { name: ✨ 自动选择（去高倍率）, type: url-test, interval: 600, tolerance: 50, include-all: true, exclude-type: direct, filter: "(?i)^(?!.*(专线|专用|高级|高速|高倍率|IEPL|IPLC|x([2-9]|\\d{2,}))).*" }
-  - { name: ⚖️ 负载均衡, type: load-balance, interval: 600, include-all: true, exclude-type: direct, hidden: true }
-  - { name: 🚑 故障转移, type: fallback, interval: 600, include-all: true, exclude-type: direct, hidden: true }
+  - {name: 🚀 节点选择, type: select, proxies: [♻️ 自动选择, ✨ 自动选择（去高倍率）, 🛠️ 手动切换, ⚖️ 负载均衡, 🚑 故障转移, 🎯 本地直连, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🛠️ 手动切换, type: select, include-all: true, proxies: [🎯 本地直连, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: ♻️ 自动选择, type: url-test, interval: 1800, tolerance: 50, include-all: true, exclude-filter: "(?i)(剩余|重置|到期|防失联|官网|导航|客服|http|www)"}
+  - {name: ✨ 自动选择（去高倍率）, type: url-test, interval: 1800, tolerance: 50, include-all: true, exclude-filter: "(?i)(剩余|重置|到期|防失联|官网|导航|客服|http|www|专线|专用|高级|直连|急速|高速|高倍率|游戏|铂金|钻石|企业|VIP|Ultra|Game|IEPL|IPLC|AIA|BGP|GIA|CN2|CMI|HGC|HKT|CTM|CC|AC|x([2-9]|\\d{2,}))"}
+  - {name: ⚖️ 负载均衡, type: load-balance, interval: 1800, include-all: true, hidden: true}
+  - {name: 🚑 故障转移, type: fallback, interval: 1800, include-all: true, hidden: true}

-  - { name: 🤖 AI 平台, type: select, proxies: [🚀 节点选择, 🤖 AI节点（过滤港澳）, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🤖 AI节点（过滤港澳）, type: url-test, interval: 1800, tolerance: 50, include-all: true, filter: "(?i)^(?!.*(🇭🇰|港|🇲🇴|澳门|hk|hongkong|hong kong)).*", hidden: true }
-  - { name: 📢 谷歌FCM, type: select, proxies: [🚀 节点选择, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🎥 奈飞视频, type: select, proxies: [🚀 节点选择, 🎥 奈飞节点, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🎥 奈飞节点, type: url-test, interval: 1800, tolerance: 50, include-all: true, filter: "(?i)(NF|奈飞|解锁|Netflix|NETFLIX|Media)", hidden: true }
-  - { name: 📹 油管视频, type: select, proxies: [🚀 节点选择, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 📲 电报消息, type: select, proxies: [🚀 节点选择, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🌍 国外媒体, type: select, proxies: [🚀 节点选择, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🧱 代理域名, type: select, proxies: [🚀 节点选择, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🎮 国外游戏, type: select, proxies: [🚀 节点选择, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
+  - {name: 🤖 AI 平台, type: select, proxies: [🚀 节点选择, 🤖 AI节点（过滤港澳）, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🤖 AI节点（过滤港澳）, type: url-test, interval: 3600, tolerance: 50, include-all: true, exclude-filter: "(?i)(剩余|重置|到期|防失联|官网|导航|客服|http|www|🇭🇰|港|🇲🇴|澳门|hk|hongkong|hong kong)", hidden: true}
+  - {name: 🎬 奈飞视频, type: select, proxies: [🚀 节点选择, 🎬 奈飞节点, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🎬 奈飞节点, type: url-test, interval: 1800, tolerance: 50, include-all: true, filter: "(?i)(NF|奈飞|解锁|Netflix|NETFLIX|Media)", hidden: true}
+  - {name: ▶️ 油管视频, type: select, proxies: [🚀 节点选择, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 📢 谷歌推送, type: select, proxies: [🚀 节点选择, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 📲 电报消息, type: select, proxies: [🚀 节点选择, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🌍 国际媒体, type: select, proxies: [🚀 节点选择, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🌐 国际流量, type: select, proxies: [🚀 节点选择, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🎮 外服游戏, type: select, proxies: [🚀 节点选择, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}

-  - { name: 🕹 国内游戏, type: select, proxies: [🎯 全球直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, {providers_tags}] }
-  - { name: 🪟 微软服务, type: select, proxies: [🎯 全球直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🍎 苹果服务, type: select, proxies: [🎯 全球直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 💾 trackerslist, type: select, proxies: [🎯 全球直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 📈 网络测试, type: select, proxies: [🎯 全球直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: ↔️ 国外直连, type: select, proxies: [🎯 全球直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
-  - { name: 🀄️ 国内直连, type: select, proxies: [🎯 全球直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, {providers_tags}] }
+  - {name: 🕹 国服游戏, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, {providers_tags}]}
+  - {name: 🦾 Steam平台, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🪟 微软服务, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🍎 苹果服务, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🇬 谷歌服务, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 🧲 BT下载, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: 📈 网络测速, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}
+  - {name: ↔️ 直连软件, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, {providers_tags}]}
+  - {name: 🀄️ 国内流量, type: select, proxies: [🎯 本地直连, 🚀 节点选择, ♻️ 自动选择, 🛠️ 手动切换, {providers_tags}]}

-  - { name: 🐟 漏网之鱼, type: select, proxies: [🚀 节点选择, 🎯 全球直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇸🇬 狮城节点, 🇯🇵 日本节点, 🇰🇷 韩国节点, 🇺🇸 美国节点, 🇪🇺 欧洲节点, 👑 高级节点, 📉 省流节点, {providers_tags}] }
+  - {name: 🐟 漏网之鱼, type: select, proxies: [🚀 节点选择, 🎯 本地直连, ♻️ 自动选择, 🛠️ 手动切换, 🇭🇰 香港节点, 🇹🇼 台湾节点, 🇺🇸 美国节点, 🇯🇵 日本节点, 🇪🇺 欧洲节点, 🇰🇷 韩国节点, 🇸🇬 狮城节点, 👑 高级节点, 📉 省流节点, {providers_tags}]}

-  - { name: 🛑 广告拦截, type: select, proxies: [🔴 全球拦截, 🎯 全球直连] }
-  - { name: 🔒 私有网络, type: select, proxies: [DIRECT], hidden: true }
-  - { name: 🔴 全球拦截, type: select, proxies: [REJECT], hidden: true }
-  - { name: 🎯 全球直连, type: select, proxies: [DIRECT], hidden: true }
+  - {name: 🛑 广告拦截, type: select, proxies: [🔴 拦截, 🟢 放行]}
+  - {name: 🔒 私有网络, type: select, proxies: [DIRECT], hidden: true}
+  - {name: 🔴 拦截, type: select, proxies: [REJECT], hidden: true}
+  - {name: 🟢 放行, type: select, proxies: [PASS], hidden: true}
+  - {name: 🎯 本地直连, type: select, proxies: [DIRECT], hidden: true}

-  - { name: 🇭🇰 香港节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇭🇰|港|hk|hongkong|hong kong)" }
-  - { name: 🇹🇼 台湾节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇹🇼|台|tw|taiwan|tai wan)" }
-  - { name: 🇸🇬 狮城节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇸🇬|新|坡|狮城|sg|singapore)" }
-  - { name: 🇯🇵 日本节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇯🇵|日|东京|大阪|泉日|埼玉|jp|japan)" }
-  - { name: 🇰🇷 韩国节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(KR|首尔|韩|韓|kor)" }
-  - { name: 🇺🇸 美国节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇺🇸|美|us|unitedstates|united states)" }
-  - { name: 🇪🇺 欧洲节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇪🇺|欧|欧洲|eu|eur|德|英|瑞|法|荷|土耳|意大利|西班牙)" }
+  - {name: 🇭🇰 香港节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇭🇰|港|hk|hongkong|hong kong)"}
+  - {name: 🇹🇼 台湾节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇹🇼|台|tw|taiwan|tai wan)"}
+  - {name: 🇺🇸 美国节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇺🇸|美|洛杉矶|圣何塞|西雅图|纽约|波特兰|旧金山|us|unitedstates|united states)"}
+  - {name: 🇯🇵 日本节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇯🇵|日|东京|大阪|埼玉|九州|jp|japan)"}
+  - {name: 🇪🇺 欧洲节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇪🇺|欧|德|英|法|荷|俄罗斯|西班牙|意大利|瑞士|瑞典|土耳其|挪威|芬兰|丹麦|比利时|爱尔兰|奥地利|波兰|葡萄牙|乌克兰|希腊|捷克|匈牙利|罗马尼亚|保加利亚|冰岛|克罗地亚)"}
+  - {name: 🇰🇷 韩国节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇰🇷|韩|韓|首尔|kr|kor)"}
+  - {name: 🇸🇬 狮城节点, type: url-test, tolerance: 50, include-all: true, filter: "(?i)(🇸🇬|新加坡|狮城|sg|singapore)"}

-  - { name: 👑 高级节点, type: url-test, interval: 1800, tolerance: 50, include-all: true, filter: "(?i)(专线|专用|高级|直连|急速|高速|高倍率|游戏|game|IEPL|IPLC|AIA|CTM|CC|AC)" }
-  - { name: 📉 省流节点, type: url-test, interval: 1800, tolerance: 50, include-all: true, filter: "(0\\.[1-6]|低倍率|省流|大流量)" }
+  - {name: 👑 高级节点, type: url-test, interval: 1800, tolerance: 50, include-all: true, filter: "(?i)(专线|专用|高级|直连|急速|高速|高倍率|游戏|铂金|钻石|企业|VIP|Ultra|Game|IEPL|IPLC|AIA|BGP|GIA|CN2|CMI|HGC|HKT|CTM|CC|AC|x([2-9]|\\d{2,}))"}
+  - {name: 📉 省流节点, type: url-test, interval: 1800, tolerance: 50, include-all: true, filter: "(?i)(0\\.[1-6]|低倍率|省流|大流量|公益|免费|闲时|Low)"}

 #规则提供者（更新mrs格式）
 rule-providers:
@@ -59,185 +62,193 @@ rule-providers:
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/ai.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/ai.mrs"
  youtube:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/youtube.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/youtube.mrs"
  netflix:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/netflix.mrs"
-  telegram:
-    type: http
-    format: mrs
-    interval: 86400
-    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@refs/heads/meta/geo/geosite/telegram.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/netflix.mrs"
  telegramip:
    type: http
    format: mrs
    interval: 86400
    behavior: ipcidr
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/telegramip.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/telegramip.mrs"
  trackerslist:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/trackerslist.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/trackerslist.mrs"
+  applications:
+    type: http
+    format: text
+    interval: 86400
+    behavior: classical
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/applications.list"
  private:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/private.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/private.mrs"
  privateip:
    type: http
    format: mrs
    interval: 86400
    behavior: ipcidr
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/privateip.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/privateip.mrs"
  networktest:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/networktest.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/networktest.mrs"
  apple-cn:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/apple-cn.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/apple-cn.mrs"
  google-cn:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/google-cn.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/google-cn.mrs"
  googlefcm:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@refs/heads/meta/geo/geosite/googlefcm.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@refs/heads/meta/geo/geosite/googlefcm.mrs"
  steamcn:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@refs/heads/meta/geo/geosite/steam@cn.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@refs/heads/meta/geo/geosite/steam@cn.mrs"
  microsoft-cn:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/microsoft-cn.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/microsoft-cn.mrs"
  games-cn:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/games-cn.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/games-cn.mrs"
  games:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/games.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/games.mrs"
  gamesip:
    type: http
    format: mrs
    interval: 86400
    behavior: ipcidr
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/gamesip.mrs"
-  tld-proxy:
-    type: http
-    format: mrs
-    interval: 86400
-    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/tld-proxy.mrs"
-  cn-lite:
-    type: http
-    format: mrs
-    interval: 86400
-    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/cn-lite.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/gamesip.mrs"
  mediaip:
    type: http
    format: mrs
    interval: 86400
    behavior: ipcidr
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/mediaip.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/mediaip.mrs"
  media:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/media.mrs"
-  gfw:
-    type: http
-    format: mrs
-    interval: 86400
-    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/gfw.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/media.mrs"
  cnip:
    type: http
    format: mrs
    interval: 86400
    behavior: ipcidr
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/cnip.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/cnip.mrs"
  proxy:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/proxy.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/proxy.mrs"
  cn:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/cn.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/cn.mrs"
  ads:
    type: http
    format: mrs
    interval: 86400
    behavior: domain
-    url: "https://fastly.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/ads.mrs"
+    proxy: DIRECT
+    url: "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/mihomo-ruleset/ads.mrs"

 #规则顺序
 rules:
+  - DOMAIN-SUFFIX,captive.apple.com,DIRECT
+  - DOMAIN-SUFFIX,kamo.teracloud.jp,DIRECT
+
  - RULE-SET,privateip,🔒 私有网络,no-resolve
  - RULE-SET,private,🔒 私有网络
-  - RULE-SET,ads,🛑 广告拦截
-  - RULE-SET,networktest,📈 网络测试
-  - RULE-SET,trackerslist,💾 trackerslist
-  - RULE-SET,googlefcm,📢 谷歌FCM
-  - RULE-SET,google-cn,↔️ 国外直连
-  - RULE-SET,steamcn,↔️ 国外直连
-  - RULE-SET,microsoft-cn,🪟 微软服务
-  - RULE-SET,apple-cn,🍎 苹果服务
  - RULE-SET,telegramip,📲 电报消息,no-resolve
-  - RULE-SET,telegram,📲 电报消息
-  - RULE-SET,netflix,🎥 奈飞视频
-  - RULE-SET,youtube,📹 油管视频
-  - RULE-SET,ai,🤖 AI 平台
+  - RULE-SET,ads,🛑 广告拦截
+
+  - RULE-SET,networktest,📈 网络测速
+  - RULE-SET,applications,↔️ 直连软件
+  - RULE-SET,trackerslist,🧲 BT下载
+  - RULE-SET,apple-cn,🍎 苹果服务
+  - RULE-SET,microsoft-cn,🪟 微软服务
+  - RULE-SET,google-cn,🇬 谷歌服务
+  - RULE-SET,steamcn,🦾 Steam平台
+  - RULE-SET,games-cn,🕹 国服游戏
+
+  - RULE-SET,googlefcm,📢 谷歌推送
+  - RULE-SET,netflix,🎬 奈飞视频
+  - RULE-SET,youtube,▶️ 油管视频
+  - RULE-SET,ai,🤖 AI 平台
+  - RULE-SET,media,🌍 国际媒体
+  - RULE-SET,games,🎮 外服游戏
+
+  - RULE-SET,proxy,🌐 国际流量
+  - RULE-SET,cn,🀄️ 国内流量
+  - RULE-SET,gamesip,🎮 外服游戏
+  - RULE-SET,mediaip,🌍 国际媒体
+  - RULE-SET,cnip,🀄️ 国内流量

-  - RULE-SET,games-cn,🕹 国内游戏
-  - RULE-SET,gamesip,🎮 国外游戏
-  - RULE-SET,games,🎮 国外游戏
-  - RULE-SET,mediaip,🌍 国外媒体
-  - RULE-SET,media,🌍 国外媒体
-  - RULE-SET,tld-proxy,🧱 代理域名
-  - RULE-SET,cn-lite,🀄️ 国内直连
-  - RULE-SET,gfw,🧱 代理域名
-  - RULE-SET,cnip,🀄️ 国内直连
-  - RULE-SET,proxy,🧱 代理域名
-  - RULE-SET,cn,🀄️ 国内直连
  - MATCH,🐟 漏网之鱼
--- a/rules/clash_providers/clash_providers.list
+++ b/rules/clash_providers/clash_providers.list
@@ -1,4 +1,5 @@
 ShellCrash-ruleset极简规则 ShellCrash_RS_Nano.yaml
+ShellCrash-ruleset全分组规则+去广告 ShellCrash_RS_Full_BanAds.yaml
 DustinWin-ruleset轻量规则 DustinWin_RS_Light.yaml
 DustinWin-ruleset标准规则 DustinWin_RS_Lite_NoAds.yaml
 DustinWin-ruleset标准规则+去广告 DustinWin_RS_Lite.yaml
--- a/rules/singbox_providers/DustinWin_RS_Full.json
+++ b/rules/singbox_providers/DustinWin_RS_Full.json
@@ -1,23 +1,25 @@
 //DustinWin-ruleset全分组规则+去广告
 {
  "outbounds": [
-    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 全球直连", {providers_tags} ] },
-    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
+    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 本地直连", {providers_tags} ] },
+    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
    { "tag": "🤖 AI 平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点" ] },
-    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 全球直连", "👑 高级节点", "🚀 节点选择" ] },
-    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
+    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 本地直连", "👑 高级节点", "🚀 节点选择" ] },
+    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
    { "tag": "🌍 国外媒体", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🎮 游戏平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 全球直连", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 全球直连" ] },
+    { "tag": "🎮 游戏平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
+    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "📲 电报消息", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 全球直连" ] },
-    { "tag": "🎯 全球直连", "type": "selector", "outbounds": [ "DIRECT" ] },
-    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "DIRECT" ] },
+    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 本地直连" ] },
+    { "tag": "🛑 广告域名", "type": "selector", "outbounds": [ "🔴 全球拦截", "🎯 本地直连" ] },
+    { "tag": "🔴 全球拦截", "type": "block" },
+    { "tag": "🎯 本地直连", "type": "direct" },
+    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "👑 高级节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(专线|专用|高级|直连|急速|高倍率|游戏|game|IEPL|IPLC|AIA|CTM|CC|AC)" },
    { "tag": "📉 省流节点", "type": "urltest", "tolerance": 100, "use_all_providers": true, "include": "0\\.[1-5]|低倍率|省流|大流量" },
    { "tag": "♻️ 自动选择", "type": "urltest", "tolerance": 100, "use_all_providers": true },
@@ -30,8 +32,8 @@
  ],
  "route": {
    "rules": [
-      { "rule_set": [ "private" ], "outbound": "🎯 全球直连" },
-      { "rule_set": [ "ads" ], "action": "reject" },
+      { "rule_set": [ "private" ], "outbound": "🎯 本地直连" },
+      { "rule_set": [ "ads" ], "outbound": "🛑 广告域名" },
      { "rule_set": [ "trackerslist" ], "outbound": "📋 Trackerslist" },
      { "rule_set": [ "microsoft-cn" ], "outbound": "🪟 微软服务" },
      { "rule_set": [ "apple-cn" ], "outbound": "🍎 苹果服务" },
@@ -43,10 +45,10 @@
      { "rule_set": [ "networktest" ], "outbound": "📈 网络测试" },
      { "rule_set": [ "proxy" ], "outbound": "🧱 代理域名" },
      { "rule_set": [ "cn" ], "outbound": "🛡️ 直连域名" },
-      { "rule_set": [ "privateip" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "privateip" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "telegramip" ], "outbound": "📲 电报消息" },

-      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4"},
+      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4", "match_only": true},
      { "rule_set": [ "cnip" ], "outbound": "🀄️ 直连 IP" },
      { "rule_set": [ "mediaip" ], "outbound": "🌍 国外媒体" },
      { "rule_set": [ "gamesip" ], "outbound": "🎮 游戏平台" }
@@ -57,126 +59,144 @@
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/private.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "ads",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/ads.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ads.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ads.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "trackerslist",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/trackerslist.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "microsoft-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/microsoft-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "apple-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/apple-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "google-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/google-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "games-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/games-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "media",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/media.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/media.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/media.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "games",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/games.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "ai",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/ai.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "networktest",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/networktest.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "proxy",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/proxy.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "privateip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/privateip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cnip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cnip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "mediaip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/mediaip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/mediaip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/mediaip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "gamesip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/gamesip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/gamesip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/gamesip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "telegramip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/telegramip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs",
+        "download_detour": "DIRECT"
      }
    ],
    "final": "🐟 漏网之鱼"
--- a/rules/singbox_providers/DustinWin_RS_Full_NoAds.json
+++ b/rules/singbox_providers/DustinWin_RS_Full_NoAds.json
@@ -1,23 +1,23 @@
 //DustinWin-ruleset全分组规则
 {
  "outbounds": [
-    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 全球直连", {providers_tags} ] },
-    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
+    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 本地直连", {providers_tags} ] },
+    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
    { "tag": "🤖 AI 平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点" ] },
-    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 全球直连", "👑 高级节点", "🚀 节点选择" ] },
-    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
+    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 本地直连", "👑 高级节点", "🚀 节点选择" ] },
+    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
    { "tag": "🌍 国外媒体", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🎮 游戏平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 全球直连", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 全球直连" ] },
+    { "tag": "🎮 游戏平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
+    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "📲 电报消息", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 全球直连" ] },
-    { "tag": "🎯 全球直连", "type": "selector", "outbounds": [ "DIRECT" ] },
-    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "DIRECT" ] },
+    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 本地直连" ] },
+    { "tag": "🎯 本地直连", "type": "direct" },
+    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "👑 高级节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(专线|专用|高级|直连|急速|高倍率|游戏|game|IEPL|IPLC|AIA|CTM|CC|AC)" },
    { "tag": "📉 省流节点", "type": "urltest", "tolerance": 100, "use_all_providers": true, "include": "0\\.[1-5]|低倍率|省流|大流量" },
    { "tag": "♻️ 自动选择", "type": "urltest", "tolerance": 100, "use_all_providers": true },
@@ -30,7 +30,7 @@
  ],
  "route": {
    "rules": [
-      { "rule_set": [ "private" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "private" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "trackerslist" ], "outbound": "📋 Trackerslist" },
      { "rule_set": [ "microsoft-cn" ], "outbound": "🪟 微软服务" },
      { "rule_set": [ "apple-cn" ], "outbound": "🍎 苹果服务" },
@@ -42,10 +42,10 @@
      { "rule_set": [ "networktest" ], "outbound": "📈 网络测试" },
      { "rule_set": [ "proxy" ], "outbound": "🧱 代理域名" },
      { "rule_set": [ "cn" ], "outbound": "🛡️ 直连域名" },
-      { "rule_set": [ "privateip" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "privateip" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "telegramip" ], "outbound": "📲 电报消息" },

-	    { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4"},
+      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4", "match_only": true},
      { "rule_set": [ "cnip" ], "outbound": "🀄️ 直连 IP" },
      { "rule_set": [ "mediaip" ], "outbound": "🌍 国外媒体" },
      { "rule_set": [ "gamesip" ], "outbound": "🎮 游戏平台" }
@@ -56,119 +56,136 @@
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/private.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "trackerslist",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/trackerslist.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "microsoft-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/microsoft-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "apple-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/apple-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "google-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/google-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "games-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/games-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "media",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/media.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/media.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/media.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "games",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/games.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "ai",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/ai.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "networktest",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/networktest.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "proxy",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/proxy.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "privateip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/privateip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cnip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cnip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "mediaip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/mediaip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/mediaip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/mediaip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "gamesip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/gamesip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/gamesip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/gamesip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "telegramip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/telegramip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs",
+        "download_detour": "DIRECT"
      }
    ],
    "final": "🐟 漏网之鱼"
--- a/rules/singbox_providers/DustinWin_RS_Light.json
+++ b/rules/singbox_providers/DustinWin_RS_Light.json
@@ -1,12 +1,12 @@
 //DustinWin-ruleset轻量规则
 {
  "outbounds": [
-    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 全球直连", {providers_tags} ] },
-    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 全球直连" ] },
+    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 本地直连", {providers_tags} ] },
+    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "📲 电报消息", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 全球直连" ] },
-    { "tag": "🎯 全球直连", "type": "selector", "outbounds": [ "DIRECT" ] },
-    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "DIRECT" ] },
+    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 本地直连" ] },
+    { "tag": "🎯 本地直连", "type": "direct" },
+    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "👑 高级节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(专线|专用|高级|直连|急速|高倍率|游戏|game|IEPL|IPLC|AIA|CTM|CC|AC)" },
    { "tag": "📉 省流节点", "type": "urltest", "tolerance": 100, "use_all_providers": true, "include": "0\\.[1-5]|低倍率|省流|大流量" },
    { "tag": "♻️ 自动选择", "type": "urltest", "tolerance": 100, "use_all_providers": true },
@@ -19,15 +19,15 @@
  ],
  "route": {
    "rules": [
-      { "rule_set": [ "private" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "private" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "tld-proxy" ], "outbound": "🧱 代理域名" },
      { "rule_set": [ "proxy" ], "outbound": "🧱 代理域名" },
-      { "rule_set": [ "cn" ], "outbound": "🎯 全球直连" },
-      { "rule_set": [ "privateip" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "cn" ], "outbound": "🎯 本地直连" },
+      { "rule_set": [ "privateip" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "telegramip" ], "outbound": "📲 电报消息" },

-      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4"},
-      { "rule_set": [ "cnip" ], "outbound": "🎯 全球直连" }
+      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4", "match_only": true},
+      { "rule_set": [ "cnip" ], "outbound": "🎯 本地直连" }
    ],
    "rule_set": [
      {
@@ -35,49 +35,56 @@
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "private",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/private.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "tld-proxy",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/tld-proxy.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/tld-proxy.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/tld-proxy.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "proxy",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/proxy.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "privateip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/privateip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cnip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cnip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "telegramip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/telegramip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs",
+        "download_detour": "DIRECT"
      }
    ],
    "final": "🐟 漏网之鱼"
--- a/rules/singbox_providers/DustinWin_RS_Lite.json
+++ b/rules/singbox_providers/DustinWin_RS_Lite.json
@@ -1,21 +1,23 @@
 //DustinWin-ruleset标准规则+去广告
 {
  "outbounds": [
-    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 全球直连", {providers_tags} ] },
-    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
+    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 本地直连", {providers_tags} ] },
+    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
    { "tag": "🤖 AI 平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点" ] },
-    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 全球直连", "👑 高级节点", "🚀 节点选择" ] },
-    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 全球直连" ] },
+    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 本地直连", "👑 高级节点", "🚀 节点选择" ] },
+    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "📲 电报消息", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 全球直连" ] },
-    { "tag": "🎯 全球直连", "type": "selector", "outbounds": [ "DIRECT" ] },
-    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "DIRECT" ] },
+    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 本地直连" ] },
+    { "tag": "🛑 广告域名", "type": "selector", "outbounds": [ "🔴 全球拦截", "🎯 本地直连" ] },
+    { "tag": "🔴 全球拦截", "type": "block" },
+    { "tag": "🎯 本地直连", "type": "direct" },
+    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "👑 高级节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(专线|专用|高级|直连|急速|高倍率|游戏|game|IEPL|IPLC|AIA|CTM|CC|AC)" },
    { "tag": "📉 省流节点", "type": "urltest", "tolerance": 100, "use_all_providers": true, "include": "0\\.[1-5]|低倍率|省流|大流量" },
    { "tag": "♻️ 自动选择", "type": "urltest", "tolerance": 100, "use_all_providers": true },
@@ -28,8 +30,8 @@
  ],
  "route": {
    "rules": [
-      { "rule_set": [ "private" ], "outbound": "🎯 全球直连" },
-      { "rule_set": [ "ads" ], "action": "reject" },
+      { "rule_set": [ "private" ], "outbound": "🎯 本地直连" },
+      { "rule_set": [ "ads" ], "outbound": "🛑 广告域名" },
      { "rule_set": [ "trackerslist" ], "outbound": "📋 Trackerslist" },
      { "rule_set": [ "microsoft-cn" ], "outbound": "🪟 微软服务" },
      { "rule_set": [ "apple-cn" ], "outbound": "🍎 苹果服务" },
@@ -39,10 +41,10 @@
      { "rule_set": [ "networktest" ], "outbound": "📈 网络测试" },
      { "rule_set": [ "proxy" ], "outbound": "🧱 代理域名" },
      { "rule_set": [ "cn" ], "outbound": "🛡️ 直连域名" },
-      { "rule_set": [ "privateip" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "privateip" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "telegramip" ], "outbound": "📲 电报消息" },

-      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4"},
+      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4", "match_only": true},
      { "rule_set": [ "cnip" ], "outbound": "🀄️ 直连 IP" }
    ],
    "rule_set": [
@@ -51,98 +53,112 @@
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/private.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "ads",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/ads.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ads.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ads.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "trackerslist",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/trackerslist.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "microsoft-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/microsoft-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "apple-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/apple-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "google-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/google-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "games-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/games-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "ai",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/ai.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "networktest",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/networktest.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "proxy",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/proxy.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "privateip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/privateip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cnip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cnip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "telegramip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/telegramip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs",
+        "download_detour": "DIRECT"
      }
    ],
    "final": "🐟 漏网之鱼"
--- a/rules/singbox_providers/DustinWin_RS_Lite_NoAds.json
+++ b/rules/singbox_providers/DustinWin_RS_Lite_NoAds.json
@@ -1,21 +1,21 @@
 //DustinWin-ruleset标准规则
 {
  "outbounds": [
-    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 全球直连", {providers_tags} ] },
-    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
+    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ "♻️ 自动选择", "👉 手动选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", "🎯 本地直连", {providers_tags} ] },
+    { "tag": "📈 网络测试", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
    { "tag": "🤖 AI 平台", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点" ] },
-    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 全球直连", "👑 高级节点", "🚀 节点选择" ] },
-    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 全球直连", "🚀 节点选择" ] },
-    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 全球直连" ] },
+    { "tag": "📋 Trackerslist", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🎮 游戏服务", "type": "selector", "outbounds": [ "🎯 本地直连", "👑 高级节点", "🚀 节点选择" ] },
+    { "tag": "🪟 微软服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🛡️ 直连域名", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🀄️ 直连 IP", "type": "selector", "outbounds": [ "🎯 本地直连", "🚀 节点选择" ] },
+    { "tag": "🧱 代理域名", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "📲 电报消息", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags} ] },
-    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 全球直连" ] },
-    { "tag": "🎯 全球直连", "type": "selector", "outbounds": [ "DIRECT" ] },
-    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "DIRECT" ] },
+    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": [ "🚀 节点选择", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇯🇵 日本节点", "🇸🇬 新加坡节点", "🇺🇸 美国节点", "👑 高级节点", "📉 省流节点", {providers_tags}, "🎯 本地直连" ] },
+    { "tag": "🎯 本地直连", "type": "direct" },
+    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
    { "tag": "👑 高级节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(专线|专用|高级|直连|急速|高倍率|游戏|game|IEPL|IPLC|AIA|CTM|CC|AC)" },
    { "tag": "📉 省流节点", "type": "urltest", "tolerance": 100, "use_all_providers": true, "include": "0\\.[1-5]|低倍率|省流|大流量" },
    { "tag": "♻️ 自动选择", "type": "urltest", "tolerance": 100, "use_all_providers": true },
@@ -28,7 +28,7 @@
  ],
  "route": {
    "rules": [
-      { "rule_set": [ "private" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "private" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "trackerslist" ], "outbound": "📋 Trackerslist" },
      { "rule_set": [ "microsoft-cn" ], "outbound": "🪟 微软服务" },
      { "rule_set": [ "apple-cn" ], "outbound": "🍎 苹果服务" },
@@ -38,10 +38,10 @@
      { "rule_set": [ "networktest" ], "outbound": "📈 网络测试" },
      { "rule_set": [ "proxy" ], "outbound": "🧱 代理域名" },
      { "rule_set": [ "cn" ], "outbound": "🛡️ 直连域名" },
-      { "rule_set": [ "privateip" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "privateip" ], "outbound": "🎯 本地直连" },
      { "rule_set": [ "telegramip" ], "outbound": "📲 电报消息" },

-      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4"},
+      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4", "match_only": true},
      { "rule_set": [ "cnip" ], "outbound": "🀄️ 直连 IP" }

    ],
@@ -51,91 +51,104 @@
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/private.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/private.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "trackerslist",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/trackerslist.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/trackerslist.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "microsoft-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/microsoft-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/microsoft-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "apple-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/apple-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/apple-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "google-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/google-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/google-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "games-cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/games-cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/games-cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "ai",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/ai.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/ai.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "networktest",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/networktest.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/networktest.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "proxy",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/proxy.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/proxy.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cn",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "privateip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/privateip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cnip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cnip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "telegramip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/telegramip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/telegramip.srs",
+        "download_detour": "DIRECT"
      }
    ],
    "final": "🐟 漏网之鱼"
--- a/rules/singbox_providers/ShellCrash_RS_Full_BanAds.json
+++ b/rules/singbox_providers/ShellCrash_RS_Full_BanAds.json
@@ -0,0 +1,273 @@
+//ShellCrash-ruleset 全分组规则+去广告 For Sing-box By Maozai 260107
+{
+  "outbounds": [
+    { "tag": "🚀 节点选择", "type": "selector", "outbounds": ["♻️ 自动选择", "✨ 自动选择（去高倍率）", "🛠️ 手动切换", "🎯 本地直连", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🛠️ 手动切换", "type": "selector", "use_all_providers": true, "outbounds": ["🎯 本地直连", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "♻️ 自动选择", "type": "urltest", "use_all_providers": true, "exclude": "(?i)(剩余|重置|到期|防失联|官网|导航|客服|http|www)" },
+    { "tag": "✨ 自动选择（去高倍率）", "type": "urltest", "use_all_providers": true, "exclude": "(?i)(剩余|重置|到期|防失联|官网|导航|客服|http|www|专线|专用|高级|直连|急速|高速|高倍率|游戏|铂金|钻石|企业|VIP|Ultra|Game|IEPL|IPLC|AIA|BGP|GIA|CN2|CMI|HGC|HKT|CTM|CC|AC|x([2-9]|[0-9][0-9]+))" },
+
+    { "tag": "🤖 AI 平台", "type": "selector", "outbounds": ["🚀 节点选择", "🤖 AI节点（过滤港澳）", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🤖 AI节点（过滤港澳）", "type": "urltest", "use_all_providers": true, "exclude": "(?i)(剩余|重置|到期|防失联|官网|导航|客服|http|www|🇭🇰|港|🇲🇴|澳门|hk|hongkong|hong kong)" },
+    { "tag": "🎬 奈飞视频", "type": "selector", "outbounds": ["🚀 节点选择", "🎬 奈飞节点", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🎬 奈飞节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(NF|奈飞|解锁|Netflix|NETFLIX|Media)" },
+    { "tag": "▶️ 油管视频", "type": "selector", "outbounds": ["🚀 节点选择", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "📢 谷歌推送", "type": "selector", "outbounds": ["🚀 节点选择", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },    
+    { "tag": "📲 电报消息", "type": "selector", "outbounds": ["🚀 节点选择", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🌍 国际媒体", "type": "selector", "outbounds": ["🚀 节点选择", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🌐 国际流量", "type": "selector", "outbounds": ["🚀 节点选择", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🎮 外服游戏", "type": "selector", "outbounds": ["🚀 节点选择", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+
+    { "tag": "🕹 国服游戏", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", {providers_tags}] },
+    { "tag": "🦾 Steam平台", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🪟 微软服务", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🍎 苹果服务", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🇬 谷歌服务", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "🧲 BT下载", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "📈 网络测速", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    { "tag": "↔️ 直连软件", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", {providers_tags}] },
+    { "tag": "🀄️ 国内流量", "type": "selector", "outbounds": ["🎯 本地直连", "🚀 节点选择", "♻️ 自动选择", "🛠️ 手动切换", {providers_tags}] },
+
+    { "tag": "🐟 漏网之鱼", "type": "selector", "outbounds": ["🚀 节点选择", "🎯 本地直连", "♻️ 自动选择", "🛠️ 手动切换", "🇭🇰 香港节点", "🇹🇼 台湾节点", "🇺🇸 美国节点", "🇯🇵 日本节点", "🇪🇺 欧洲节点", "🇰🇷 韩国节点", "🇸🇬 狮城节点", "👑 高级节点", "📉 省流节点", {providers_tags}] },
+    
+    
+    { "tag": "🛑 广告拦截", "type": "selector", "outbounds": ["⛔ 禁止连接","🔀 规则放行", "🎯 本地直连"] },
+    { "tag": "⛔ 禁止连接", "type": "block" },
+    { "tag": "🔀 规则放行", "type": "pass" },
+    { "tag": "🎯 本地直连", "type": "direct" },
+    { "tag": "GLOBAL", "type": "selector", "outbounds": [ "🚀 节点选择", "🎯 本地直连" ] },
+
+    { "tag": "🇭🇰 香港节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(🇭🇰|港|hk|hongkong|hong kong)" },
+    { "tag": "🇹🇼 台湾节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(🇹🇼|台|tw|taiwan|tai wan)" },
+    { "tag": "🇺🇸 美国节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(🇺🇸|美|洛杉矶|圣何塞|西雅图|纽约|波特兰|旧金山|us|unitedstates|united states)" },
+    { "tag": "🇯🇵 日本节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(🇯🇵|日|东京|大阪|埼玉|九州|jp|japan)" },
+    { "tag": "🇪🇺 欧洲节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(🇪🇺|欧|德|英|法|荷|俄罗斯|西班牙|意大利|瑞士|瑞典|土耳其|挪威|芬兰|丹麦|比利时|爱尔兰|奥地利|波兰|葡萄牙|乌克兰|希腊|捷克|匈牙利|罗马尼亚|保加利亚|冰岛|克罗地亚)" },
+    { "tag": "🇰🇷 韩国节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(🇰🇷|韩|韓|首尔|kr|kor)" },
+    { "tag": "🇸🇬 狮城节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(🇸🇬|新加坡|狮城|sg|singapore)" },
+
+    { "tag": "👑 高级节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(专线|专用|高级|直连|急速|高速|高倍率|游戏|铂金|钻石|企业|VIP|Ultra|Game|IEPL|IPLC|AIA|BGP|GIA|CN2|CMI|HGC|HKT|CTM|CC|AC|x([2-9]|[0-9][0-9]+))" },
+    { "tag": "📉 省流节点", "type": "urltest", "use_all_providers": true, "include": "(?i)(0[.][1-5]|低倍率|省流|大流量|公益|免费|闲时|Low)" }
+  ],
+  "route": {
+    "rules": [
+      { "domain_suffix": ["captive.apple.com"], "outbound": "DIRECT" },
+      { "domain_suffix": ["kamo.teracloud.jp"], "outbound": "DIRECT" },
+    
+      { "rule_set": ["private"], "outbound": "🎯 本地直连" },
+      { "rule_set": ["ads"], "outbound": "🛑 广告拦截" },
+
+      { "rule_set": ["networktest"], "outbound": "📈 网络测速" },
+      { "rule_set": ["applications"], "outbound": "↔️ 直连软件" },
+      { "rule_set": ["trackerslist"], "outbound": "🧲 BT下载" },
+      { "rule_set": ["apple-cn"], "outbound": "🍎 苹果服务" },
+      { "rule_set": ["microsoft-cn"], "outbound": "🪟 微软服务" },
+      { "rule_set": ["google-cn"], "outbound": "🇬 谷歌服务" },
+      { "rule_set": ["steamcn"], "outbound": "🦾 Steam平台" },
+      { "rule_set": ["games-cn"], "outbound": "🕹 国服游戏" },
+
+      { "rule_set": ["googlefcm"], "outbound": "📢 谷歌推送" },
+      { "rule_set": ["netflix"], "outbound": "🎬 奈飞视频" },
+      { "rule_set": ["youtube"], "outbound": "▶️ 油管视频" },
+      { "rule_set": ["ai"], "outbound": "🤖 AI 平台" },
+      { "rule_set": ["media"], "outbound": "🌍 国际媒体" },
+      { "rule_set": ["games"], "outbound": "🎮 外服游戏" },
+
+      { "rule_set": ["proxy"], "outbound": "🌐 国际流量" },
+      { "rule_set": ["cn"], "outbound": "🀄️ 国内流量" },
+
+      { "rule_set": ["privateip"], "outbound": "🎯 本地直连" },
+      { "rule_set": ["telegramip"], "outbound": "📲 电报消息" },
+
+      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4" },
+      { "rule_set": ["gamesip"], "outbound": "🎮 外服游戏" },
+      { "rule_set": ["mediaip"], "outbound": "🌍 国际媒体" },
+      { "rule_set": ["cnip"], "outbound": "🀄️ 国内流量" }
+    ],
+    "rule_set": [
+      {
+        "tag": "private",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/private.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/private.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "ads",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/ads.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/ads.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "networktest",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/networktest.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/networktest.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "applications",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/applications.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/applications.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "trackerslist",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/trackerslist.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/trackerslist.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "apple-cn",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/apple-cn.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/apple-cn.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "microsoft-cn",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/microsoft-cn.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/microsoft-cn.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "google-cn",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/google-cn.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/google-cn.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "steamcn",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/steamcn.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@refs/heads/sing/geo/geosite/steam%40cn.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "games-cn",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/games-cn.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/games-cn.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "googlefcm",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/googlefcm.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@refs/heads/sing/geo/geosite/googlefcm.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "netflix",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/netflix.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/netflix.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "youtube",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/youtube.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/youtube.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "ai",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/ai.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/ai.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "media",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/media.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/media.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "games",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/games.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/games.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "proxy",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/proxy.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/proxy.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "cn",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/cn.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "privateip",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/privateip.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/privateip.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "telegramip",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/telegramip.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/telegramip.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "gamesip",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/gamesip.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/gamesip.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "mediaip",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/mediaip.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/mediaip.srs",
+        "download_detour": "DIRECT"
+      },
+      {
+        "tag": "cnip",
+        "type": "remote",
+        "format": "binary",
+        "path": "./ruleset/cnip.srs",
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@refs/heads/sing-box-ruleset/cnip.srs",
+        "download_detour": "DIRECT"
+      }
+    ],
+    "final": "🐟 漏网之鱼"
+  }
+}
--- a/rules/singbox_providers/ShellCrash_RS_Nano.json
+++ b/rules/singbox_providers/ShellCrash_RS_Nano.json
@@ -1,16 +1,16 @@
 //ShellCrash-ruleset极简规则
 {
  "outbounds": [
-    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ {providers_tags}, "DIRECT" ], "use_all_providers": true },
-    { "tag": "🎯 全球直连", "type": "selector", "outbounds": [ "DIRECT", "🚀 节点选择" ] }
+    { "tag": "🚀 节点选择", "type": "selector", "outbounds": [ {providers_tags}, "🎯 本地直连" ], "use_all_providers": true },
+    { "tag": "🎯 本地直连", "type": "direct" }
  ],
  "route": {
    "rules": [
-      { "rule_set": [ "privateip" ], "outbound": "🎯 全球直连" },
-      { "rule_set": [ "cn" ], "outbound": "🎯 全球直连" },
+      { "rule_set": [ "privateip" ], "outbound": "🎯 本地直连" },
+      { "rule_set": [ "cn" ], "outbound": "🎯 本地直连" },

-      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4"},
-      { "rule_set": [ "cnip" ], "outbound": "🎯 全球直连" }
+      { "action": "resolve", "server": "dns_proxy", "strategy": "prefer_ipv4", "match_only": true},
+      { "rule_set": [ "cnip" ], "outbound": "🎯 本地直连" }
    ],
    "rule_set": [
      {
@@ -18,21 +18,24 @@
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cn.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "privateip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/privateip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/privateip.srs",
+        "download_detour": "DIRECT"
      },
      {
        "tag": "cnip",
        "type": "remote",
        "format": "binary",
        "path": "./ruleset/cnip.srs",
-        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs"
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cnip.srs",
+        "download_detour": "DIRECT"
      }
    ],
    "final": "🚀 节点选择"
--- a/rules/singbox_providers/singbox_providers.list
+++ b/rules/singbox_providers/singbox_providers.list
@@ -1,4 +1,5 @@
 ShellCrash-ruleset极简规则 ShellCrash_RS_Nano.json
+ShellCrash-ruleset全分组规则+去广告 ShellCrash_RS_Full_BanAds.json
 DustinWin-ruleset轻量规则 DustinWin_RS_Light.json
 DustinWin-ruleset标准规则 DustinWin_RS_Lite_NoAds.json
 DustinWin-ruleset标准规则+去广告 DustinWin_RS_Lite.json
--- a/scripts/init.sh
+++ b/scripts/init.sh
@@ -1,161 +1,6 @@
 #!/bin/sh
 # Copyright (C) Juewuy

-setdir() {
-    dir_avail() {
-        df $2 $1 | awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' | grep -E 'Ava|可用' | awk '{print $2}'
-    }
-    set_usb_dir() {
-        echo -e "请选择安装目录"
-        du -hL /mnt | awk '{print " "NR" "$2"  "$1}'
-        read -p "请输入相应数字 > " num
-        dir=$(du -hL /mnt | awk '{print $2}' | sed -n "$num"p)
-        if [ -z "$dir" ]; then
-            echo -e "\033[31m输入错误！请重新设置！\033[0m"
-            set_usb_dir
-        fi
-    }
-    set_asus_dir() {
-        echo -e "请选择U盘目录"
-        du -hL /tmp/mnt | awk -F/ 'NF<=4' | awk '{print " "NR" "$2"  "$1}'
-        read -p "请输入相应数字 > " num
-        dir=$(du -hL /tmp/mnt | awk -F/ 'NF<=4' | awk '{print $2}' | sed -n "$num"p)
-        if [ ! -f "$dir/asusware.arm/etc/init.d/S50downloadmaster" ]; then
-            echo -e "\033[31m未找到下载大师自启文件：$dir/asusware.arm/etc/init.d/S50downloadmaster，请检查设置！\033[0m"
-            set_asus_dir
-        fi
-    }
-    set_cust_dir() {
-        echo "-----------------------------------------------"
-        echo "可用路径 剩余空间:"
-        df -h | awk '{print $6,$4}' | sed 1d
-        echo "路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！"
-        read -p "请输入自定义路径 > " dir
-        if [ "$(dir_avail $dir)" = 0 ] || [ -n "$(echo $dir | grep -E 'tmp|opt|sys')" ]; then
-            echo "\033[31m路径错误！请重新设置！\033[0m"
-            set_cust_dir
-        fi
-    }
-    echo "-----------------------------------------------"
-    if [ -n "$systype" ]; then
-        [ "$systype" = "Padavan" ] && dir=/etc/storage
-        [ "$systype" = "mi_snapshot" ] && {
-            echo -e "\033[33m检测到当前设备为小米官方系统，请选择安装位置\033[0m"
-            [ -d /data ] && $echo " 1 安装到 /data 目录,剩余空间：$(dir_avail /data -h)(支持软固化功能)"
-            [ -d /userdisk ] && $echo " 2 安装到 /userdisk 目录,剩余空间：$(dir_avail /userdisk -h)(支持软固化功能)"
-            [ -d /data/other_vol ] && $echo " 3 安装到 /data/other_vol 目录,剩余空间：$(dir_avail /data/other_vol -h)(支持软固化功能)"
-            $echo " 4 安装到自定义目录(不推荐，不明勿用！)"
-            echo " 0 退出安装"
-            echo "-----------------------------------------------"
-            read -p "请输入相应数字 > " num
-            case "$num" in
-            1)
-                dir=/data
-                ;;
-            2)
-                dir=/userdisk
-                ;;
-            3)
-                dir=/data/other_vol
-                ;;
-            4)
-                set_cust_dir
-                ;;
-            *)
-                exit 1
-                ;;
-            esac
-        }
-        [ "$systype" = "asusrouter" ] && {
-            echo -e "\033[33m检测到当前设备为华硕固件，请选择安装方式\033[0m"
-            echo -e " 1 基于USB设备安装(限23年9月之前固件，须插入\033[31m任意\033[0mUSB设备)"
-            echo -e " 2 基于自启脚本安装(仅支持梅林及部分非koolshare官改固件)"
-            echo -e " 3 基于U盘+下载大师安装(支持所有固件，限ARM设备，须插入U盘或移动硬盘)"
-            echo -e " 0 退出安装"
-            echo "-----------------------------------------------"
-            read -p "请输入相应数字 > " num
-            case "$num" in
-            1)
-                read -p "将脚本安装到USB存储/系统闪存？(1/0) > " res
-                [ "$res" = "1" ] && set_usb_dir || dir=/jffs
-                usb_status=1
-                ;;
-            2)
-                echo -e "如无法正常开机启动，请重新使用USB方式安装！"
-                sleep 2
-                dir=/jffs
-                ;;
-            3)
-                echo -e "请先在路由器网页后台安装下载大师并启用，之后选择外置存储所在目录！"
-                sleep 2
-                set_asus_dir
-                ;;
-            *)
-                exit 1
-                ;;
-            esac
-        }
-        [ "$systype" = "ng_snapshot" ] && dir=/tmp/mnt
-    else
-        echo -e "\033[33m安装ShellCrash至少需要预留约1MB的磁盘空间\033[0m"
-        echo -e " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
-        echo -e " 2 在\033[32m/usr/share目录\033[0m下安装(适合Linux系统)"
-        echo -e " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
-        echo -e " 4 在\033[32m外置存储\033[0m中安装"
-        echo -e " 5 手动设置安装目录"
-        echo -e " 0 退出安装"
-        echo "-----------------------------------------------"
-        read -p "请输入相应数字 > " num
-        #设置目录
-        case "$num" in
-        1)
-            dir=/etc
-            ;;
-        2)
-            dir=/usr/share
-            ;;
-        3)
-            dir=~/.local/share
-            mkdir -p ~/.config/systemd/user
-            ;;
-        4)
-            set_usb_dir
-            ;;
-        5)
-            echo "-----------------------------------------------"
-            echo "可用路径 剩余空间:"
-            df -h | awk '{print $6,$4}' | sed 1d
-            echo "路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！"
-            read -p "请输入自定义路径 > " dir
-            if [ -z "$dir" ]; then
-                echo -e "\033[31m路径错误！请重新设置！\033[0m"
-                setdir
-            fi
-            ;;
-        *)
-            echo "安装已取消"
-            exit 1
-            ;;
-        esac
-    fi
-
-    if [ ! -w $dir ]; then
-        echo -e "\033[31m没有$dir目录写入权限！请重新设置！\033[0m" && sleep 1 && setdir
-    else
-        echo -e "目标目录\033[32m$dir\033[0m空间剩余：$(dir_avail $dir -h)"
-        read -p "确认安装？(1/0) > " res
-        [ "$res" = "1" ] && CRASHDIR=$dir/ShellCrash || setdir
-    fi
-}
-setconfig() { #脚本配置工具
-    #参数1代表变量名，参数2代表变量值,参数3即文件路径
-    [ -z "$3" ] && configpath="$CRASHDIR"/configs/ShellCrash.cfg || configpath="${3}"
-    if grep -q "^${1}=" "$configpath"; then
-        sed -i "s#^${1}=.*#${1}=${2}#g" "$configpath"
-    else
-        printf '%s=%s\n' "$1" "$2" >>"$configpath"
-    fi
-}
 #特殊固件识别及标记
 [ -f "/etc/storage/started_script.sh" ] && { #老毛子固件
    systype=Padavan 
@@ -176,22 +21,26 @@ grep -qE '/(docker|lxc|kubepods|crio|containerd)/' /proc/1/cgroup || [ -f /run/.
 #检查环境变量
 [ "$systype" = 'container' ] && CRASHDIR='/etc/ShellCrash'
 [ -z "$CRASHDIR" ] && [ -n "$clashdir" ] && CRASHDIR="$clashdir"
-[ -z "$CRASHDIR" ] && [ -d /tmp/SC_tmp ] && setdir
+[ -z "$CRASHDIR" ] && [ -d /tmp/SC_tmp ] && . /tmp/SC_tmp/menus/set_crashdir.sh && set_crashdir
 #移动文件
-mkdir -p ${CRASHDIR}
-mv -f /tmp/SC_tmp/* ${CRASHDIR} 2>/dev/null
-
+mkdir -p "$CRASHDIR"
+rm -rf /tmp/SC_tmp/menus/set_crashdir.sh
+mv -f /tmp/SC_tmp/* "$CRASHDIR" 2>/dev/null
+##############################
+#注意目录变更
+CFG_PATH="$CRASHDIR"/configs/ShellCrash.cfg
+. "$CRASHDIR"/libs/set_config.sh
+. "$CRASHDIR"/libs/set_profile.sh
 #初始化
-mkdir -p ${CRASHDIR}/configs
-[ -f "${CRASHDIR}/configs/ShellCrash.cfg" ] || echo '#ShellCrash配置文件，不明勿动！' >${CRASHDIR}/configs/ShellCrash.cfg
+mkdir -p "$CRASHDIR"/configs
+[ -f "$CFG_PATH" ] || echo '#ShellCrash配置文件，不明勿动！' >"$CFG_PATH"
 #判断系统类型写入不同的启动文件
 [ -w /usr/lib/systemd/system ] && sysdir=/usr/lib/systemd/system
 [ -w /etc/systemd/system ] && sysdir=/etc/systemd/system
 if [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ]; then
    #设为init.d方式启动
-    cp -f ${CRASHDIR}/shellcrash.procd /etc/init.d/shellcrash
+    cp -f "$CRASHDIR"/starts/shellcrash.procd /etc/init.d/shellcrash
    chmod 755 /etc/init.d/shellcrash
-    rm -rf ${CRASHDIR}/shellcrash.openrc
 elif [ -n "$sysdir" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ]; then
    #创建shellcrash用户
    userdel shellcrash 2>/dev/null
@@ -204,41 +53,46 @@ elif [ -n "$sysdir" -a "$USER" = "root" -a "$(cat /proc/1/comm)" = "systemd" ];
        echo "shellcrash:x:0:7890::/home/shellcrash:/bin/sh" >>/etc/passwd
    fi
    #配置systemd
-    mv -f ${CRASHDIR}/shellcrash.service $sysdir/shellcrash.service 2>/dev/null
-    sed -i "s%/etc/ShellCrash%$CRASHDIR%g" $sysdir/shellcrash.service
+    mv -f "$CRASHDIR"/starts/shellcrash.service "$sysdir"/shellcrash.service 2>/dev/null
+    sed -i "s%/etc/ShellCrash%$CRASHDIR%g" "$sysdir"/shellcrash.service
    systemctl daemon-reload
+	rm -rf "$CRASHDIR"/starts/shellcrash.procd
 elif rc-status -r >/dev/null 2>&1; then
    #设为openrc方式启动
-    cp -f ${CRASHDIR}/shellcrash.openrc /etc/init.d/shellcrash
+    mv -f "$CRASHDIR"/starts/shellcrash.openrc /etc/init.d/shellcrash
    chmod 755 /etc/init.d/shellcrash
-    rm -rf ${CRASHDIR}/shellcrash.procd
+    rm -rf "$CRASHDIR"/starts/shellcrash.procd
 else
    #设为保守模式启动
    setconfig start_old 已开启
+	rm -rf "$CRASHDIR"/starts/shellcrash.procd
 fi
+rm -rf "$CRASHDIR"/starts/shellcrash.service
+rm -rf "$CRASHDIR"/starts/shellcrash.openrc

 #修饰文件及版本号
 command -v bash >/dev/null 2>&1 && shtype=bash
 [ -x /bin/ash ] && shtype=ash
-for file in start.sh task.sh menu.sh; do
-    sed -i "s|/bin/sh|/bin/$shtype|" ${CRASHDIR}/${file} 2>/dev/null
-    chmod 755 ${CRASHDIR}/${file} 2>/dev/null
+#批量授权
+for file in start.sh starts/bfstart.sh starts/afstart.sh starts/fw_stop.sh menu.sh menus/task_cmd.sh menus/bot_tg.sh; do
+    sed -i "s|/bin/sh|/bin/$shtype|" "$CRASHDIR/$file" 2>/dev/null
+    chmod +x "$CRASHDIR/$file" 2>/dev/null
 done
 setconfig versionsh_l $version
 #生成用于执行启动服务的变量文件
-[ ! -f ${CRASHDIR}/configs/command.env ] && {
+[ ! -f "$CRASHDIR"/configs/command.env ] && {
    TMPDIR='/tmp/ShellCrash'
-    BINDIR=${CRASHDIR}
-    touch ${CRASHDIR}/configs/command.env
-    setconfig TMPDIR ${TMPDIR} ${CRASHDIR}/configs/command.env
-    setconfig BINDIR ${BINDIR} ${CRASHDIR}/configs/command.env
+    BINDIR="$CRASHDIR"
+    touch "$CRASHDIR"/configs/command.env
+    setconfig TMPDIR "$TMPDIR" "$CRASHDIR"/configs/command.env
+    setconfig BINDIR "$BINDIR" "$CRASHDIR"/configs/command.env
 }
-if [ -n "$(grep 'crashcore=singbox' ${CRASHDIR}/configs/ShellCrash.cfg)" ]; then
+if [ -n "$(grep 'crashcore=singbox' "$CFG_PATH")" ]; then
    COMMAND='"$TMPDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons"'
 else
    COMMAND='"$TMPDIR/CrashCore -d $BINDIR -f $TMPDIR/config.yaml"'
 fi
-setconfig COMMAND "$COMMAND" ${CRASHDIR}/configs/command.env
+setconfig COMMAND "$COMMAND" "$CRASHDIR"/configs/command.env
 #设置防火墙执行模式
 grep -q 'firewall_mod' "$CRASHDIR/configs/ShellClash.cfg" 2>/dev/null || {
    firewall_mod=iptables
@@ -248,20 +102,13 @@ grep -q 'firewall_mod' "$CRASHDIR/configs/ShellClash.cfg" 2>/dev/null || {
 #设置更新地址
 [ -n "$url" ] && setconfig update_url $url
 #设置环境变量
-[ -w /opt/etc/profile ] && profile=/opt/etc/profile
+[ -w /opt/etc/profile ] && [ "$systype" = "Padavan" ] && profile=/opt/etc/profile
 [ -w /jffs/configs/profile.add ] && profile=/jffs/configs/profile.add
 [ -z "$profile" ] && profile=/etc/profile
-set_profile() {
-    [ -z "$my_alias" ] && my_alias=crash
-    sed -i "/ShellCrash\/menu.sh/"d "$1"
-    echo "alias ${my_alias}=\"$shtype $CRASHDIR/menu.sh\"" >>"$1" #设置快捷命令环境变量
-    sed -i '/export CRASHDIR=*/'d "$1"
-    echo "export CRASHDIR=\"$CRASHDIR\"" >>"$1" #设置路径环境变量
-}
 if [ -n "$profile" ]; then
    set_profile "$profile"
    #适配zsh环境变量
-    zsh --version >/dev/null 2>&1 && [ -z "$(cat $HOME/.zshrc 2>/dev/null | grep CRASHDIR)" ] && set_profile '$HOME/.zshrc'
+    zsh --version >/dev/null 2>&1 && [ -z "$(cat $HOME/.zshrc 2>/dev/null | grep CRASHDIR)" ] && set_profile "$HOME/.zshrc"
    setconfig my_alias "$my_alias"
 else
    echo -e "\033[33m无法写入环境变量！请检查安装权限！\033[0m"
@@ -269,30 +116,39 @@ else
 fi
 #梅林/Padavan额外设置
 [ -n "$initdir" ] && {
-    sed -i '/ShellCrash初始化/'d $initdir
-    touch $initdir
-    echo "$CRASHDIR/start.sh init & #ShellCrash初始化脚本" >>$initdir
-    chmod a+rx $initdir 2>/dev/null
-    setconfig initdir $initdir
+	touch "$initdir"
+    sed -i '/ShellCrash初始化/'d "$initdir"
+    echo "$CRASHDIR/starts/general_init.sh & #ShellCrash初始化脚本" >>"$initdir"
+	chmod 755 "$CRASHDIR"/starts/general_init.sh
+    chmod a+rx "$initdir" 2>/dev/null
+    setconfig initdir "$initdir"
 }
 #Padavan额外设置
 [ -f "/etc/storage/started_script.sh" ] && mount -t tmpfs -o remount,rw,size=45M tmpfs /tmp #增加/tmp空间以适配新的内核压缩方式
 #镜像化OpenWrt(snapshot)额外设置
 if [ "$systype" = "mi_snapshot" -o "$systype" = "ng_snapshot" ]; then
-    chmod 755 ${CRASHDIR}/misnap_init.sh
-    uci delete firewall.ShellClash 2>/dev/null
+    chmod 755 "$CRASHDIR"/starts/snapshot_init.sh
+	if [ "$systype" = "mi_snapshot" ];then
+		path="/data/shellcrash_init.sh"
+		sed -i "s#^CRASHDIR=.*#CRASHDIR=$CRASHDIR#" "$CRASHDIR"/starts/snapshot_init.sh
+		mv -f "$CRASHDIR"/starts/snapshot_init.sh "$path"
+		[ ! -f /data/auto_start.sh ] && echo '#用于自定义需要开机启动的功能或者命令，会在开机后自动运行' > /data/auto_start.sh
+	else
+		path="$CRASHDIR"/starts/snapshot_init.sh
+	fi
+    uci delete firewall.auto_ssh 2>/dev/null
    uci delete firewall.ShellCrash 2>/dev/null
    uci set firewall.ShellCrash=include
    uci set firewall.ShellCrash.type='script'
-    uci set firewall.ShellCrash.path="$CRASHDIR/misnap_init.sh"
+    uci set firewall.ShellCrash.path="$path"
    uci set firewall.ShellCrash.enabled='1'
    uci commit firewall
 else
-    rm -rf ${CRASHDIR}/misnap_init.sh
+    rm -rf "$CRASHDIR"/starts/snapshot_init.sh
 fi
 #华硕USB启动额外设置
 [ "$usb_status" = "1" ] && {
-    echo "$CRASHDIR/start.sh init & #ShellCrash初始化脚本" >${CRASHDIR}/asus_usb_mount.sh
+    echo "$CRASHDIR/start.sh init & #ShellCrash初始化脚本" >"$CRASHDIR"/asus_usb_mount.sh
    nvram set script_usbmount="$CRASHDIR/asus_usb_mount.sh"
    nvram commit
 }
@@ -307,7 +163,7 @@ fi
 	setconfig firewall_area '1'
 	setconfig firewall_mod 'nftables'
 	setconfig release_type 'master'
-	setconfig start_old '未开启'
+	setconfig start_old 'OFF'
 	echo "$CRASHDIR/menu.sh" >> /etc/profile
 	cat > /usr/bin/crash <<'EOF'
 #!/bin/sh
@@ -322,57 +178,56 @@ setconfig systype $systype
 rm -rf /tmp/*rash*gz
 rm -rf /tmp/SC_tmp
 #转换&清理旧版本文件
-mkdir -p ${CRASHDIR}/yamls
-mkdir -p ${CRASHDIR}/jsons
-mkdir -p ${CRASHDIR}/tools
-mkdir -p ${CRASHDIR}/task
-mkdir -p ${CRASHDIR}/ruleset
+mkdir -p "$CRASHDIR"/yamls
+mkdir -p "$CRASHDIR"/jsons
+mkdir -p "$CRASHDIR"/tools
+mkdir -p "$CRASHDIR"/task
+mkdir -p "$CRASHDIR"/ruleset
 for file in config.yaml.bak user.yaml proxies.yaml proxy-groups.yaml rules.yaml others.yaml; do
-    mv -f ${CRASHDIR}/$file ${CRASHDIR}/yamls/$file 2>/dev/null
+    mv -f "$CRASHDIR"/"$file" "$CRASHDIR"/yamls/"$file" 2>/dev/null
 done
-[ ! -L ${CRASHDIR}/config.yaml ] && mv -f ${CRASHDIR}/config.yaml ${CRASHDIR}/yamls/config.yaml 2>/dev/null
+[ ! -L "$CRASHDIR"/config.yaml ] && mv -f "$CRASHDIR"/config.yaml "$CRASHDIR"/yamls/config.yaml 2>/dev/null
 for file in fake_ip_filter mac web_save servers.list fake_ip_filter.list fallback_filter.list singbox_providers.list clash_providers.list; do
-    mv -f ${CRASHDIR}/$file ${CRASHDIR}/configs/$file 2>/dev/null
+    mv -f "$CRASHDIR"/"$file" "$CRASHDIR"/configs/"$file" 2>/dev/null
 done
 #配置文件改名
-mv -f ${CRASHDIR}/mark ${CRASHDIR}/configs/ShellCrash.cfg 2>/dev/null
-mv -f ${CRASHDIR}/configs/ShellClash.cfg ${CRASHDIR}/configs/ShellCrash.cfg 2>/dev/null
+mv -f "$CRASHDIR"/configs/ShellClash.cfg "$CFG_PATH" 2>/dev/null
 #数据库改名
-mv -f ${CRASHDIR}/geosite.dat ${CRASHDIR}/GeoSite.dat 2>/dev/null
-mv -f ${CRASHDIR}/ruleset/geosite-cn.srs ${CRASHDIR}/ruleset/cn.srs 2>/dev/null
-mv -f ${CRASHDIR}/ruleset/geosite-cn.mrs ${CRASHDIR}/ruleset/cn.mrs 2>/dev/null
+mv -f "$CRASHDIR"/geosite.dat "$CRASHDIR"/GeoSite.dat 2>/dev/null
+mv -f "$CRASHDIR"/ruleset/geosite-cn.srs "$CRASHDIR"/ruleset/cn.srs 2>/dev/null
+mv -f "$CRASHDIR"/ruleset/geosite-cn.mrs "$CRASHDIR"/ruleset/cn.mrs 2>/dev/null
 #数据库移动
-mv -f ${CRASHDIR}/*.srs ${CRASHDIR}/ruleset/ 2>/dev/null
-mv -f ${CRASHDIR}/*.mrs ${CRASHDIR}/ruleset/ 2>/dev/null
-#内核改名
-mv -f ${CRASHDIR}/clash ${CRASHDIR}/CrashCore 2>/dev/null
-#内核压缩
-[ -f ${CRASHDIR}/CrashCore ] && tar -zcf ${CRASHDIR}/CrashCore.tar.gz -C ${CRASHDIR} CrashCore
+mv -f "$CRASHDIR"/*.srs "$CRASHDIR"/ruleset/ 2>/dev/null
+mv -f "$CRASHDIR"/*.mrs "$CRASHDIR"/ruleset/ 2>/dev/null
 for file in dropbear_rsa_host_key authorized_keys tun.ko ShellDDNS.sh; do
-    mv -f ${CRASHDIR}/$file ${CRASHDIR}/tools/$file 2>/dev/null
+    mv -f "$CRASHDIR"/"$file" "$CRASHDIR"/tools/"$file" 2>/dev/null
 done
-for file in cron task.sh task.list; do
-    mv -f ${CRASHDIR}/$file ${CRASHDIR}/task/$file 2>/dev/null
+for file in cron task.list; do
+    mv -f "$CRASHDIR"/"$file" "$CRASHDIR"/task/"$file" 2>/dev/null
 done
+mv -f "$CRASHDIR"/menus/task_cmd.sh "$CRASHDIR"/task/task.sh 2>/dev/null
 #旧版文件清理
 userdel shellclash >/dev/null 2>&1
 sed -i '/shellclash/d' /etc/passwd
 sed -i '/shellclash/d' /etc/group
 rm -rf /etc/init.d/clash
-rm -rf ${CRASHDIR}/rules
+rm -rf "$CRASHDIR"/rules
 [ "$systype" = "mi_snapshot" -a "$CRASHDIR" != '/data/clash' ] && rm -rf /data/clash
-for file in CrashCore clash.sh getdate.sh core.new clashservice log shellcrash.service mark? mark.bak; do
-    rm -rf ${CRASHDIR}/$file
+for file in webget.sh misnap_init.sh core.new; do
+    rm -f "$CRASHDIR/$file"
 done
 #旧版变量改名
-sed -i "s/clashcore/crashcore/g" $configpath
-sed -i "s/clash_v/core_v/g" $configpath
-sed -i "s/clash.meta/meta/g" $configpath
-sed -i "s/ShellClash/ShellCrash/g" $configpath
-sed -i "s/cpucore=armv8/cpucore=arm64/g" $configpath
-sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" $configpath
-sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" $configpath
-sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" $configpath
-sed -i "s/redir_mod=纯净模式/firewall_area=4/g" $configpath
+sed -i "s/clashcore/crashcore/g" "$CFG_PATH"
+sed -i "s/clash_v/core_v/g" "$CFG_PATH"
+sed -i "s/clash.meta/meta/g" "$CFG_PATH"
+sed -i "s/ShellClash/ShellCrash/g" "$CFG_PATH"
+sed -i "s/cpucore=armv8/cpucore=arm64/g" "$CFG_PATH"
+sed -i "s/redir_mod=Nft基础/redir_mod=Redir模式/g" "$CFG_PATH"
+sed -i "s/redir_mod=Nft混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
+sed -i "s/redir_mod=Tproxy混合/redir_mod=Tproxy模式/g" "$CFG_PATH"
+sed -i "s/redir_mod=纯净模式/firewall_area=4/g" "$CFG_PATH"
+#变量统一使用ON/OFF
+sed -i 's/=\(已启用\|已开启\)$/=ON/'  "$CFG_PATH"
+sed -i 's/=\(未启用\|未开启\)$/=OFF/' "$CFG_PATH"

 echo -e "\033[32m脚本初始化完成,请输入\033[30;47m $my_alias \033[0;33m命令开始使用！\033[0m"
--- a/scripts/libs/README.md
+++ b/scripts/libs/README.md
@@ -0,0 +1,11 @@
+用于存放脚本内置工具的脚本
+
+引用方式必须为：
+
+```shell
+. "$CRASHDIR"/libs/xxx.sh
+```
+
+返回码必须是return x而不能是exit x
+
+此处脚本内容不应包含文字输出和log输出
--- a/scripts/libs/check_autostart.sh
+++ b/scripts/libs/check_autostart.sh
@@ -0,0 +1,17 @@
+check_autostart(){
+	if [ "$start_old" = ON ];then
+		[ ! -f "$CRASHDIR"/.dis_startup ] && return 0
+	elif [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ]; then
+		[ -n "$(find /etc/rc.d -name '*shellcrash')" ] && return 0
+		[ ! -f "$CRASHDIR"/.dis_startup ] && return 0
+	elif ckcmd systemctl; then
+		[ "$(systemctl is-enabled shellcrash.service 2>&1)" = enabled ] && return 0
+	elif grep -q 's6' /proc/1/comm; then
+		[ -f /etc/s6-overlay/s6-rc.d/user/contents.d/afstart ] && return 0
+	elif rc-status -r >/dev/null 2>&1; then
+		rc-update show default | grep -q "shellcrash" && return 0
+	else
+		return 1
+	fi
+	return 1
+}
--- a/scripts/libs/check_cmd.sh
+++ b/scripts/libs/check_cmd.sh
@@ -0,0 +1,7 @@
+ckcmd() {
+    if command -v sh >/dev/null 2>&1;then
+        command -v "$1" >/dev/null 2>&1
+    else
+        type "$1" >/dev/null 2>&1
+    fi
+}
--- a/scripts/libs/check_cpucore.sh
+++ b/scripts/libs/check_cpucore.sh
@@ -0,0 +1,14 @@
+
+check_cpucore(){ #自动获取内核架构
+	cputype=$(uname -ms | tr ' ' '_' | tr '[A-Z]' '[a-z]')
+	[ -n "$(echo $cputype | grep -E "linux.*armv.*")" ] && cpucore="armv5"
+	[ -n "$(echo $cputype | grep -E "linux.*armv7.*")" ] && [ -n "$(cat /proc/cpuinfo | grep vfp)" ] && [ ! -d /jffs ] && cpucore="armv7"
+	[ -n "$(echo $cputype | grep -E "linux.*aarch64.*|linux.*armv8.*")" ] && cpucore="arm64"
+	[ -n "$(echo $cputype | grep -E "linux.*86.*")" ] && cpucore="386"
+	[ -n "$(echo $cputype | grep -E "linux.*86_64.*")" ] && cpucore="amd64"
+	if [ -n "$(echo $cputype | grep -E "linux.*mips.*")" ];then
+		mipstype=$(echo -n I | hexdump -o 2>/dev/null | awk '{ print substr($2,6,1); exit}') #通过判断大小端判断mips或mipsle
+		[ "$mipstype" = "0" ] && cpucore="mips-softfloat" || cpucore="mipsle-softfloat"
+	fi
+	[ -n "$cpucore" ] && setconfig cpucore $cpucore
+}
--- a/scripts/libs/check_dir_avail.sh
+++ b/scripts/libs/check_dir_avail.sh
@@ -0,0 +1,5 @@
+#检查目录剩余空间——$1:目标路径 $2:-h参数
+dir_avail() {
+	df -h >/dev/null 2>&1 && h="$2"
+    df -P $h "${1:-.}" 2>/dev/null | awk 'NR==2 {print $4}'
+}
--- a/scripts/libs/check_target.sh
+++ b/scripts/libs/check_target.sh
@@ -0,0 +1,8 @@
+if echo "$crashcore" | grep -q 'singbox'; then
+	target=singbox
+	format=json
+else
+	target=clash
+	format=yaml
+fi
+core_config="$CRASHDIR/${format}s/config.$format"
--- a/scripts/libs/compare.sh
+++ b/scripts/libs/compare.sh
@@ -0,0 +1,10 @@
+compare() { #对比文件
+    if [ ! -f "$1" ] || [ ! -f "$2" ]; then
+        return 1
+    elif ckcmd cmp; then
+        cmp -s "$1" "$2"
+		return $?
+    else
+        [ "$(cat "$1")" = "$(cat "$2")" ] && return 0 || return 1
+    fi
+}
--- a/scripts/libs/core_tools.sh
+++ b/scripts/libs/core_tools.sh
@@ -0,0 +1,89 @@
+
+
+[ -n "$(find --help 2>&1 | grep -o size)" ] && find_para=' -size +2000'             #find命令兼容
+
+core_unzip() { #$1:需要解压的文件 $2:目标文件名
+	if echo "$1" |grep -q 'tar.gz$' ;then
+		[ "$BINDIR" = "$TMPDIR" ] && rm -rf "$TMPDIR"/CrashCore #小闪存模式防止空间不足
+		[ -n "$(tar --help 2>&1 | grep -o 'no-same-owner')" ] && tar_para='--no-same-owner' #tar命令兼容
+		mkdir -p "$TMPDIR"/core_tmp
+		tar -zxf "$1" ${tar_para} -C "$TMPDIR"/core_tmp/
+		for file in $(find "$TMPDIR"/core_tmp $find_para 2>/dev/null); do
+			[ -f "$file" ] && [ -n "$(echo $file | sed 's#.*/##' | grep -iE '(CrashCore|sing|meta|mihomo|clash|pre)')" ] && mv -f "$file" "$TMPDIR"/"$2"
+		done
+		rm -rf "$TMPDIR"/core_tmp
+	elif echo "$1" |grep -q '.gz$' ;then
+		gunzip -c "$1" > "$TMPDIR"/"$2"
+	elif echo "$1" |grep -q '.upx$' ;then
+		ln -sf "$1" "$TMPDIR"/"$2"
+	else
+		mv -f "$1" "$TMPDIR"/"$2"
+	fi
+	chmod +x "$TMPDIR"/"$2"
+}
+core_find(){
+	if [ ! -f "$TMPDIR"/CrashCore ];then
+		[ -n "$(find "$CRASHDIR"/CrashCore.* $find_para 2>/dev/null)" ] && [ "$CRASHDIR" != "$BINDIR" ] &&
+			mv -f "$CRASHDIR"/CrashCore.* "$BINDIR"/
+		core_dir=$(find "$BINDIR"/CrashCore.* $find_para 2>/dev/null | head -n 1)
+		[ -n "$core_dir" ] && core_unzip "$core_dir" CrashCore
+	fi
+}
+core_check(){
+	[ -n "$(pidof CrashCore)" ] && "$CRASHDIR"/start.sh stop #停止内核服务防止内存不足
+	core_unzip "$1" core_new
+	sbcheck=$(echo "$crashcore" | grep 'singbox')
+	v=''
+	if [ -n "$sbcheck" ] && "$TMPDIR"/core_new -h 2>&1 | grep -q 'sing-box'; then
+		v=$("$TMPDIR"/core_new version 2>/dev/null | grep version | awk '{print $3}')
+		COMMAND='"$TMPDIR/CrashCore run -D $BINDIR -C $TMPDIR/jsons"'
+	elif [ -z "$sbcheck" ] && "$TMPDIR"/core_new -h 2>&1 | grep -q '\-t';then
+		v=$("$TMPDIR"/core_new -v 2>/dev/null | head -n 1 | sed 's/ linux.*//;s/.* //')
+		COMMAND='"$TMPDIR/CrashCore -d $BINDIR -f $TMPDIR/config.yaml"'
+	fi
+	if [ -z "$v" ]; then
+		rm -rf "$1" "$TMPDIR"/core_new
+		return 2
+	else
+		rm -f "$BINDIR"/CrashCore.tar.gz "$BINDIR"/CrashCore.gz "$BINDIR"/CrashCore.upx
+		if [ -z "$zip_type" ];then
+			gzip -c "$TMPDIR/core_new" > "$BINDIR/CrashCore.gz"
+		else
+			mv -f "$1" "$BINDIR/CrashCore.$zip_type"
+		fi
+		if [ "$zip_type" = 'upx' ];then
+			rm -f "$1" "$TMPDIR"/core_new
+			ln -sf "$TMPDIR/CrashCore.upx" "$TMPDIR/CrashCore"
+		else
+			mv -f "$TMPDIR/core_new" "$TMPDIR/CrashCore"
+		fi
+		core_v="$v"
+		setconfig COMMAND "$COMMAND" "$CRASHDIR"/configs/command.env && . "$CRASHDIR"/configs/command.env
+		setconfig crashcore "$crashcore"
+		setconfig core_v "$core_v"
+		setconfig custcorelink "$custcorelink"
+		return 0
+	fi
+}
+core_webget(){
+	. "$CRASHDIR"/libs/web_get_bin.sh
+	. "$CRASHDIR"/libs/check_target.sh
+	if [ -z "$custcorelink" ];then
+		[ -z "$zip_type" ] && zip_type='tar.gz'
+		get_bin "$TMPDIR/Coretmp.$zip_type" "bin/$crashcore/${target}-linux-${cpucore}.$zip_type"
+	else
+		case "$custcorelink" in
+			*.tar.gz) zip_type="tar.gz" ;;
+			*.gz)     zip_type="gz" ;;
+			*.upx)    zip_type="upx" ;;
+		esac
+		[ -n "$zip_type" ] && webget "$TMPDIR/Coretmp.$zip_type" "$custcorelink"
+	fi
+	#校验内核
+	if [ "$?" = 0 ];then
+		core_check "$TMPDIR/Coretmp.$zip_type"
+	else
+		rm -f "$TMPDIR/Coretmp.$zip_type"
+		return 1
+	fi
+}
--- a/scripts/libs/gen_base64.sh
+++ b/scripts/libs/gen_base64.sh
@@ -0,0 +1,26 @@
+#生成指定位数的加密秘钥，符合ss2022协议
+gen_random() {
+    if ckcmd openssl;then
+		openssl rand --base64 "$1"
+	elif ckcmd base64;then
+		head -c "$1" /dev/urandom | base64 | tr -d '\n'
+	elif busybox base64 --help >/dev/null 2>&1;then
+		head -c "$1" /dev/urandom | base64 | tr -d '\n'
+	elif ckcmd uuencode;then
+		head -c "$1" /dev/urandom | uuencode -m - | sed -n '2p'
+	else
+		return 1
+	fi
+}
+#对指定字符串进行base64转码
+gen_base64() {
+	if ckcmd base64;then
+		echo -n "$1" | base64 | tr -d '\n'
+	elif busybox base64 --help >/dev/null 2>&1;then
+		echo -n "$1" | busybox base64 | tr -d '\n'
+	elif ckcmd openssl;then
+		echo -n "$1" | openssl base64 -A
+	else
+		return 1
+	fi
+}
--- a/scripts/libs/get_config.sh
+++ b/scripts/libs/get_config.sh
@@ -0,0 +1,22 @@
+
+# 检查配置文件
+[ -f "$CRASHDIR"/configs/ShellCrash.cfg ] || . "$CRASHDIR"/init.sh >/dev/null 2>&1
+. "$CRASHDIR"/configs/command.env >/dev/null 2>&1
+. "$CRASHDIR"/configs/ShellCrash.cfg
+
+[ -z "$mix_port" ] && mix_port=7890
+[ -z "$redir_port" ] && redir_port=7892
+[ -z "$tproxy_port" ] && tproxy_port=7893
+[ -z "$db_port" ] && db_port=9999
+[ -z "$dns_port" ] && dns_port=1053
+[ -z "$dns_redir_port" ] && dns_redir_port="$dns_port"
+[ -z "$fwmark" ] && fwmark="$redir_port"
+routing_mark=$((fwmark + 2))
+[ -z "$table" ] && table=100
+
+[ -z "$dns_nameserver" ] && {
+	dns_nameserver='223.5.5.5, 1.2.4.8'
+	netstat -ntlup 2>/dev/null | grep -q '127.0.0.1:53' && dns_nameserver='127.0.0.1'
+}
+[ -z "$dns_fallback" ] && dns_fallback="1.1.1.1, 8.8.8.8"
+[ -z "$dns_resolver" ] && dns_resolver="223.5.5.5, 2400:3200::1"
--- a/scripts/libs/get_ecsip.sh
+++ b/scripts/libs/get_ecsip.sh
@@ -0,0 +1,15 @@
+
+get_ecs_address() {
+    for f in /tmp/resolv.conf.auto /tmp/resolv.conf /tmp/resolv.conf.d/resolv.conf.auto; do
+        [ -f "$f" ] || continue
+        ip=$(grep -A1 "^# Interface wan$" "$f" | grep nameserver | awk '{printf "%s ", $2}')
+        [ -n "$ip" ] && return
+    done
+	. "$CRASHDIR"/libs/web_get_lite.sh
+	for web in http://members.3322.org/dyndns/getip http://4.ipw.cn http://ipinfo.io/ip; do
+		ip=$(web_get_lite "$web" 0)
+		[ -n "$ip" ] && return
+	done
+}
+get_ecs_address
+[ -n "$ip" ] && ecs_address="${ip%.*}.0/24"
--- a/scripts/libs/logger.sh
+++ b/scripts/libs/logger.sh
@@ -0,0 +1,51 @@
+#日志工具
+. "$CRASHDIR"/libs/web_json.sh
+#$1日志内容$2显示颜色$3是否推送$4是否覆盖上一条
+logger() { 
+	TMPDIR=/tmp/ShellCrash
+    [ -n "$2" -a "$2" != 0 ] && printf "\033[%sm%s\033[0m\n" "$2" "$1"
+    log_text="$(date "+%G-%m-%d_%H:%M:%S")~$1"
+	[ "$4" = on ] && sed -i "/$1/d" "$TMPDIR"/ShellCrash.log
+    echo "$log_text" >>"$TMPDIR"/ShellCrash.log
+    [ "$(wc -l "$TMPDIR"/ShellCrash.log | awk '{print $1}')" -gt 199 ] && sed -i '1,20d' "$TMPDIR"/ShellCrash.log
+	#推送远程日志
+    [ "$3" != off ] && {
+        [ -n "$device_name" ] && log_text="$log_text($device_name)"
+        [ -n "$push_TG" ] && {
+            url="https://api.telegram.org/bot${push_TG}/sendMessage"
+            [ "$push_TG" = 'publictoken' ] && url='https://tgbot.jwsc.eu.org/publictoken/sendMessage'
+            content="{\"chat_id\":\"${chat_ID}\",\"text\":\"$log_text\"}"
+            web_json_post "$url" "$content" &
+        }
+        [ -n "$push_bark" ] && {
+            url="${push_bark}"
+            content="{\"body\":\"${log_text}\",\"title\":\"ShellCrash_log\",\"level\":\"passive\",\"badge\":\"1\"}"
+            web_json_post "$url" "$content" &
+        }
+        [ -n "$push_Deer" ] && {
+            url="https://api2.pushdeer.com/message/push"
+            content="{\"pushkey\":\"${push_Deer}\",\"text\":\"$log_text\"}"
+            web_json_post "$url" "$content" &
+        }
+        [ -n "$push_Po" ] && {
+            url="https://api.pushover.net/1/messages.json"
+            content="{\"token\":\"${push_Po}\",\"user\":\"${push_Po_key}\",\"title\":\"ShellCrash_log\",\"message\":\"$log_text\"}"
+            web_json_post "$url" "$content" &
+        }
+        [ -n "$push_PP" ] && {
+            url="http://www.pushplus.plus/send"
+            content="{\"token\":\"${push_PP}\",\"title\":\"ShellCrash_log\",\"content\":\"$log_text\"}"
+            web_json_post "$url" "$content" &
+        }
+        [ -n "$push_Gotify" ] && {
+            url="${push_Gotify}"
+            content="{\"title\":\"ShellCrash_log\",\"message\":\"$log_text\",\"priority\":5}"
+            web_json_post "$url" "$content" &
+        }
+        [ -n "$push_SynoChat" ] && {
+            url="${push_ChatURL}/webapi/entry.cgi?api=SYNO.Chat.External&method=chatbot&version=2&token=${push_ChatTOKEN}"
+            content="payload={\"text\":\"${log_text}\", \"user_ids\":[${push_ChatUSERID}]}"
+            web_json_post "$url" "$content" &
+		}
+    } &
+}
--- a/scripts/libs/meta_listeners.sh
+++ b/scripts/libs/meta_listeners.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#meta内核vmess入站生成
+[ "$vms_service" = ON ] && {
+	cat >>"$TMPDIR"/listeners.yaml <<EOF
+  - name: "vmess-in"
+    type: vmess
+    port: $vms_port
+    listen:
+    users:
+      - uuid: $vms_uuid
+        alterId: 0
+    ws-path: $vms_ws_path
+EOF
+}
+#meta内核ss入站生成
+[ "$sss_service" = ON ] && {
+	cat >>"$TMPDIR"/listeners.yaml <<EOF
+  - name: "ss-in"
+    type: shadowsocks
+    port: $sss_port
+    listen:
+    cipher: $sss_cipher
+    password: $sss_pwd
+    udp: true
+EOF
+}
--- a/scripts/libs/sb_endpoints.sh
+++ b/scripts/libs/sb_endpoints.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ "$ts_service" = ON ] && ! grep -q '"tailscale"' "$CRASHDIR"/jsons/endpoints.json 2>/dev/null && {
+	[ "$ts_subnet" = true ] && {
+		. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
+		advertise_routes=$(echo "$host_ipv4"|sed 's/[[:space:]]\+/", "/g; s/^/"/; s/$/"/')
+	}
+	[ -z "$ts_exit_node" ] && ts_exit_node=false
+	[ -z "$ts_hostname" ] && ts_hostname='ShellCrash'
+	cat >"$TMPDIR"/jsons/tailscale.json <<EOF
+{
+  "endpoints": [
+    {
+	  "type": "tailscale",
+	  "tag": "ts-ep",
+	  "state_directory": "$CRASHDIR/tailscale",
+	  "auth_key": "$ts_auth_key",
+	  "hostname": "$ts_hostname",
+	  "advertise_routes": [$advertise_routes],
+	  "advertise_exit_node": $ts_exit_node,
+	  "udp_timeout": "5m"
+    }
+  ]
+}
+EOF
+}
+
+[ "$wg_service" = ON ] && ! grep -q '"wireguard"' "$CRASHDIR"/jsons/endpoints.json 2>/dev/null && {
+	[ -n "$wg_ipv6" ] && wg_ipv6_add=", \"$wg_ipv6\""
+	cat >"$TMPDIR"/jsons/wireguard.json <<EOF
+{
+  "endpoints": [
+	{
+	  "type": "wireguard",
+	  "tag": "wg-ep",
+	  "system": true,
+	  "mtu": 1420,
+	  "address": [ "$wg_ipv4"$wg_ipv6_add ],
+	  "private_key": "$wg_private_key",
+	  "peers": [
+		{
+		  "address": "$wg_server",
+		  "port": $wg_port,
+		  "public_key": "$wg_public_key",
+		  "pre_shared_key": "$wg_pre_shared_key",
+		  "allowed_ips": ["0.0.0.0/0", "::/0"]
+		}
+	  ]
+	}
+  ]
+}
+EOF
+}
--- a/scripts/libs/sb_inbounds.sh
+++ b/scripts/libs/sb_inbounds.sh
@@ -0,0 +1,40 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ "$vms_service" = ON ] && {
+	[ -n "$vms_ws_path" ] && transport=', "transport": { "type": "ws", "path": "'"$vms_ws_path"'" }'
+	cat >"$TMPDIR"/jsons/vmess-in.json <<EOF
+{
+  "inbounds": [
+    {
+      "type": "vmess",
+      "tag": "vmess-in",
+      "listen": "::",
+      "listen_port": $vms_port,
+	  "users": [
+        {
+          "uuid": "$vms_uuid"
+        }
+      ]$transport
+    }
+  ]
+}
+EOF
+}
+
+[ "$sss_service" = ON ] && {
+	cat >"$TMPDIR"/jsons/ss-in.json <<EOF
+{
+  "inbounds": [
+	{
+	  "type": "shadowsocks",
+	  "tag": "ss-in",
+      "listen": "::",
+      "listen_port": $sss_port,
+	  "method": "$sss_cipher",
+	  "password": "$sss_pwd",
+	}
+  ]
+}
+EOF
+}
--- a/scripts/libs/set_config.sh
+++ b/scripts/libs/set_config.sh
@@ -0,0 +1,6 @@
+#参数1代表变量名，参数2代表变量值,参数3即文件路径
+setconfig() {
+    [ -z "$3" ] && configpath="$CRASHDIR"/configs/ShellCrash.cfg || configpath="${3}"
+	sed -i "/^${1}=.*/d" "$configpath"
+	printf '%s=%s\n' "$1" "$2" >>"$configpath"
+}
--- a/scripts/libs/set_cron.sh
+++ b/scripts/libs/set_cron.sh
@@ -0,0 +1,39 @@
+
+crondir="$(crond -h 2>&1 | grep -oE 'Default:.*' | awk -F ":" '{print $2}'| tr -d ' ')"
+[ ! -w "$crondir" ] && crondir="/etc/storage/cron/crontabs"
+[ ! -w "$crondir" ] && crondir="/var/spool/cron/crontabs"
+[ ! -w "$crondir" ] && crondir="/var/spool/cron"
+[ -z "$USER" ] && USER=$(whoami 2>/dev/null)
+tmpcron=/tmp/cron_tmp
+touch "$tmpcron"
+
+cronadd() { #定时任务工具
+	if crontab -h 2>&1 | grep -q '\-l'; then
+        crontab "$1"
+	elif [ -f "$crondir/$USER" ];then
+		cat "$1" >"$crondir"/"$USER" && cru a REFRESH "0 0 1 1 * /bin/true" 2>/dev/null
+	else
+		echo "找不到可用的crond或者crontab应用！No available crond or crontab application can be found!"
+	fi
+}
+cronload() { #定时任务工具
+	if crontab -h 2>&1 | grep -q '\-l'; then
+        crontab -l
+	elif [ -f "$crondir/$USER" ];then
+		cat "$crondir"/"$USER" 2>/dev/null
+	else
+		return 1
+	fi
+}
+cronset() { #定时任务设置
+    # 参数1代表要移除的关键字,参数2代表要添加的任务语句
+    cronload | grep -v '^$' | grep -vF "$1" >"$tmpcron"
+    [ -n "$2" ] && echo "$2" >>"$tmpcron"
+	cronadd "$tmpcron"
+	#华硕/Padavan固件存档在本地,其他则删除
+	if [ -d /jffs ] || [ -d /etc/storage/ShellCrash ];then
+		mv -f "$tmpcron" "$CRASHDIR"/task/cron
+	else
+		rm -f "$tmpcron"
+	fi
+}
--- a/scripts/libs/set_profile.sh
+++ b/scripts/libs/set_profile.sh
@@ -0,0 +1,9 @@
+
+set_profile() {
+    [ -z "$my_alias" ] && my_alias=crash
+    sed -i "/ShellCrash\/menu.sh/"d "$1"
+    echo "alias ${my_alias}=\"$shtype $CRASHDIR/menu.sh\"" >>"$1" #设置快捷命令环境变量
+    sed -i '/export CRASHDIR=*/'d "$1"
+    echo "export CRASHDIR=\"$CRASHDIR\"" >>"$1" #设置路径环境变量
+	. "$1" >/dev/null 2>&1 || true
+}
--- a/scripts/libs/set_proxy.sh
+++ b/scripts/libs/set_proxy.sh
@@ -0,0 +1,9 @@
+
+setproxy(){
+	[ -n "$(pidof CrashCore)" ] && {
+		[ -n "$authentication" ] && auth="$authentication@" || auth=""
+		[ -z "$mix_port" ] && mix_port=7890
+		export https_proxy="http://${auth}127.0.0.1:$mix_port"
+		export http_proxy="http://${auth}127.0.0.1:$mix_port"
+	}
+}
--- a/scripts/libs/start_wait.sh
+++ b/scripts/libs/start_wait.sh
@@ -0,0 +1,10 @@
+i=1
+while [ -z "$test" -a "$i" -lt 30 ]; do
+	sleep 1
+	if curl --version >/dev/null 2>&1; then
+		test=$(curl -s -H "Authorization: Bearer $secret" http://127.0.0.1:${db_port}/proxies | grep -o proxies)
+	else
+		test=$(wget -q --header="Authorization: Bearer $secret" -O - http://127.0.0.1:${db_port}/proxies | grep -o proxies)
+	fi
+	i=$((i + 1))
+done
--- a/scripts/libs/urlencode.sh
+++ b/scripts/libs/urlencode.sh
@@ -0,0 +1,15 @@
+urlencode() {
+    LC_ALL=C
+    printf '%s' "$1" \
+    | hexdump -v -e '/1 "%02X\n"' \
+    | while read -r hex; do
+        case "$hex" in
+            2D|2E|5F|7E|3[0-9]|4[1-9A-F]|5[0-9A]|6[1-9A-F]|7[0-9A-E])
+                printf "\\$(printf '%03o' "0x$hex")"
+                ;;
+            *)
+                printf "%%%s" "$hex"
+                ;;
+        esac
+    done
+}
--- a/scripts/libs/web_get.sh
+++ b/scripts/libs/web_get.sh
@@ -0,0 +1,57 @@
+. "$CRASHDIR"/libs/set_proxy.sh
+
+webget(){	
+	if pidof CrashCore >/dev/null; then
+		setproxy #设置临时代理
+		url=$(printf '%s\n' "$2" |
+		sed -e 's#https://.*jsdelivr.net/gh/juewuy/ShellCrash[@|/]#https://raw.githubusercontent.com/juewuy/ShellCrash/#' \
+			-e 's#https://gh.jwsc.eu.org/#https://raw.githubusercontent.com/juewuy/ShellCrash/#')
+	else
+		url=$(printf '%s\n' "$2" |
+		sed 's#https://raw.githubusercontent.com/juewuy/ShellCrash/#https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@#')
+	fi
+	#参数【$1】代表下载目录，【$2】代表在线地址
+	#参数【$3】代表输出显示，【$4】不启用重定向
+	#参数【$5】代表验证证书，【$6】使用自定义UA
+	[ -n "$6" ] && agent="--user-agent $6"
+	if wget --help 2>&1 | grep -q 'show-progress' >/dev/null 2>&1; then
+		[ "$3" = "echooff" ] && progress='-q' || progress='-q --show-progress'
+		[ "$4" = "rediroff" ] && redirect='--max-redirect=0' || redirect=''
+		if [ "$5" = "skipceroff" ] || [ "$skip_cert" = OFF ];then
+			certificate=''
+		else
+			certificate='--no-check-certificate'
+		fi
+		wget -Y on $agent $progress $redirect $certificate --timeout=3 -O "$1" "$url" && return 0 #成功则退出否则重试
+		wget -Y off $agent $progress $redirect $certificate --timeout=5 -O "$1" "$2"
+		return $?
+	elif curl --version >/dev/null 2>&1; then
+		[ "$3" = "echooff" ] && progress='-s' || progress='-#'
+		[ "$4" = "rediroff" ] && redirect='' || redirect='-L'
+		if [ "$5" = "skipceroff" ] || [ "$skip_cert" = OFF ];then
+			certificate=''
+		else
+			certificate='-k'
+		fi
+		if curl --version | grep -q '^curl 8.' && ckcmd base64; then
+			auth_b64=$(printf '%s' "$authentication" | base64)
+			result=$(curl $agent -w '%{http_code}' --connect-timeout 3 --proxy-header "Proxy-Authorization: Basic $auth_b64" $progress $redirect $certificate -o "$1" "$url")
+		else
+			result=$(curl $agent -w '%{http_code}' --connect-timeout 3 $progress $redirect $certificate -o "$1" "$url")
+		fi
+		[ "$result" = "200" ] && return 0 #成功则退出否则重试
+		export https_proxy=""
+		export http_proxy=""
+		result=$(curl $agent -w '%{http_code}' --connect-timeout 5 $progress $redirect $certificate -o "$1" "$2")
+		[ "$result" = "200" ]
+		return $?
+	elif ckcmd wget;then
+		[ "$3" = "echooff" ] && progress='-q'
+		wget -Y on $progress -O "$1" "$url" && return 0 #成功则退出否则重试
+		wget -Y off $progress -O "$1" "$2"
+		return $?
+	else
+		echo "No Curl or Wget！！！"
+		return 1
+	fi
+}
--- a/scripts/libs/web_get_bin.sh
+++ b/scripts/libs/web_get_bin.sh
@@ -0,0 +1,18 @@
+. "$CRASHDIR"/libs/web_get.sh
+
+get_bin() { #专用于项目内部文件的下载
+    [ -z "$update_url" ] && update_url=https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@master
+    if [ -n "$url_id" ]; then
+		[ -n "$release_type" ] && rt="$release_type" || rt=master
+        echo "$2" | grep -q '^bin/' && rt=update #/bin文件改为在update分支下载
+        echo "$2" | grep -qE '^public/|^rules/' && rt=dev #/public和/rules文件改为在dev分支下载    
+        if [ "$url_id" = 101 -o "$url_id" = 104 ]; then
+            bin_url="$(grep "$url_id" "$CRASHDIR"/configs/servers.list | awk '{print $3}')@$rt/$2" #jsdelivr特殊处理
+        else
+            bin_url="$(grep "$url_id" "$CRASHDIR"/configs/servers.list | awk '{print $3}')/$rt/$2"
+        fi
+    else
+        bin_url="$update_url/$2"
+    fi
+    webget "$1" "$bin_url" "$3" "$4" "$5" "$6"
+}
--- a/scripts/libs/web_get_lite.sh
+++ b/scripts/libs/web_get_lite.sh
@@ -0,0 +1,10 @@
+. "$CRASHDIR"/libs/set_proxy.sh
+#$1:目标地址 $2:禁用proxy
+web_get_lite() {
+	[ -z "$2" ] && setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -ksSl --connect-timeout 3 "$1" 2>/dev/null
+	else
+		wget -Y on -q --timeout=3 -O - "$1"
+	fi
+}
--- a/scripts/libs/web_json.sh
+++ b/scripts/libs/web_json.sh
@@ -0,0 +1,10 @@
+. "$CRASHDIR"/libs/set_proxy.sh
+#$1:目标地址 $2:json字符串
+web_json_post() {
+	setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -kfsSl -X POST --connect-timeout 3 -H "Content-Type: application/json" "$1" -d "$2" >/dev/null 2>&1
+	else
+		wget -Y on -q --timeout=3 --method=POST --header="Content-Type: application/json" --body-data="$2" "$1"
+	fi
+}
--- a/scripts/libs/web_restore.sh
+++ b/scripts/libs/web_restore.sh
@@ -0,0 +1,20 @@
+
+#
+put_save() { #推送面板选择
+    [ -z "$3" ] && request_type=PUT || request_type=$3
+    if curl --version >/dev/null 2>&1; then
+        curl -sS -X "$request_type" -H "Authorization: Bearer $secret" -H "Content-Type:application/json" "$1" -d "$2" >/dev/null
+    elif wget --version >/dev/null 2>&1; then
+        wget -q --method="$request_type" --header="Authorization: Bearer $secret" --header="Content-Type:application/json" --body-data="$2" "$1" >/dev/null
+    fi
+}
+web_restore() { #还原面板选择
+	num=$(cat "$CRASHDIR"/configs/web_save | wc -l)
+	i=1
+	while [ "$i" -le "$num" ]; do
+		group_name=$(awk -F ',' 'NR=="'${i}'" {print $1}' "$CRASHDIR"/configs/web_save | sed 's/ /%20/g')
+		now_name=$(awk -F ',' 'NR=="'${i}'" {print $2}' "$CRASHDIR"/configs/web_save)
+		put_save "http://127.0.0.1:${db_port}/proxies/${group_name}" "{\"name\":\"${now_name}\"}"
+		i=$((i + 1))
+	done
+}
--- a/scripts/libs/web_save.sh
+++ b/scripts/libs/web_save.sh
@@ -0,0 +1,32 @@
+
+#
+get_save() { #获取面板信息
+    if curl --version >/dev/null 2>&1; then
+        curl -s -H "Authorization: Bearer ${secret}" -H "Content-Type:application/json" "$1"
+    elif [ -n "$(wget --help 2>&1 | grep '\-\-method')" ]; then
+        wget -q --header="Authorization: Bearer ${secret}" --header="Content-Type:application/json" -O - "$1"
+    fi
+}
+web_save() { #最小化保存面板节点选择
+    #使用get_save获取面板节点设置
+	get_save "http://127.0.0.1:${db_port}/proxies" | sed 's/{}//g' | sed 's/:{/\
+/g'| grep -aE '"Selector"' >"$TMPDIR"/web_proxies
+    [ -s "$TMPDIR"/web_proxies ] && while read line; do
+        def=$(echo $line | grep -oE '"all".*",' | awk -F "[\"]" '{print $4}')
+        now=$(echo $line | grep -oE '"now".*",' | awk -F "[\"]" '{print $4}')
+        [ "$def" != "$now" ] && {
+            name=$(echo $line | grep -oE '"name".*",' | awk -F "[\"]" '{print $4}')
+            echo "${name},${now}" >>"$TMPDIR"/web_save
+        }
+    done <"$TMPDIR"/web_proxies
+    rm -rf "$TMPDIR"/web_proxies
+    #对比文件，如果有变动则写入磁盘，否则清除缓存
+    for file in web_save; do
+        if [ -s "$TMPDIR/$file" ]; then
+            . "$CRASHDIR"/libs/compare.sh && compare "$TMPDIR/$file" "$CRASHDIR/configs/$file"
+            [ "$?" = 0 ] && rm -f "$TMPDIR/$file" || mv -f "$TMPDIR/$file" "$CRASHDIR/configs/$file"
+		else
+			> "$CRASHDIR/configs/$file" #空文件时移除旧文件
+        fi
+    done
+}
--- a/scripts/menu.sh
+++ b/scripts/menu.sh
--- a/scripts/menus/1_start.sh
+++ b/scripts/menus/1_start.sh
@@ -0,0 +1,52 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ -n "$__IS_MODULE_1_START_LOADED" ] && return
+__IS_MODULE_1_START_LOADED=1
+
+#启动相关
+startover() {
+    echo -ne "                                   \r"
+    echo -e "\033[32m服务已启动！\033[0m"
+    echo -e "请使用 \033[4;36mhttp://$host$hostdir\033[0m 管理内置规则"
+    if [ "$redir_mod" = "纯净模式" ]; then
+        echo "-----------------------------------------------"
+        echo -e "其他设备可以使用PAC配置连接：\033[4;32mhttp://$host:$db_port/ui/pac\033[0m"
+        echo -e "或者使用HTTP/SOCK5方式连接：IP{\033[36m$host\033[0m}端口{\033[36m$mix_port\033[0m}"
+    fi
+    return 0
+}
+start_core() {
+    if echo "$crashcore" | grep -q 'singbox'; then
+        core_config="$CRASHDIR"/jsons/config.json
+    else
+        core_config="$CRASHDIR"/yamls/config.yaml
+    fi
+    echo "-----------------------------------------------"
+    if [ ! -s $core_config -a -s "$CRASHDIR"/configs/providers.cfg ]; then
+        echo -e "\033[33m没有找到${crashcore}配置文件，尝试生成providers配置文件！\033[0m"
+        [ "$crashcore" = singboxr ] && coretype=singbox
+        [ "$crashcore" = meta -o "$crashcore" = clashpre ] && coretype=clash
+        . "$CRASHDIR"/menus/6_core_config.sh && gen_${coretype}_providers
+    elif [ -s $core_config -o -n "$Url" -o -n "$Https" ]; then
+        "$CRASHDIR"/start.sh start
+        #设置循环检测以判定服务启动是否成功
+		. "$CRASHDIR"/libs/start_wait.sh
+        [ -n "$test" -o -n "$(pidof CrashCore)" ] && {
+			#启动TG机器人
+			[ "$bot_tg_service" = ON ] && . "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_start
+			startover
+		}
+    else
+        echo -e "\033[31m没有找到${crashcore}配置文件，请先导入配置文件！\033[0m"
+        . "$CRASHDIR"/menus/6_core_config.sh && set_core_config
+    fi
+}
+start_service() {
+    if [ "$firewall_area" = 5 ]; then
+        "$CRASHDIR"/start.sh start
+        echo -e "\033[32m已完成防火墙设置！\033[0m"
+    else
+        start_core
+    fi
+}
--- a/scripts/menus/2_settings.sh
+++ b/scripts/menus/2_settings.sh
@@ -0,0 +1,935 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ -n "$__IS_MODULE_2_SETTINGS_LOADED" ] && return
+__IS_MODULE_2_SETTINGS_LOADED=1
+
+settings() { #功能设置
+    #获取设置默认显示
+    [ -z "$skip_cert" ] && skip_cert=ON
+	[ -z "$sniffer" ] && {
+		sniffer=OFF
+		echo "$crashcore" | grep -q 'singbox' && sniffer=ON
+	}
+	[ -z "$dns_mod" ] && dns_mod='redir_host'
+    #
+    echo "-----------------------------------------------"
+    echo -e "\033[30;47m欢迎使用功能设置菜单：\033[0m"
+    echo "-----------------------------------------------"
+    echo -e " 1 路由模式设置:	\033[36m$redir_mod\033[0m"
+	echo -e " 2 DNS设置：		\033[36m$dns_mod\033[0m"
+	echo -e " 3 透明路由\033[32m流量过滤\033[0m"
+    [ "$disoverride" != "1" ] && {
+        echo -e " 4 跳过证书验证：	\033[36m$skip_cert\033[0m"
+		echo -e " 5 启用域名嗅探:	\033[36m$sniffer\033[0m"
+		echo -e " 6 自定义\033[32m端口及秘钥\033[0m"
+    }
+    echo -e " 8 ipv6设置：		\033[36m$ipv6_redir\033[0m"
+    echo "-----------------------------------------------"
+    echo -e " 9 \033[31m重置/备份/还原\033[0m脚本设置"
+    echo -e " 0 返回上级菜单 \033[0m"
+    echo "-----------------------------------------------"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0)
+	;;
+    1)
+        if [ "$USER" != "root" -a "$USER" != "admin" ]; then
+            echo "-----------------------------------------------"
+            read -p "非root用户可能无法正确配置其他模式！依然尝试吗？(1/0) > " res
+            [ "$res" = 1 ] && set_redir_mod
+        else
+            set_redir_mod
+        fi
+		sleep 1
+        settings
+	;;
+    2)
+		. "$CRASHDIR"/menus/dns.sh && set_dns_mod
+        sleep 1
+        settings
+	;;
+    3)
+        set_fw_filter
+		sleep 1
+        settings
+	;;
+    4)
+        echo "-----------------------------------------------"
+        if [ "$skip_cert" = "OFF" ] >/dev/null 2>&1; then
+            echo -e "\033[33m已设为开启跳过本地证书验证！！\033[0m"
+            skip_cert=ON
+        else
+            echo -e "\033[33m已设为禁止跳过本地证书验证！！\033[0m"
+            skip_cert=OFF
+        fi
+        setconfig skip_cert $skip_cert
+        settings
+	;;
+    5)
+        echo "-----------------------------------------------"
+        if [ "$sniffer" = "OFF" ]; then
+            if [ "$crashcore" = "clash" ]; then
+                rm -rf ${TMPDIR}/CrashCore
+                rm -rf "$CRASHDIR"/CrashCore
+                rm -rf "$CRASHDIR"/CrashCore.tar.gz
+                crashcore=meta
+                setconfig crashcore $crashcore
+                echo "已将ShellCrash内核切换为Meta内核！域名嗅探依赖Meta或者高版本clashpre内核！"
+            fi
+            sniffer=ON
+        elif [ "$crashcore" = "clashpre" -a "$dns_mod" = "redir_host" ]; then
+            echo -e "\033[31m使用clashpre内核且开启redir-host模式时无法关闭！\033[0m"
+        else
+            sniffer=OFF
+        fi
+        setconfig sniffer $sniffer
+        settings
+	;;
+    6)
+        if [ -n "$(pidof CrashCore)" ]; then
+            echo "-----------------------------------------------"
+            echo -e "\033[33m检测到服务正在运行，需要先停止服务！\033[0m"
+            read -p "是否停止服务？(1/0) > " res
+            if [ "$res" = "1" ]; then
+                "$CRASHDIR"/start.sh stop
+                set_adv_config
+            fi
+        else
+            set_adv_config
+        fi
+        settings
+	;;
+    8)
+        set_ipv6
+        settings
+	;;
+    9)
+		echo "-----------------------------------------------"
+        echo -e " 1 备份脚本设置"
+        echo -e " 2 还原脚本设置"
+        echo -e " 3 重置脚本设置"
+        echo -e " 0 返回上级菜单"
+        echo "-----------------------------------------------"
+        read -p "请输入对应数字 > " num
+        if [ -z "$num" ]; then
+            errornum
+        elif [ "$num" = 0 ]; then
+            i=
+        elif [ "$num" = 1 ]; then
+            cp -f "$CFG_PATH" "$CFG_PATH".bak
+            echo -e "\033[32m脚本设置已备份！\033[0m"
+        elif [ "$num" = 2 ]; then
+            if [ -f "$CFG_PATH.bak" ]; then
+                mv -f "$CFG_PATH" "$CFG_PATH".bak2
+                mv -f "$CFG_PATH".bak "$CFG_PATH"
+                mv -f "$CFG_PATH".bak2 "$CFG_PATH".bak
+                echo -e "\033[32m脚本设置已还原！(被覆盖的配置已备份！)\033[0m"
+            else
+                echo -e "\033[31m找不到备份文件，请先备份脚本设置！\033[0m"
+            fi
+        elif [ "$num" = 3 ]; then
+            mv -f "$CFG_PATH" "$CFG_PATH".bak
+            . "$CRASHDIR"/init.sh >/dev/null
+            echo -e "\033[32m脚本设置已重置！(旧文件已备份！)\033[0m"
+        fi
+        echo -e "\033[33m请重新启动脚本！\033[0m"
+        exit 0
+	;;
+    *)
+        errornum
+	;;
+    esac
+}
+
+set_redir_mod() { #路由模式设置
+    set_redir_config() {
+        setconfig redir_mod $redir_mod
+        setconfig dns_mod $dns_mod
+        echo "-----------------------------------------------"
+        echo -e "\033[36m已设为 $redir_mod ！！\033[0m"
+    }
+    [ -n "$(ls /dev/net/tun 2>/dev/null)" ] || ip tuntap >/dev/null 2>&1 || modprobe tun 2>/dev/null && sup_tun=1
+    [ -z "$firewall_area" ] && firewall_area=1
+    [ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
+    [ -z "$redir_mod" ] && redir_mod='纯净模式'
+    firewall_area_dsc=$(echo "仅局域网 仅本机 局域网+本机 纯净模式 主-旁转发($bypass_host)" | cut -d' ' -f$firewall_area)
+    echo "-----------------------------------------------"
+    echo -e "当前路由模式为：\033[47;30m$redir_mod\033[0m；ShellCrash核心为：\033[47;30m $crashcore \033[0m"
+    echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
+    echo "-----------------------------------------------"
+    [ $firewall_area -le 3 ] && {
+        echo -e " 1 \033[32mRedir模式\033[0m：    Redir转发TCP，不转发UDP"
+        echo -e " 2 \033[36m混合模式\033[0m：     Redir转发TCP，Tun转发UDP"
+        echo -e " 3 \033[32mTproxy模式\033[0m：   Tproxy转发TCP&UDP"
+        echo -e " 4 \033[33mTun模式\033[0m：      Tun转发TCP&UDP(占用高不推荐)"
+        echo "-----------------------------------------------"
+    }
+    [ "$firewall_area" = 5 ] && {
+        echo -e " 5 \033[32mTCP旁路转发\033[0m：    仅转发TCP流量至旁路由"
+        echo -e " 6 \033[36mT&U旁路转发\033[0m：    转发TCP&UDP流量至旁路由"
+        echo "-----------------------------------------------"
+    }
+    echo -e " 7 设置路由劫持范围：	\033[47;30m$firewall_area_dsc\033[0m"
+    echo -e " 8 容器/虚拟机劫持：	\033[47;30m$vm_redir\033[0m"
+    echo -e " 9 切换防火墙应用：	\033[47;30m$firewall_mod\033[0m"
+	echo "-----------------------------------------------"
+    echo " 0 返回上级菜单"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    1)
+        redir_mod=Redir模式
+        set_redir_config
+        set_redir_mod
+	;;
+    2)
+        if [ -n "$sup_tun" ]; then
+            redir_mod=混合模式
+            set_redir_config
+        else
+            echo -e "\033[31m设备未检测到Tun内核模块，请尝试其他模式或者安装相关依赖！\033[0m"
+            sleep 1
+        fi
+        set_redir_mod
+	;;
+    3)
+        if [ "$firewall_mod" = "iptables" ]; then
+            if [ -f /etc/init.d/qca-nss-ecm -a "$systype" = "mi_snapshot" ]; then
+                read -p "xiaomi设备的QOS服务与本模式冲突，是否禁用相关功能？(1/0) > " res
+                [ "$res" = '1' ] && {
+                    /data/shellcrash_init.sh tproxyfix
+                    redir_mod=Tproxy模式
+                    set_redir_config
+                }
+            elif grep -qE '^TPROXY$' /proc/net/ip_tables_targets || modprobe xt_TPROXY >/dev/null 2>&1; then
+                redir_mod=Tproxy模式
+                set_redir_config
+            else
+                echo -e "\033[31m设备未检测到iptables-mod-tproxy模块，请尝试其他模式或者安装相关依赖！\033[0m"
+                sleep 1
+            fi
+        elif [ "$firewall_mod" = "nftables" ]; then
+            if modprobe nft_tproxy >/dev/null 2>&1 || lsmod 2>/dev/null | grep -q nft_tproxy; then
+                redir_mod=Tproxy模式
+                set_redir_config
+            else
+                echo -e "\033[31m设备未检测到nft_tproxy内核模块，请尝试其他模式或者安装相关依赖！\033[0m"
+                sleep 1
+            fi
+        fi
+        set_redir_mod
+	;;
+    4)
+        if [ -n "$sup_tun" ]; then
+            redir_mod=Tun模式
+            set_redir_config
+        else
+            echo -e "\033[31m设备未检测到Tun内核模块，请尝试其他模式或者安装相关依赖！\033[0m"
+            sleep 1
+        fi
+        set_redir_mod
+	;;
+    5)
+        redir_mod='TCP旁路转发'
+        set_redir_config
+        set_redir_mod
+	;;
+    6)
+        redir_mod='T&U旁路转发'
+        set_redir_config
+        set_redir_mod
+	;;
+    7)
+        set_firewall_area
+        set_redir_mod
+	;;
+    8)
+        set_firewall_vm
+        set_redir_mod
+	;;
+    9)
+        if [ "$firewall_mod" = 'iptables' ]; then
+            if nft add table inet shellcrash 2>/dev/null; then
+                firewall_mod=nftables
+                redir_mod=Redir模式
+                setconfig redir_mod $redir_mod
+            else
+                echo -e "\033[31m当前设备未安装nftables或者nftables版本过低(<1.0.2),无法切换！\033[0m"
+            fi
+        elif [ "$firewall_mod" = 'nftables' ]; then
+            if ckcmd iptables; then
+                firewall_mod=iptables
+                redir_mod=Redir模式
+                setconfig redir_mod $redir_mod
+            else
+                echo -e "\033[31m当前设备未安装iptables,无法切换！\033[0m"
+            fi
+        else
+            iptables -j REDIRECT -h >/dev/null 2>&1 && firewall_mod=iptables
+            nft add table inet shellcrash 2>/dev/null && firewall_mod=nftables
+            if [ -n "$firewall_mod" ]; then
+                redir_mod=Redir模式
+                setconfig redir_mod $redir_mod
+                setconfig firewall_mod $firewall_mod
+            else
+                echo -e "\033[31m检测不到可用的防火墙应用(iptables/nftables),无法切换！\033[0m"
+            fi
+        fi
+        sleep 1
+        setconfig firewall_mod $firewall_mod
+        set_redir_mod
+	;;
+    *)
+        errornum
+	;;
+    esac
+}
+set_fw_filter(){ #流量过滤
+	[ -z "$common_ports" ] && common_ports=ON
+	[ -z "$quic_rj" ] && quic_rj=OFF
+    [ -z "$cn_ip_route" ] && cn_ip_route=OFF	
+	touch "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter
+	[ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ] && mac_return=OFF || mac_return=ON
+	echo "-----------------------------------------------"
+    echo -e " 1 过滤非常用端口： 	\033[36m$common_ports\033[0m	————用于过滤P2P流量"
+    echo -e " 2 过滤局域网设备：	\033[36m$mac_return\033[0m	————使用黑/白名单进行过滤"
+    echo -e " 3 过滤QUIC协议:	\033[36m$quic_rj\033[0m	————优化视频性能"
+    echo -e " 4 过滤CN_IP列表:	\033[36m$cn_ip_route\033[0m	————优化性能，不兼容Fake-ip"
+	echo -e " 5 自定义透明路由ipv4网段:	适合vlan等复杂网络环境"
+	echo -e " 6 自定义保留地址ipv4网段:	需要以保留地址为访问目标的环境"
+    echo "-----------------------------------------------"
+    echo -e " 0 返回上级菜单 \033[0m"
+    echo "-----------------------------------------------"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0)
+	;;
+    1)
+        echo "-----------------------------------------------"
+        if [ -n "$(pidof CrashCore)" ] && [ "$firewall_mod" = 'iptables' ]; then
+            read -p "切换时将停止服务，是否继续？(1/0) > " res
+            [ "$res" = 1 ] && "$CRASHDIR"/start.sh stop && set_common_ports
+        else
+            set_common_ports
+        fi
+        set_fw_filter
+	;;
+    2)
+        checkcfg_mac=$(cat "$CRASHDIR"/configs/mac)
+        fw_filter_lan
+        if [ -n "$PID" ]; then
+            checkcfg_mac_new=$(cat "$CRASHDIR"/configs/mac)
+            [ "$checkcfg_mac" != "$checkcfg_mac_new" ] && checkrestart
+        fi
+        set_fw_filter
+	;;
+    3)
+        echo "-----------------------------------------------"
+        if [ -n "$(echo "$redir_mod" | grep -oE '混合|Tproxy|Tun')" ]; then
+            if [ "$quic_rj" = "OFF" ]; then
+                echo -e "\033[33m已禁止QUIC流量通过ShellCrash内核！！\033[0m"
+                quic_rj=ON
+            else
+                echo -e "\033[33m已取消禁止QUIC协议流量！！\033[0m"
+                quic_rj=OFF
+            fi
+            setconfig quic_rj $quic_rj
+        else
+            echo -e "\033[33m当前模式默认不会代理UDP流量，无需设置！！\033[0m"
+        fi
+        sleep 1
+        set_fw_filter
+	;;
+    4)
+        if [ -n "$(ipset -v 2>/dev/null)" ] || [ "$firewall_mod" = 'nftables' ]; then
+            if [ "$cn_ip_route" = "OFF" ]; then
+                echo -e "\033[32m已开启CN_IP绕过内核功能！！\033[0m"
+                echo -e "\033[31m注意！！！此功能会导致全局模式及一切CN相关规则失效！！！\033[0m"
+                cn_ip_route=ON
+                sleep 2
+            else
+                echo -e "\033[33m已禁用CN_IP绕过内核功能！！\033[0m"
+                cn_ip_route=OFF
+            fi
+            setconfig cn_ip_route $cn_ip_route
+        else
+            echo -e "\033[31m当前设备缺少ipset模块或未使用nftables模式，无法启用绕过功能！！\033[0m"
+            sleep 1
+        fi
+        set_fw_filter
+	;;
+    5)
+        set_cust_host_ipv4
+        set_fw_filter
+	;;
+    6)
+        [ -z "$reserve_ipv4" ] && reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
+        echo -e "当前网段：\033[36m$reserve_ipv4\033[0m"
+        echo -e "\033[33m地址必须是空格分隔，错误的设置可能导致网络回环或启动报错，请务必谨慎！\033[0m"
+        read -p "请输入 > " text
+        if [ -n "$(
+            echo $text | grep -E "(((25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])\.){3}(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])/(3[0-2]|[1-2]?[0-9]))( +|$)+"
+        )" ]; then
+            reserve_ipv4="$text"
+            echo -e "已将保留地址网段设为：\033[32m$reserve_ipv4\033[0m"
+            setconfig reserve_ipv4 "'$reserve_ipv4'"
+        else
+            echo -e "\033[31m输入有误，操作已取消！\033[0m"
+        fi
+        sleep 1
+        set_fw_filter
+	;;
+    *)
+        errornum
+	;;
+    esac
+}
+set_common_ports() {
+	[ -z "$multiport" ] && multiport='22,80,443,8080,8443'
+	echo "-----------------------------------------------"
+	echo -e "\033[31m注意：\033[0mMIX模式下，所有fake-ip来源的非常用端口流量不会被过滤"
+	[ -n "$common_ports" ] && 
+	echo -e "当前放行端口：\033[36m$multiport\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 1 启用/关闭端口过滤:	\033[36m$common_ports\033[0m"
+	echo -e " 2 添加放行端口"
+	echo -e " 3 移除指定放行端口"
+	echo -e " 4 重置默认放行端口"
+	echo -e " 5 重置为旧版放行端口"
+	echo -e " 0 返回上级菜单"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case $num in
+	1)
+		if [ "$common_ports" = ON ];then
+			common_ports=OFF
+		else
+			common_ports=ON
+		fi
+		setconfig common_ports "$common_ports"
+		set_common_ports
+	;;
+	2)
+		port_count=$(echo "$multiport" | awk -F',' '{print NF}' )
+		if [ "$port_count" -ge 15 ];then
+			echo -e "\033[31m最多支持设置放行15个端口，请先减少一些！\033[0m"
+		else
+			read -p "请输入要放行的端口号 > " port
+			if echo ",$multiport," | grep -q ",$port,";then	
+				echo -e "\033[31m输入错误！请勿重复添加！\033[0m"
+			elif [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then
+				echo -e "\033[31m输入错误！请输入正确的数值(1-65535)！\033[0m"
+			else
+				multiport=$(echo "$multiport,$port" | sed "s/^,//")
+				setconfig multiport "$multiport"
+			fi
+		fi
+		sleep 1
+		set_common_ports
+	;;
+	3)
+		read -p "请输入要移除的端口号 > " port
+		if echo ",$multiport," | grep -q ",$port,";then	
+			if [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then
+				echo -e "\033[31m输入错误！请输入正确的数值(1-65535)！\033[0m"
+			else
+				multiport=$(echo ",$multiport," | sed "s/,$port//; s/^,//; s/,$//")
+				setconfig multiport "$multiport"
+			fi
+		else
+			echo -e "\033[31m输入错误！请输入已添加过的端口！\033[0m"
+		fi
+		sleep 1
+		set_common_ports
+	;;
+	4)
+		multiport=''
+		setconfig multiport
+		sleep 1
+		set_common_ports
+	;;
+	5)
+		multiport='22,80,143,194,443,465,587,853,993,995,5222,8080,8443'
+		setconfig multiport "$multiport"
+		sleep 1
+		set_common_ports
+	;;
+	*)
+		errornum
+	;;
+	esac
+}
+set_cust_host_ipv4() { #自定义ipv4透明路由网段
+	[ -z "$replace_default_host_ipv4" ] && replace_default_host_ipv4="OFF"
+	. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
+	echo "-----------------------------------------------"
+	echo -e "当前默认透明路由的网段为: \033[32m$host_ipv4\033[0m"
+	echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 1 移除所有自定义网段"
+	echo -e " 2 使用自定义网段覆盖默认网段	\033[36m$replace_default_host_ipv4\033[0m"
+	echo -e " 0 返回上级菜单"
+	read -p "请输入对应的序号或需要额外添加的网段 > " text
+	case "$text" in
+	2)
+		if [ "$replace_default_host_ipv4" == "OFF" ]; then
+			replace_default_host_ipv4="ON"
+		else
+			replace_default_host_ipv4="OFF"
+		fi
+		setconfig replace_default_host_ipv4 "$replace_default_host_ipv4"
+		set_cust_host_ipv4
+		;;
+	1)
+		unset cust_host_ipv4
+		setconfig cust_host_ipv4
+		set_cust_host_ipv4
+		;;
+	0) ;;
+	*)
+		if [ -n "$(echo $text | grep -Eo '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}'$)" -a -z "$(echo $cust_host_ipv4 | grep "$text")" ]; then
+			cust_host_ipv4="$cust_host_ipv4 $text"
+			setconfig cust_host_ipv4 "'$cust_host_ipv4'"
+		else
+			echo "-----------------------------------------------"
+			echo -e "\033[31m请输入正确的网段地址！\033[0m"
+		fi
+		sleep 1
+		set_cust_host_ipv4
+		;;
+	esac
+}
+fw_filter_lan() { #局域网设备过滤
+    get_devinfo() {
+        dev_ip=$(cat $dhcpdir | grep " $dev " | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip=$dev
+        dev_mac=$(cat $dhcpdir | grep " $dev " | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$dev
+        dev_name=$(cat $dhcpdir | grep " $dev " | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备'
+    }
+    add_mac() {
+        echo "-----------------------------------------------"
+        echo 已添加的mac地址：
+        cat "$CRASHDIR"/configs/mac 2>/dev/null
+        echo "-----------------------------------------------"
+        echo -e "\033[33m序号   设备IP       设备mac地址       设备名称\033[32m"
+        cat $dhcpdir | awk '{print " "NR" "$3,$2,$4}'
+        echo -e "\033[0m-----------------------------------------------"
+        echo -e "手动输入mac地址时仅支持\033[32mxx:xx:xx:xx:xx:xx\033[0m的形式"
+        echo -e " 0 或回车 结束添加"
+        echo "-----------------------------------------------"
+        read -p "请输入对应序号或直接输入mac地址 > " num
+        if [ -z "$num" -o "$num" = 0 ]; then
+            i=
+        elif [ -n "$(echo $num | grep -aE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$')" ]; then
+            if [ -z "$(cat "$CRASHDIR"/configs/mac | grep -E "$num")" ]; then
+                echo $num | grep -oE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$' >>"$CRASHDIR"/configs/mac
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的设备，请勿重复添加！\033[0m"
+            fi
+            add_mac
+        elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then
+            macadd=$(cat $dhcpdir | awk '{print $2}' | sed -n "$num"p)
+            if [ -z "$(cat "$CRASHDIR"/configs/mac | grep -E "$macadd")" ]; then
+                echo $macadd >>"$CRASHDIR"/configs/mac
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的设备，请勿重复添加！\033[0m"
+            fi
+            add_mac
+        else
+            echo "-----------------------------------------------"
+            echo -e "\033[31m输入有误，请重新输入！\033[0m"
+            add_mac
+        fi
+    }
+    add_ip() {
+        echo "-----------------------------------------------"
+        echo "已添加的IP地址(段)："
+        cat "$CRASHDIR"/configs/ip_filter 2>/dev/null
+        echo "-----------------------------------------------"
+        echo -e "\033[33m序号   设备IP     设备名称\033[32m"
+        cat $dhcpdir | awk '{print " "NR" "$3,$4}'
+        echo -e "\033[0m-----------------------------------------------"
+        echo -e "手动输入时仅支持\033[32m 192.168.1.0/24\033[0m 或 \033[32m192.168.1.0\033[0m 的形式"
+        echo -e "不支持ipv6地址过滤，如有需求请使用mac地址过滤"
+        echo -e " 0 或回车 结束添加"
+        echo "-----------------------------------------------"
+        read -p "请输入对应序号或直接输入IP地址段 > " num
+        if [ -z "$num" -o "$num" = 0 ]; then
+            i=
+        elif [ -n "$(echo $num | grep -aE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$')" ]; then
+            if [ -z "$(cat "$CRASHDIR"/configs/ip_filter | grep -E "$num")" ]; then
+                echo $num | grep -oE '^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(/(3[0-2]|[12]?[0-9]))?$' >>"$CRASHDIR"/configs/ip_filter
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的地址，请勿重复添加！\033[0m"
+            fi
+            add_ip
+        elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then
+            ipadd=$(cat $dhcpdir | awk '{print $3}' | sed -n "$num"p)
+            if [ -z "$(cat "$CRASHDIR"/configs/mac | grep -E "$ipadd")" ]; then
+                echo $ipadd >>"$CRASHDIR"/configs/ip_filter
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m已添加的地址，请勿重复添加！\033[0m"
+            fi
+            add_ip
+        else
+            echo "-----------------------------------------------"
+            echo -e "\033[31m输入有误，请重新输入！\033[0m"
+            add_ip
+        fi
+    }
+    del_all() {
+        echo "-----------------------------------------------"
+        if [ -z "$(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null)" ]; then
+            echo -e "\033[31m列表中没有需要移除的设备！\033[0m"
+            sleep 1
+        else
+            echo -e "请选择需要移除的设备：\033[36m"
+            echo -e "\033[33m      设备IP       设备mac地址       设备名称\033[0m"
+            i=1
+            for dev in $(cat "$CRASHDIR"/configs/mac "$CRASHDIR"/configs/ip_filter 2>/dev/null); do
+                get_devinfo
+                echo -e " $i \033[32m$dev_ip \033[36m$dev_mac \033[32m$dev_name\033[0m"
+                i=$((i + 1))
+            done
+            echo "-----------------------------------------------"
+            echo -e "\033[0m 0 或回车 结束删除"
+            read -p "请输入需要移除的设备的对应序号 > " num
+            mac_filter_rows=$(cat "$CRASHDIR"/configs/mac 2>/dev/null | wc -l)
+            ip_filter_rows=$(cat "$CRASHDIR"/configs/ip_filter 2>/dev/null | wc -l)
+            if [ -z "$num" ] || [ "$num" -le 0 ]; then
+                n=
+            elif [ $num -le $mac_filter_rows ]; then
+                sed -i "${num}d" "$CRASHDIR"/configs/mac
+                echo "-----------------------------------------------"
+                echo -e "\033[32m对应设备已移除！\033[0m"
+                del_all
+            elif [ $num -le $((mac_filter_rows + ip_filter_rows)) ]; then
+                num=$((num - mac_filter_rows))
+                sed -i "${num}d" "$CRASHDIR"/configs/ip_filter
+                echo "-----------------------------------------------"
+                echo -e "\033[32m对应设备已移除！\033[0m"
+                del_all
+            else
+                echo "-----------------------------------------------"
+                echo -e "\033[31m输入有误，请重新输入！\033[0m"
+                del_all
+            fi
+        fi
+    }
+    echo "-----------------------------------------------"
+    [ -z "$dhcpdir" ] && [ -f /var/lib/dhcp/dhcpd.leases ] && dhcpdir='/var/lib/dhcp/dhcpd.leases'
+    [ -z "$dhcpdir" ] && [ -f /var/lib/dhcpd/dhcpd.leases ] && dhcpdir='/var/lib/dhcpd/dhcpd.leases'
+    [ -z "$dhcpdir" ] && [ -f /tmp/dhcp.leases ] && dhcpdir='/tmp/dhcp.leases'
+    [ -z "$dhcpdir" ] && [ -f /tmp/dnsmasq.leases ] && dhcpdir='/tmp/dnsmasq.leases'
+    [ -z "$dhcpdir" ] && dhcpdir='/dev/null'
+    [ -z "$macfilter_type" ] && macfilter_type='黑名单'
+    if [ "$macfilter_type" = "黑名单" ]; then
+        fw_filter_lan_over='白名单'
+        fw_filter_lan_scrip='不'
+    else
+        fw_filter_lan_over='黑名单'
+        fw_filter_lan_scrip=''
+    fi
+    ######
+    echo -e "\033[30;47m请在此添加或移除设备\033[0m"
+    echo -e "当前过滤方式为：\033[33m$macfilter_type模式\033[0m"
+    echo -e "仅列表内设备流量\033[36m$fw_filter_lan_scrip经过\033[0m内核"
+    if [ -n "$(cat "$CRASHDIR"/configs/mac)" ]; then
+        echo "-----------------------------------------------"
+        echo -e "当前已过滤设备为：\033[36m"
+        echo -e "\033[33m 设备mac/ip地址       设备名称\033[0m"
+        for dev in $(cat "$CRASHDIR"/configs/mac 2>/dev/null); do
+            get_devinfo
+            echo -e "\033[36m$dev_mac \033[0m$dev_name"
+        done
+        for dev in $(cat "$CRASHDIR"/configs/ip_filter 2>/dev/null); do
+            get_devinfo
+            echo -e "\033[32m$dev_ip  \033[0m$dev_name"
+        done
+        echo "-----------------------------------------------"
+    fi
+    echo -e " 1 切换为\033[33m$fw_filter_lan_over模式\033[0m"
+    echo -e " 2 \033[32m添加指定设备(mac地址)\033[0m"
+    echo -e " 3 \033[32m添加指定设备(IP地址/网段)\033[0m"
+    echo -e " 4 \033[36m移除指定设备\033[0m"
+    echo -e " 9 \033[31m清空整个列表\033[0m"
+    echo -e " 0 返回上级菜单"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    1)
+        macfilter_type=$fw_filter_lan_over
+        setconfig macfilter_type $macfilter_type
+        echo "-----------------------------------------------"
+        echo -e "\033[32m已切换为$macfilter_type模式！\033[0m"
+        fw_filter_lan
+	;;
+    2)
+        add_mac
+        fw_filter_lan
+	;;
+    3)
+        add_ip
+        fw_filter_lan
+	;;
+    4)
+        del_all
+        fw_filter_lan
+	;;
+    9)
+        : >"$CRASHDIR"/configs/mac
+        : >"$CRASHDIR"/configs/ip_filter
+        echo "-----------------------------------------------"
+        echo -e "\033[31m设备列表已清空！\033[0m"
+        fw_filter_lan
+	;;
+    *)
+        errornum
+	;;
+    esac
+}
+set_adv_config() { #端口设置
+    . "$CFG_PATH" >/dev/null
+    [ -z "$secret" ] && secret=未设置
+    [ -z "$table" ] && table=100
+    [ -z "$authentication" ] && auth=未设置 || auth=******
+    inputport() {
+        read -p "请输入端口号(1-65535) > " portx
+		. "$CRASHDIR"/menus/check_port.sh #加载测试函数
+        if check_port "$portx"; then
+            setconfig "$xport" "$portx"
+            echo -e "\033[32m设置成功！！！\033[0m"
+			set_adv_config
+		else
+			sleep 1
+		fi	
+    }
+    echo "-----------------------------------------------"
+    echo -e " 1 修改Http/Sock5端口：	\033[36m$mix_port\033[0m"
+    echo -e " 2 设置Http/Sock5密码：	\033[36m$auth\033[0m"
+    echo -e " 3 修改Redir/Tproxy端口：\033[36m$redir_port,$((redir_port + 1))\033[0m"
+    echo -e " 4 修改DNS监听端口：	\033[36m$dns_port\033[0m"
+    echo -e " 5 修改面板访问端口：	\033[36m$db_port\033[0m"
+    echo -e " 6 设置面板访问密码：	\033[36m$secret\033[0m"
+    echo -e " 8 自定义本机host地址：	\033[36m$host\033[0m"
+    echo -e " 9 自定义路由表：	\033[36m$table,$((table + 1))\033[0m"
+    echo -e " 0 返回上级菜单"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    1)
+        xport=mix_port
+        inputport
+	;;
+    2)
+        echo "-----------------------------------------------"
+        echo -e "格式必须是\033[32m 用户名:密码 \033[0m的形式，注意用小写冒号分隔！"
+        echo -e "请尽量不要使用特殊符号！避免产生未知错误！"
+        echo "输入 0 删除密码"
+        echo "-----------------------------------------------"
+        read -p "请输入Http/Sock5用户名及密码 > " input
+        if [ "$input" = "0" ]; then
+            authentication=""
+            setconfig authentication
+            echo 密码已移除！
+        else
+            if [ "$local_proxy" = "ON" -a "$local_type" = "环境变量" ]; then
+                echo "-----------------------------------------------"
+                echo -e "\033[33m请先禁用本机劫持功能或使用增强模式！\033[0m"
+                sleep 1
+            else
+                authentication=$(echo $input | grep :)
+                if [ -n "$authentication" ]; then
+                    setconfig authentication "'$authentication'"
+                    echo -e "\033[32m设置成功！！！\033[0m"
+                else
+                    echo -e "\033[31m输入有误，请重新输入！\033[0m"
+                fi
+            fi
+        fi
+        set_adv_config
+	;;
+    3)
+        xport=redir_port
+        inputport
+	;;
+    4)
+        xport=dns_port
+        inputport
+	;;
+    5)
+        xport=db_port
+        inputport
+	;;
+    6)
+        read -p "请输入面板访问密码(输入0删除密码) > " secret
+        if [ -n "$secret" ]; then
+            [ "$secret" = "0" ] && secret=""
+            setconfig secret $secret
+            echo -e "\033[32m设置成功！！！\033[0m"
+        fi
+        set_adv_config
+	;;
+    8)
+        echo "-----------------------------------------------"
+        echo -e "\033[33m如果你的局域网网段不是192.168.x或172.16.x或10.x开头，请务必修改！\033[0m"
+        echo -e "\033[31m设置后如本机host地址有变动，请务必重新修改！\033[0m"
+        echo "-----------------------------------------------"
+        read -p "请输入自定义host地址(输入0移除自定义host) > " host
+        if [ "$host" = "0" ]; then
+            host=""
+            setconfig host "$host"
+            echo -e "\033[32m已经移除自定义host地址，请重新运行脚本以自动获取host！！！\033[0m"
+            exit 0
+        elif [ -n "$(echo $host | grep -E -o '\<([1-9]|[1-9][0-9]|1[0-9]{2}|2[01][0-9]|22[0-3])\>(\.\<([0-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\>){2}\.\<([1-9]|[0-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-4])\>')" ]; then
+            setconfig host "$host"
+            echo -e "\033[32m设置成功！！！\033[0m"
+        else
+            host=""
+            echo -e "\033[31m输入错误，请仔细核对！！！\033[0m"
+        fi
+        sleep 1
+        set_adv_config
+	;;
+    9)
+        echo "-----------------------------------------------"
+        echo -e "\033[33m仅限Tproxy、Tun或混合模式路由表出现冲突时才需要设置！\033[0m"
+        read -p "请输入路由表地址(不明勿动！建议102-125之间) > " table
+        if [ -n "$table" ]; then
+            [ "$table" = "0" ] && table="100"
+            setconfig table "$table"
+            echo -e "\033[32m设置成功！！！\033[0m"
+        fi
+        set_adv_config
+	;;
+    *)
+        errornum
+	;;
+    esac
+}
+set_firewall_area() { #路由范围设置
+    [ -z "$vm_redir" ] && vm_redir='OFF'
+    echo "-----------------------------------------------"
+    echo -e "\033[31m注意：\033[0m基于桥接网卡的Docker/虚拟机流量，请单独启用！"
+    echo -e "\033[33m如你使用了第三方DNS如smartdns等，请勿启用本机劫持或使用shellcrash用户执行！\033[0m"
+    echo "-----------------------------------------------"
+    echo -e " 1 \033[32m仅劫持局域网流量\033[0m"
+    echo -e " 2 \033[36m仅劫持本机流量\033[0m"
+    echo -e " 3 \033[32m劫持局域网+本机流量\033[0m"
+    echo -e " 4 不配置流量劫持(纯净模式)\033[0m"
+    #echo -e " 5 \033[33m转发局域网流量到旁路由设备\033[0m"
+    echo -e " 0 返回上级菜单"
+    echo "-----------------------------------------------"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    [1-4])
+        [ $firewall_area -ge 4 ] && {
+            redir_mod=Redir模式
+            setconfig redir_mod $redir_mod
+        }
+        [ "$num" = 4 ] && {
+            redir_mod=纯净模式
+            setconfig redir_mod $redir_mod
+        }
+        firewall_area=$num
+        setconfig firewall_area $firewall_area
+	;;
+    5)
+        echo "-----------------------------------------------"
+        echo -e "\033[31m注意：\033[0m此功能存在多种风险如无网络基础请勿尝试！"
+        echo -e "\033[33m说明：\033[0m此功能不启动内核仅配置防火墙转发，且子设备无需额外设置网关DNS"
+        echo -e "\033[33m说明：\033[0m支持防火墙分流及设备过滤，支持部分定时任务，但不支持ipv6！"
+        echo -e "\033[31m注意：\033[0m如需代理UDP，请确保旁路由运行了支持UDP代理的模式！"
+        echo -e "\033[31m注意：\033[0m如使用systemd方式启动，内核依然会空载运行，建议使用保守模式！"
+        echo "-----------------------------------------------"
+        read -p "请输入旁路由IPV4地址 > " bypass_host
+        [ -n "$bypass_host" ] && {
+            firewall_area=$num
+            setconfig firewall_area $firewall_area
+            setconfig bypass_host $bypass_host
+            redir_mod=TCP旁路转发
+            setconfig redir_mod $redir_mod
+        }
+	;;
+    *) errornum ;;
+    esac
+    sleep 1
+}
+set_firewall_vm(){
+	if [ -n "$vm_ipv4" ]; then
+		vm_des='当前劫持'
+	else
+		vm_ipv4=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'brd' | grep -E 'docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | sed 's/.*inet.//g' | sed 's/ br.*$//g' | sed 's/metric.*$//g' | tr '\n' ' ')
+		vm_des='当前获取到'
+	fi
+	echo "-----------------------------------------------"
+	echo -e "$vm_des的容器/虚拟机网段为：\033[32m$vm_ipv4\033[0m"
+	echo -e "如未包含容器网段，请先运行容器再运行脚本或者手动设置网段"
+	echo "-----------------------------------------------"
+	echo -e " 1 \033[32m启用劫持并使用默认网段\033[0m"
+	echo -e " 2 \033[36m启用劫持并自定义网段\033[0m"
+	echo -e " 3 \033[31m禁用劫持\033[0m"
+	echo -e " 0 返回上级菜单"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	1)
+		if [ -n "$vm_ipv4" ]; then
+			vm_redir=ON
+		else
+			echo -e "\033[33m请先运行容器再运行脚本或者手动设置网段\033[0m"
+		fi
+	;;
+	2)
+		echo -e "多个网段请用空格连接，可运行容器后使用【ip route】命令查看网段地址"
+		echo -e "示例：\033[32m10.88.0.0/16 172.17.0.0/16\033[0m"
+		read -p "请输入自定义网段 > " text
+		[ -n "$text" ] && vm_ipv4=$text && vm_redir=ON
+	;;
+	3)
+		vm_redir=OFF
+		unset vm_ipv4
+	;;
+	*) ;;
+	esac
+	setconfig vm_redir $vm_redir
+	setconfig vm_ipv4 "'$vm_ipv4'"
+}
+set_ipv6() { #ipv6设置
+    [ -z "$ipv6_redir" ] && ipv6_redir=OFF
+    [ -z "$ipv6_dns" ] && ipv6_dns=ON
+    echo "-----------------------------------------------"
+    echo -e " 1 ipv6透明路由:  \033[36m$ipv6_redir\033[0m  ——劫持ipv6流量"
+    [ "$disoverride" != "1" ] && echo -e " 2 ipv6-DNS解析:  \033[36m$ipv6_dns\033[0m  ——决定内置DNS是否返回ipv6地址"
+    echo -e " 0 返回上级菜单"
+    echo "-----------------------------------------------"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    1)
+        if [ "$ipv6_redir" = "OFF" ]; then
+            ipv6_support=ON
+            ipv6_redir=ON
+            sleep 2
+        else
+            ipv6_redir=OFF
+        fi
+        setconfig ipv6_redir $ipv6_redir
+        setconfig ipv6_support $ipv6_support
+        set_ipv6
+	;;
+    2)
+        [ "$ipv6_dns" = "OFF" ] && ipv6_dns=ON || ipv6_dns=OFF
+        setconfig ipv6_dns $ipv6_dns
+        set_ipv6
+	;;
+    *)
+        errornum
+	;;
+    esac
+}
--- a/scripts/menus/4_setboot.sh
+++ b/scripts/menus/4_setboot.sh
@@ -0,0 +1,184 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ -n "$__IS_MODULE_4_SETBOOT_LOADED" ] && return
+__IS_MODULE_4_SETBOOT_LOADED=1
+
+allow_autostart() {
+    [ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable
+    ckcmd systemctl && systemctl enable shellcrash.service >/dev/null 2>&1
+    grep -q 's6' /proc/1/comm && touch /etc/s6-overlay/s6-rc.d/user/contents.d/afstart
+    rc-status -r >/dev/null 2>&1 && rc-update add shellcrash default >/dev/null 2>&1
+    rm -rf "$CRASHDIR"/.dis_startup
+}
+
+disable_autostart() {
+    [ -d /etc/rc.d ] && cd /etc/rc.d && rm -rf *shellcrash >/dev/null 2>&1 && cd - >/dev/null
+    ckcmd systemctl && systemctl disable shellcrash.service >/dev/null 2>&1
+    grep -q 's6' /proc/1/comm && rm -rf /etc/s6-overlay/s6-rc.d/user/contents.d/afstart
+    rc-status -r >/dev/null 2>&1 && rc-update del shellcrash default >/dev/null 2>&1
+    touch "$CRASHDIR"/.dis_startup
+}
+
+# 启动设置菜单
+setboot() {
+    while true; do
+        [ -z "$start_old" ] && start_old=OFF
+        [ -z "$start_delay" -o "$start_delay" = 0 ] && delay=未设置 || delay="${start_delay}秒"
+        check_autostart && auto_set="\033[33m禁止" || auto_set="\033[32m允许"
+        [ "${BINDIR}" = "$CRASHDIR" ] && mini_clash=OFF || mini_clash=ON
+        [ -z "$network_check" ] && network_check=ON
+        echo "-----------------------------------------------"
+        echo -e "\033[30;47m欢迎使用启动设置菜单：\033[0m"
+        echo "-----------------------------------------------"
+        echo -e " 1 ${auto_set}\033[0mShellCrash开机启动"
+        echo -e " 2 使用保守模式:	\033[36m$start_old\033[0m	————基于定时任务(每分钟检测)"
+        echo -e " 3 设置自启延时:	\033[36m$delay\033[0m	————用于解决自启后服务受限"
+        echo -e " 4 启用小闪存模式:	\033[36m$mini_clash\033[0m	————用于闪存空间不足的设备"
+        [ "${BINDIR}" != "$CRASHDIR" ] && echo -e " 5 设置小闪存目录:	\033[36m${BINDIR}\033[0m"
+        echo -e " 6 自启网络检查:	\033[36m$network_check\033[0m	————禁用则跳过自启时网络检查"
+        echo "-----------------------------------------------"
+        echo -e " 0 \033[0m返回上级菜单\033[0m"
+        read -p "请输入对应数字 > " num
+        echo "-----------------------------------------------"
+        case "$num" in
+        "" | 0)
+            break
+            ;;
+        1)
+            if check_autostart; then
+                # 禁止自启动：删除各系统的启动项
+                disable_autostart
+                echo -e "\033[33m已禁止ShellCrash开机启动！\033[0m"
+            else
+                # 允许自启动：配置各系统的启动项
+                allow_autostart
+                echo -e "\033[32m已设置ShellCrash开机启动！\033[0m"
+            fi
+            ;;
+        2)
+            if [ "$start_old" = "OFF" ] >/dev/null 2>&1; then
+                echo -e "\033[33m改为使用保守模式启动服务！！\033[0m"
+                disable_autostart
+                start_old=ON
+                setconfig start_old "$start_old"
+                "$CRASHDIR"/start.sh stop
+            else
+                if grep -qE 'procd|systemd|s6' /proc/1/comm || rc-status -r >/dev/null 2>&1; then
+                    echo -e "\033[32m改为使用系统守护进程启动服务！！\033[0m"
+                    "$CRASHDIR"/start.sh cronset "ShellCrash初始化"
+                    start_old=OFF
+                    setconfig start_old "$start_old"
+                    "$CRASHDIR"/start.sh stop
+
+                else
+                    echo -e "\033[31m当前设备不支持以其他模式启动！！\033[0m"
+                fi
+            fi
+            sleep 1
+            ;;
+        3)
+            echo -e "\033[33m如果你的设备启动后可以正常使用，则无需设置！！\033[0m"
+            echo -e "\033[36m推荐设置为30~120秒之间，请根据设备问题自行试验\033[0m"
+            read -p "请输入启动延迟时间(0~300秒) > " sec
+            case "$sec" in
+            [0-9] | [0-9][0-9] | [0-2][0-9][0-9] | 300)
+                start_delay=$sec
+                setconfig start_delay $sec
+                echo -e "\033[32m设置成功！\033[0m"
+                ;;
+            *)
+                echo -e "\033[31m输入有误，或超过300秒，请重新输入！\033[0m"
+                ;;
+            esac
+            sleep 1
+            ;;
+        4)
+            dir_size=$(df "$CRASHDIR" | awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' | grep Ava | awk '{print $2}')
+            if [ "$mini_clash" = "OFF" ]; then
+                if [ "$dir_size" -gt 20480 ]; then
+                    echo -e "\033[33m您的设备空间充足(>20M)，无需开启！\033[0m"
+                elif [ "$start_old" != 'ON' -a "$(cat /proc/1/comm)" = "systemd" ]; then
+                    echo -e "\033[33m不支持systemd启动模式，请先启用保守模式！\033[0m"
+                else
+                    [ "$BINDIR" = "$CRASHDIR" ] && BINDIR="$TMPDIR"
+                    echo -e "\033[32m已经启用小闪存功能！\033[0m"
+                    echo -e "如需更换目录，请使用【设置小闪存目录】功能\033[0m"
+                fi
+            else
+                if [ "$dir_size" -lt 8192 ]; then
+                    echo -e "\033[31m您的设备剩余空间不足8M，停用后可能无法正常运行！\033[0m"
+                    read -p "确认停用此功能？(1/0) > " res
+                    [ "$res" = 1 ] && BINDIR="$CRASHDIR" && echo -e "\033[33m已经停用小闪存功能！\033[0m"
+                else
+                    rm -rf /tmp/ShellCrash
+                    BINDIR="$CRASHDIR"
+                    echo -e "\033[33m已经停用小闪存功能！\033[0m"
+                fi
+            fi
+            setconfig BINDIR "$BINDIR" "$CRASHDIR"/configs/command.env
+            sleep 1
+            ;;
+        5)
+            echo -e "\033[33m如设置到内存，则每次开机后都自动重新下载相关文件\033[0m"
+            echo -e "\033[33m请确保安装源可用裸连，否则会导致启动失败\033[0m"
+            echo " 1 使用内存(/tmp)"
+            echo " 2 选择U盘目录"
+            echo " 3 自定义目录"
+            read -p "请输入相应数字 > " num
+            case "$num" in
+            1)
+                BINDIR="$TMPDIR"
+                ;;
+            2)
+                set_usb_dir() {
+                    echo "请选择安装目录"
+                    du -hL /mnt | awk '{print " "NR" "$2"  "$1}'
+                    read -p "请输入相应数字 > " num
+                    BINDIR=$(du -hL /mnt | awk '{print $2}' | sed -n "$num"p)
+                    if [ -z "$BINDIR" ]; then
+                        echo "\033[31m输入错误！请重新设置！\033[0m"
+                        set_usb_dir
+                    fi
+                }
+                set_usb_dir
+                ;;
+            3)
+                input_dir() {
+                    read -p "请输入自定义目录 > " BINDIR
+                    if [ ! -d "$BINDIR" ]; then
+                        echo "\033[31m输入错误！请重新设置！\033[0m"
+                        input_dir
+                    fi
+                }
+                input_dir
+                ;;
+            *)
+                errornum
+                ;;
+            esac
+            setconfig BINDIR "$BINDIR" "$CRASHDIR"/configs/command.env
+            ;;
+        6)
+            echo -e "\033[33m如果你的设备启动后可以正常使用，则无需变更设置！！\033[0m"
+            echo -e "\033[36m禁用时，如果使用了小闪存模式或者rule-set等在线规则，则可能会因无法联网而导致启动失败！\033[0m"
+            echo -e "\033[32m启用时，会导致部分性能较差或者拨号较慢的设备可能会因查询超时导致启动失败！\033[0m"
+            read -p "是否切换？(1/0) > " res
+            [ "$res" = '1' ] && {
+                if [ "$network_check" = "OFF" ]; then
+                    network_check=ON
+                else
+                    network_check=OFF
+                fi
+                setconfig network_check "$network_check"
+            }
+            sleep 1
+            ;;
+        *)
+            errornum
+            sleep 1
+            break
+            ;;
+        esac
+    done
+}
--- a/scripts/menus/5_task.sh
+++ b/scripts/menus/5_task.sh
@@ -0,0 +1,383 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ -n "$__IS_MODULE_5_TASK_LOADED" ] && return
+__IS_MODULE_5_TASK_LOADED=1
+
+#通用工具
+. "$CRASHDIR"/libs/set_config.sh
+. "$CRASHDIR"/libs/set_cron.sh
+#任务工具
+set_cron(){
+	[ -z $week ] && week=*
+	[ -z $hour ] && hour=*
+	[ -z $min ] && min=0
+	echo "-----------------------------------------------"
+	echo -e "\033[33m$cron_time\033[0m执行任务:\033[36m$task_name\033[0m"
+	read -p  "是否确认添加定时任务？(1/0) > " res
+	if [ "$res" = '1' ]; then
+		task_txt="$min $hour * * $week $CRASHDIR/task/task.sh $task_id $cron_time$task_name"
+		cronset "$cron_time$task_name" "$task_txt"
+		echo -e "任务【$cron_time$task_name】\033[32m已添加！\033[0m"
+	fi
+	unset week hour min
+	sleep 1
+}
+set_service(){
+	# 参数1代表要任务类型,参数2代表任务ID,参数3代表任务描述,参数4代表running任务cron时间
+	task_file="$CRASHDIR"/task/$1
+	[ -s $task_file ] && sed -i "/$3/d" $task_file
+	 #运行时每分钟执行的任务特殊处理
+	if [ "$1" = "running" ];then
+		task_txt="$4 $CRASHDIR/task/task.sh $2 $3"
+		echo "$task_txt" >> $task_file
+		[ -n "$(pidof CrashCore)" ] && cronset "$3" "$task_txt"
+	else
+		echo "$CRASHDIR/task/task.sh $2 $3" >> $task_file
+	fi
+	echo -e "任务【$3】\033[32m添加成功！\033[0m"
+	sleep 1
+}
+#任务界面
+task_user_add(){ #自定义命令添加
+	echo "-----------------------------------------------"
+	echo -e "\033[33m命令可包含空格，请确保命令可执行！\033[0m"
+	echo -e "\033[36m此处不要添加执行条件，请在添加完成后返回添加具体执行条件！\033[0m"
+	echo -e "也可以手动编辑\033[32m${CRASHDIR}/task/task.user\033[0m添加"
+	read -p "请输入命令语句 > " script
+	if [ -n "$script" ];then
+		task_command=$script
+		echo -e "请检查输入：\033[32m$task_command\033[0m"
+		#获取本任务ID
+		task_max_id=$(awk -F '#' '{print $1}' "$CRASHDIR"/task/task.user 2>/dev/null | sort -n | tail -n 1)
+		[ -z "$task_max_id" ] && task_max_id=200
+		task_id=$((task_max_id + 1))
+		read -p "请输入任务备注 > " txt
+		[ -n "$txt" ] && task_name=$txt || task_name=自定义任务$task_id
+		echo "$task_id#$task_command#$task_name" >> "$CRASHDIR"/task/task.user
+		echo -e "\033[32m自定义任务已添加！\033[0m"
+		sleep 1
+	else
+		echo -e "\033[31m输入错误，请重新输入！\033[0m"
+		sleep 1
+	fi
+}
+task_user_del(){ #自定义命令删除
+	echo "-----------------------------------------------"
+	echo -e "请输入对应ID移除对应自定义任务(不会影响内置任务)"
+	echo -e "也可以手动编辑\033[32m${CRASHDIR}/task/task.user\033[0m"
+	echo "-----------------------------------------------"
+	cat "$CRASHDIR"/task/task.user 2>/dev/null | grep -Ev '^#' | awk -F '#' '{print $1" "$3}'
+	echo "-----------------------------------------------"
+	echo "0 返回上级菜单"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	if [ -n "$num" ];then
+		sed -i "/^$num#/d" "$CRASHDIR"/task/task.user 2>/dev/null
+		[ "$num" != 0 ] && task_user_del
+	else
+		echo -e "\033[31m输入错误，请重新输入！\033[0m"
+		sleep 1
+	fi
+}
+task_add(){ #任务添加
+	echo "-----------------------------------------------"
+	echo -e "\033[36m请选择需要添加的任务\033[0m"
+	echo "-----------------------------------------------"
+	#输出任务列表
+	cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | grep -Ev '^(#|$)' | awk -F '#' '{print " "NR" "$3}'
+	echo "-----------------------------------------------"
+	echo -e " 0 返回上级菜单"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0)
+	;;
+	[1-9]|[1-9][0-9])
+		if [ "$num" -le "$(cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | wc -l)" ];then
+			task_id=$(cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | grep -Ev '^(#|$)' | sed -n "$num p" | awk -F '#' '{print $1}')
+			task_name=$(cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | grep -Ev '^(#|$)' | sed -n "$num p" | awk -F '#' '{print $3}')
+			task_type
+		else
+			errornum
+		fi
+	;;
+	*)
+	errornum
+	;;
+	esac
+}
+task_del(){ #任务删除
+	#删除定时任务
+	cronset "$1"
+	#删除条件任务
+	sed -i "/$1/d" "$CRASHDIR"/task/cron 2>/dev/null
+	sed -i "/$1/d" "$CRASHDIR"/task/bfstart 2>/dev/null
+	sed -i "/$1/d" "$CRASHDIR"/task/afstart 2>/dev/null
+	sed -i "/$1/d" "$CRASHDIR"/task/running 2>/dev/null
+	sed -i "/$1/d" "$CRASHDIR"/task/affirewall 2>/dev/null
+}
+task_type(){ #任务条件选择菜单
+	echo "-----------------------------------------------"
+	echo  -e "请选择任务\033[36m【$task_name】\033[0m执行条件："
+	echo "-----------------------------------------------"
+	echo -e " 1 定时任务\033[32m每周执行\033[0m"
+	echo -e " 2 定时任务\033[32m每日执行\033[0m"
+	echo -e " 3 定时任务\033[32m每小时执行\033[0m"
+	echo -e " 4 定时任务\033[32m每分钟执行\033[0m"
+	echo "-----------------------------------------------"
+	echo  -e "\033[31m注意：\033[0m逻辑水平不及格的请勿使用下方触发条件！"
+	echo "-----------------------------------------------"
+	echo -e " 5 服务\033[33m启动前执行\033[0m"
+	echo -e " 6 服务\033[33m启动后执行\033[0m"
+	echo -e " 7 服务\033[33m运行时每分钟执行\033[0m"
+	echo -e " 8 防火墙服务\033[33m重启后执行\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 0 返回上级菜单"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+
+	0)
+		return 1
+	;;
+	1)
+		echo "-----------------------------------------------"
+		echo -e " 输入  1-7  对应\033[33m每周的指定某天\033[0m运行(7=周日)"
+		echo -e " 输入 1,4,0 代表\033[36m每周一、周四、周日\033[0m运行"
+		echo -e " 输入 1-5 代表\033[36m周一至周五\033[0m运行"
+		read -p "在每周哪天执行？ > " week
+		week=`echo ${week/7/0}` #把7换成0
+		echo "-----------------------------------------------"
+		read -p "想在该日的具体哪个小时执行？（0-23） > " hour
+		cron_time="在每周$week的$hour点整"
+		cron_time=`echo ${cron_time/周0/周日}` #把0换成日
+		[ -n "$week" ] && [ -n "$hour" ] && set_cron
+	;;
+	2)
+		echo "-----------------------------------------------"
+		echo -e " 输入 1,7,15 代表\033[36m每到1,7,15点\033[0m运行"
+		echo -e " 输入 6-18 代表\033[36m早6点至晚18点间每小时\033[0m运行"
+		read -p "想在每日的具体哪个小时执行？（0-23） > " hour
+		echo "-----------------------------------------------"
+		read -p "想在具体哪分钟执行？（0-59的整数） > " min
+		cron_time="在每日的$hour点$min分"
+		[ -n "$min" ] && [ -n "$hour" ] && set_cron
+	;;
+	3)
+		echo "-----------------------------------------------"
+		read -p "想每隔多少小时执行一次？（1-23的整数） > " num
+		hour="*/$num"
+		cron_time="每隔$num小时"
+		[ -n "$hour" ] && set_cron
+	;;
+	4)
+		echo "-----------------------------------------------"
+		read -p "想每隔多少分钟执行一次？（1-59的整数） > " num
+		min="*/$num"
+		cron_time="每隔$num分钟"
+		[ -n "$min" ] && set_cron
+	;;
+	5)
+		set_service bfstart "$task_id" "服务启动前$task_name"
+	;;
+	6)
+		set_service afstart "$task_id" "服务启动后$task_name"
+	;;
+	7)
+		echo "-----------------------------------------------"
+		echo -e " 输入10即每隔10分钟运行一次，1440即每隔24小时运行一次"
+		echo -e " 大于60分钟的数值将按小时取整,且按当前时区记时"
+		read -p "想每隔多少分钟执行一次？（1-1440的整数） > " num
+		if [ "$num" -lt 60 ];then
+			min="$num"
+			cron_time="*/$min * * * *"
+			time_des="$min分钟"
+		else
+			hour="$((num / 60))"
+			cron_time="0 */$hour * * *"
+			time_des="$hour小时"
+		fi
+		[ -n "$cron_time" ] && set_service running "$task_id" "运行时每$time_des$task_name" "$cron_time"
+	;;
+	8)
+		echo -e "该功能会将相关启动代码注入到/etc/init.d/firewall中"
+		read -p "是否继续？(1/0) > " res
+		[ "$res" = 1 ] && set_service affirewall "$task_id" "防火墙重启后$task_name"
+	;;
+	*)
+		errornum
+		return 1
+	;;
+	esac
+}
+task_manager(){ #任务管理列表
+	echo "-----------------------------------------------"
+	#抽取并生成临时列表
+	cronload > "$TMPDIR"/task_cronlist
+	cat "$TMPDIR"/task_cronlist "$CRASHDIR"/task/running 2>/dev/null | sort -u | grep -oE "task/task.sh .*" | awk -F ' ' '{print $2" "$3}' > "$TMPDIR"/task_list
+	cat "$CRASHDIR"/task/bfstart "$CRASHDIR"/task/afstart "$CRASHDIR"/task/affirewall 2>/dev/null | awk -F ' ' '{print $2" "$3}' >> "$TMPDIR"/task_list
+	cat "$TMPDIR"/task_cronlist 2>/dev/null | sort -u | grep -oE " #.*" | grep -v "守护" | awk -F '#' '{print "0 旧版任务-"$2}' >> "$TMPDIR"/task_list
+	sed -i '/^ *$/d' "$TMPDIR"/task_list
+	rm -rf "$TMPDIR"/task_cronlist
+	#判断为空则返回
+	if [ ! -s "$TMPDIR"/task_list ];then
+		echo -e "\033[31m当前没有可供管理的任务！\033[36m"
+		sleep 1
+	else
+		echo -e "\033[33m已添加的任务:\033[0m"
+		echo "-----------------------------------------------"
+		cat "$TMPDIR"/task_list | awk '{print " " NR " " $2}'
+		echo "-----------------------------------------------"
+		echo -e " a 清空旧版任务"
+		echo -e " d 清空任务列表"
+		echo -e " 0 返回上级菜单"
+		read -p "请输入对应数字 > " num
+		case "$num" in
+		0)
+		;;
+		a)
+			task_del "#"
+			echo -e "\033[31m旧版任务已清空！\033[36m"
+			sleep 1
+		;;
+		d)
+			task_del "task.sh"
+			echo -e "\033[31m全部任务已清空！\033[36m"
+			sleep 1
+		;;
+		[1-9]|[1-9][0-9])
+
+			task_txt=$(sed -n "$num p" "$TMPDIR"/task_list)
+			task_id=$(echo $task_txt | awk '{print $1}')
+			if [ "$task_id" = 0 ];then
+				read -p "旧版任务不支持管理，是否移除?(1/0) > " res
+				[ "$res" = 1 ] && {
+					cronname=$(echo $task_txt | awk -F '-' '{print $2}')
+					cronset "$cronname"
+					sed -i "/$cronname/d" "$CRASHDIR"/task/cron 2>/dev/null
+				}
+			else
+				task_des=$(echo $task_txt | awk '{print $2}')
+				task_name=$(cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | grep "$task_id" | awk -F '#' '{print $3}')
+				echo "-----------------------------------------------"
+				echo -e "当前任务为：\033[36m $task_des\033[0m"
+				echo -e " 1 \033[33m修改\033[0m当前任务"
+				echo -e " 2 \033[31m删除\033[0m当前任务"
+				echo -e " 3 \033[32m立即执行\033[0m一次"
+				echo -e " 4 查看\033[33m执行记录\033[0m"
+				echo "-----------------------------------------------"
+				echo -e " 0 返回上级菜单"
+				read -p "请选择需要执行的操作 > " num
+				case "$num" in
+				0)
+				;;
+				1)
+					task_type && task_del $task_des
+				;;
+				2)
+					task_del $task_des
+				;;
+				3)
+					task_command=$(cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | grep "$task_id" | awk -F '#' '{print $2}')
+					eval $task_command && task_res='执行成功！' || task_res='执行失败！'
+					echo -e "\033[33m任务【$task_des】$task_res\033[0m"
+					sleep 1
+				;;
+				4)
+					echo "-----------------------------------------------"
+					if [ -n "$(cat "$TMPDIR"/ShellCrash.log | grep "$task_name")" ];then
+						cat "$TMPDIR"/ShellCrash.log | grep "$task_name"
+					else
+						echo -e "\033[31m未找到相关执行记录！\033[0m"
+					fi
+					sleep 1
+				;;
+				*)
+					errornum
+				;;
+				esac
+			fi
+			task_manager
+		;;
+		*)
+			errornum
+		;;
+		esac
+	fi
+}
+task_recom(){ #任务推荐
+	echo "-----------------------------------------------"
+	echo -e "\033[32m启用推荐的自动任务配置？这包括：\033[0m"
+	echo "-----------------------------------------------"
+	echo -e "每隔10分钟自动保存面板配置"
+	echo -e "服务启动后自动同步ntp时间"
+	echo -e "在每日的3点0分重启服务"
+	echo "-----------------------------------------------"
+	read -p "是否启用？(1/0) > " res
+	[ "$res" = 1 ] && {
+		set_service running "106" "运行时每10分钟自动保存面板配置" "*/10 * * * *"
+		set_service afstart "107" "服务启动后自动同步ntp时间"
+		cronset "在每日的3点0分重启服务" "0 3 * * * ${CRASHDIR}/task/task.sh 103 在每日的3点0分重启服务" && \
+		echo -e "任务【在每日的3点0分重启服务】\033[32m添加成功！\033[0m"
+	}
+}
+
+# 任务菜单
+task_menu() {
+    while true; do
+        #检测并创建自定义任务文件
+        [ -f "$CRASHDIR"/task/task.user ] || echo '#任务ID(必须>200并顺序排列)#任务命令#任务说明(#号隔开，任务命令和说明中都不允许包含#号)' >"$CRASHDIR"/task/task.user
+        echo "-----------------------------------------------"
+        echo -e "\033[30;47m欢迎使用自动任务功能：\033[0m"
+        echo "-----------------------------------------------"
+        echo -e " 1 添加\033[32m自动任务\033[0m"
+        echo -e " 2 管理\033[33m任务列表\033[0m"
+        echo -e " 3 查看\033[36m任务日志\033[0m"
+        echo -e " 4 配置\033[36m日志推送\033[0m"
+        echo -e " 5 添加\033[33m自定义任务\033[0m"
+        echo -e " 6 删除\033[33m自定义任务\033[0m"
+        echo -e " 7 使用\033[32m推荐设置\033[0m"
+        echo "-----------------------------------------------"
+        echo -e " 0 返回上级菜单"
+        read -p "请输入对应数字 > " num
+        case "$num" in
+        "" | 0)
+            break
+            ;;
+        1)
+            task_add
+            ;;
+        2)
+            task_manager
+            rm -rf "$TMPDIR"/task_list
+            ;;
+        3)
+            if [ -n "$(cat "$TMPDIR"/ShellCrash.log | grep '任务【')" ]; then
+                echo "-----------------------------------------------"
+                cat "$TMPDIR"/ShellCrash.log | grep '任务【'
+            else
+                echo -e "\033[31m未找到任务相关执行日志！\033[0m"
+            fi
+            sleep 1
+            ;;
+        4)
+            echo "-----------------------------------------------"
+            echo -e "\033[36m请在日志工具中配置相关推送通道及推送开关\033[0m"
+            . "$CRASHDIR"/menus/8_tools.sh && log_pusher
+            ;;
+        5)
+            task_user_add
+            ;;
+        6)
+            task_user_del
+            ;;
+        7)
+            task_recom
+            ;;
+        *)
+            errornum
+            sleep 1
+            break
+            ;;
+        esac
+    done
+}
--- a/scripts/menus/6_core_config.sh
+++ b/scripts/menus/6_core_config.sh
--- a/scripts/menus/7_gateway.sh
+++ b/scripts/menus/7_gateway.sh
@@ -0,0 +1,617 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ -n "$__IS_MODULE_7_GATEWAY_LOADED" ] && return
+__IS_MODULE_7_GATEWAY_LOADED=1
+
+. "$GT_CFG_PATH"
+. "$CRASHDIR"/menus/check_port.sh
+. "$CRASHDIR"/libs/gen_base64.sh
+
+#访问与控制主菜单
+gateway(){
+	echo "-----------------------------------------------"
+	echo -e "\033[30;47m欢迎使用访问与控制菜单：\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 1 配置\033[33m公网访问防火墙			\033[32m$fw_wan\033[0m"
+	echo -e " 2 配置\033[36mTelegram专属控制机器人		\033[32m$bot_tg_service\033[0m"
+	echo -e " 3 配置\033[36mDDNS自动域名\033[0m"
+	[ "$disoverride" != "1" ] && {
+		echo -e " 4 自定义\033[33m公网Vmess入站\033[0m节点		\033[32m$vms_service\033[0m"
+		echo -e " 5 自定义\033[33m公网ShadowSocks入站\033[0m节点	\033[32m$sss_service\033[0m"
+		echo -e " 6 配置\033[36mTailscale内网穿透\033[0m(限Singbox)	\033[32m$ts_service\033[0m"
+		echo -e " 7 配置\033[36mWireguard客户端\033[0m(限Singbox)	\033[32m$wg_service\033[0m"
+	}
+	echo -e " 0 返回上级菜单"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+        echo "-----------------------------------------------"
+        if [ -n "$(pidof CrashCore)" ] && [ "$firewall_mod" = 'iptables' ]; then
+            read -p "需要先停止服务，是否继续？(1/0) > " res
+            [ "$res" = 1 ] && "$CRASHDIR"/start.sh stop && set_fw_wan
+        else
+            set_fw_wan
+        fi
+		gateway
+	;;
+	2)
+		set_bot_tg
+		gateway
+	;;
+	3)
+		. "$CRASHDIR"/menus/ddns.sh && ddns_menu
+		gateway
+	;;
+	4)
+		set_vmess
+		gateway
+	;;
+	5)
+		set_shadowsocks
+		gateway
+	;;
+	6)
+		if echo "$crashcore" | grep -q 'sing';then
+			set_tailscale
+		else
+			echo -e "\033[33m$crashcore内核暂不支持此功能，请先更换内核！\033[0m"
+			sleep 1
+		fi
+		gateway
+	;;
+	7)
+		if echo "$crashcore" | grep -q 'sing';then
+			set_wireguard
+		else
+			echo -e "\033[33m$crashcore内核暂不支持此功能，请先更换内核！\033[0m"
+			sleep 1
+		fi
+		gateway
+	;;
+	*) errornum ;;
+	esac
+}
+#公网防火墙
+set_fw_wan() {
+	[ -z "$fw_wan" ] && fw_wan=ON
+	echo "-----------------------------------------------"
+	echo -e "\033[31m注意：\033[0m如在vps运行，还需在vps安全策略对相关端口同时放行"
+	[ -n "$fw_wan_ports" ] && 
+	echo -e "当前手动放行端口：\033[36m$fw_wan_ports\033[0m"
+	[ -n "$vms_port$sss_port" ] && 
+	echo -e "当前自动放行端口：\033[36m$vms_port $sss_port\033[0m"
+	echo -e "默认拦截端口：\033[33m$mix_port,$db_port\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 1 启用/关闭公网防火墙:	\033[36m$fw_wan\033[0m"
+	echo -e " 2 添加放行端口(可包含默认拦截端口)"
+	echo -e " 3 移除指定手动放行端口"
+	echo -e " 4 清空全部手动放行端口"
+	echo -e " 0 返回上级菜单"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case $num in
+	1)
+		if [ "$fw_wan" = ON ];then
+			read -p "确认关闭防火墙？这会带来极大的安全隐患！(1/0) > " res
+			[ "$res" = 1 ] && fw_wan=OFF || fw_wan=ON
+		else
+			fw_wan=ON
+		fi
+		setconfig fw_wan "$fw_wan"
+		set_fw_wan
+	;;
+	2)
+		port_count=$(echo "$fw_wan_ports" | awk -F',' '{print NF}' )
+		if [ "$port_count" -ge 10 ];then
+			echo -e "\033[31m最多支持设置放行10个端口，请先减少一些！\033[0m"
+		else
+			read -p "请输入要放行的端口号 > " port
+			if echo ",$fw_wan_ports," | grep -q ",$port,";then	
+				echo -e "\033[31m输入错误！请勿重复添加！\033[0m"
+			elif [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then
+				echo -e "\033[31m输入错误！请输入正确的数值(1-65535)！\033[0m"
+			else
+				fw_wan_ports=$(echo "$fw_wan_ports,$port" | sed "s/^,//")
+				setconfig fw_wan_ports "$fw_wan_ports"
+			fi
+		fi
+		sleep 1
+		set_fw_wan
+	;;
+	3)
+		read -p "请输入要移除的端口号 > " port
+		if echo ",$fw_wan_ports," | grep -q ",$port,";then	
+			if [ "$port" -lt 1 ] || [ "$port" -gt 65535 ]; then
+				echo -e "\033[31m输入错误！请输入正确的数值(1-65535)！\033[0m"
+			else
+				fw_wan_ports=$(echo ",$fw_wan_ports," | sed "s/,$port//; s/^,//; s/,$//")
+				setconfig fw_wan_ports "$fw_wan_ports"
+			fi
+		else
+			echo -e "\033[31m输入错误！请输入已添加过的端口！\033[0m"
+		fi
+		sleep 1
+		set_fw_wan
+	;;
+	4)
+		fw_wan_ports=''
+		setconfig fw_wan_ports
+		sleep 1
+		set_fw_wan
+	;;
+	*)
+		errornum
+	;;
+	esac
+}
+#tg_BOT相关
+set_bot_tg_config(){
+	setconfig TG_TOKEN "$TOKEN" "$GT_CFG_PATH"
+	setconfig TG_CHATID "$chat_ID" "$GT_CFG_PATH"
+	#设置机器人快捷命令
+	JSON=$(cat <<EOF
+{
+  "commands": [
+    {"command": "$my_alias", "description": "呼出ShellCrash菜单"},
+    {"command": "help",  "description": "查看帮助"}
+  ]
+}
+EOF
+)
+    TEXT="已完成Telegram机器人设置！请使用 /$my_alias 呼出功能菜单！"
+	. "$CRASHDIR"/libs/web_json.sh
+	bot_api="https://api.telegram.org/bot$TOKEN"
+	web_json_post "$bot_api/setMyCommands" "$JSON"
+	web_json_post "$bot_api/sendMessage" '{"chat_id":"'"$chat_ID"'","text":"'"$TEXT"'","parse_mode":"Markdown"}'
+	echo -e "\033[32m$TEXT\033[0m"
+}
+set_bot_tg_init(){
+	. "$CRASHDIR"/menus/bot_tg_bind.sh && private_bot && set_bot
+	if [ "$?" = 0 ]; then
+		set_bot_tg_config
+		return 0
+	else
+		return 1
+	fi
+}
+set_bot_tg_service(){
+	if [ "$bot_tg_service" = ON ];then
+		bot_tg_service=OFF
+		. "$CRASHDIR"/menus/bot_tg_service.sh && bot_tg_stop
+	else
+		bot_tg_service=ON
+		[ -n "$(pidof CrashCore)" ] && . "$CRASHDIR"/menus/bot_tg_service.sh &&
+			bot_tg_start && bot_tg_cron
+	fi
+	setconfig bot_tg_service "$bot_tg_service"
+}
+set_bot_tg(){
+	[ -n "$ts_auth_key" ] && ts_auth_key_info='已设置'
+	[ -n "$TG_CHATID" ] && TG_CHATID_info='已绑定'
+	echo "-----------------------------------------------"
+	echo -e "\033[31m注意：\033[0m由于网络环境原因，此机器人仅限服务启动时运行！"
+	echo "-----------------------------------------------"
+	echo -e " 1 启用/关闭TG-BOT服务	\033[32m$bot_tg_service\033[0m"
+	echo -e " 2 TG-BOT绑定设置	\033[32m$TG_CHATID_info\033[0m"
+	echo -e " 3 启动时推送菜单	\033[32m$TG_menupush\033[0m"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		. "$GT_CFG_PATH"
+		if [ -n "$TG_CHATID" ];then
+			set_bot_tg_service
+		else
+			echo -e "\033[31m请先绑定TG-BOT！\033[0m"
+		fi
+		sleep 1
+		set_bot_tg
+	;;
+	2)
+		if [ -n "$chat_ID" ] && [ -n "$push_TG" ] && [ "$push_TG" != 'publictoken' ]; then
+			read -p "检测到已经绑定了TG推送BOT，是否直接使用？(1/0) > " res
+			if [ "$res" = 1 ]; then
+				TOKEN="$push_TG"
+				set_bot_tg_config
+				set_bot_tg
+				return
+			fi
+		fi
+		set_bot_tg_init
+		set_bot_tg
+	;;
+	3)
+		if [ "$TG_menupush" = ON ];then
+			TG_menupush=OFF
+		else
+			TG_menupush=ON
+		fi
+		setconfig TG_menupush "$TG_menupush" "$GT_CFG_PATH"
+		set_bot_tg
+	;;
+	*)
+		errornum
+	;;
+	esac		
+}
+#自定义入站
+set_vmess(){
+	echo "-----------------------------------------------"
+	echo -e "\033[31m注意：\033[0m设置的端口会添加到公网访问防火墙并自动放行！\n      脚本只提供基础功能，更多需求请用自定义配置文件功能！"
+	echo -e "      \033[31m切勿用于搭建违法翻墙节点，违者后果自负！\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 1 \033[32m启用/关闭\033[0mVmess入站	\033[32m$vms_service\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 2 设置\033[36m监听端口\033[0m：	\033[36m$vms_port\033[0m"
+	echo -e " 3 设置\033[33mWS-path(可选)\033[0m：	\033[33m$vms_ws_path\033[0m"
+	echo -e " 4 设置\033[36m秘钥-uuid\033[0m：	\033[36m$vms_uuid\033[0m"
+	echo -e " 5 一键生成\033[32m随机秘钥\033[0m"
+	echo -e " 6 设置\033[36m混淆host(可选)\033[0m：	\033[33m$vms_host\033[0m"
+	gen_base64 1 >/dev/null 2>&1 &&
+	echo -e " 7 一键生成\033[32m分享链接\033[0m"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ "$vms_service" = ON ];then
+			vms_service=OFF
+			setconfig vms_service "$vms_service"
+		else
+			if [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
+				vms_service=ON
+				setconfig vms_service "$vms_service"
+			else
+				echo -e "\033[31m请先完成必选设置！\033[0m"
+				sleep 1
+			fi
+		fi
+		set_vmess
+	;;
+	2)
+		read -p "请输入端口号(输入0删除) > " text
+		if [ "$text" = 0 ];then
+			vms_port=''
+			setconfig vms_port "" "$GT_CFG_PATH"
+		elif check_port "$text"; then
+			vms_port="$text"
+			setconfig vms_port "$text" "$GT_CFG_PATH"
+		else
+			sleep 1
+		fi
+		set_vmess
+	;;
+	3)
+		read -p "请输入ws-path路径(输入0删除) > " text
+		if [ "$text" = 0 ];then
+			vms_ws_path=''
+			setconfig vms_ws_path "" "$GT_CFG_PATH"
+		elif echo "$text" |grep -qE '^/';then
+			vms_ws_path="$text"
+			setconfig vms_ws_path "$text" "$GT_CFG_PATH"
+		else
+			echo -e "\033[31m不是合法的path路径，必须以【/】开头！\033[0m"
+			sleep 1
+		fi
+		set_vmess
+	;;
+	4)
+		read -p "请输入UUID(输入0删除) > " text
+		if [ "$text" = 0 ];then
+			vms_uuid=''
+			setconfig vms_uuid "" "$GT_CFG_PATH"
+		elif echo "$text" |grep -qiE '^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$';then
+			vms_uuid="$text"
+			setconfig vms_uuid "$text" "$GT_CFG_PATH"
+		else
+			echo -e "\033[31m不是合法的UUID格式，请重新输入或使用随机生成功能！\033[0m"
+			sleep 1
+		fi
+		set_vmess
+	;;
+	5)
+		vms_uuid=$(cat /proc/sys/kernel/random/uuid)
+		setconfig vms_uuid "$vms_uuid" "$GT_CFG_PATH"
+		sleep 1
+		set_vmess
+	;;
+	6)
+		read -p "请输入免流混淆host(输入0删除) > " text
+		if [ "$text" = 0 ];then
+			vms_host=''
+			setconfig vms_host "" "$GT_CFG_PATH"
+		else
+			vms_host="$text"
+			setconfig vms_host "$text" "$GT_CFG_PATH"
+		fi
+		set_vmess
+	;;
+	7)
+		read -p "请输入本机公网IP(4/6)或域名 > " host_wan
+		if [ -n "$host_wan" ] && [ -n "$vms_port" ] && [ -n "$vms_uuid" ];then
+			[ -n "$vms_ws_path" ] && vms_net=ws
+			vms_json=$(cat <<EOF
+{
+  "v": "2",
+  "ps": "ShellCrash_vms_in",
+  "add": "$host_wan",
+  "port": "$vms_port",
+  "id": "$vms_uuid",
+  "aid": "0",
+  "type": "auto",
+  "net": "$vms_net",
+  "path": "$vms_ws_path",
+  "host": "$vms_host"
+}
+EOF
+)
+			vms_link="vmess://$(gen_base64 "$vms_json")"
+			echo "-----------------------------------------------"
+			echo -e "你的分享链接是(请勿随意分享给他人):\n\033[32m$vms_link\033[0m"
+		else
+			echo -e "\033[31m请先完成必选设置！\033[0m"
+		fi
+		sleep 1
+		set_vmess
+	;;
+	*) errornum ;;
+	esac		
+}
+set_shadowsocks(){
+	echo "-----------------------------------------------"
+	echo -e "\033[31m注意：\033[0m设置的端口会添加到公网访问防火墙并自动放行！\n      脚本只提供基础功能，更多需求请用自定义配置文件功能！"
+	echo -e "      \033[31m切勿用于搭建违法翻墙节点，违者后果自负！\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 1 \033[32m启用/关闭\033[0mShadowSocks入站	\033[32m$sss_service\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 2 设置\033[36m监听端口\033[0m：	\033[36m$sss_port\033[0m"
+	echo -e " 3 选择\033[33m加密协议\033[0m：	\033[33m$sss_cipher\033[0m"
+	echo -e " 4 设置\033[36mpassword\033[0m：	\033[36m$sss_pwd\033[0m"
+	gen_base64 1 >/dev/null 2>&1 &&
+	echo -e " 5 一键生成分享链接"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ "$sss_service" = ON ];then
+			sss_service=OFF
+			setconfig sss_service "$sss_service"
+		else
+			if [ -n "$sss_port" ] && [ -n "$sss_cipher" ] && [ -n "$sss_pwd" ];then
+				sss_service=ON
+				setconfig sss_service "$sss_service"
+			else
+				echo -e "\033[31m请先完成必选设置！\033[0m"
+				sleep 1
+			fi
+		fi
+		set_shadowsocks
+	;;
+	2)
+		read -p "请输入端口号(输入0删除) > " text
+		if [ "$text" = 0 ];then
+			sss_port=''
+			setconfig sss_port "" "$GT_CFG_PATH"
+		elif check_port "$text"; then
+			sss_port="$text"
+			setconfig sss_port "$text" "$GT_CFG_PATH"
+		else
+			sleep 1
+		fi
+		set_shadowsocks
+	;;
+	3)
+		echo "-----------------------------------------------"
+		echo -e " 1 \033[32mxchacha20-ietf-poly1305\033[0m"
+		echo -e " 2 \033[32mchacha20-ietf-poly1305\033[0m"
+		echo -e " 3 \033[32maes-128-gcm\033[0m"
+		echo -e " 4 \033[32maes-256-gcm\033[0m"
+		gen_random 1 >/dev/null && {
+			echo "-----------------------------------------------"
+			echo -e "\033[31m注意：\033[0m2022系列加密必须使用随机生成的password！"
+			echo -e " 5 \033[32m2022-blake3-chacha20-poly1305\033[0m"
+			echo -e " 6 \033[32m2022-blake3-aes-128-gcm\033[0m"
+			echo -e " 7 \033[32m2022-blake3-aes-256-gcm\033[0m"
+		}
+		echo "-----------------------------------------------"
+		echo -e " 0 返回上级菜单"
+		read -p "请选择要使用的加密协议 > " num
+		case "$num" in
+		1)
+			sss_cipher=xchacha20-ietf-poly1305
+			sss_pwd=$(gen_random 16)
+		;;
+		2)
+			sss_cipher=chacha20-ietf-poly1305
+			sss_pwd=$(gen_random 16)
+		;;
+		3)
+			sss_cipher=aes-128-gcm
+			sss_pwd=$(gen_random 16)
+		;;
+		4)
+			sss_cipher=aes-256-gcm
+			sss_pwd=$(gen_random 16)
+		;;
+		5)
+			sss_cipher=2022-blake3-chacha20-poly1305
+			sss_pwd=$(gen_random 32)
+		;;
+		6)
+			sss_cipher=2022-blake3-aes-128-gcm
+			sss_pwd=$(gen_random 16)
+		;;
+		7)
+			sss_cipher=2022-blake3-aes-256-gcm
+			sss_pwd=$(gen_random 32)
+		;;
+		*)
+		;;
+		esac
+		setconfig sss_cipher "$sss_cipher" "$GT_CFG_PATH"
+		setconfig sss_pwd "$sss_pwd" "$GT_CFG_PATH"
+		set_shadowsocks
+	;;
+	4)
+		if echo "$sss_cipher" |grep -q '2022-blake3';then
+			echo -e "\033[31m注意：\033[0m2022系列加密必须使用脚本随机生成的password！"
+			sleep 1
+		else
+			read -p "请输入秘钥(输入0删除) > " text
+			[ "$text" = 0 ] && sss_pwd='' || sss_pwd="$text"
+			setconfig sss_pwd "$text" "$GT_CFG_PATH"
+		fi
+		set_shadowsocks
+	;;
+	5)
+		read -p "请输入本机公网IP(4/6)或域名 > " text
+		if [ -n "$text" ] && [ -n "$sss_port" ] && [ -n "$sss_cipher" ] && [ -n "$sss_pwd" ];then
+			ss_link="ss://$(gen_base64 "$sss_cipher":"$sss_pwd")@${text}:${sss_port}#ShellCrash_ss_in"
+			echo "-----------------------------------------------"
+			echo -e "你的分享链接是(请勿随意分享给他人):\n\033[32m$ss_link\033[0m"
+		else
+			echo -e "\033[31m请先完成必选设置！\033[0m"
+		fi
+		sleep 1
+		set_shadowsocks
+	;;
+	*) errornum ;;
+	esac		
+}
+#自定义端点
+set_tailscale(){
+	[ -n "$ts_auth_key" ] && ts_auth_key_info='*********'
+	echo "-----------------------------------------------"
+	echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译Tailscale模块\n如需使用请先前往自定义内核更新完整版内核文件！"
+	echo -e "创建秘钥:\033[32;4mhttps://login.tailscale.com/admin/settings/keys\033[0m"
+	echo -e "访问非本机目标需允许通告:\033[32;4mhttps://login.tailscale.com\033[0m"
+	echo -e "访问非本机目标需在终端设置使用Subnet或EXIT-NODE模式"
+	echo "-----------------------------------------------"
+	echo -e " 1 \033[32m启用/关闭\033[0mTailscale服务	\033[32m$ts_service\033[0m"
+	echo -e " 2 设置\033[36m秘钥\033[0m(Auth Key)		$ts_auth_key_info"
+	echo -e " 3 通告路由\033[33m内网地址\033[0m(Subnet)	\033[36m$ts_subnet\033[0m"
+	echo -e " 4 通告路由\033[31m全部流量\033[0m(EXIT-NODE)	\033[36m$ts_exit_node\033[0m"
+	echo -e " 5 设置\033[36m设备名称\033[0m(可选)		$ts_hostname"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ -n "$ts_auth_key" ];then
+			[ "$ts_service" = ON ] && ts_service=OFF || ts_service=ON
+			setconfig ts_service "$ts_service"
+		else
+			echo -e "\033[31m请先设置秘钥！\033[0m"
+			sleep 1
+		fi
+		set_tailscale
+	;;
+	2)
+		read -p "请输入秘钥(输入0删除) > " text
+		[ "$text" = 0 ] && unset ts_auth_key ts_auth_key_info || ts_auth_key="$text"
+		setconfig ts_auth_key "$ts_auth_key" "$GT_CFG_PATH"
+		set_tailscale
+	;;
+	3)
+		[ "$ts_subnet" = true ] && ts_subnet=false || ts_subnet=true
+		setconfig ts_subnet "$ts_subnet" "$GT_CFG_PATH"
+		set_tailscale
+	;;
+	4)
+		[ "$ts_exit_node" = true ] && ts_exit_node=false || {
+			ts_exit_node=true
+			echo -e "\033[31m注意：\033[0m目前exitnode的官方DNS有bug，要么启用域名嗅探并禁用TailscaleDNS，\n要么必须在网页设置Globalname servers为分配的本设备子网IP且启用override"
+			sleep 3
+		}
+		setconfig ts_exit_node "$ts_exit_node" "$GT_CFG_PATH"
+		set_tailscale
+	;;
+	5)
+		read -p "请输入希望在Tailscale显示的设备名称 > " ts_hostname
+		setconfig ts_hostname "$ts_hostname" "$GT_CFG_PATH"
+		set_tailscale
+	;;
+	*) errornum ;;
+	esac		
+}
+set_wireguard(){
+	[ -n "$wg_public_key" ] && wgp_key_info='*********' || unset wgp_key_info
+	[ -n "$wg_private_key" ] && wgv_key_info='*********' || unset wgv_key_info
+	[ -n "$wg_pre_shared_key" ] && wgpsk_key_info='*********' || unset wgpsk_key_info
+	echo "-----------------------------------------------"
+	echo -e "\033[31m注意：\033[0m脚本默认内核为了节约内存没有编译WireGuard模块\n如需使用请先前往自定义内核更新完整版内核文件！"
+	echo "-----------------------------------------------"
+	echo -e " 1 \033[32m启用/关闭\033[0mWireguard服务	\033[32m$wg_service\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 2 设置\033[36mEndpoint地址\033[0m：		\033[36m$wg_server\033[0m"
+	echo -e " 3 设置\033[36mEndpoint端口\033[0m：		\033[36m$wg_port\033[0m"
+	echo -e " 4 设置\033[36m公钥-PublicKey\033[0m：		\033[36m$wgp_key_info\033[0m"
+	echo -e " 5 设置\033[36m密钥-PresharedKey\033[0m：	\033[36m$wgpsk_key_info\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 6 设置\033[33m私钥-PrivateKey\033[0m：	\033[33m$wgv_key_info\033[0m"
+	echo -e " 7 设置\033[33m组网IPV4地址\033[0m：		\033[33m$wg_ipv4\033[0m"
+	echo -e " 8 可选\033[33m组网IPV6地址\033[0m：	\033[33m$wg_ipv6\033[0m"
+	echo -e " 0 返回上级菜单 \033[0m"
+	echo "-----------------------------------------------"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		if [ -n "$wg_server" ] && [ -n "$wg_port" ] && [ -n "$wg_public_key" ] && [ -n "$wg_pre_shared_key" ] && [ -n "$wg_private_key" ] && [ -n "$wg_ipv4" ];then
+			[ "$wg_service" = ON ] && wg_service=OFF || wg_service=ON
+			setconfig wg_service "$wg_service"
+		else
+			echo -e "\033[31m请先完成必选设置！\033[0m"
+			sleep 1
+		fi
+		set_wireguard
+	;;
+	[1-8])
+		read -p "请输入相应内容(回车或0删除) > " text
+		[ "$text" = 0 ] && text=''
+		case "$num" in
+		2)
+			wg_server="$text"
+			setconfig wg_server "$text" "$GT_CFG_PATH"
+		;;
+		3)
+			wg_port="$text"
+			setconfig wg_port "$text" "$GT_CFG_PATH"
+		;;
+		4)
+			wg_public_key="$text"
+			setconfig wg_public_key "$text" "$GT_CFG_PATH"
+		;;
+		5)
+			wg_pre_shared_key="$text"
+			setconfig wg_pre_shared_key "$text" "$GT_CFG_PATH"
+		;;
+		6)
+			wg_private_key="$text"
+			setconfig wg_private_key "$text" "$GT_CFG_PATH"
+		;;
+		7)
+			wg_ipv4="$text"
+			setconfig wg_ipv4 "$text" "$GT_CFG_PATH"
+		;;
+		8)
+			wg_ipv6="$text"
+			setconfig wg_ipv6 "$text" "$GT_CFG_PATH"
+		;;
+
+		esac
+		set_wireguard
+	;;
+	*) errornum ;;
+	esac		
+}
+
--- a/scripts/menus/8_tools.sh
+++ b/scripts/menus/8_tools.sh
@@ -0,0 +1,808 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ -n "$__IS_MODULE_8_TOOLS_LOADED" ] && return
+__IS_MODULE_8_TOOLS_LOADED=1
+
+. "$CRASHDIR"/libs/logger.sh
+. "$CRASHDIR"/libs/web_get_bin.sh
+
+stop_iptables() {
+	iptables -w -t nat -D PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 >/dev/null 2>&1
+	ip6tables -w -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 >/dev/null 2>&1
+}
+
+ssh_tools() {
+	while true; do
+		[ -n "$(cat /etc/firewall.user 2>&1 | grep '启用外网访问SSH服务')" ] && ssh_ol=禁止 || ssh_ol=开启
+		[ -z "$ssh_port" ] && ssh_port=10022
+		echo "-----------------------------------------------"
+		echo -e "\033[33m此功能仅针对使用Openwrt系统的设备生效，且不依赖服务\033[0m"
+		echo -e "\033[31m本功能不支持红米AX6S等镜像化系统设备，请勿尝试！\033[0m"
+		echo "-----------------------------------------------"
+		echo -e " 1 \033[32m修改\033[0m外网访问端口：\033[36m$ssh_port\033[0m"
+		echo -e " 2 \033[32m修改\033[0mSSH访问密码(请连续输入2次后回车)"
+		echo -e " 3 \033[33m$ssh_ol\033[0m外网访问SSH"
+		echo "-----------------------------------------------"
+		echo -e " 0 返回上级菜单 \033[0m"
+		echo "-----------------------------------------------"
+		read -p "请输入对应数字 > " num
+		case "$num" in
+		""|0) 
+			break
+			;;
+		1)
+			read -p "请输入端口号(1000-65535) > " num
+			if [ -z "$num" ]; then
+				errornum
+			elif [ $num -gt 65535 -o $num -le 999 ]; then
+				echo -e "\033[31m输入错误！请输入正确的数值(1000-65535)！\033[0m"
+			elif [ -n "$(netstat -ntul | grep :$num)" ]; then
+				echo -e "\033[31m当前端口已被其他进程占用，请重新输入！\033[0m"
+			else
+				ssh_port=$num
+				setconfig ssh_port $ssh_port
+				sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+				stop_iptables
+				echo -e "\033[32m设置成功，请重新开启外网访问SSH功能！！！\033[0m"
+			fi
+			sleep 1
+			;;
+		2)
+			passwd
+			sleep 1
+			;;
+		3)
+			if [ "$ssh_ol" = "开启" ]; then
+				iptables -w -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22
+				[ -n "$(ckcmd ip6tables)" ] && ip6tables -w -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22
+				echo "iptables -w -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >>/etc/firewall.user
+				[ -n "$(ckcmd ip6tables)" ] && echo "ip6tables -w -t nat -A PREROUTING -p tcp -m multiport --dports $ssh_port -j REDIRECT --to-ports 22 #启用外网访问SSH服务" >>/etc/firewall.user
+				echo "-----------------------------------------------"
+				echo -e "已开启外网访问SSH功能！"
+			else
+				sed -i "/启用外网访问SSH服务/d" /etc/firewall.user
+				stop_iptables
+				echo "-----------------------------------------------"
+				echo -e "已禁止外网访问SSH！"
+			fi
+			break
+			;;
+		*)
+			errornum
+			sleep 1
+			break
+			;;
+		esac
+	done
+}
+
+#工具与优化
+tools() {
+	while true; do
+	    #获取设置默认显示
+	    grep -qE "^\s*[^#].*otapredownload" /etc/crontabs/root >/dev/null 2>&1 && mi_update=禁用 || mi_update=启用
+	    [ "$mi_mi_autoSSH" = "已配置" ] && mi_mi_autoSSH_type=32m已配置 || mi_mi_autoSSH_type=31m未配置
+	    [ -f "$CRASHDIR"/tools/tun.ko ] && mi_tunfix=32mON || mi_tunfix=31mOFF
+	
+	    echo "-----------------------------------------------"
+	    echo -e "\033[30;47m欢迎使用其他工具菜单：\033[0m"
+	    echo -e "\033[33m本页工具可能无法兼容全部Linux设备，请酌情使用！\033[0m"
+	    echo -e "磁盘占用/所在目录："
+	    du -sh "$CRASHDIR"
+	    echo "-----------------------------------------------"
+	    echo -e " 1 ShellCrash\033[33m测试菜单\033[0m"
+	    echo -e " 2 ShellCrash\033[32m新手引导\033[0m"
+	    echo -e " 3 \033[36m日志及推送工具\033[0m"
+	    [ -f /etc/firewall.user ] && echo -e " 4 \033[32m配置\033[0m外网访问SSH"
+	    [ -x /usr/sbin/otapredownload ] && echo -e " 5 \033[33m$mi_update\033[0m小米系统自动更新"
+	    [ "$systype" = "mi_snapshot" ] && echo -e " 6 小米设备软固化SSH ———— \033[$mi_mi_autoSSH_type \033[0m"
+	    [ "$systype" = "mi_snapshot" ] && echo -e " 8 小米设备Tun模块修复 ———— \033[$mi_tunfix \033[0m"
+	    echo "-----------------------------------------------"
+	    echo -e " 0 返回上级菜单"
+	    echo "-----------------------------------------------"
+	    read -p "请输入对应数字 > " num
+		case "$num" in
+	    ""|0)
+			break
+	        ;;
+	    1)
+	        testcommand
+			break
+	        ;;
+	    2)
+	        userguide
+			break
+	        ;;
+	    3)
+	        log_pusher
+	        ;;
+	    4)
+			ssh_tools
+			sleep 1
+	        ;;
+	    5)
+	        if [ -x /usr/sbin/otapredownload ]; then
+	            if [ "$mi_update" = "禁用" ]; then
+	                grep -q "otapredownload" /etc/crontabs/root &&
+	                    sed -i "/^[^\#]*otapredownload/ s/^/#/" /etc/crontabs/root ||
+	                    echo "#15 3,4,5 * * * /usr/sbin/otapredownload >/dev/null 2>&1" >>/etc/crontabs/root
+	            else
+	                grep -q "otapredownload" /etc/crontabs/root &&
+	                    sed -i "/^\s*#.*otapredownload/ s/^\s*#//" /etc/crontabs/root ||
+	                    echo "15 3,4,5 * * * /usr/sbin/otapredownload >/dev/null 2>&1" >>/etc/crontabs/root
+	            fi
+	            echo "-----------------------------------------------"
+	            echo -e "已\033[33m$mi_update\033[0m小米路由器的自动更新，如未生效，请在官方APP中同步设置！"
+	            sleep 1
+	        fi
+	        ;;
+	    6)
+	        if [ "$systype" = "mi_snapshot" ]; then
+	            mi_autoSSH
+	        else
+	            echo "不支持的设备！"
+	        fi
+	        ;;
+	    7)
+	        echo "-----------------------------------------------"
+	        if [ ! -f "$CRASHDIR"/tools/ShellDDNS.sh ]; then
+	            echo -e "正在获取在线脚本……"
+	            get_bin "$TMPDIR"/ShellDDNS.sh tools/ShellDDNS.sh
+	            if [ "$?" = "0" ]; then
+	                mv -f "$TMPDIR"/ShellDDNS.sh "$CRASHDIR"/tools/ShellDDNS.sh
+	                . "$CRASHDIR"/tools/ShellDDNS.sh
+	            else
+	                echo -e "\033[31m文件下载失败！\033[0m"
+	            fi
+	        else
+	            . "$CRASHDIR"/tools/ShellDDNS.sh
+	        fi
+	        sleep 1
+	        ;;
+	    8)
+	        if [ -f "$CRASHDIR"/tools/tun.ko ]; then
+	            read -p "是否禁用此功能并移除相关补丁？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                rm -rf "$CRASHDIR"/tools/tun.ko
+	                echo -e "\033[33m补丁文件已移除，请立即重启设备以防止出错！\033[0m"
+	            }
+	        elif ckcmd modinfo && [ -z "$(modinfo tun)" ]; then
+	            echo -e "\033[33m本功能需要修改系统文件，不保证没有任何风险！\033[0m"
+	            echo -e "\033[33m本功能采集的Tun模块并不一定适用于你的设备！\033[0m"
+	            sleep 1
+	            read -p "我已知晓，出现问题会自行承担！(1/0) > " res
+	            if [ "$res" = 1 ]; then
+	                echo "-----------------------------------------------"
+	                echo "正在连接服务器获取Tun模块补丁文件…………"
+	                get_bin "$TMPDIR"/tun.ko bin/fix/tun.ko
+	                if [ "$?" = "0" ]; then
+	                    mv -f "$TMPDIR"/tun.ko "$CRASHDIR"/tools/tun.ko &&
+	                        /data/shellcrash_init.sh tunfix &&
+	                        echo -e "\033[32m设置成功！请重启服务！\033[0m"
+	                else
+	                    echo -e "\033[31m文件下载失败，请重试！\033[0m"
+	                fi
+	            fi
+	        else
+	            echo -e "\033[31m当前设备无需设置，请勿尝试！\033[0m"
+	            sleep 1
+	        fi
+	        ;;
+	    *)
+	        errornum
+			sleep 1
+			break
+	        ;;
+	    esac
+	done
+}
+
+mi_autoSSH() {
+    echo "-----------------------------------------------"
+    echo -e "\033[33m本功能使用软件命令进行固化不保证100%成功！\033[0m"
+    echo -e "\033[33m如有问题请加群反馈：\033[36;4mhttps://t.me/ShellClash\033[0m"
+    read -p "请输入需要还原的SSH密码(不影响当前密码,回车可跳过) > " mi_mi_autoSSH_pwd
+    mi_mi_autoSSH=已配置
+    cp -f /etc/dropbear/dropbear_rsa_host_key "$CRASHDIR"/configs/dropbear_rsa_host_key 2>/dev/null
+    cp -f /etc/dropbear/authorized_keys "$CRASHDIR"/configs/authorized_keys 2>/dev/null
+    ckcmd nvram && {
+        nvram set ssh_en=1
+        nvram set telnet_en=1
+        nvram set uart_en=1
+        nvram set boot_wait=on
+        nvram commit
+    }
+    echo -e "\033[32m设置成功！\033[0m"
+    setconfig mi_mi_autoSSH $mi_mi_autoSSH
+    setconfig mi_mi_autoSSH_pwd $mi_mi_autoSSH_pwd
+    sleep 1
+}
+
+#日志菜单
+log_pusher() {
+	while true; do
+	    [ -n "$push_TG" ] && stat_TG=32mON || stat_TG=33mOFF
+	    [ -n "$push_Deer" ] && stat_Deer=32mON || stat_Deer=33mOFF
+	    [ -n "$push_bark" ] && stat_bark=32mON || stat_bark=33mOFF
+	    [ -n "$push_Po" ] && stat_Po=32mON || stat_Po=33mOFF
+	    [ -n "$push_PP" ] && stat_PP=32mON || stat_PP=33mOFF
+	    [ -n "$push_SynoChat" ] && stat_SynoChat=32mON || stat_SynoChat=33mOFF
+	    [ -n "$push_Gotify" ] && stat_Gotify=32mON || stat_Gotify=33mOFF
+	    [ "$task_push" = 1 ] && stat_task=32mON || stat_task=33mOFF
+	    [ -n "$device_name" ] && device_s=32m$device_name || device_s=33m未设置
+	    echo "-----------------------------------------------"
+	    echo -e " 1 Telegram推送	——\033[$stat_TG\033[0m"
+	    echo -e " 2 PushDeer推送	——\033[$stat_Deer\033[0m"
+	    echo -e " 3 Bark推送-IOS	——\033[$stat_bark\033[0m"
+	    echo -e " 4 Passover推送	——\033[$stat_Po\033[0m"
+	    echo -e " 5 PushPlus推送	——\033[$stat_PP\033[0m"
+	    echo -e " 6 SynoChat推送	——\033[$stat_SynoChat\033[0m"
+	    echo -e " 7 Gotify推送	——\033[$stat_Gotify\033[0m"
+	    echo "-----------------------------------------------"
+	    echo -e " a 查看\033[36m运行日志\033[0m"
+	    echo -e " b 推送任务日志	——\033[$stat_task\033[0m"
+	    echo -e " c 设置设备名称	——\033[$device_s\033[0m"
+	    echo -e " d 清空日志文件"
+	    echo "-----------------------------------------------"
+		echo -e " 0 返回上级菜单"
+		echo "-----------------------------------------------"
+	    read -p "请输入对应数字 > " num
+	    case "$num" in
+		""|0)
+			break
+			;;
+	    1)
+	        echo "-----------------------------------------------"
+	        if [ -n "$push_TG" ]; then
+	            read -p "确认关闭TG日志推送？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                push_TG=
+	                chat_ID=
+	                setconfig push_TG
+	                setconfig chat_ID
+	            }
+	        else
+	            #echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
+	            . "$CRASHDIR"/menus/bot_tg_bind.sh
+	            chose_bot() {
+	                echo "-----------------------------------------------"
+	                echo -e " 1 使用公共机器人	——不依赖内核服务"
+	                echo -e " 2 使用私人机器人	——需要额外申请"
+	                echo "-----------------------------------------------"
+	                read -p "请输入对应数字 > " num
+	                case $num in
+	                1)
+	                    public_bot
+	                    set_bot && tg_push_token || chose_bot
+	            	;;
+	                2)
+	                    private_bot
+	                    set_bot && tg_push_token || chose_bot
+	            	;;
+	                *)
+	                    errornum
+	            	;;
+	                esac
+	            }
+	            chose_bot
+	        fi
+	        sleep 1
+			;;
+	    2)
+	        echo "-----------------------------------------------"
+	        if [ -n "$push_Deer" ]; then
+	            read -p "确认关闭PushDeer日志推送？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                push_Deer=
+	                setconfig push_Deer
+	            }
+	        else
+	            #echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
+	            echo -e "请先前往 \033[32;4mhttp://www.pushdeer.com/official.html\033[0m 扫码安装快应用或下载APP"
+	            echo -e "打开快应用/APP，并完成登陆"
+	            echo -e "\033[33m切换到「设备」标签页，点击右上角的加号，注册当前设备\033[0m"
+	            echo -e "\033[36m切换到「秘钥」标签页，点击右上角的加号，创建一个秘钥，并复制\033[0m"
+	            echo "-----------------------------------------------"
+	            read -p "请输入你复制的秘钥 > " url
+	            if [ -n "$url" ]; then
+	                push_Deer=$url
+	                setconfig push_Deer $url
+	                logger "已完成PushDeer日志推送设置！" 32
+	            else
+	                echo -e "\033[31m输入错误，请重新输入！\033[0m"
+	            fi
+	            sleep 1
+	        fi
+			;;
+	    3)
+	        echo "-----------------------------------------------"
+	        if [ -n "$push_bark" ]; then
+	            read -p "确认关闭Bark日志推送？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                push_bark=
+	                bark_param=
+	                setconfig push_bark
+	                setconfig bark_param
+	            }
+	        else
+	            #echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
+	            echo -e "\033[33mBark推送仅支持IOS系统，其他平台请使用其他推送方式！\033[0m"
+	            echo -e "\033[32m请安装Bark-IOS客户端，并在客户端中找到专属推送链接\033[0m"
+	            echo "-----------------------------------------------"
+	            read -p "请输入你的Bark推送链接 > " url
+	            if [ -n "$url" ]; then
+	                push_bark=$url
+	                setconfig push_bark $url
+	                logger "已完成Bark日志推送设置！" 32
+	            else
+	                echo -e "\033[31m输入错误，请重新输入！\033[0m"
+	            fi
+	            sleep 1
+	        fi
+			;;
+	    4)
+	        echo "-----------------------------------------------"
+	        if [ -n "$push_Po" ]; then
+	            read -p "确认关闭Pushover日志推送？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                push_Po=
+	                push_Po_key=
+	                setconfig push_Po
+	                setconfig push_Po_key
+	            }
+	        else
+	            #echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
+	            echo -e "请先通过 \033[32;4mhttps://pushover.net/\033[0m 注册账号并获取\033[36mUser Key\033[0m"
+	            echo "-----------------------------------------------"
+	            read -p "请输入你的User Key > " key
+	            if [ -n "$key" ]; then
+	                echo "-----------------------------------------------"
+	                echo -e "\033[33m请检查注册邮箱，完成账户验证\033[0m"
+	                read -p "我已经验证完成(1/0) > "
+	                echo "-----------------------------------------------"
+	                echo -e "请通过 \033[32;4mhttps://pushover.net/apps/build\033[0m 生成\033[36mAPI Token\033[0m"
+	                echo "-----------------------------------------------"
+	                read -p "请输入你的API Token > " Token
+	                if [ -n "$Token" ]; then
+	                    push_Po=$Token
+	                    push_Po_key=$key
+	                    setconfig push_Po $Token
+	                    setconfig push_Po_key $key
+	                    logger "已完成Passover日志推送设置！" 32
+	                else
+	                    echo -e "\033[31m输入错误，请重新输入！\033[0m"
+	                fi
+	            else
+	                echo -e "\033[31m输入错误，请重新输入！\033[0m"
+	            fi
+	        fi
+	        sleep 1
+			;;
+	    5)
+	        echo "-----------------------------------------------"
+	        if [ -n "$push_PP" ]; then
+	            read -p "确认关闭PushPlus日志推送？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                push_PP=
+	                setconfig push_PP
+	            }
+	        else
+	            #echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
+	            echo -e "请先通过 \033[32;4mhttps://www.pushplus.plus/push1.html\033[0m 注册账号并获取\033[36mtoken\033[0m"
+	            echo "-----------------------------------------------"
+	            read -p "请输入你的token > " Token
+	            if [ -n "$Token" ]; then
+	                push_PP=$Token
+	                setconfig push_PP $Token
+	                logger "已完成PushPlus日志推送设置！" 32
+	            else
+	                echo -e "\033[31m输入错误，请重新输入！\033[0m"
+	            fi
+	        fi
+	        sleep 1
+			;;
+	    6)
+	        echo "-----------------------------------------------"
+	        if [ -n "$push_SynoChat" ]; then
+	            read -p "确认关闭SynoChat日志推送？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                push_SynoChat=
+	                setconfig push_SynoChat
+	            }
+	        else
+	            echo "-----------------------------------------------"
+	            read -p "请输入你的Synology DSM主页地址 > " URL
+	            echo "-----------------------------------------------"
+	            read -p "请输入你的Synology Chat Token > " TOKEN
+	            echo "-----------------------------------------------"
+	            echo -e '请通过"你的群晖地址/webapi/entry.cgi?api=SYNO.Chat.External&method=user_list&version=2&token=你的TOKEN"获取user_id'
+	            echo "-----------------------------------------------"
+	            read -p "请输入你的user_id > " USERID
+	            if [ -n "$URL" ]; then
+	                push_SynoChat=$USERID
+	                setconfig push_SynoChat $USERID
+	                setconfig push_ChatURL $URL
+	                setconfig push_ChatTOKEN $TOKEN
+	                setconfig push_ChatUSERID $USERID
+	                logger "已完成SynoChat日志推送设置！" 32
+	            else
+	                echo -e "\033[31m输入错误，请重新输入！\033[0m"
+	                setconfig push_ChatURL
+	                setconfig push_ChatTOKEN
+	                setconfig push_ChatUSERID
+	                push_SynoChat=
+	                setconfig push_SynoChat
+	            fi
+	        fi
+	        sleep 1
+			;;
+	    # 在menu.sh的case $num in代码块中添加
+	    7)
+	        echo "-----------------------------------------------"
+	        if [ -n "$push_Gotify" ]; then
+	            read -p "确认关闭Gotify日志推送？(1/0) > " res
+	            [ "$res" = 1 ] && {
+	                push_Gotify=
+	                setconfig push_Gotify
+	            }
+	        else
+	            echo -e "请先通过Gotify服务器获取推送URL"
+	            echo -e "格式示例: https://gotify.example.com/message?token=你的应用令牌"
+	            echo "-----------------------------------------------"
+	            read -p "请输入你的Gotify推送URL > " url
+	            if [ -n "$url" ]; then
+	                push_Gotify=$url
+	                setconfig push_Gotify "$url"
+	                logger "已完成Gotify日志推送设置！" 32
+	            else
+	                echo -e "\033[31m输入错误，请重新输入！\033[0m"
+	            fi
+	        fi
+	        sleep 1
+			;;
+		a)
+			if [ -s "$TMPDIR"/ShellCrash.log ]; then
+				echo "-----------------------------------------------"
+				cat "$TMPDIR"/ShellCrash.log
+				exit 0
+			else
+				echo -e "\033[31m未找到相关日志！\033[0m"
+			fi
+			sleep 1
+			break
+			;;
+	    b)
+	        [ "$task_push" = 1 ] && task_push='' || task_push=1
+	        setconfig task_push $task_push
+	        sleep 1
+			;;
+	    c)
+	        read -p "请输入本设备自定义推送名称 > " device_name
+	        setconfig device_name $device_name
+	        sleep 1
+			;;
+	    d)
+	        echo -e "\033[33m运行日志及任务日志均已清空！\033[0m"
+	        rm -rf "$TMPDIR"/ShellCrash.log
+	        sleep 1
+			;;
+	    *)
+			errornum
+			sleep 1
+			break
+			;;
+	    esac
+	done
+}
+
+#测试菜单
+testcommand(){
+	echo "-----------------------------------------------"
+	echo -e "\033[30;47m这里是测试命令菜单\033[0m"
+	echo -e "\033[33m如遇问题尽量运行相应命令后截图提交issue或TG讨论组\033[0m"
+	echo "-----------------------------------------------"
+	echo " 1 Debug模式运行内核"
+	echo " 2 查看系统DNS端口(:53)占用 "
+	echo " 3 测试ssl加密(aes-128-gcm)跑分"
+	echo " 4 查看ShellCrash相关路由规则"
+	echo " 5 查看内核配置文件前40行"
+	echo " 6 测试代理服务器连通性(google.tw)"
+	echo "-----------------------------------------------"
+	echo " 0 返回上级目录！"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0)
+		main_menu
+		;;
+	1)
+		debug
+		testcommand
+	    ;;
+	2)
+		echo "-----------------------------------------------"
+		netstat -ntulp |grep 53
+		echo "-----------------------------------------------"
+		echo -e "可以使用\033[44m netstat -ntulp |grep xxx \033[0m来查询任意(xxx)端口"
+		exit;
+	    ;;
+	3)
+		echo "-----------------------------------------------"
+		openssl speed -multi 4 -evp aes-128-gcm
+		echo "-----------------------------------------------"
+		exit;
+	    ;;
+	4)
+		if [ "$firewall_mod" = "nftables" ];then
+			nft list table inet shellcrash | sed '/set cn_ip {/,/}/d;/set cn_ip6 {/,/}/d;/^[[:space:]]*}/d'
+		else
+			[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 -o "$vm_redir" = "ON" ] && {
+				echo "----------------Redir+DNS---------------------"
+				iptables -t nat -L PREROUTING --line-numbers
+				iptables -t nat -L shellcrash_dns --line-numbers
+				[ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash --line-numbers
+				[ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && {
+					echo "----------------Tun/Tproxy-------------------"
+					iptables -t mangle -L PREROUTING --line-numbers
+					iptables -t mangle -L shellcrash_mark --line-numbers
+				}
+			}
+			[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && {
+				echo "-------------OUTPUT-Redir+DNS----------------"
+				iptables -t nat -L OUTPUT --line-numbers
+				iptables -t nat -L shellcrash_dns_out --line-numbers
+				[ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && iptables -t nat -L shellcrash_out --line-numbers
+				[ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && {
+					echo "------------OUTPUT-Tun/Tproxy---------------"
+					iptables -t mangle -L OUTPUT --line-numbers
+					iptables -t mangle -L shellcrash_mark_out --line-numbers
+				}
+			}
+			[ "$ipv6_redir" = "ON" ] && {
+				[ "$firewall_area" = 1 -o "$firewall_area" = 3 ] && {
+					ip6tables -t nat -L >/dev/null 2>&1 && {
+						echo "-------------IPV6-Redir+DNS-------------------"
+						ip6tables -t nat -L PREROUTING --line-numbers
+						ip6tables -t nat -L shellcrashv6_dns --line-numbers
+						[ -n "$(echo $redir_mod | grep -E 'Redir模式|混合模式')" ] && ip6tables -t nat -L shellcrashv6 --line-numbers
+					}
+					[ -n "$(echo $redir_mod | grep -E 'Tproxy模式|混合模式|Tun模式')" ] && {
+						echo "-------------IPV6-Tun/Tproxy------------------"
+						ip6tables -t mangle -L PREROUTING --line-numbers
+						ip6tables -t mangle -L shellcrashv6_mark --line-numbers
+					}
+				}
+			}
+			[ "$vm_redir" = "ON" ] && {
+						echo "-------------vm-Redir-------------------"
+						iptables -t nat -L shellcrash_vm --line-numbers
+						iptables -t nat -L shellcrash_vm_dns --line-numbers
+			}
+			echo "----------------本机防火墙---------------------"
+			iptables -L INPUT --line-numbers
+		fi
+		exit;
+	    ;;
+	5)
+        echo "$crashcore" | grep -q 'singbox' && config_path="$CRASHDIR"/jsons/config.json || config_path="$CRASHDIR"/yamls/config.yaml
+		echo "-----------------------------------------------"
+        sed -n '1,40p' "$config_path"
+		echo "-----------------------------------------------"
+		exit;
+		;;
+	6)
+		echo "注意：依赖curl(不支持wget)，且测试结果不保证一定准确！"
+		delay=`curl -kx ${authentication}@127.0.0.1:$mix_port -o /dev/null -s -w '%{time_starttransfer}' 'https://google.tw' & { sleep 3 ; kill $! >/dev/null 2>&1 & }` > /dev/null 2>&1
+		delay=`echo |awk "{print $delay*1000}"` > /dev/null 2>&1
+		echo "-----------------------------------------------"
+		if [ `echo ${#delay}` -gt 1 ];then
+			echo -e "\033[32m连接成功！响应时间为："$delay" ms\033[0m"
+		else
+			echo -e "\033[31m连接超时！请重试或检查节点配置！\033[0m"
+		fi
+		main_menu
+		;;
+	*)
+		errornum
+		main_menu
+	    ;;
+	esac
+}
+debug(){
+	echo "$crashcore" | grep -q 'singbox' && config_tmp="$TMPDIR"/jsons || config_tmp="$TMPDIR"/config.yaml
+	echo "-----------------------------------------------"
+	echo -e "\033[36m注意：Debug运行均会停止原本的内核服务\033[0m"
+	echo -e "后台运行日志地址：\033[32m$TMPDIR/debug.log\033[0m"
+	echo -e "如长时间运行后台监测，日志等级推荐error！防止文件过大！"
+	echo -e "你也可以通过：\033[33mcrash -s debug 'warning'\033[0m 命令使用其他日志等级"
+	echo "-----------------------------------------------"
+	echo -e " 1 仅测试\033[32m$config_tmp\033[0m配置文件可用性"
+	echo -e " 2 前台运行\033[32m$config_tmp\033[0m配置文件,不配置防火墙劫持(\033[33m使用Ctrl+C手动停止\033[0m)"
+	echo -e " 3 后台运行完整启动流程,并配置防火墙劫持,日志等级:\033[31merror\033[0m"
+	echo -e " 4 后台运行完整启动流程,并配置防火墙劫持,日志等级:\033[32minfo\033[0m"
+	echo -e " 5 后台运行完整启动流程,并配置防火墙劫持,日志等级:\033[33mdebug\033[0m"
+	echo -e " 6 后台运行完整启动流程,并配置防火墙劫持,且将错误日志打印到闪存：\033[32m$CRASHDIR/debug.log\033[0m"
+	echo "-----------------------------------------------"
+	echo -e " 8 后台运行完整启动流程,输出执行错误并查找上下文,之后关闭进程"
+	[ -s "$TMPDIR"/jsons/inbounds.json ] && echo -e " 9 将\033[32m$config_tmp\033[0m下json文件合并为$TMPDIR/debug.json"
+	echo "-----------------------------------------------"
+	echo " 0 返回上级目录！"
+	read -p "请输入对应数字 > " num
+	case "$num" in
+	0) ;;
+	1)
+		"$CRASHDIR"/start.sh stop
+		"$CRASHDIR"/start.sh bfstart
+		if echo "$crashcore" | grep -q 'singbox' ;then
+			"$TMPDIR"/CrashCore run -D "$BINDIR" -C "$TMPDIR"/jsons &
+			{ sleep 4 ; kill $! >/dev/null 2>&1 & }
+			wait
+		else
+			"$TMPDIR"/CrashCore -t -d "$BINDIR" -f "$TMPDIR"/config.yaml
+		fi
+		rm -rf "$TMPDIR"/CrashCore
+		echo "-----------------------------------------------"
+		exit
+	;;
+	2)
+		"$CRASHDIR"/start.sh stop
+		"$CRASHDIR"/start.sh bfstart
+		$COMMAND
+		rm -rf "$TMPDIR"/CrashCore
+		echo "-----------------------------------------------"
+		exit
+	;;
+	3)
+		"$CRASHDIR"/start.sh debug error
+		main_menu
+	;;
+	4)
+		"$CRASHDIR"/start.sh debug info
+		main_menu
+	;;
+	5)
+		"$CRASHDIR"/start.sh debug debug
+		main_menu
+	;;
+	6)
+		echo -e "频繁写入闪存会导致闪存寿命降低，如非遇到会导致设备死机或重启的bug，请勿使用此功能！"
+		read -p "是否继续？(1/0) > " res
+		[ "$res" = 1 ] && "$CRASHDIR"/start.sh debug debug flash
+		main_menu
+	;;
+	8)
+		$0 -d
+		main_menu
+	;;
+	9)
+		. "$CRASHDIR"/libs/core_webget.sh && core_find && "$TMPDIR"/CrashCore merge "$TMPDIR"/debug.json -C "$TMPDIR"/jsons && echo -e "\033[32m合并成功！\033[0m"
+		[ "$TMPDIR" = "$BINDIR" ] && rm -rf "$TMPDIR"/CrashCore
+		main_menu
+	;;
+	*)
+		errornum
+	;;
+	esac
+}
+
+#新手引导
+userguide(){
+	. "$CRASHDIR"/libs/check_dir_avail.sh
+	forwhat(){
+		echo "-----------------------------------------------"
+		echo -e "\033[30;46m 欢迎使用ShellCrash新手引导！ \033[0m"
+		echo "-----------------------------------------------"
+		echo -e "\033[33m请先选择你的使用环境： \033[0m"
+		echo -e "\033[0m(你之后依然可以在设置中更改各种配置)\033[0m"
+		echo "-----------------------------------------------"
+		echo -e " 1 \033[32m路由设备配置局域网透明代理\033[0m"
+		echo -e " 2 \033[36mLinux设备仅配置本机代理\033[0m"
+		[ -f "$CFG_PATH.bak" ] && echo -e " 3 \033[33m还原之前备份的设置\033[0m"
+		echo "-----------------------------------------------"
+		read -p "请输入对应数字 > " num
+		case "$num" in
+		1)
+			#设置运行模式
+			redir_mod="混合模式"
+			[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && {
+				if grep -qE '^TPROXY$' /proc/net/ip_tables_targets || modprobe xt_TPROXY >/dev/null 2>&1; then
+					redir_mod="Tproxy模式"
+				else
+					redir_mod="Redir模式"
+				fi
+			}
+			[ -z "$crashcore" ] && crashcore=meta
+			setconfig crashcore "$crashcore"
+			setconfig redir_mod "$redir_mod"
+			setconfig dns_mod mix
+			setconfig firewall_area '1'
+			#默认启用绕过CN-IP
+			setconfig cn_ip_route ON
+			#自动识别IPV6
+			[ -n "$(ip a 2>&1 | grep -w 'inet6' | grep -E 'global' | sed 's/.*inet6.//g' | sed 's/scope.*$//g')" ] && {
+				setconfig ipv6_redir ON
+				setconfig ipv6_support ON
+				setconfig ipv6_dns ON
+				setconfig cn_ipv6_route ON
+			}
+			#设置开机启动
+			[ -f /etc/rc.common -a "$(cat /proc/1/comm)" = "procd" ] && /etc/init.d/shellcrash enable
+			ckcmd systemctl && [ "$(cat /proc/1/comm)" = "systemd" ] && systemctl enable shellcrash.service > /dev/null 2>&1
+			rm -rf "$CRASHDIR"/.dis_startup
+			autostart=enable
+			#检测IP转发
+			if [ "$(cat /proc/sys/net/ipv4/ip_forward)" = "0" ];then
+				echo "-----------------------------------------------"
+				echo -e "\033[33m检测到你的设备尚未开启ip转发，局域网设备将无法正常连接网络，是否立即开启？\033[0m"
+				read -p "是否开启？(1/0) > " res
+				[ "$res" = 1 ] && {
+					echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
+					sysctl -w net.ipv4.ip_forward=1
+				} && echo "已成功开启ipv4转发，如未正常开启，请手动重启设备！" || echo "开启失败！请自行谷歌查找当前设备的开启方法！"
+			fi
+			#禁止docker启用的net.bridge.bridge-nf-call-iptables
+			sysctl -w net.bridge.bridge-nf-call-iptables=0 > /dev/null 2>&1
+			sysctl -w net.bridge.bridge-nf-call-ip6tables=0 > /dev/null 2>&1
+			;;
+		2)
+			setconfig redir_mod "Redir模式"
+			[ -n "$(echo $cputype | grep -E "linux.*mips.*")" ] && setconfig crashcore "clash"
+			setconfig common_ports "OFF"
+			setconfig firewall_area '2'
+		    ;;
+		3)
+			mv -f $CFG_PATH.bak $CFG_PATH
+			echo -e "\033[32m脚本设置已还原！\033[0m"
+			echo -e "\033[33m请重新启动脚本！\033[0m"
+			exit 0
+			;;
+		*)
+			errornum
+			forwhat
+			;;
+		esac
+	}
+	forwhat
+	#检测小内存模式
+	dir_size=$(dir_avail "$CRASHDIR")
+	if [ "$dir_size" -lt 10240 ];then
+		echo "-----------------------------------------------"
+		echo -e "\033[33m检测到你的安装目录空间不足10M，是否开启小闪存模式？\033[0m"
+		echo -e "\033[0m开启后核心及数据库文件将被下载到内存中，这将占用一部分内存空间\033[0m"
+		echo -e "\033[0m每次开机后首次运行服务时都会自动的重新下载相关文件\033[0m"
+		echo "-----------------------------------------------"
+		read -p "是否开启？(1/0) > " res
+		[ "$res" = 1 ] && {
+			BINDIR=/tmp/ShellCrash
+			setconfig BINDIR /tmp/ShellCrash "$CRASHDIR"/configs/command.env
+		}
+	fi
+	#启用推荐的自动任务配置
+	. "$CRASHDIR"/menus/5_task.sh && task_recom
+	#小米设备软固化
+	if [ "$systype" = "mi_snapshot" ];then
+		echo "-----------------------------------------------"
+		echo -e "\033[33m检测到为小米路由设备，启用软固化可防止路由升级后丢失SSH\033[0m"
+		read -p "是否启用软固化功能？(1/0) > " res
+		[ "$res" = 1 ] && mi_autoSSH
+	fi
+	#提示导入订阅或者配置文件
+	[ ! -s "$CRASHDIR"/yamls/config.yaml -a ! -s "$CRASHDIR"/jsons/config.json ] && {
+		echo "-----------------------------------------------"
+		echo -e "\033[32m是否导入配置文件？\033[0m(这是运行前的最后一步)"
+		echo -e "\033[0m你必须拥有一份配置文件才能运行服务！\033[0m"
+		echo "-----------------------------------------------"
+		read -p "现在开始导入？(1/0) > " res
+		[ "$res" = 1 ] && inuserguide=1 && {
+			. "$CRASHDIR"/menus/6_core_config.sh && set_core_config
+			inuserguide=""
+		}
+	}
+	#回到主界面
+	echo "-----------------------------------------------"
+	echo -e "\033[36m很好！现在只需要执行启动就可以愉快的使用了！\033[0m"
+	echo "-----------------------------------------------"
+	read -p "立即启动服务？(1/0) > " res
+	[ "$res" = 1 ] && start_core && sleep 2
+	return 0
+}
--- a/scripts/menus/9_upgrade.sh
+++ b/scripts/menus/9_upgrade.sh
--- a/scripts/menus/README.md
+++ b/scripts/menus/README.md
@@ -0,0 +1,3 @@
+用于存放脚本各级菜单界面的脚本
+
+此处脚本内容包含各类文字说明
--- a/scripts/menus/bot_tg.sh
+++ b/scripts/menus/bot_tg.sh
@@ -0,0 +1,326 @@
+#!/bin/sh
+
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
+. "$CRASHDIR"/libs/web_json.sh
+. "$CRASHDIR"/libs/set_config.sh
+. "$CRASHDIR"/libs/web_get_lite.sh
+. "$CRASHDIR"/menus/running_status.sh
+. "$CRASHDIR"/configs/gateway.cfg
+. "$CRASHDIR"/configs/ShellCrash.cfg
+
+TMPDIR='/tmp/ShellCrash'
+API="https://api.telegram.org/bot$TG_TOKEN"
+STATE_FILE="$TMPDIR/tgbot_state"
+LOGFILE="$TMPDIR/tgbot.log"
+OFFSET=0
+
+### --- 基础函数 --- ###
+web_download(){
+	setproxy
+	if curl --version >/dev/null 2>&1; then
+		curl -kfsSl "$1" -o "$2"
+	else
+		wget -Y on -q --timeout=3 -O "$2" "$1"
+	fi
+}
+web_upload(){
+	curl -ksSfl -X POST --connect-timeout 20 "$API/sendDocument" -F "chat_id=$TG_CHATID" -F "document=@$1" >/dev/null
+}
+send_msg(){
+    TEXT="$1"
+	web_json_post "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\"}"
+}
+send_help(){
+    TEXT=$(cat <<EOF
+进群讨论：
+https://t.me/+6AElkMDzwPxmMmM1
+项目地址：
+https://github.com/juewuy/ShellClash
+相关教程：
+https://juewuy.github.io
+请喝咖啡：
+https://juewuy.github.io/yOF4Yf06Q/
+友情机场： 
+https://dler.pro/auth/register?affid=89698
+https://pub.bigmeok.me?code=2PuWY9I7
+EOF
+)
+	send_msg "$TEXT"
+}
+send_menu(){
+	#获取运行状态
+	PID=$(pidof CrashCore | awk '{print $NF}')
+	if [ -n "$PID" ]; then
+		run='🟢正在运行'
+		running_status
+	else
+		run='🟡未运行'
+	fi
+	corename=$(echo $crashcore | sed 's/singboxr/SingBoxR/' | sed 's/singbox/SingBox/' | sed 's/clash/Clash/' | sed 's/meta/Mihomo/')
+    TEXT=$(cat <<EOF
+*欢迎使用ShellCrash！*_${versionsh_l}_
+$corename服务$run
+【*$redir_mod*】内存占用：$VmRSS
+已运行：$day$time
+请选择操作：
+EOF
+)
+    MENU=$(cat <<EOF
+{
+  "inline_keyboard":[
+    [
+      {"text":"✈️ 启用劫持","callback_data":"start_redir"},
+      {"text":"💧 纯净模式","callback_data":"stop_redir"},
+      {"text":"🕹 重启服务","callback_data":"restart"}
+    ],
+    [
+      {"text":"📄 查看日志","callback_data":"readlog"},
+	  {"text":"🔃 文件传输","callback_data":"transport"}
+    ]
+  ]
+}
+EOF
+)
+web_json_post "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\",\"reply_markup\":$MENU}"
+}
+### --- 文件传输 --- ###
+send_transport_menu(){ 
+    TEXT='请选择需要上传或下载的具体文件：'
+	if echo "$crashcore" | grep -q 'singbox';then
+		config_type=json
+	else
+		config_type=yaml
+	fi
+
+	if curl -h >/dev/null 2>&1;then
+		CURL_KB=$(cat <<EOF
+	[
+      {"text":"📥 下载日志","callback_data":"ts_get_log"},
+      {"text":"💾 备份设置","callback_data":"ts_get_bak"},
+      {"text":"⬇️ 下载配置","callback_data":"ts_get_ccf"}
+    ],
+EOF
+)
+	else
+		CURL_KB='[{"text":"⚠️ 因当前设备缺少curl应用，仅支持上传功能！","callback_data":"noop"}],'
+	fi
+    MENU=$(cat <<EOF
+{
+  "inline_keyboard":[
+	$CURL_KB
+    [
+      {"text":"🪐 上传内核","callback_data":"ts_up_core"},
+	  {"text":"🔄 还原设置","callback_data":"ts_up_bak"},
+      {"text":"⬆️ 上传配置","callback_data":"ts_up_ccf"}
+    ]
+  ]
+}
+EOF
+)
+
+web_json_post "$API/sendMessage" "{\"chat_id\":\"$TG_CHATID\",\"text\":\"$TEXT\",\"parse_mode\":\"Markdown\",\"reply_markup\":$MENU}"
+
+}
+process_file(){
+	case "$FILE_TYPE" in
+		1)
+			. "$CRASHDIR"/libs/core_tools.sh
+			core_check "$TMPDIR/$FILE_NAME" && res='成功!即将重启服务！' || res='失败,请仔细检查文件或重试！'
+			send_msg "内核更新$res"
+			sleep 2
+			"$CRASHDIR"/start.sh start
+		;;
+		2)
+			tar -zxf "$TMPDIR/$FILE_NAME" -C "$CRASHDIR"/configs && res='配置文件已还原，请手动重启服务！' || res='解压还原失败,请仔细检查文件或重试！'
+			send_msg "$res"
+		;;
+		3)
+			mv -f "$TMPDIR/$FILE_NAME" "$CRASHDIR/${config_type}s/" && res='配置文件已上传，请手动重启服务！' || res='上传失败,请仔细检查文件或重试！'
+			send_msg "$res"
+		;;
+	esac
+	rm -f "$TMPDIR/$FILE_NAME"
+	send_menu
+}
+download_file(){
+	FILE_NAME=$(echo "$UPDATES" | sed 's/"callback_query".*//g' | grep -o '"file_name":"[^"]*"' | head -n1 | sed 's/.*:"//;s/"$//' | grep -E '\.(gz|upx|json|yaml)$')
+	if [ -n "$FILE_NAME" ];then
+		FILE_PATH=$(web_get_lite "$API/getFile?file_id=$FILE_ID" | grep -o '"file_path":"[^"]*"' | sed 's/.*:"//;s/"$//')
+		API_FILE="https://api.telegram.org/file/bot$TG_TOKEN"
+		web_download "$API_FILE/$FILE_PATH" "$TMPDIR/$FILE_NAME"
+		if [ "$?" = 0 ];then
+			process_file
+		else
+			send_msg "网络错误，上传失败！请重试！"
+		fi
+	else
+		send_msg "文件格式不匹配，上传失败！"
+	fi
+}
+### --- 具体操作函数 --- ###
+do_start_fw(){
+	[ -z "$redir_mod_bf" ] && redir_mod_bf='Redir模式'
+	redir_mod=$redir_mod_bf
+	setconfig redir_mod $redir_mod
+	"$CRASHDIR"/start.sh start_firewall
+    echo "ShellCrash 透明路由*$redir_mod_bf*已启用！" > "$LOGFILE"
+}
+do_stop_fw(){
+	redir_mod_bf=$redir_mod
+	redir_mod='纯净模式'
+	setconfig redir_mod $redir_mod
+	"$CRASHDIR"/start.sh stop_firewall
+    echo "ShellCrash 已切换到纯净模式！" > "$LOGFILE"
+}
+do_restart(){
+    "$CRASHDIR"/start.sh restart
+    echo "ShellCrash 服务已重启！" > "$LOGFILE"
+}
+do_set_sub(){
+    #echo "$1" "$2" >> "$CRASHDIR"/configs/providers.cfg
+    echo "错误，还未完成的功能！" > "$LOGFILE"
+
+}
+transport(){ #文件传输
+	case "$CALLBACK" in
+		"ts_get_log")
+			web_upload "$TMPDIR"/ShellCrash.log
+			send_menu 
+		;;
+		"ts_get_bak")
+			now=$(date +%Y%m%d_%H%M%S)
+			FILE="$TMPDIR/configs_$now.tar.gz"
+			tar -zcf "$FILE" -C "$CRASHDIR/configs/" .
+			web_upload "$FILE"
+			rm -rf "$FILE"
+			send_menu 
+		;;
+		"ts_get_ccf")
+			FILE="$TMPDIR/$config_type.tar.gz"
+			tar -zcf "$FILE" -C "$CRASHDIR/${config_type}s/" .
+			web_upload "$FILE"
+			rm -rf "$FILE"
+			send_menu 
+		;;
+		"ts_up_core")
+			FILE_TYPE=1
+			send_msg  "请发送需要上传的内核，必须是以tar.gz,.gz或.upx结尾的【${corename}】内核！"
+		;;
+		"ts_up_bak")
+			FILE_TYPE=2
+			send_msg  "请发送需要还原的备份文件，必须是【.tar.gz】格式！"
+		;;
+		"ts_up_ccf")
+			FILE_TYPE=3
+			send_msg  "请发送需要上传的配置文件，必须是【.${config_type}】格式，支持自定义配置文件"
+		;;
+	esac
+}
+
+### --- 轮询主进程 --- ###
+polling(){
+	while true; do
+		UPDATES=$(web_get_lite "$API/getUpdates?timeout=25&offset=$OFFSET")
+
+		echo "$UPDATES" | grep -q '"update_id"' || {
+			sleep 10 #防止网络不佳时疯狂请求
+			continue
+		}
+		
+		OFFSET=$(echo "$UPDATES" | grep -o '"update_id":[0-9]*' | tail -n1 | cut -d: -f2)
+		OFFSET=$((OFFSET + 1))
+		
+		### --- 校验ChatID --- ###
+		CHATID=$(echo "$UPDATES" | grep -o '"id":[0-9]*' | tail -n1 | cut -d: -f2)
+		[ "$CHATID" != "$TG_CHATID" ] && continue
+		
+		### --- 处理按钮事件 --- ###
+		CALLBACK=$(echo "$UPDATES" | grep -o '"data":"[^"]*"' | head -n1 | sed 's/.*:"//;s/"$//')
+		FILE_ID=$(echo "$UPDATES" | sed 's/"callback_query".*//g' | grep -o '"file_id":"[^"]*"' | head -n1 | sed 's/.*:"//;s/"$//')
+		
+		[ -n "$FILE_ID" ] && {
+			download_file
+			continue
+		}
+		[ -n "$CALLBACK" ] && case "$CALLBACK" in
+			"start_redir")
+				if [ "$redir_mod" = '纯净模式' ];then
+					do_start_fw
+					send_msg  "已切换到$redir_mod_bf！"
+				else
+					send_msg  "当前已经是$redir_mod！"
+				fi
+				send_menu 
+				continue
+			;;
+			"stop_redir")
+				if [ "$redir_mod" != '纯净模式' ];then
+					do_stop_fw
+					send_msg  "已切换到纯净模式"
+				else
+					send_msg  "当前已经是纯净模式！"
+				fi
+				send_menu 
+				continue
+			;;
+			"restart")
+				do_restart
+				send_msg  "🔄 服务已重启"
+				sleep 10
+				send_menu 
+				continue
+			;;
+			"readlog")
+				send_msg  "📄 日志内容如下(已过滤任务日志)：\n\`\`\`$(grep -v '任务' $TMPDIR/ShellCrash.log |tail -n 20)\`\`\`"
+				sleep 3
+				send_menu 
+				continue
+			;;
+			"transport")
+				send_transport_menu
+				continue
+			;;
+			"set_sub")
+				echo "await_sub" > "$STATE_FILE"
+				send_msg  "✏ 请输入新的订阅链接："
+				continue
+			;;
+			ts_*)
+				transport
+				continue
+			;;
+		esac
+
+
+		### --- 处理订阅输入 --- ###
+		TEXT=$(echo "$UPDATES" | grep -o '"text":"[^"]*"' | tail -n1 | sed 's/.*"text":"//;s/"$//')
+
+		if [ "$(cat "$STATE_FILE" 2>/dev/null)" = "await_sub" ]; then
+			echo "" > "$STATE_FILE"
+			do_set_sub "$TEXT"
+			send_msg  "订阅更新完成：\n$(cat "$LOGFILE")"
+			send_menu 
+			continue
+		fi
+
+
+		### 处理命令 ###
+		case "$TEXT" in
+		/crash)
+			send_menu
+		;;
+		/"$my_alias")
+			send_menu
+		;;
+		/help)
+			send_help
+		;;
+		esac
+
+	done
+}
+
+[ "$TG_menupush" = ON ] && send_menu
+
+polling
+
--- a/scripts/menus/bot_tg_bind.sh
+++ b/scripts/menus/bot_tg_bind.sh
@@ -0,0 +1,59 @@
+#!/bin/sh
+
+. "$CRASHDIR"/libs/web_get_lite.sh
+
+private_bot() {
+	echo "-----------------------------------------------"
+	echo -e "请先通过 \033[32;4mhttps://t.me/BotFather\033[0m 申请TG机器人并获取其\033[36mAPI TOKEN\033[0m"
+	echo "-----------------------------------------------"
+	read -p "请输入你获取到的API TOKEN > " TOKEN
+	echo "-----------------------------------------------"
+	echo -e "请向\033[32m你申请的机器人\033[33m而不是BotFather！\033[0m"
+	url_tg=https://api.telegram.org/bot${TOKEN}/getUpdates
+}
+public_bot() {
+	echo -e "请向机器人：\033[32;4mhttps://t.me/ShellCrashtg_bot\033[0m"
+	TOKEN=publictoken
+	url_tg=https://tgbot.jwsc.eu.org/publictoken/getUpdates
+}
+tg_push_token(){
+	push_TG="$TOKEN"
+	setconfig push_TG "$TOKEN"
+	setconfig chat_ID "$chat_ID"
+	. "$CRASHDIR"/libs/logger.sh && logger "已完成Telegram日志推送设置！" 32
+}
+get_chatid(){
+	i=1
+	chat_ID=''
+	while [ $i -le 3 ] && [ -z "$chat_ID" ]; do
+		sleep 1
+		echo -e "\033[33m第 $i 次尝试获取对话ID失败，正在重试...\033[0m"
+		chat=$(web_get_lite "$url_tg" 2>/dev/null)
+		if [ -n "$chat" ];then
+			chat_ID=$(echo $chat | sed 's/"update_id":/{\n"update_id":/g' | grep "$public_key" | head -n1 | grep -oE '"id":.*,"is_bot' | sed s'/"id"://' | sed s'/,"is_bot//')
+		fi
+		i=$((i + 1))
+	done
+}
+set_bot() {
+	public_key=$(cat /proc/sys/kernel/random/boot_id | sed 's/.*-//')
+	echo -e "发送此秘钥:        \033[30;46m$public_key\033[0m"
+	echo "-----------------------------------------------"
+	read -p "我已经发送完成(1/0) > " res
+	if [ "$res" = 1 ]; then
+		get_chatid
+		[ -z "$chat_ID" ] && [ "$TOKEN" != 'publictoken' ] && {
+			echo -e "\033[31m无法获取对话ID，请返回重新设置或手动输入ChatID！\033[0m"
+			echo -e "通常访问 \033[32;4m$url_tg\033[0m \n\033[36m即可看到ChatID\033[0m"
+			read -p "请手动输入ChatID > " chat_ID
+		}
+		if echo "$chat_ID" | grep -qE '^[0-9]{8,}$'; then
+			return 0
+		else
+			echo -e "\033[31m无法获取对话ID，请重新配置！\033[0m"
+			sleep 1
+			return 1
+		fi
+	fi
+}
+
--- a/scripts/menus/bot_tg_service.sh
+++ b/scripts/menus/bot_tg_service.sh
@@ -0,0 +1,16 @@
+	
+. "$CRASHDIR"/libs/set_cron.sh
+
+bot_tg_start(){
+	. "$CRASHDIR"/starts/start_legacy.sh
+	start_legacy "$CRASHDIR/menus/bot_tg.sh" 'bot_tg'
+}
+bot_tg_stop(){
+	cronload | grep -q 'TG_BOT' && cronset 'TG_BOT'
+	[ -f "$TMPDIR/bot_tg.pid" ] && kill -TERM "$(cat "$TMPDIR/bot_tg.pid")" 2>/dev/null
+	killall bot_tg.sh 2>/dev/null
+	rm -f "$TMPDIR/bot_tg.pid"
+}
+bot_tg_cron(){
+	cronset 'TG_BOT守护进程' "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程"
+}
--- a/scripts/menus/check_port.sh
+++ b/scripts/menus/check_port.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+check_port(){
+	if [ "$1" -gt 65535 -o "$1" -le 1 ]; then
+		echo -e "\033[31m输入错误！请输入正确的数值(1-65535)！\033[0m"
+		return 1
+	elif [ -n "$(echo "|$mix_port|$redir_port|$dns_port|$db_port|" | grep "|$1|")" ]; then
+		echo -e "\033[31m输入错误！请不要输入重复的端口！\033[0m"
+		return 1
+	elif [ -n "$(netstat -ntul | grep -E ":$1[[:space:]]")" ]; then
+		echo -e "\033[31m当前端口已被其他进程占用，请重新输入！\033[0m"
+		return 1
+	else
+		return 0
+	fi
+}
--- a/scripts/menus/ddns.sh
+++ b/scripts/menus/ddns.sh
@@ -0,0 +1,183 @@
+#! /bin/bash
+# Copyright (C) Juewuy
+
+
+ddns_menu(){
+	echo -----------------------------------------------
+	echo -e "\033[30;46m欢迎使用DDNS！\033[0m"
+	load_ddns
+}
+add_ddns() {
+	cat >>"$ddns_dir" <<EOF
+	
+config service '$service'
+	option enabled '1'
+	option force_unit 'hours'
+	option lookup_host '$domain'
+	option service_name '$service_name'
+	option domain '$domain'
+	option username '$username'
+	option use_https '0'
+	option use_ipv6 '$use_ipv6'
+	option password '$password'
+	option ip_source 'web'
+	option check_unit 'minutes'
+	option check_interval '$check_interval'
+	option force_interval '$force_interval'
+	option interface 'wan'
+	option bind_network 'wan'
+EOF
+	/usr/lib/ddns/dynamic_dns_updater.sh -S "$service" start >/dev/null 2>&1 &
+	sleep 3
+	echo 服务已经添加！
+}
+set_ddns() {
+	echo -----------------------------------------------
+	read -p "请输入你的域名 > " str
+	[ -z "$str" ] && domain="$domain" || domain="$str"
+	echo -----------------------------------------------
+	read -p "请输入用户名或邮箱 > " str
+	[ -z "$str" ] && username="$username" || username="$str"
+	echo -----------------------------------------------
+	read -p "请输入密码或令牌秘钥 > " str
+	[ -z "$str" ] && password="$password" || password="$str"
+	echo -----------------------------------------------
+	read -p "请输入检测更新间隔(单位:分钟;默认为10) > " check_interval
+	[ -z "$check_interval" ] || [ "$check_interval" -lt 1 -o "$check_interval" -gt 1440 ] && check_interval=10
+	echo -----------------------------------------------
+	read -p "请输入强制更新间隔(单位:小时;默认为24) > " force_interval
+	[ -z "$force_interval" ] || [ "$force_interval" -lt 1 -o "$force_interval" -gt 240 ] && force_interval=24
+	echo -----------------------------------------------
+	echo -e "请核对如下信息："
+	echo -e "服务商：		\033[32m$service\033[0m"
+	echo -e "域名：			\033[32m$domain\033[0m"
+	echo -e "用户名：		\033[32m$username\033[0m"
+	echo -e "检测间隔：		\033[32m$check_interval\033[0m"
+	echo -----------------------------------------------
+	read -p "确认添加？(1/0) > " res
+	[ "$res" = 1 ] && add_ddns || set_ddns
+}
+set_ddns_service() {
+	services_dir=/etc/ddns/"$serv"
+	[ -s "$services_dir" ] || services_dir=/etc/ddns/services
+	[ -s "$services_dir" ] || services_dir=/usr/share/ddns/list
+	[ -s "$services_dir" ] || {
+		echo -e "\033[33m未找到DDNS列表文件，尝试在线获取……\033[0m"
+		ddns service update >/dev/null || echo -e "\033[31m下载失败，请重试！\033[0m"
+	}
+	echo -----------------------------------------------
+	echo -e "\033[32m请选择服务提供商\033[0m"
+	cat "$services_dir" | grep -vE '^#|^[[:space:]]*$' | awk '{print " "NR" " $1}'
+	nr=$(cat "$services_dir" | grep -vE '^#|^[[:space:]]*$' | wc -l)
+	read -p "请输入对应数字 > " num
+	if [ -z "$num" ]; then
+		i=
+	elif [ "$num" -gt 0 -a "$num" -lt $nr ]; then
+		service_name=$(cat "$services_dir" | grep -vE '^#|^[[:space:]]*$' | awk '{print $1}' | sed -n "$num"p | sed 's/"//g')
+		service=$(echo $service_name | sed 's/\./_/g')
+		set_ddns
+	else
+		echo "输入错误，请重新输入！"
+		sleep 1
+		set_ddns_service
+	fi
+}
+set_ddns_type() {
+	echo -----------------------------------------------
+	echo -e "\033[32m请选择网络模式\033[0m"
+	echo -e " 1 \033[36mIPV4\033[0m"
+	echo -e " 2 \033[36mIPV6\033[0m"
+	read -p "请输入对应数字 > " num
+	if [ -z "$num" ]; then
+		i=
+	elif [ "$num" = 1 ]; then
+		use_ipv6=0
+		serv=services
+		set_ddns_service
+	elif [ "$num" = 2 ]; then
+		use_ipv6=1
+		serv=services_ipv6
+		set_ddns_service
+	else
+		echo "输入错误，请重新输入！"
+		sleep 1
+		set_ddns_type
+	fi
+}
+rev_ddns_service() {
+	enabled=$(uci get ddns."$service".enabled)
+	[ "$enabled" = 1 ] && enabled_b="停用" || enabled_b="启用"
+	echo -----------------------------------------------
+	echo -e " 1 \033[32m立即更新\033[0m"
+	echo -e " 2 编辑当前服务\033[0m"
+	echo -e " 3 $enabled_b当前服务"
+	echo -e " 4 移除当前服务"
+	echo -e " 5 查看运行日志"
+	echo -e " 0 返回上级菜单"
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num
+	if [ -z "$num" -o "$num" = 0 ]; then
+		i=
+	elif [ "$num" = 1 ]; then
+		/usr/lib/ddns/dynamic_dns_updater.sh -S $service start >/dev/null 2>&1 &
+		sleep 3
+	elif [ "$num" = 2 ]; then
+		domain=$(uci get ddns."$service".domain 2>/dev/null)
+		username=$(uci get ddns."$service".username 2>/dev/null)
+		password=$(uci get ddns."$service".password 2>/dev/null)
+		service_name=$(uci get ddns."$service".service_name 2>/dev/null)
+		uci delete ddns."$service"
+		set_ddns
+	elif [ "$num" = 3 ]; then
+		[ "$enabled" = 1 ] && uci set ddns."$service".enabled='0' || uci set ddns."$service".enabled='1' && sleep 3
+		uci commit ddns."$service"
+	elif [ "$num" = 4 ]; then
+		uci delete ddns."$service"
+		uci commit ddns."$service"
+	elif [ "$num" = 5 ]; then
+		echo -----------------------------------------------
+		cat /var/log/ddns/"$service".log 2>/dev/null
+		sleep 1
+	fi
+}
+load_ddns() {
+	ddns_dir=/etc/config/ddns
+	tmp_dir="$TMPDIR"/ddns
+	[ ! -f "$ddns_dir" ] && {
+		echo -e "\033[31m本脚本依赖OpenWrt内置的DDNS服务,当前设备无法运行,已退出！\033[0m"
+		sleep 1
+		return 1
+	}
+	nr=0
+	cat "$ddns_dir" | grep 'config service' | awk '{print $3}' | sed "s/'//g" | sed 's/"//g' >"$tmp_dir"
+	echo -----------------------------------------------
+	echo -e "列表      域名       启用     IP地址"
+	echo -----------------------------------------------
+	[ -s "$tmp_dir" ] && for service in $(cat "$tmp_dir"); do
+		#echo $service >>$tmp_dir
+		nr=$((nr + 1))
+		enabled=$(uci get ddns."$service".enabled 2>/dev/null)
+		domain=$(uci get ddns."$service".domain 2>/dev/null)
+		local_ip=$(sed '1!G;h;$!d' /var/log/ddns/$service.log 2>/dev/null | grep -E 'Registered IP' | tail -1 | awk -F "'" '{print $2}' | tr -d "'\"")
+		echo -e " $nr   $domain  $enabled   $local_ip"
+	done
+	echo -e " $((nr + 1))   添加DDNS服务"
+	echo -e " 0   退出"
+	echo -----------------------------------------------
+	read -p "请输入对应序号 > " num
+	if [ -z "$num" -o "$num" = 0 ]; then
+		i=
+	elif [ "$num" -gt $nr ]; then
+		set_ddns_type
+		load_ddns
+	elif [ "$num" -gt 0 -a "$num" -le $nr ]; then
+		service=$(cat $tmp_dir | sed -n "$num"p)
+		rev_ddns_service
+		load_ddns
+	else
+		echo "请输入正确数字！" && load_ddns
+	fi
+	rm -rf "$tmp_dir"
+}
+
+
--- a/scripts/menus/dns.sh
+++ b/scripts/menus/dns.sh
@@ -0,0 +1,234 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+[ -n "$__IS_MODULE_DNS_LOADED" ] && return
+__IS_MODULE_DNS_LOADED=1
+
+set_dns_mod() { #DNS模式设置
+	[ -z "$hosts_opt" ] && hosts_opt=ON
+    [ -z "$dns_protect" ] && dns_protect=ON
+	[ -z "$ecs_subnet" ] && ecs_subnet=OFF
+    echo "-----------------------------------------------"
+    echo -e "当前DNS运行模式为：\033[47;30m $dns_mod \033[0m"
+    echo -e "\033[33m切换模式后需要手动重启服务以生效！\033[0m"
+    echo "-----------------------------------------------"
+	echo -e " 1 MIX模式：  \033[32mCN域名realip其他fake-ip分流\033[0m"
+	echo -e " 2 Route模式：\033[32mCN域名realip其他dns2proxy分流\033[0m"
+    echo -e " 3 Redir模式：\033[33m不安全,需搭配第三方DNS服务使用\033[0m"
+	echo "-----------------------------------------------"
+    echo -e " 4 DNS防泄漏：  \033[36m$dns_protect\033[0m	———启用时少量网站可能连接卡顿"
+    echo -e " 5 Hosts优化：  \033[36m$hosts_opt\033[0m	———调用本机hosts并劫持NTP服务"
+	echo -e " 6 ECS优化：    \033[36m$ecs_subnet\033[0m	———解决CDN下载浪费流量等问题"
+    echo -e " 7 DNS劫持端口：\033[36m$dns_redir_port\033[0m	———用于兼容第三方DNS服务"
+    [ "$dns_mod" = "mix" ] &&
+    echo -e " 8 管理MIX模式\033[33mFake-ip过滤列表\033[0m"
+    echo -e " 9 修改\033[36mDNS服务器\033[0m"
+	echo "-----------------------------------------------"
+    echo " 0 返回上级菜单"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    1)
+        if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
+            dns_mod=mix
+            setconfig dns_mod $dns_mod
+            echo "-----------------------------------------------"
+            echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
+        else
+            echo -e "\033[31m当前内核不支持的功能！！！\033[0m"
+            sleep 1
+        fi
+		set_dns_mod
+    ;;
+    2)
+        if echo "$crashcore" | grep -q 'singbox' || [ "$crashcore" = meta ]; then
+            dns_mod=route
+            setconfig dns_mod $dns_mod
+            echo "-----------------------------------------------"
+            echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
+        else
+            echo -e "\033[31m当前内核不支持的功能！！！\033[0m"
+            sleep 1
+        fi
+		set_dns_mod
+    ;;
+    3)
+        dns_mod=redir_host
+        setconfig dns_mod $dns_mod
+        echo "-----------------------------------------------"
+        echo -e "\033[36m已设为 $dns_mod 模式！！\033[0m"
+		set_dns_mod
+    ;;
+    4)
+        [ "$dns_protect" = "ON" ] && dns_protect=OFF || dns_protect=ON
+        setconfig dns_protect $dns_protect
+        set_dns_mod
+	;;
+    5)
+		[ "$hosts_opt" = "ON" ] && hosts_opt=OFF || hosts_opt=ON
+        setconfig hosts_opt $hosts_opt
+        set_dns_mod
+	;;
+    6)
+		[ "$ecs_subnet" = "ON" ] && ecs_subnet=OFF || ecs_subnet=ON
+		setconfig ecs_subnet "$ecs_subnet"
+		set_dns_mod
+	;;
+    7)
+        echo "-----------------------------------------------"
+        echo -e "\033[31m仅限搭配第三方DNS服务(AdGuard、SmartDNS……)使用！\033[0m"
+		echo -e "\033[33m设置为第三方DNS服务的监听端口即可修改防火墙劫持！\n建议在第三方DNS服务中将上游DNS指向【localhost:$dns_port】\033[0m"
+		echo "-----------------------------------------------"
+		read -p "请输入第三方DNS服务的监听端口(0重置端口) > " num
+		if [ "$num" = 0 ];then
+			dns_redir_port="$dns_port"
+			setconfig dns_redir_port
+		elif [ "$num" -lt 65535 -a "$num" -ge 1 ];then
+			if ckcmd netstat;then
+				port_test=$(netstat -ntul | grep -E ":$num[[:space:]]")
+			else
+				port_test=0
+			fi
+			if [ -n "$port_test" ];then
+				dns_redir_port="$num"
+				setconfig dns_redir_port "$dns_redir_port"
+			else
+				echo -e "\033[33m此端口未检测到已运行的DNS服务！\033[0m"
+			fi
+		else
+			errornum
+		fi
+        sleep 1
+        set_dns_mod
+	;;
+    8)
+        echo "-----------------------------------------------"
+        fake_ip_filter
+        set_dns_mod
+	;;
+    9)
+        set_dns_adv
+        set_dns_mod
+    ;;
+    *)
+        errornum
+    ;;
+    esac
+}
+fake_ip_filter() {
+    echo -e "\033[32m用于解决Fake-ip模式下部分地址或应用无法连接的问题\033[0m"
+    echo -e "\033[31m脚本已经内置了大量地址，你只需要添加出现问题的地址！\033[0m"
+    echo -e "\033[36m示例：a.b.com"
+    echo -e "示例：*.b.com"
+    echo -e "示例：*.*.b.com\033[0m"
+    echo "-----------------------------------------------"
+    if [ -s ${CRASHDIR}/configs/fake_ip_filter ]; then
+        echo -e "\033[33m已添加Fake-ip过滤地址：\033[0m"
+        cat ${CRASHDIR}/configs/fake_ip_filter | awk '{print NR" "$1}'
+    else
+        echo -e "\033[33m你还未添加Fake-ip过滤地址\033[0m"
+    fi
+    echo "-----------------------------------------------"
+    echo -e "\033[32m输入数字直接移除对应地址，输入地址直接添加！\033[0m"
+    read -p "请输入数字或地址 > " input
+    case "$input" in
+    0) ;;
+    '') ;;
+    *)
+        if [ $input -ge 1 ] 2>/dev/null; then
+            sed -i "${input}d" ${CRASHDIR}/configs/fake_ip_filter 2>/dev/null
+            echo -e "\033[32m移除成功！\033[0m"
+        else
+            echo -e "你输入的地址是：\033[32m$input\033[0m"
+            read -p "确认添加？(1/0) > " res
+            [ "$res" = 1 ] && echo $input >>${CRASHDIR}/configs/fake_ip_filter
+        fi
+        sleep 1
+        fake_ip_filter
+    ;;
+    esac
+}
+set_dns_adv() { #DNS详细设置
+    echo "-----------------------------------------------"
+    echo -e "当前基础DNS：\033[32m$dns_nameserver\033[0m"
+    echo -e "PROXY-DNS：\033[36m$dns_fallback\033[0m"
+    echo -e "解析DNS：\033[33m$dns_resolver\033[0m"
+    echo -e "多个DNS地址请用\033[30;47m“|”\033[0m或者\033[30;47m“, ”\033[0m分隔输入"
+    echo -e "\033[33m必须拥有本地根证书文件才能使用dot/doh类型的加密dns\033[0m"
+    echo -e "\033[31m注意singbox内核只有首个dns会被加载！\033[0m"
+    echo "-----------------------------------------------"
+    echo -e " 1 修改\033[32m基础DNS\033[0m"
+    echo -e " 2 修改\033[36mPROXY-DNS\033[0m(该DNS查询会经过节点)"
+    echo -e " 3 修改\033[33m解析DNS\033[0m(必须是IP,用于解析其他DNS)"
+    echo -e " 4 一键配置\033[32m加密DNS\033[0m"
+    echo -e " 9 \033[33m重置\033[0m默认DNS配置"
+    echo -e " 0 返回上级菜单"
+    echo "-----------------------------------------------"
+    read -p "请输入对应数字 > " num
+    case "$num" in
+    0) ;;
+    1)
+        read -p "请输入新的DNS > " dns_nameserver
+        dns_nameserver=$(echo $dns_nameserver | sed 's#|#\,\ #g')
+        if [ -n "$dns_nameserver" ]; then
+            setconfig dns_nameserver "'$dns_nameserver'"
+            echo -e "\033[32m设置成功！！！\033[0m"
+        fi
+        sleep 1
+        set_dns_adv
+	;;
+    2)
+        read -p "请输入新的DNS > " dns_fallback
+        dns_fallback=$(echo $dns_fallback | sed 's/|/\,\ /g')
+        if [ -n "$dns_fallback" ]; then
+            setconfig dns_fallback "'$dns_fallback'"
+            echo -e "\033[32m设置成功！！！\033[0m"
+        fi
+        sleep 1
+        set_dns_adv
+	;;
+    3)
+        read -p "请输入新的DNS > " text
+        if echo "$text" | grep -qE '://.*::'; then
+            echo -e "\033[31m此选项暂不支持ipv6加密DNS！！！\033[0m"
+        elif [ -n "$text" ]; then
+            dns_resolver=$(echo $text | sed 's/|/\,\ /g')
+            setconfig dns_resolver "'$dns_resolver'"
+            echo -e "\033[32m设置成功！！！\033[0m"
+        fi
+        sleep 1
+        set_dns_adv
+	;;
+    4)
+        echo "-----------------------------------------------"
+        openssldir="$(openssl version -d 2>&1 | awk -F '"' '{print $2}')"
+        if [ -s "$openssldir/certs/ca-certificates.crt" ] || [ -s "/etc/ssl/certs/ca-certificates.crt" ] ||
+            echo "$crashcore" | grep -qE 'meta|singbox'; then
+            dns_nameserver='https://dns.alidns.com/dns-query, https://doh.pub/dns-query'
+            dns_fallback='https://cloudflare-dns.com/dns-query, https://dns.google/dns-query, https://doh.opendns.com/dns-query'
+            dns_resolver='https://223.5.5.5/dns-query, 2400:3200::1'
+            setconfig dns_nameserver "'$dns_nameserver'"
+            setconfig dns_fallback "'$dns_fallback'"
+            setconfig dns_resolver "'$dns_resolver'"
+            echo -e "\033[32m已设置加密DNS，如出现DNS解析问题，请尝试重置DNS配置！\033[0m"
+        else
+            echo -e "\033[31m找不到根证书文件，无法启用加密DNS，Linux系统请自行搜索安装OpenSSL的方式！\033[0m"
+        fi
+        sleep 1
+        set_dns_adv
+	;;
+    9)
+        setconfig dns_nameserver
+        setconfig dns_fallback
+        setconfig dns_resolver
+		. "$CRASHDIR"/libs/get_config.sh
+        echo -e "\033[33mDNS配置已重置！！！\033[0m"
+        sleep 1
+        set_dns_adv
+	;;
+    *)
+        errornum
+        sleep 1
+	;;
+    esac
+}
--- a/scripts/menus/running_status.sh
+++ b/scripts/menus/running_status.sh
@@ -0,0 +1,13 @@
+
+running_status(){
+	VmRSS=$(cat /proc/$PID/status | grep -w VmRSS | awk 'unit="MB" {printf "%.2f %s\n", $2/1000, unit}')
+	#获取运行时长
+	touch "$TMPDIR"/crash_start_time #用于延迟启动的校验
+	start_time=$(cat "$TMPDIR"/crash_start_time)
+	if [ -n "$start_time" ]; then
+		time=$(($(date +%s) - start_time))
+		day=$((time / 86400))
+		[ "$day" = "0" ] && day='' || day="$day天"
+		time=$(date -u -d @${time} +%H小时%M分%S秒)
+	fi
+}
--- a/scripts/menus/set_crashdir.sh
+++ b/scripts/menus/set_crashdir.sh
@@ -0,0 +1,150 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+. /tmp/SC_tmp/libs/check_dir_avail.sh
+[ -n "$(echo -e | grep e)" ] && echo=echo || echo='echo -e'
+
+set_crashdir() {
+    set_usb_dir() {
+        echo -e "请选择安装目录"
+        du -hL /mnt | awk '{print " "NR" "$2"  "$1}'
+        read -p "请输入相应数字 > " num
+        dir=$(du -hL /mnt | awk '{print $2}' | sed -n "$num"p)
+        if [ -z "$dir" ]; then
+            echo -e "\033[31m输入错误！请重新设置！\033[0m"
+            set_usb_dir
+        fi
+    }
+    set_asus_dir() {
+        echo -e "请选择U盘目录"
+        du -hL /tmp/mnt | awk -F/ 'NF<=4' | awk '{print " "NR" "$2"  "$1}'
+        read -p "请输入相应数字 > " num
+        dir=$(du -hL /tmp/mnt | awk -F/ 'NF<=4' | awk '{print $2}' | sed -n "$num"p)
+        if [ ! -f "$dir/asusware.arm/etc/init.d/S50downloadmaster" ]; then
+            echo -e "\033[31m未找到下载大师自启文件：$dir/asusware.arm/etc/init.d/S50downloadmaster，请检查设置！\033[0m"
+            set_asus_dir
+        fi
+    }
+    set_cust_dir() {
+        echo "-----------------------------------------------"
+        echo "可用路径 剩余空间:"
+        df -h | awk '{print $6,$4}' | sed 1d
+        echo "路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！"
+        read -p "请输入自定义路径 > " dir
+        if [ "$(dir_avail $dir)" = 0 ] || [ -n "$(echo $dir | grep -E 'tmp|opt|sys')" ]; then
+            echo "\033[31m路径错误！请重新设置！\033[0m"
+            set_cust_dir
+        fi
+    }
+    echo "-----------------------------------------------"
+    if [ -n "$systype" ]; then
+        [ "$systype" = "Padavan" ] && dir=/etc/storage
+        [ "$systype" = "mi_snapshot" ] && {
+            echo -e "\033[33m检测到当前设备为小米官方系统，请选择安装位置\033[0m"
+            [ -d /data ] && $echo " 1 安装到 /data 目录,剩余空间：$(dir_avail /data -h)(支持软固化功能)"
+            [ -d /userdisk ] && $echo " 2 安装到 /userdisk 目录,剩余空间：$(dir_avail /userdisk -h)(支持软固化功能)"
+            [ -d /data/other_vol ] && $echo " 3 安装到 /data/other_vol 目录,剩余空间：$(dir_avail /data/other_vol -h)(支持软固化功能)"
+            $echo " 4 安装到自定义目录(不推荐，不明勿用！)"
+            echo " 0 退出安装"
+            echo "-----------------------------------------------"
+            read -p "请输入相应数字 > " num
+            case "$num" in
+            1)
+                dir=/data
+                ;;
+            2)
+                dir=/userdisk
+                ;;
+            3)
+                dir=/data/other_vol
+                ;;
+            4)
+                set_cust_dir
+                ;;
+            *)
+                exit 1
+                ;;
+            esac
+        }
+        [ "$systype" = "asusrouter" ] && {
+            echo -e "\033[33m检测到当前设备为华硕固件，请选择安装方式\033[0m"
+            echo -e " 1 基于USB设备安装(限23年9月之前固件，须插入\033[31m任意\033[0mUSB设备)"
+            echo -e " 2 基于自启脚本安装(仅支持梅林及部分非koolshare官改固件)"
+            echo -e " 3 基于U盘+下载大师安装(支持所有固件，限ARM设备，须插入U盘或移动硬盘)"
+            echo -e " 0 退出安装"
+            echo "-----------------------------------------------"
+            read -p "请输入相应数字 > " num
+            case "$num" in
+            1)
+                read -p "将脚本安装到USB存储/系统闪存？(1/0) > " res
+                [ "$res" = "1" ] && set_usb_dir || dir=/jffs
+                usb_status=1
+                ;;
+            2)
+                echo -e "如无法正常开机启动，请重新使用USB方式安装！"
+                sleep 2
+                dir=/jffs
+                ;;
+            3)
+                echo -e "请先在路由器网页后台安装下载大师并启用，之后选择外置存储所在目录！"
+                sleep 2
+                set_asus_dir
+                ;;
+            *)
+                exit 1
+                ;;
+            esac
+        }
+        [ "$systype" = "ng_snapshot" ] && dir=/tmp/mnt
+    else
+        echo -e "\033[33m安装ShellCrash至少需要预留约1MB的磁盘空间\033[0m"
+        echo -e " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
+        echo -e " 2 在\033[32m/usr/share目录\033[0m下安装(适合Linux系统)"
+        echo -e " 3 在\033[32m当前用户目录\033[0m下安装(适合非root用户)"
+        echo -e " 4 在\033[32m外置存储\033[0m中安装"
+        echo -e " 5 手动设置安装目录"
+        echo -e " 0 退出安装"
+        echo "-----------------------------------------------"
+        read -p "请输入相应数字 > " num
+        #设置目录
+        case "$num" in
+        1)
+            dir=/etc
+            ;;
+        2)
+            dir=/usr/share
+            ;;
+        3)
+            dir=~/.local/share
+            mkdir -p ~/.config/systemd/user
+            ;;
+        4)
+            set_usb_dir
+            ;;
+        5)
+            echo "-----------------------------------------------"
+            echo "可用路径 剩余空间:"
+            df -h | awk '{print $6,$4}' | sed 1d
+            echo "路径是必须带 / 的格式，注意写入虚拟内存(/tmp,/opt,/sys...)的文件会在重启后消失！！！"
+            read -p "请输入自定义路径 > " dir
+            if [ -z "$dir" ]; then
+                echo -e "\033[31m路径错误！请重新设置！\033[0m"
+                setdir
+            fi
+            ;;
+        *)
+            echo "安装已取消"
+            exit 1
+            ;;
+        esac
+    fi
+
+    if [ ! -w $dir ]; then
+        echo -e "\033[31m没有$dir目录写入权限！请重新设置！\033[0m" && sleep 1 && setdir
+    else
+        echo -e "目标目录\033[32m$dir\033[0m空间剩余：$(dir_avail $dir -h)"
+        read -p "确认安装？(1/0) > " res
+        [ "$res" = "1" ] && CRASHDIR=$dir/ShellCrash || setdir
+    fi
+}
+
--- a/scripts/menus/task_cmd.sh
+++ b/scripts/menus/task_cmd.sh
@@ -0,0 +1,149 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#加载全局变量
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
+. "$CRASHDIR"/libs/get_config.sh
+#加载工具
+. "$CRASHDIR"/libs/check_cmd.sh
+. "$CRASHDIR"/libs/set_config.sh
+. "$CRASHDIR"/libs/web_get_bin.sh
+. "$CRASHDIR"/libs/logger.sh
+
+task_logger(){
+	[ "$task_push" = 1 ] && push= || push=off
+	[ -n "$2" -a "$2" != 0 ] && echo -e "\033[$2m$1\033[0m"
+	[ "$3" = 'off' ] && push=off
+	echo "$1" |grep -qE '(每隔|时每)([1-9]|[1-9][0-9])分钟' && {
+		push=off
+		cover=on
+	}
+	logger "$1" 0 "$push" "$cover"
+}
+
+#任务命令
+check_update(){ #检查更新工具
+	get_bin "$TMPDIR"/crashversion "$1" echooff
+	[ "$?" = "0" ] && . "$TMPDIR"/crashversion 2>/dev/null
+	rm -rf "$TMPDIR"/crashversion
+}
+update_core(){ #自动更新内核
+	#检查版本
+	check_update bin/version
+	crash_v_new=$(eval echo \$${crashcore}_v)
+	if [ -z "$crash_v_new" -o "$crash_v_new" = "$core_v" ];then
+		task_logger "任务【自动更新内核】中止-未检测到版本更新"
+		return 0
+	else
+		. "$CRASHDIR"/libs/core_tools.sh && core_webget #调用下载工具
+		case "$?" in
+		0)
+			task_logger "任务【自动更新内核】下载完成，正在重启服务！"
+			"$CRASHDIR"/start.sh start
+			return 0
+		;;
+		1)
+			task_logger "任务【自动更新内核】出错-下载失败！"
+			return 1
+		;;
+		*)
+			task_logger "任务【自动更新内核】出错-内核校验失败！"
+			"$CRASHDIR"/start.sh start
+			return 1
+		;;
+		esac
+	fi
+}
+update_scripts(){ #自动更新脚本
+	#检查版本
+	check_update version
+	if [ -z "$versionsh" -o "$versionsh" = "versionsh_l" ];then
+		task_logger "任务【自动更新脚本】中止-未检测到版本更新"
+		return 0
+	else
+		get_bin "$TMPDIR"/ShellCrash.tar.gz "ShellCrash.tar.gz"
+		if [ "$?" != "0" ];then
+			rm -rf "$TMPDIR"/ShellCrash.tar.gz
+			task_logger "任务【自动更新内核】出错-下载失败！"
+			return 1
+		else
+			#停止服务
+			"$CRASHDIR"/start.sh stop
+			#解压
+			tar -zxf "$TMPDIR"/ShellCrash.tar.gz ${tar_para} -C "$CRASHDIR"/
+			if [ $? -ne 0 ];then
+				rm -rf "$TMPDIR"/ShellCrash.tar.gz
+				task_logger "任务【自动更新内核】出错-解压失败！"
+				"$CRASHDIR"/start.sh start
+				return 1
+			else
+				. "$CRASHDIR"/init.sh >/dev/null
+				"$CRASHDIR"/start.sh start
+				return 0
+			fi
+		fi
+	fi
+}
+update_mmdb(){ #自动更新数据库
+	getgeo(){
+		#检查版本
+		check_update bin/version
+		geo_v="$(echo $2 | awk -F "." '{print $1}')_v" #获取版本号类型比如Country_v
+		geo_v_new=$GeoIP_v
+		geo_v_now=$(eval echo \$$geo_v)
+		if [ -z "$geo_v_new" -o "$geo_v_new" = "$geo_v_now" ];then
+			task_logger "任务【自动更新数据库文件】跳过-未检测到$2版本更新"
+		else
+			#更新文件
+			get_bin "$TMPDIR"/$1 "bin/geodata/$2"
+			if [ "$?" != "0" ];then
+				task_logger "任务【自动更新数据库文件】更新【$2】下载失败！"
+				rm -rf "$TMPDIR"/$1
+			else
+				mv -f "$TMPDIR"/$1 "$BINDIR"/$1
+				setconfig $geo_v $GeoIP_v
+				task_logger "任务【自动更新数据库文件】更新【$2】成功！"
+			fi
+		fi
+	}
+	[ -n "${cn_mini_v}" -a -s "$CRASHDIR"/Country.mmdb ] && getgeo Country.mmdb cn_mini.mmdb
+	[ -n "${china_ip_list_v}" -a -s "$CRASHDIR"/cn_ip.txt ] && getgeo cn_ip.txt china_ip_list.txt
+	[ -n "${china_ipv6_list_v}" -a -s "$CRASHDIR"/cn_ipv6.txt ] && getgeo cn_ipv6.txt china_ipv6_list.txt
+	[ -n "${geosite_v}" -a -s "$CRASHDIR"/GeoSite.dat ] && getgeo GeoSite.dat geosite.dat
+	[ -n "${geoip_cn_v}" -a -s "$CRASHDIR"/geoip.db ] && getgeo geoip.db geoip_cn.db
+	[ -n "${geosite_cn_v}" -a -s "$CRASHDIR"/geosite.db ] && getgeo geosite.db geosite_cn.db
+	return 0
+}
+reset_firewall(){ #重设透明路由防火墙
+	"$CRASHDIR"/start.sh stop_firewall
+	"$CRASHDIR"/start.sh afstart
+}
+ntp(){
+	ckcmd ntpd && ntpd -n -q -p 203.107.6.88 >/dev/null 2>&1 || exit 0
+}
+web_save_auto(){
+	. "$CRASHDIR"/libs/web_save.sh && web_save
+}
+update_config() { #更新订阅并重启
+    . "$CRASHDIR"/starts/core_config.sh && get_core_config && "$CRASHDIR"/start.sh start
+}
+hotupdate() { #热更新订阅
+    . "$CRASHDIR"/starts/core_config.sh && get_core_config &&
+    . "$CRASHDIR"/starts/check_core.sh && check_core &&
+    . "$CRASHDIR"/starts/"$target"_modify.sh && modify_"$format" && rm -rf "$TMPDIR"/CrashCore &&
+    . "$CRASHDIR"/libs/web_restore.sh && put_save "http://127.0.0.1:$db_port/configs" "{\"path\":\"$CRASHDIR/config.$format\"}"
+    exit $?
+}
+
+case "$1" in
+	[1-9][0-9][0-9])
+		task_command=$(cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | grep "$1" | awk -F '#' '{print $2}')
+		task_name=$(cat "$CRASHDIR"/task/task.list "$CRASHDIR"/task/task.user 2>/dev/null | grep "$1" | awk -F '#' '{print $3}')
+		#task_logger "任务$task_name 开始执行"
+		eval $task_command && task_res=成功 || task_res=失败
+		task_logger "任务【$2】执行$task_res"
+	;;
+	*)
+		"$1"
+	;;
+esac
--- a/scripts/menus/uninstall.sh
+++ b/scripts/menus/uninstall.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#卸载
+uninstall() {
+    read -p "确认卸载ShellCrash？(警告：该操作不可逆！)[1/0] > " res
+    if [ "$res" = '1' ]; then
+        #停止服务
+        "$CRASHDIR"/start.sh stop 2>/dev/null
+        "$CRASHDIR"/start.sh cronset "clash服务" 2>/dev/null
+        "$CRASHDIR"/start.sh cronset "订阅链接" 2>/dev/null
+        "$CRASHDIR"/start.sh cronset "ShellCrash初始化" 2>/dev/null
+        "$CRASHDIR"/start.sh cronset "task.sh" 2>/dev/null
+        #移除安装目录
+        if [ -n "$CRASHDIR" ] && [ "$CRASHDIR" != '/' ]; then
+            read -p "是否保留脚本配置及订阅文件？[1/0] > " res
+            if [ "$res" = '1' ]; then
+                mv -f "$CRASHDIR"/configs /tmp/ShellCrash/configs_bak
+                mv -f "$CRASHDIR"/yamls /tmp/ShellCrash/yamls_bak
+                mv -f "$CRASHDIR"/jsons /tmp/ShellCrash/jsons_bak
+                rm -rf "$CRASHDIR"/*
+                mv -f /tmp/ShellCrash/configs_bak "$CRASHDIR"/configs
+                mv -f /tmp/ShellCrash/yamls_bak "$CRASHDIR"/yamls
+                mv -f /tmp/ShellCrash/jsons_bak "$CRASHDIR"/jsons
+            else
+                rm -rf "$CRASHDIR"
+            fi
+        else
+            echo -e "\033[31m环境变量配置有误，请尝试手动移除安装目录！\033[0m"
+            sleep 1
+        fi
+        #移除其他内容      
+        sed -i "/alias $my_alias=*/"d /etc/profile 2>/dev/null
+        sed -i '/alias crash=*/'d /etc/profile 2>/dev/null
+        sed -i '/export CRASHDIR=*/'d /etc/profile 2>/dev/null
+        sed -i '/export crashdir=*/'d /etc/profile 2>/dev/null
+        [ -w ~/.zshrc ] && {
+            sed -i "/alias $my_alias=*/"d ~/.zshrc 2>/dev/null
+            sed -i '/export CRASHDIR=*/'d ~/.zshrc 2>/dev/null
+        }
+        sed -i '/all_proxy/'d /etc/profile 2>/dev/null
+        sed -i '/ALL_PROXY/'d /etc/profile 2>/dev/null
+        sed -i "/启用外网访问SSH服务/d" /etc/firewall.user 2>/dev/null
+        sed -i '/ShellCrash初始化/'d /etc/storage/started_script.sh 2>/dev/null
+        sed -i '/ShellCrash初始化/'d /jffs/.asusrouter 2>/dev/null
+        [ "$BINDIR" != "$CRASHDIR" ] && rm -rf "$BINDIR"
+        rm -rf /etc/init.d/shellcrash
+        rm -rf /etc/systemd/system/shellcrash.service
+        rm -rf /usr/lib/systemd/system/shellcrash.service
+        rm -rf /www/clash
+        rm -rf /tmp/ShellCrash
+        rm -rf /usr/bin/crash
+        sed -i '/0:7890/d' /etc/passwd 2>/dev/null
+        userdel -r shellcrash 2>/dev/null
+        nvram set script_usbmount="" 2>/dev/null
+        nvram commit 2>/dev/null
+        echo "-----------------------------------------------"
+        echo -e "\033[36m已卸载ShellCrash相关文件！有缘再会！\033[0m"
+        echo -e "\033[33m请手动关闭当前窗口以重置环境变量！\033[0m"
+        echo "-----------------------------------------------"
+        exit
+    else
+        echo -e "\033[31m操作已取消！\033[0m"
+    fi
+}
--- a/scripts/start.sh
+++ b/scripts/start.sh
--- a/scripts/starts/README.md
+++ b/scripts/starts/README.md
@@ -0,0 +1,3 @@
+用于存放负责启动和服务相关的脚本
+
+此处脚本内容不应包含任何具体中文说明，log内容的文字应当从相关lang文件调用
--- a/scripts/starts/afstart.sh
+++ b/scripts/starts/afstart.sh
@@ -0,0 +1,56 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#初始化目录
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
+. "$CRASHDIR"/libs/get_config.sh
+#加载工具
+. "$CRASHDIR"/libs/check_cmd.sh
+. "$CRASHDIR"/libs/logger.sh
+. "$CRASHDIR"/libs/set_cron.sh
+#缺省值
+[ -z "$firewall_area" ] && firewall_area=1
+#延迟启动
+[ ! -f "$TMPDIR"/crash_start_time ] && [ -n "$start_delay" ] && [ "$start_delay" -gt 0 ] && {
+	logger "ShellCrash将延迟$start_delay秒启动" 31
+	sleep "$start_delay"
+}
+#设置循环检测面板端口以判定服务启动是否成功
+. "$CRASHDIR"/libs/start_wait.sh
+if [ -n "$test" -o -n "$(pidof CrashCore)" ]; then
+	[ "$start_old" = "ON" ] && [ ! -L "$TMPDIR"/CrashCore ] && rm -f "$TMPDIR"/CrashCore	#删除缓存目录内核文件
+	. "$CRASHDIR"/starts/fw_start.sh										#配置防火墙流量劫持
+	date +%s >"$TMPDIR"/crash_start_time                                    #标记启动时间
+	#后台还原面板配置
+	[ -s "$CRASHDIR"/configs/web_save ] && {
+		. "$CRASHDIR"/libs/web_restore.sh
+		web_restore >/dev/null 2>&1 &
+	}
+	#推送日志
+	{
+		sleep 5
+		logger ShellCrash服务已启动！
+	} &
+	ckcmd mtd_storage.sh && mtd_storage.sh save >/dev/null 2>&1 #Padavan保存/etc/storage
+	#加载定时任务
+	cronload | grep -v '^$' > "$TMPDIR"/cron_tmp
+	[ -s "$CRASHDIR"/task/cron ] && cat "$CRASHDIR"/task/cron >> "$TMPDIR"/cron_tmp
+	[ -s "$CRASHDIR"/task/running ] && cat "$CRASHDIR"/task/running >> "$TMPDIR"/cron_tmp
+	[ "$bot_tg_service" = ON ] && echo "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh bot_tg #ShellCrash-TG_BOT守护进程" >> "$TMPDIR"/cron_tmp
+	[ "$start_old" = ON ] && echo "* * * * * /bin/sh $CRASHDIR/starts/start_legacy_wd.sh shellcrash #ShellCrash保守模式守护进程" >> "$TMPDIR"/cron_tmp
+	awk '!x[$0]++' "$TMPDIR"/cron_tmp > "$TMPDIR"/cron_tmp2 #删除重复行
+	cronadd "$TMPDIR"/cron_tmp2
+	rm -f "$TMPDIR"/cron_tmp "$TMPDIR"/cron_tmp2
+	#加载条件任务
+	[ -s "$CRASHDIR"/task/afstart ] && { . "$CRASHDIR"/task/afstart; } &
+	[ -s "$CRASHDIR"/task/affirewall -a -s /etc/init.d/firewall -a ! -f /etc/init.d/firewall.bak ] && {
+		#注入防火墙
+		line=$(grep -En "fw.* restart" /etc/init.d/firewall | cut -d ":" -f 1)
+		sed -i.bak "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
+		line=$(grep -En "fw.* start" /etc/init.d/firewall | cut -d ":" -f 1)
+		sed -i "${line}a\\. $CRASHDIR/task/affirewall" /etc/init.d/firewall
+	} &
+	exit 0
+else
+	. "$CRASHDIR"/starts/start_error.sh
+fi
--- a/scripts/starts/bfstart.sh
+++ b/scripts/starts/bfstart.sh
@@ -0,0 +1,143 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#初始化目录
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
+. "$CRASHDIR"/libs/get_config.sh
+[ -z "$BINDIR" -o -z "$TMPDIR" -o -z "$COMMAND" ] && . "$CRASHDIR"/init.sh >/dev/null 2>&1
+[ ! -f "$TMPDIR" ] && mkdir -p "$TMPDIR"
+
+#当上次启动失败时终止自启动
+[ -f "$CRASHDIR"/.start_error ] && exit 1
+#加载工具
+. "$CRASHDIR"/libs/check_cmd.sh
+. "$CRASHDIR"/libs/check_target.sh
+. "$CRASHDIR"/libs/logger.sh
+. "$CRASHDIR"/libs/web_get_bin.sh
+. "$CRASHDIR"/libs/compare.sh
+. "$CRASHDIR"/starts/check_geo.sh
+. "$CRASHDIR"/starts/check_core.sh
+#缺省值
+[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
+[ -z "$dns_mod" ] && dns_mod='redir_host'
+[ -z "$redir_mod" ] && firewall_area='4'
+routing_mark=$((fwmark + 2))
+
+makehtml() { #生成面板跳转文件
+    cat >"$BINDIR"/ui/index.html <<EOF
+<!DOCTYPE html>
+<html lang="en">
+<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
+<meta http-equiv="Pragma" content="no-cache">
+<meta http-equiv="Expires" content="0">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>ShellCrash面板提示</title>
+</head>
+<body>
+    <div style="text-align: center; margin-top: 50px;">
+        <h1>您还未安装本地面板</h1>
+		<h3>请在脚本更新功能中(9-4)安装<br>或者使用在线面板：</h3>
+		<h4>请复制当前地址/ui(不包括)前面的内容，填入url位置即可连接</h3>
+        <a href="http://board.zash.run.place" style="font-size: 24px;">Zashboard面板(推荐)<br></a>
+        <a style="font-size: 21px;"><br>如已安装，请使用Ctrl+F5强制刷新此页面！<br></a>
+    </div>
+</body>
+</html
+EOF
+}
+catpac() { #生成pac文件
+    #获取本机host地址
+    [ -n "$host" ] && host_pac=$host
+    [ -z "$host_pac" ] && host_pac=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}')
+    [ -z "$host_pac" ] && host_pac=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
+    cat >"$TMPDIR"/shellcrash_pac <<EOF
+function FindProxyForURL(url, host) {
+	if (
+		isInNet(host, "0.0.0.0", "255.0.0.0")||
+		isInNet(host, "10.0.0.0", "255.0.0.0")||
+		isInNet(host, "127.0.0.0", "255.0.0.0")||
+		isInNet(host, "224.0.0.0", "224.0.0.0")||
+		isInNet(host, "240.0.0.0", "240.0.0.0")||
+		isInNet(host, "172.16.0.0",  "255.240.0.0")||
+		isInNet(host, "192.168.0.0", "255.255.0.0")||
+		isInNet(host, "169.254.0.0", "255.255.0.0")
+	)
+		return "DIRECT";
+	else
+		return "PROXY $host_pac:$mix_port; DIRECT; SOCKS5 $host_pac:$mix_port"
+}
+EOF
+    compare "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
+    [ "$?" = 0 ] && rm -rf "$TMPDIR"/shellcrash_pac || mv -f "$TMPDIR"/shellcrash_pac "$BINDIR"/ui/pac
+}
+
+
+#检测网络连接
+[ "$network_check" != "OFF" ] && [ ! -f "$TMPDIR"/crash_start_time ] && ckcmd ping && . "$CRASHDIR"/starts/check_network.sh && check_network
+[ ! -d "$BINDIR"/ui ] && mkdir -p "$BINDIR"/ui
+[ -z "$crashcore" ] && crashcore=meta
+#执行条件任务
+[ -s "$CRASHDIR"/task/bfstart ] && . "$CRASHDIR"/task/bfstart
+#检查内核配置文件
+if [ ! -f "$core_config" ]; then
+	if [ -n "$Url" -o -n "$Https" ]; then
+		logger "未找到配置文件，正在下载！" 33
+		. "$CRASHDIR"/starts/core_config.sh && get_core_config
+	else
+		logger "未找到配置文件链接，请先导入配置文件！" 31
+		exit 1
+	fi
+fi
+#检查dashboard文件
+if [ -f "$CRASHDIR"/ui/CNAME -a ! -f "$BINDIR"/ui/CNAME ]; then
+	cp -rf "$CRASHDIR"/ui "$BINDIR"
+fi
+[ ! -s "$BINDIR"/ui/index.html ] && makehtml #如没有面板则创建跳转界面
+catpac                                       #生成pac文件
+#内核及内核配置文件检查
+if echo "$crashcore" | grep -q 'singbox'; then
+	. "$CRASHDIR"/starts/singbox_check.sh && singbox_check
+	[ -d "$TMPDIR"/jsons ] && rm -rf "$TMPDIR"/jsons/* || mkdir -p "$TMPDIR"/jsons #准备目录
+	if [ "$disoverride" != "1" ];then
+		. "$CRASHDIR"/starts/singbox_modify.sh && modify_json
+	else
+		ln -sf "$core_config" "$TMPDIR"/jsons/config.json
+	fi
+else
+	. "$CRASHDIR"/starts/clash_check.sh && clash_check
+	if [ "$disoverride" != "1" ];then
+		. "$CRASHDIR"/starts/clash_modify.sh && modify_yaml
+	else
+		ln -sf "$core_config" "$TMPDIR"/config.yaml
+	fi
+fi
+#检查下载cnip绕过相关文件
+[ "$cn_ip_route" = "ON" ] && [ "$dns_mod" != "fake-ip" ] && {
+	[ "$firewall_mod" = nftables ] || ckcmd ipset && {
+		. "$CRASHDIR"/starts/check_cnip.sh
+		ck_cn_ipv4
+		[ "$ipv6_redir" = "ON" ] && ck_cn_ipv6
+	}
+}
+#添加shellcrash用户
+[ "$firewall_area" = 2 ] || [ "$firewall_area" = 3 ] || [ "$(cat /proc/1/comm)" = "systemd" ] &&
+	[ -z "$(id shellcrash 2>/dev/null | grep 'root')" ] && {
+	ckcmd userdel && userdel shellcrash 2>/dev/null
+	sed -i '/0:7890/d' /etc/passwd
+	sed -i '/x:7890/d' /etc/group
+	if ckcmd useradd; then
+		useradd shellcrash -u 7890
+		sed -Ei s/7890:7890/0:7890/g /etc/passwd
+	else
+		echo "shellcrash:x:0:7890:::" >>/etc/passwd
+	fi
+}
+#加载系统内核组件
+[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && ckcmd modprobe && modprobe tun 2>/dev/null
+#清理debug日志
+rm -rf /tmp/ShellCrash/debug.log
+rm -rf "$CRASHDIR"/debug.log
+exit 0
+
--- a/scripts/starts/check_cnip.sh
+++ b/scripts/starts/check_cnip.sh
@@ -0,0 +1,24 @@
+
+ck_cn_ipv4() { #CN-IP绕过
+    check_geo cn_ip.txt china_ip_list.txt
+    [ -f "$BINDIR"/cn_ip.txt ] && [ "$firewall_mod" = iptables ] && {
+        # see https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/CN-ip-cidr.txt
+        echo "create cn_ip hash:net family inet hashsize 10240 maxelem 10240" >"$TMPDIR"/cn_ip.ipset
+        awk '!/^$/&&!/^#/{printf("add cn_ip %s'" "'\n",$0)}' "$BINDIR"/cn_ip.txt >>"$TMPDIR"/cn_ip.ipset
+        ipset destroy cn_ip >/dev/null 2>&1
+        ipset -! restore <"$TMPDIR"/cn_ip.ipset
+        rm -rf "$TMPDIR"/cn_ip.ipset
+    }
+}
+ck_cn_ipv6() { #CN-IPV6绕过
+    check_geo cn_ipv6.txt china_ipv6_list.txt
+    [ -f "$BINDIR"/cn_ipv6.txt ] && [ "$firewall_mod" = iptables ] && {
+        #ipv6
+        #see https://ispip.clang.cn/all_cn_ipv6.txt
+        echo "create cn_ip6 hash:net family inet6 hashsize 5120 maxelem 5120" >"$TMPDIR"/cn_ipv6.ipset
+        awk '!/^$/&&!/^#/{printf("add cn_ip6 %s'" "'\n",$0)}' "$BINDIR"/cn_ipv6.txt >>"$TMPDIR"/cn_ipv6.ipset
+        ipset destroy cn_ip6 >/dev/null 2>&1
+        ipset -! restore <"$TMPDIR"/cn_ipv6.ipset
+        rm -rf "$TMPDIR"/cn_ipv6.ipset
+    }
+}
--- a/scripts/starts/check_core.sh
+++ b/scripts/starts/check_core.sh
@@ -0,0 +1,17 @@
+
+. "$CRASHDIR"/libs/check_target.sh
+. "$CRASHDIR"/libs/core_tools.sh
+. "$CRASHDIR"/configs/command.env
+
+check_core() { #检查及下载内核文件
+    [ -n "$(find --help 2>&1 | grep -o size)" ] && find_para=' -size +2000'             #find命令兼容
+	[ -z "$(find "$TMPDIR"/CrashCore $find_para 2>/dev/null)" ] && core_find
+    [ ! -f "$TMPDIR"/CrashCore ] && {
+        logger "未找到【$crashcore】核心，正在下载！" 33
+        [ -z "$cpucore" ] && . "$CRASHDIR"/libs/check_cpucore.sh && check_cpucore
+        [ -z "$cpucore" ] && logger 找不到设备的CPU信息，请手动指定处理器架构类型！ 31 && exit 1
+        core_webget || logger "核心下载失败，请重新运行或更换安装源！" 31  
+    }
+    [ "$start_old" != "ON" ] && [ "$(cat /proc/1/comm)" = "systemd" ] && restorecon -RF "$CRASHDIR" 2>/dev/null #修复SELinux权限问题
+    return 0
+}
--- a/scripts/starts/check_geo.sh
+++ b/scripts/starts/check_geo.sh
@@ -0,0 +1,18 @@
+
+. "$CRASHDIR"/libs/set_config.sh
+
+check_geo() { #查找及下载Geo数据文件
+    [ ! -d "$BINDIR"/ruleset ] && mkdir -p "$BINDIR"/ruleset
+    find --help 2>&1 | grep -q size && find_para=' -size +20' #find命令兼容
+    [ -z "$(find "$BINDIR"/"$1" "$find_para" 2>/dev/null)" ] && {
+        if [ -n "$(find "$CRASHDIR"/"$1" "$find_para" 2>/dev/null)" ]; then
+            mv "$CRASHDIR"/"$1" "$BINDIR"/"$1" #小闪存模式移动文件
+        else
+            logger "未找到${1}文件，正在下载！" 33
+            get_bin "$BINDIR"/"$1" bin/geodata/"$2"
+            [ "$?" = "1" ] && rm -rf "${BINDIR}"/"${1}" && logger "${1}文件下载失败,已退出！请前往更新界面尝试手动下载！" 31 && exit 1
+            geo_v="$(echo "$2" | awk -F "." '{print $1}')_v"
+            setconfig "$geo_v" "$(date +"%Y%m%d")"
+        fi
+    }
+}
--- a/scripts/starts/check_network.sh
+++ b/scripts/starts/check_network.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+check_network() { #检查是否联网
+    for text in 223.5.5.5 1.2.4.8 dns.alidns.com doh.pub; do
+        ping -c 3 $text >/dev/null 2>&1 && return 0
+        sleep 5
+    done
+    logger "当前设备无法连接网络，已停止启动！" 33
+    exit 1
+}
--- a/scripts/starts/clash_check.sh
+++ b/scripts/starts/clash_check.sh
@@ -0,0 +1,21 @@
+
+clash_check() { #clash启动前检查
+    #检测vless/hysteria协议
+    [ "$crashcore" != "meta" ] && [ -n "$(cat $core_config | grep -oE 'type: vless|type: hysteria')" ] && core_exchange meta 'vless/hy协议'
+    #检测是否存在高级版规则或者tun模式
+    if [ "$crashcore" = "clash" ]; then
+        [ -n "$(cat $core_config | grep -aiE '^script:|proxy-providers|rule-providers|rule-set')" ] ||
+            [ "$redir_mod" = "混合模式" ] ||
+            [ "$redir_mod" = "Tun模式" ] && core_exchange meta '当前内核不支持的配置'
+    fi
+    [ "$crashcore" = "clash" ] && [ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '0:7890' /etc/passwd)" ] &&
+        core_exchange meta '当前内核不支持非root用户启用本机代理'
+    check_core
+    #预下载GeoIP数据库
+    grep -qEi 'GEOIP,CN' "$CRASHDIR"/yamls/config.yaml && ! grep -Eq '^[[:space:]]*geodata-mode:' "$CRASHDIR"/yamls/*.yaml && check_geo Country.mmdb cn_mini.mmdb
+    #预下载GeoSite数据库
+    grep -qEi 'GEOSITE,' "$CRASHDIR"/yamls/config.yaml && ! grep -Eq '^[[:space:]]*geosite:' "$CRASHDIR"/yamls/*.yaml && check_geo GeoSite.dat geosite.dat
+    #预下载cn.mrs数据库
+    [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && ! grep -Eq '^[[:space:]]*cn:' "$CRASHDIR"/yamls/*.yaml && check_geo ruleset/cn.mrs mrs_geosite_cn.mrs
+    return 0
+}
--- a/scripts/starts/clash_config_check.sh
+++ b/scripts/starts/clash_config_check.sh
@@ -0,0 +1,41 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+check_config() { #检查clash配置文件
+    #检测节点或providers
+    sed -n "/^proxies:/,/^[a-z]/ { /^[a-z]/d; p; }" "$core_config_new" >"$TMPDIR"/proxies.yaml
+    if ! grep -Eq 'server:|server":|server'\'':' "$TMPDIR"/proxies.yaml && ! grep -q 'proxy-providers:' "$core_config_new"; then
+        echo "-----------------------------------------------"
+        logger "获取到了配置文件【$core_config_new】，但似乎并不包含正确的节点信息！" 31
+        cat "$TMPDIR"/proxies.yaml
+        sleep 1
+        echo "-----------------------------------------------"
+        echo "请尝试使用6-2或者6-3的方式生成配置文件！"
+        exit 1
+    fi
+    rm -rf "$TMPDIR"/proxies.yaml
+    #检测旧格式
+    if cat "$core_config_new" | grep 'Proxy Group:' >/dev/null; then
+        echo "-----------------------------------------------"
+        logger "已经停止对旧格式配置文件的支持！！！" 31
+        echo -e "请使用新格式或者使用【在线生成配置文件】功能！"
+        echo "-----------------------------------------------"
+        exit 1
+    fi
+    #检测不支持的加密协议
+    if cat "$core_config_new" | grep 'cipher: chacha20,' >/dev/null; then
+        echo "-----------------------------------------------"
+        logger "已停止支持chacha20加密，请更换更安全的节点加密协议！" 31
+        echo "-----------------------------------------------"
+        exit 1
+    fi
+    #检测并去除无效策略组
+    [ -n "$url_type" ] && ckcmd xargs && {
+        cat "$core_config_new" | sed '/^rules:/,$d' | grep -A 15 "\- name:" | xargs | sed 's/- name: /\n/g' | sed 's/ type: .*proxies: /#/g' | sed 's/- //g' | grep -E '#DIRECT $|#DIRECT$' | grep -Ev '全球直连|direct|Direct' | awk -F '#' '{print $1}' >"$TMPDIR"/clash_proxies
+        while read line; do
+            sed -i "/- $line/d" "$core_config_new"
+            sed -i "/- name: $line/,/- DIRECT/d" "$core_config_new"
+        done <"$TMPDIR"/clash_proxies
+        rm -rf "$TMPDIR"/clash_proxies
+    }
+}
--- a/scripts/starts/clash_modify.sh
+++ b/scripts/starts/clash_modify.sh
@@ -0,0 +1,242 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#修饰clash配置文件
+modify_yaml() {
+    ##########需要变更的配置###########
+    [ "$ipv6_dns" != "OFF" ] && dns_v6='true' || dns_v6='false'
+    external="external-controller: 0.0.0.0:$db_port"
+    if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
+        [ "$crashcore" = 'meta' ] && tun_meta=', device: utun, auto-route: false, auto-detect-interface: false'
+        tun="tun: {enable: true, stack: system$tun_meta}"
+    else
+        tun='tun: {enable: false}'
+    fi
+    exper='experimental: {ignore-resolve-fail: true, interface-name: en0}'
+    #Meta内核专属配置
+    [ "$crashcore" = 'meta' ] && {
+        [ "$redir_mod" != "纯净模式" ] && [ -z "$(grep 'PROCESS' "$CRASHDIR"/yamls/*.yaml)" ] && find_process='find-process-mode: "off"'
+		#ecs优化
+		[ "$ecs_subnet" = ON ] && {
+			. "$CRASHDIR"/libs/get_ecsip.sh
+			if [ -n "$ecs_address" ];then
+				dns_fallback=$(echo "$dns_fallback, " | sed "s|, |#ecs-override=true\&ecs=$ecs_address, |g" | sed 's|, $||')
+			else
+				logger "自动获取ecs网段失败！"
+			fi
+		}
+    }
+    #dns配置
+    [ -z "$(cat "$CRASHDIR"/yamls/user.yaml 2>/dev/null | grep '^dns:')" ] && {
+        [ "$crashcore" != meta ] && dns_resolver='223.5.5.5'
+        cat >"$TMPDIR"/dns.yaml <<EOF
+dns:
+  enable: true
+  listen: :$dns_port
+  use-hosts: true
+  ipv6: $dns_v6
+  default-nameserver: [ $dns_resolver ]
+  direct-nameserver: [ $dns_nameserver ]
+  enhanced-mode: fake-ip
+  fake-ip-range: 28.0.0.0/8
+  fake-ip-range6: fc00::/16
+  fake-ip-filter:
+EOF
+        if [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "fake-ip" ]; then
+            cat "$CRASHDIR"/configs/fake_ip_filter "$CRASHDIR"/configs/fake_ip_filter.list 2>/dev/null | grep -v '#' | sed "s/^/    - '/" | sed "s/$/'/" >>"$TMPDIR"/dns.yaml
+        else
+            echo "    - '+.*'" >>"$TMPDIR"/dns.yaml #使用fake-ip模拟redir_host
+        fi
+        #mix模式fakeip绕过cn
+        [ "$dns_mod" = "mix" ] && echo '    - "rule-set:cn"' >>"$TMPDIR"/dns.yaml
+        #mix模式和route模式插入分流设置
+        if [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ]; then
+            [ "$dns_protect" != "OFF" ] && dns_final="$dns_fallback" || dns_final="$dns_nameserver"
+            cat >>"$TMPDIR"/dns.yaml <<EOF
+  respect-rules: true
+  nameserver-policy: {'rule-set:cn': [ $dns_nameserver ]}
+  proxy-server-nameserver : [ $dns_resolver ]
+  nameserver: [ $dns_final ]
+EOF
+        else
+            cat >>"$TMPDIR"/dns.yaml <<EOF
+  nameserver: [ $dns_nameserver ]
+EOF
+        fi
+    }
+    #域名嗅探配置
+    [ "$sniffer" = "ON" ] && [ "$crashcore" = "meta" ] && sniffer_set="sniffer: {enable: true, parse-pure-ip: true, skip-domain: [Mijia Cloud], sniff: {http: {ports: [80, 8080-8880], override-destination: true}, tls: {ports: [443, 8443]}, quic: {ports: [443, 8443]}}}"
+    [ "$crashcore" = "clashpre" ] && [ "$dns_mod" = "redir_host" -o "$sniffer" = "ON" ] && exper="experimental: {ignore-resolve-fail: true, interface-name: en0,sniff-tls-sni: true}"
+    #生成set.yaml
+    cat >"$TMPDIR"/set.yaml <<EOF
+mixed-port: $mix_port
+redir-port: $redir_port
+tproxy-port: $tproxy_port
+authentication: ["$authentication"]
+allow-lan: true
+mode: Rule
+log-level: info
+ipv6: true
+external-controller: :$db_port
+external-ui: ui
+external-ui-url: "$external_ui_url"
+secret: $secret
+$tun
+$exper
+$sniffer_set
+$find_process
+routing-mark: $routing_mark
+unified-delay: true
+EOF
+    #读取本机hosts并生成配置文件
+    if [ "$hosts_opt" != "OFF" ] && [ -z "$(grep -aE '^hosts:' "$CRASHDIR"/yamls/user.yaml 2>/dev/null)" ]; then
+        #NTP劫持
+        cat >"$TMPDIR"/hosts.yaml <<EOF
+use-system-hosts: true
+hosts:
+  'time.android.com': 203.107.6.88
+  'time.facebook.com': 203.107.6.88
+EOF
+        if [ "$crashcore" = "meta" ]; then
+            echo "  'services.googleapis.cn': services.googleapis.com" >>"$TMPDIR"/hosts.yaml
+        fi
+		#加载本机hosts
+		sys_hosts=/etc/hosts
+		[ -f /data/etc/custom_hosts ] && sys_hosts='/etc/hosts /data/etc/custom_hosts'
+		cat $sys_hosts | while read line; do
+			[ -n "$(echo "$line" | grep -oE "([0-9]{1,3}[\.]){3}")" ] &&
+				[ -z "$(echo "$line" | grep -oE '^#')" ] &&
+				hosts_ip=$(echo $line | awk '{print $1}') &&
+				hosts_domain=$(echo $line | awk '{print $2}') &&
+				[ -z "$(cat "$TMPDIR"/hosts.yaml | grep -oE "$hosts_domain")" ] &&
+				echo "  '$hosts_domain': $hosts_ip" >>"$TMPDIR"/hosts.yaml
+		done
+    fi
+    #分割配置文件
+    yaml_char='proxies proxy-groups proxy-providers rules rule-providers sub-rules listeners'
+    for char in $yaml_char; do
+        sed -n "/^$char:/,/^[a-z]/ { /^[a-z]/d; p; }" $core_config >"$TMPDIR"/${char}.yaml
+    done
+    #跳过本地tls证书验证
+    [ "$skip_cert" != "OFF" ] && sed -i 's/skip-cert-verify: false/skip-cert-verify: true/' "$TMPDIR"/proxies.yaml ||
+        sed -i 's/skip-cert-verify: true/skip-cert-verify: false/' "$TMPDIR"/proxies.yaml
+    #插入自定义策略组
+    sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml
+    sed -i "/#自定义策略组/d" "$TMPDIR"/proxy-groups.yaml
+    [ -n "$(grep -Ev '^#' "$CRASHDIR"/yamls/proxy-groups.yaml 2>/dev/null)" ] && {
+        #获取空格数
+        space_name=$(grep -aE '^ *- \{?name: ' "$TMPDIR"/proxy-groups.yaml | head -n 1 | grep -oE '^ *')
+        space_proxy="$space_name    "
+        #合并自定义策略组到proxy-groups.yaml
+        cat "$CRASHDIR"/yamls/proxy-groups.yaml | sed "/^#/d" | sed "s/#.*//g" | sed '1i\ #自定义策略组开始' | sed '$a\ #自定义策略组结束' | sed "s/^ */${space_name}  /g" | sed "s/^ *- /${space_proxy}- /g" | sed "s/^ *- name: /${space_name}- name: /g"  | sed "s/^ *- {name: /${space_name}- {name: /g" >"$TMPDIR"/proxy-groups_add.yaml
+        cat "$TMPDIR"/proxy-groups.yaml >>"$TMPDIR"/proxy-groups_add.yaml
+        mv -f "$TMPDIR"/proxy-groups_add.yaml "$TMPDIR"/proxy-groups.yaml
+        oldIFS="$IFS"
+        grep "\- name: " "$CRASHDIR"/yamls/proxy-groups.yaml | sed "/^#/d" | while read line; do #将自定义策略组插入现有的proxy-group
+            new_group=$(echo $line | grep -Eo '^ *- name:.*#' | cut -d'#' -f1 | sed 's/.*name: //g')
+            proxy_groups=$(echo $line | grep -Eo '#.*' | sed "s/#//")
+            IFS="#"
+            for name in $proxy_groups; do
+                line_a=$(grep -n "\- name: $name" "$TMPDIR"/proxy-groups.yaml | head -n 1 | awk -F: '{print $1}') #获取group行号
+                [ -n "$line_a" ] && {
+                    line_b=$(grep -A 8 "\- name: $name" "$TMPDIR"/proxy-groups.yaml | grep -n "proxies:$" | head -n 1 | awk -F: '{print $1}') #获取proxies行号
+                    line_c=$((line_a + line_b - 1))                                                                                           #计算需要插入的行号
+                    space=$(sed -n "$((line_c + 1))p" "$TMPDIR"/proxy-groups.yaml | grep -oE '^ *')                                           #获取空格数
+                    [ "$line_c" -gt 2 ] && sed -i "${line_c}a\\${space}- ${new_group} #自定义策略组" "$TMPDIR"/proxy-groups.yaml
+                }
+            done
+            IFS="$oldIFS"
+        done
+    }
+    #插入自定义代理
+    sed -i "/#自定义代理/d" "$TMPDIR"/proxies.yaml
+    sed -i "/#自定义代理/d" "$TMPDIR"/proxy-groups.yaml
+    [ -n "$(grep -Ev '^#' "$CRASHDIR"/yamls/proxies.yaml 2>/dev/null)" ] && {
+        space_proxy=$(cat "$TMPDIR"/proxies.yaml | grep -aE '^ *- ' | head -n 1 | grep -oE '^ *')                                                            #获取空格数
+        cat "$CRASHDIR"/yamls/proxies.yaml | sed "s/^ *- /${space_proxy}- /g" | sed "/^#/d" | sed "/^ *$/d" | sed 's/#.*/ #自定义代理/g' >>"$TMPDIR"/proxies.yaml #插入节点
+        oldIFS="$IFS"
+        cat "$CRASHDIR"/yamls/proxies.yaml | sed "/^#/d" | while read line; do #将节点插入proxy-group
+            proxy_name=$(echo $line | grep -Eo 'name: .+, ' | cut -d',' -f1 | sed 's/name: //g')
+            proxy_groups=$(echo $line | grep -Eo '#.*' | sed "s/#//")
+            IFS="#"
+            for name in $proxy_groups; do
+                line_a=$(grep -n "\- name: $name" "$TMPDIR"/proxy-groups.yaml | head -n 1 | awk -F: '{print $1}') #获取group行号
+                [ -n "$line_a" ] && {
+                    line_b=$(grep -A 8 "\- name: $name" "$TMPDIR"/proxy-groups.yaml | grep -n "proxies:$" | head -n 1 | awk -F: '{print $1}') #获取proxies行号
+                    line_c=$((line_a + line_b - 1))                                                                                           #计算需要插入的行号
+                    space=$(sed -n "$((line_c + 1))p" "$TMPDIR"/proxy-groups.yaml | grep -oE '^ *')                                           #获取空格数
+                    [ "$line_c" -gt 2 ] && sed -i "${line_c}a\\${space}- ${proxy_name} #自定义代理" "$TMPDIR"/proxy-groups.yaml
+                }
+            done
+            IFS="$oldIFS"
+        done
+    }
+    #添加自定义入站
+	[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		. "$CRASHDIR"/libs/meta_listeners.sh
+	}
+    #节点绕过功能支持
+    sed -i "/#节点绕过/d" "$TMPDIR"/rules.yaml
+    [ "$proxies_bypass" = "ON" ] && {
+        cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | awk '!a[$0]++' | sed 's/^/\ -\ IP-CIDR,/g' | sed 's|$|/32,DIRECT,no-resolve #节点绕过|g' >>"$TMPDIR"/proxies_bypass
+        cat "$TMPDIR"/proxies.yaml | sed '/^proxy-/,$d' | sed '/^rule-/,$d' | grep -v '^\s*#' | grep -vE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | grep -oE '[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\.[a-zA-Z0-9][-a-zA-Z0-9]{0,62})+\.?' | awk '!a[$0]++' | sed 's/^/\ -\ DOMAIN,/g' | sed 's/$/,DIRECT #节点绕过/g' >>"$TMPDIR"/proxies_bypass
+        cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/proxies_bypass
+        mv -f "$TMPDIR"/proxies_bypass "$TMPDIR"/rules.yaml
+    }
+    #插入自定义规则
+    sed -i "/#自定义规则/d" "$TMPDIR"/rules.yaml
+    [ -s "$CRASHDIR"/yamls/rules.yaml ] && {
+        cat "$CRASHDIR"/yamls/rules.yaml | sed "/^#/d" | sed '$a\' | sed 's/$/ #自定义规则/g' >"$TMPDIR"/rules.add
+        cat "$TMPDIR"/rules.yaml >>"$TMPDIR"/rules.add
+        mv -f "$TMPDIR"/rules.add "$TMPDIR"/rules.yaml
+    }
+    #mix和route模式生成rule-providers
+    [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && ! grep -Eq '^[[:space:]]*cn:' "$TMPDIR"/rule-providers.yaml && ! grep -q '^rule-providers' "$CRASHDIR"/yamls/others.yaml 2>/dev/null && {
+        space=$(sed -n "1p" "$TMPDIR"/rule-providers.yaml | grep -oE '^ *') #获取空格数
+        [ -z "$space" ] && space='  '
+        echo "${space}cn: {type: http, behavior: domain, format: mrs, path: ./ruleset/cn.mrs, url: https://testingcf.jsdelivr.net/gh/juewuy/ShellCrash@update/bin/geodata/mrs_geosite_cn.mrs}" >>"$TMPDIR"/rule-providers.yaml
+    }
+    #对齐rules中的空格
+    sed -i 's/^ *-/ -/g' "$TMPDIR"/rules.yaml
+    #合并文件
+    [ -s "$CRASHDIR"/yamls/user.yaml ] && {
+        yaml_user="$CRASHDIR"/yamls/user.yaml
+        #set和user去重,且优先使用user.yaml
+        cp -f "$TMPDIR"/set.yaml "$TMPDIR"/set_bak.yaml
+        for char in mode allow-lan log-level tun experimental external-ui-url interface-name dns store-selected unified-delay; do
+            [ -n "$(grep -E "^$char" $yaml_user)" ] && sed -i "/^$char/d" "$TMPDIR"/set.yaml
+        done
+    }
+    [ -s "$TMPDIR"/dns.yaml ] && yaml_dns="$TMPDIR"/dns.yaml
+    [ -s "$TMPDIR"/hosts.yaml ] && yaml_hosts="$TMPDIR"/hosts.yaml
+    [ -s "$CRASHDIR"/yamls/others.yaml ] && yaml_others="$CRASHDIR"/yamls/others.yaml
+    yaml_add=
+    for char in $yaml_char; do #将额外配置文件合并
+        [ -s "$TMPDIR"/${char}.yaml ] && {
+            sed -i "1i\\${char}:" "$TMPDIR"/${char}.yaml
+            yaml_add="$yaml_add $TMPDIR/${char}.yaml"
+        }
+    done
+    #合并完整配置文件
+    cut -c 1- "$TMPDIR"/set.yaml $yaml_dns $yaml_hosts $yaml_user $yaml_others $yaml_add >"$TMPDIR"/config.yaml
+    #测试自定义配置文件
+    "$TMPDIR"/CrashCore -t -d "$BINDIR" -f "$TMPDIR"/config.yaml >/dev/null
+    if [ "$?" != 0 ]; then
+        logger "$("$TMPDIR"/CrashCore -t -d "$BINDIR" -f "$TMPDIR"/config.yaml | grep -Eo 'error.*=.*')" 31
+        logger "自定义配置文件校验失败！将使用基础配置文件启动！" 33
+        logger "错误详情请参考 "$TMPDIR"/error.yaml 文件！" 33
+        mv -f "$TMPDIR"/config.yaml "$TMPDIR"/error.yaml >/dev/null 2>&1
+        sed -i "/#自定义策略组开始/,/#自定义策略组结束/d" "$TMPDIR"/proxy-groups.yaml
+        mv -f "$TMPDIR"/set_bak.yaml "$TMPDIR"/set.yaml >/dev/null 2>&1
+        #合并基础配置文件
+        cut -c 1- "$TMPDIR"/set.yaml $yaml_dns $yaml_add >"$TMPDIR"/config.yaml
+        sed -i "/#自定义/d" "$TMPDIR"/config.yaml
+    fi
+    #建立软连接
+    [ ""$TMPDIR"" = ""$BINDIR"" ] || ln -sf "$TMPDIR"/config.yaml "$BINDIR"/config.yaml 2>/dev/null || cp -f "$TMPDIR"/config.yaml "$BINDIR"/config.yaml
+    #清理缓存
+    for char in $yaml_char set set_bak dns hosts; do
+        rm -f "$TMPDIR"/${char}.yaml
+    done
+}
--- a/scripts/starts/core_config.sh
+++ b/scripts/starts/core_config.sh
@@ -0,0 +1,105 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+. "$CRASHDIR"/libs/urlencode.sh
+. "$CRASHDIR"/libs/check_target.sh
+. "$CRASHDIR"/libs/web_get_bin.sh
+. "$CRASHDIR"/libs/compare.sh
+. "$CRASHDIR"/libs/set_config.sh
+
+update_servers() { #更新servers.list
+    get_bin "$TMPDIR"/servers.list public/servers.list
+    [ "$?" = 0 ] && mv -f "$TMPDIR"/servers.list "$CRASHDIR"/configs/servers.list
+}
+gen_ua(){  #自动生成ua
+    [ -z "$user_agent" -o "$user_agent" = "auto" ] && {
+        if echo "$crashcore" | grep -q 'singbox'; then
+            user_agent="sing-box/singbox/$core_v"
+        elif [ "$crashcore" = meta ]; then
+            user_agent="clash.meta/mihomo/$core_v"
+        else
+            user_agent="clash"
+        fi
+    }
+    [ "$user_agent" = "none" ] && unset user_agent
+}
+get_core_config() { #下载内核配置文件
+    [ -z "$rule_link" ] && rule_link=1
+    [ -z "$server_link" ] || [ $server_link -gt $(grep -aE '^4' "$CRASHDIR"/configs/servers.list | wc -l) ] && server_link=1
+    Server=$(grep -aE '^3|^4' "$CRASHDIR"/configs/servers.list | sed -n ""$server_link"p" | awk '{print $3}')
+    Server_ua=$(grep -aE '^4' "$CRASHDIR"/configs/servers.list | sed -n ""$server_link"p" | awk '{print $4}')
+    Config=$(grep -aE '^5' "$CRASHDIR"/configs/servers.list | sed -n ""$rule_link"p" | awk '{print $3}')
+    gen_ua
+	#如果传来的是Url链接则合成Https链接，否则直接使用Https链接
+    if [ -z "$Https" ]; then
+        #Urlencord转码处理保留字符
+        if ckcmd hexdump;then
+			Url=$(echo $Url | sed 's/%26/\&/g')   #处理分隔符
+			urlencodeUrl="exclude=$(urlencode "$exclude")&include=$(urlencode "$include")&url=$(urlencode "$Url")&config=$(urlencode "$Config")"
+		else
+			urlencodeUrl="exclude=$exclude&include=$include&url=$Url&config=$Config"
+		fi
+        Https="${Server}/sub?target=${target}&${Server_ua}=${user_agent}&insert=true&new_name=true&scv=true&udp=true&${urlencodeUrl}"
+        url_type=true
+	else
+		Https=$(echo $Https | sed 's/\\&/\&/g')   #还原转义
+    fi
+    #输出
+    echo "-----------------------------------------------"
+    logger "正在连接服务器获取【$target】配置文件…………"
+    echo -e "链接地址为：\033[4;32m$Https\033[0m"
+    echo 可以手动复制该链接到浏览器打开并查看数据是否正常！
+    #获取在线config文件
+    core_config_new="$TMPDIR"/"$target"_config."$format"
+    rm -rf "$core_config_new"
+    webget "$core_config_new" "$Https" echoon rediron skipceron "$user_agent"
+    if [ "$?" != "0" ]; then
+        if [ -z "$url_type" ]; then
+            echo "-----------------------------------------------"
+            logger "配置文件获取失败！" 31
+            echo -e "\033[31m请尝试使用【在线生成配置文件】功能！\033[0m"
+            echo "-----------------------------------------------"
+            exit 1
+        else
+            if [ -n "$retry" ] && [ "$retry" -ge 3 ]; then
+                logger "无法获取配置文件，请检查链接格式以及网络连接状态！" 31
+                echo -e "\033[32m也可用浏览器下载以上链接后，使用WinSCP手动上传到/tmp目录后执行crash命令本地导入！\033[0m"
+                exit 1
+            else
+                retry=$((retry + 1))
+                logger "配置文件获取失败！" 31 off on
+                if [ "$retry" = 1 ]; then
+                    echo -e "\033[32m尝试更新服务器列表并使用其他服务器获取配置！\033[0m"
+                    update_servers
+                else
+                    echo -e "\033[32m尝试使用其他服务器获取配置！\033[0m"
+                fi
+                echo -e "正在重试\033[33m第$retry次/共3次！\033[0m"
+                if [ "$server_link" -ge 4 ]; then
+                    server_link=0
+                fi
+                server_link=$((server_link + 1))
+                setconfig server_link $server_link
+                Https=""
+                get_core_config
+            fi
+        fi
+    else
+        Https=""
+        if echo "$crashcore" | grep -q 'singbox'; then
+            . "$CRASHDIR"/starts/singbox_config_check.sh
+        else
+            . "$CRASHDIR"/starts/clash_config_check.sh
+        fi
+		check_config
+        #如果不同则备份并替换文件
+        if [ -s "$core_config" ]; then
+            compare "$core_config_new" "$core_config"
+            [ "$?" = 0 ] || mv -f "$core_config" "$core_config".bak && mv -f "$core_config_new" "$core_config"
+        else
+            mv -f "$core_config_new" "$core_config"
+        fi
+        echo -e "\033[32m已成功获取配置文件！\033[0m"
+    fi
+    return 0
+}
--- a/scripts/starts/core_exchange.sh
+++ b/scripts/starts/core_exchange.sh
@@ -0,0 +1,11 @@
+
+core_exchange() { #升级为高级内核
+    #$1：目标内核  $2：提示语句
+    logger "检测到${2}！将改为使用${1}核心启动！" 33
+    rm -rf "$TMPDIR"/CrashCore
+    rm -rf "$BINDIR"/CrashCore
+    rm -rf "$BINDIR"/CrashCore.tar.gz
+    crashcore="$1"
+    setconfig crashcore "$1"
+    echo "-----------------------------------------------"
+}
--- a/scripts/starts/fw_getlanip.sh
+++ b/scripts/starts/fw_getlanip.sh
@@ -0,0 +1,41 @@
+
+getlanip() { #获取局域网host地址
+    i=1
+    while [ "$i" -le "20" ]; do
+        host_ipv4=$(ip route show scope link | grep -Ev 'wan|utun|iot|peer|docker|podman|virbr|vnet|ovs|vmbr|veth|vmnic|vboxnet|lxcbr|xenbr|vEthernet' | awk '{print $1}') #ipv4局域网网段
+        [ "$ipv6_redir" = "ON" ] && host_ipv6=$(ip -6 route show default | awk '{print $3}' | tr '\n' ' ' | sed 's/ $//') #ipv6公网地址段
+        [ -f "$TMPDIR"/ShellCrash.log ] && break
+        [ -n "$host_ipv4" -a "$ipv6_redir" != "ON" ] && break
+        [ -n "$host_ipv4" -a -n "$host_ipv6" ] && break
+        sleep 1 && i=$((i + 1))
+    done
+	#Tailscale
+	[ "$ts_service" = ON ] && {
+		ts_host_ipv4=' 100.64.0.0/10'
+		ts_host_ipv6=' fd7a:115c:a1e0::/48'
+	}
+	#Wireguard
+	[ "$wg_service" = ON ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		wg_host_ipv4=' $wg_ipv4'
+		[ -n "$wg_ipv6" ] && wg_host_ipv6=' $wg_ipv6'
+	}
+    #添加自定义ipv4局域网网段
+    if [ "$replace_default_host_ipv4" == "ON" ]; then
+        host_ipv4="$cust_host_ipv4"
+    else
+        host_ipv4=$(echo "$host_ipv4 $cust_host_ipv4$ts_host_ipv4$wg_host_ipv4"| tr '\n' ' ' | sed 's/ $//')
+    fi
+    #缺省配置
+    [ -z "$host_ipv4" ] && {
+		host_ipv4='192.168.0.0/16 10.0.0.0/12 172.16.0.0/12'
+		logger "无法获取本地LAN-IPV4网段，请前往流量过滤设置界面设置自定义网段！" 31
+	}
+    host_ipv6="fe80::/10 fd00::/8 $host_ipv6$ts_host_ipv6$wg_host_ipv6"
+    #获取本机出口IP地址
+    local_ipv4=$(ip route 2>&1 | grep -Ev 'utun|iot|docker|linkdown' | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)
+    [ -z "$local_ipv4" ] && local_ipv4=$(ip route 2>&1 | grep -Eo 'src.*' | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' | sort -u)
+    #保留地址
+    [ -z "$reserve_ipv4" ] && reserve_ipv4="0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 100.64.0.0/10 169.254.0.0/16 172.16.0.0/12 192.168.0.0/16 224.0.0.0/4 240.0.0.0/4"
+    [ -z "$reserve_ipv6" ] && reserve_ipv6="::/128 ::1/128 ::ffff:0:0/96 64:ff9b::/96 100::/64 2001::/32 2001:20::/28 2001:db8::/32 2002::/16 fe80::/10 ff00::/8"
+}
--- a/scripts/starts/fw_iptables.sh
+++ b/scripts/starts/fw_iptables.sh
@@ -0,0 +1,292 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
+ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
+	
+start_ipt_route() { #iptables-route通用工具
+    #$1:iptables/ip6tables	$2:所在的表(nat/mangle) $3:所在的链(OUTPUT/PREROUTING)	$4:新创建的shellcrash链表	$5:tcp/udp/all
+    #区分ipv4/ipv6
+    [ "$1" = 'iptables' ] && {
+        RESERVED_IP=$reserve_ipv4
+        HOST_IP=$host_ipv4
+        [ "$3" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4"
+        [ "$4" = 'shellcrash_vm' ] && HOST_IP="$vm_ipv4"
+        iptables -h | grep -q '\-w' && w='-w' || w=''
+    }
+    [ "$1" = 'ip6tables' ] && {
+        RESERVED_IP=$reserve_ipv6
+        HOST_IP=$host_ipv6
+        [ "$3" = 'OUTPUT' ] && HOST_IP="::1 $host_ipv6"
+        ip6tables -h | grep -q '\-w' && w='-w' || w=''
+    }
+    #创建新的shellcrash链表
+    "$1" $w -t "$2" -N "$4"
+    #过滤dns
+    "$1" $w -t "$2" -A "$4" -p tcp --dport 53 -j RETURN
+    "$1" $w -t "$2" -A "$4" -p udp --dport 53 -j RETURN
+    #防回环
+    "$1" $w -t "$2" -A "$4" -m mark --mark $routing_mark -j RETURN
+    [ "$3" = 'OUTPUT' ] && for gid in 453 7890; do
+        "$1" $w -t "$2" -A "$4" -m owner --gid-owner $gid -j RETURN
+    done
+    [ "$firewall_area" = 5 ] && "$1" $w -t "$2" -A "$4" -s $bypass_host -j RETURN
+    [ -z "$ports" ] && {
+		"$1" $w -t "$2" -A "$4" -p tcp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
+		"$1" $w -t "$2" -A "$4" -p udp -m multiport --dports "$mix_port,$redir_port,$tproxy_port" -j RETURN
+	}
+    #跳过目标保留地址及目标本机网段
+    for ip in $HOST_IP $RESERVED_IP; do
+        "$1" $w -t "$2" -A "$4" -d $ip -j RETURN
+    done
+    #绕过CN_IP
+    [ "$1" = iptables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ip.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip dst -j RETURN 2>/dev/null
+    [ "$1" = ip6tables ] && [ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" = "ON" ] && [ -f "$BINDIR"/cn_ipv6.txt ] && "$1" $w -t "$2" -A "$4" -m set --match-set cn_ip6 dst -j RETURN 2>/dev/null
+    #局域网mac地址黑名单过滤
+    [ "$3" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
+        [ -s "$CRASHDIR"/configs/mac ] &&
+            for mac in $(cat "$CRASHDIR"/configs/mac); do
+                "$1" $w -t "$2" -A "$4" -m mac --mac-source $mac -j RETURN
+            done
+        [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] &&
+            for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
+                "$1" $w -t "$2" -A "$4" -s $ip -j RETURN
+            done
+    }
+    #tcp&udp分别进代理链
+    proxy_set() {
+        if [ "$3" = 'PREROUTING' ] && [ "$4" != 'shellcrash_vm' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ]; then
+            [ -s "$CRASHDIR"/configs/mac ] &&
+                for mac in $(cat "$CRASHDIR"/configs/mac); do
+                    "$1" $w -t "$2" -A "$4" -p "$5" -m mac --mac-source $mac -j $JUMP
+                done
+            [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] &&
+                for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
+                    "$1" $w -t "$2" -A "$4" -p "$5" -s $ip -j $JUMP
+                done
+        else
+            for ip in $HOST_IP; do #仅限指定网段流量
+                "$1" $w -t "$2" -A "$4" -p "$5" -s $ip -j $JUMP
+            done
+        fi
+        #将所在链指定流量指向shellcrash表
+        "$1" $w -t "$2" -I "$3" -p "$5" $ports -j "$4"
+        [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = iptables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d 28.0.0.0/8 -j "$4"
+        [ "$dns_mod" = "mix" -o "$dns_mod" = "fake-ip" ] && [ "$common_ports" = "ON" ] && [ "$1" = ip6tables ] && "$1" $w -t "$2" -I "$3" -p "$5" -d fc00::/16 -j "$4"
+    }
+    [ "$5" = "tcp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" tcp
+    [ "$5" = "udp" -o "$5" = "all" ] && proxy_set "$1" "$2" "$3" "$4" udp
+}
+start_ipt_dns() { #iptables-dns通用工具
+    #$1:iptables/ip6tables	$2:所在的表(OUTPUT/PREROUTING)	$3:新创建的shellcrash表
+    #区分ipv4/ipv6
+    [ "$1" = 'iptables' ] && {
+        HOST_IP="$host_ipv4"
+        [ "$2" = 'OUTPUT' ] && HOST_IP="127.0.0.0/8 $local_ipv4"
+        [ "$3" = 'shellcrash_vm_dns' ] && HOST_IP="$vm_ipv4"
+        iptables -h | grep -q '\-w' && w='-w' || w=''
+    }
+    [ "$1" = 'ip6tables' ] && {
+        HOST_IP=$host_ipv6
+        ip6tables -h | grep -q '\-w' && w='-w' || w=''
+    }
+    "$1" $w -t nat -N "$3"
+    #防回环
+    "$1" $w -t nat -A "$3" -m mark --mark $routing_mark -j RETURN
+    [ "$2" = 'OUTPUT' ] && for gid in 453 7890; do
+        "$1" $w -t nat -A "$3" -m owner --gid-owner $gid -j RETURN
+    done
+    [ "$firewall_area" = 5 ] && {
+        "$1" $w -t nat -A "$3" -p tcp -s $bypass_host -j RETURN
+        "$1" $w -t nat -A "$3" -p udp -s $bypass_host -j RETURN
+    }
+    #局域网mac地址黑名单过滤
+    [ "$2" = 'PREROUTING' ] && [ "$macfilter_type" != "白名单" ] && {
+        [ -s "$CRASHDIR"/configs/mac ] &&
+            for mac in $(cat "$CRASHDIR"/configs/mac); do
+                "$1" $w -t nat -A "$3" -m mac --mac-source $mac -j RETURN
+            done
+        [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] &&
+            for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
+                "$1" $w -t nat -A "$3" -s $ip -j RETURN
+            done
+    }
+    if [ "$2" = 'PREROUTING' ] && [ "$3" != 'shellcrash_vm_dns' ] && [ "$macfilter_type" = "白名单" ] && [ -n "$(cat $CRASHDIR/configs/mac $CRASHDIR/configs/ip_filter 2>/dev/null)" ]; then
+        [ -s "$CRASHDIR"/configs/mac ] &&
+            for mac in $(cat "$CRASHDIR"/configs/mac); do
+                "$1" $w -t nat -A "$3" -p tcp -m mac --mac-source $mac -j REDIRECT --to-ports "$dns_redir_port"
+                "$1" $w -t nat -A "$3" -p udp -m mac --mac-source $mac -j REDIRECT --to-ports "$dns_redir_port"
+            done
+        [ -s "$CRASHDIR"/configs/ip_filter ] && [ "$1" = 'iptables' ] &&
+            for ip in $(cat "$CRASHDIR"/configs/ip_filter); do
+                "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+                "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+            done
+    else
+        for ip in $HOST_IP; do #仅限指定网段流量
+            "$1" $w -t nat -A "$3" -p tcp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+            "$1" $w -t nat -A "$3" -p udp -s $ip -j REDIRECT --to-ports "$dns_redir_port"
+        done
+    fi
+    [ "$1" = 'ip6tables' ] && { #屏蔽外部请求
+        "$1" $w -t nat -A "$3" -p tcp -j RETURN
+        "$1" $w -t nat -A "$3" -p udp -j RETURN
+    }
+    "$1" $w -t nat -I "$2" -p tcp --dport 53 -j "$3"
+    "$1" $w -t nat -I "$2" -p udp --dport 53 -j "$3"
+}
+start_ipt_wan() { #iptables公网防火墙
+	ipt_wan_accept(){
+		$iptable -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
+		ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$accept_ports" -j ACCEPT
+	}
+	ipt_wan_reject(){
+		$iptable -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
+		ckcmd ip6tables && $ip6table -I INPUT -p "$1" -m multiport --dports "$reject_ports" -j REJECT
+	}
+	#端口拦截
+	reject_ports="$mix_port,$db_port"
+	ipt_wan_reject tcp
+	ipt_wan_reject udp
+	#端口放行
+	[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
+	accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$//")
+    [ -n "$accept_ports" ] && {
+		ipt_wan_accept tcp
+		ipt_wan_accept udp
+	}
+	#局域网请求放行
+	for ip in $host_ipv4; do
+		$iptable -I INPUT -s $ip -j ACCEPT
+	done
+	ckcmd ip6tables && for ip in $host_ipv6; do
+		$ip6table -I INPUT -s $ip -j ACCEPT
+	done
+	#本机请求全放行
+	$iptable -I INPUT -i lo -j ACCEPT
+	ckcmd ip6tables && $ip6table -I INPUT -i lo -j ACCEPT
+}
+start_iptables() { #iptables配置总入口
+    #启动公网访问防火墙
+    [ "$fw_wan" != OFF ] && start_ipt_wan
+    #分模式设置流量劫持
+    [ "$redir_mod" = "Redir模式" -o "$redir_mod" = "混合模式" ] && {
+        JUMP="REDIRECT --to-ports $redir_port" #跳转劫持的具体命令
+        [ "$lan_proxy" = true ] && {
+            start_ipt_route iptables nat PREROUTING shellcrash tcp #ipv4-局域网tcp转发
+            [ "$ipv6_redir" = "ON" ] && {
+                if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
+                    start_ipt_route ip6tables nat PREROUTING shellcrashv6 tcp #ipv6-局域网tcp转发
+                else
+                    logger "当前设备内核缺少ip6tables_REDIRECT模块支持，已放弃启动相关规则！" 31
+                fi
+            }
+        }
+        [ "$local_proxy" = true ] && {
+            start_ipt_route iptables nat OUTPUT shellcrash_out tcp #ipv4-本机tcp转发
+            [ "$ipv6_redir" = "ON" ] && {
+                if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
+                    start_ipt_route ip6tables nat OUTPUT shellcrashv6_out tcp #ipv6-本机tcp转发
+                else
+                    logger "当前设备内核缺少ip6tables_REDIRECT模块支持，已放弃启动相关规则！" 31
+                fi
+            }
+        }
+    }
+    [ "$redir_mod" = "Tproxy模式" ] && {
+        modprobe xt_TPROXY >/dev/null 2>&1
+        JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
+        if $iptable -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then
+            [ "$lan_proxy" = true ] && start_ipt_route iptables mangle PREROUTING shellcrash_mark all
+            [ "$local_proxy" = true ] && {
+                if [ -n "$(grep -E '^MARK$' /proc/net/ip_tables_targets)" ]; then
+                    JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令
+                    start_ipt_route iptables mangle OUTPUT shellcrash_mark_out all
+                    $iptable -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port
+                    $iptable -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port
+                else
+                    logger "当前设备内核可能缺少xt_mark模块支持，已放弃启动本机代理相关规则！" 31
+                fi
+            }
+        else
+            logger "当前设备内核可能缺少kmod_ipt_tproxy模块支持，已放弃启动相关规则！" 31
+        fi
+        [ "$ipv6_redir" = "ON" ] && {
+            if $ip6table -j TPROXY -h 2>/dev/null | grep -q '\--on-port'; then
+                JUMP="TPROXY --on-port $tproxy_port --tproxy-mark $fwmark" #跳转劫持的具体命令
+                [ "$lan_proxy" = true ] && start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark all
+                [ "$local_proxy" = true ] && {
+                    if [ -n "$(grep -E '^MARK$' /proc/net/ip6_tables_targets)" ]; then
+                        JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令
+                        start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out all
+                        $ip6table -t mangle -A PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port
+                        $ip6table -t mangle -A PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port
+                    else
+                        logger "当前设备内核可能缺少xt_mark模块支持，已放弃启动本机代理相关规则！" 31
+                    fi
+                }
+            else
+                logger "当前设备内核可能缺少kmod_ipt_tproxy或者xt_mark模块支持，已放弃启动相关规则！" 31
+            fi
+        }
+    }
+    [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" -o "$redir_mod" = "T&U旁路转发" -o "$redir_mod" = "TCP旁路转发" ] && {
+        JUMP="MARK --set-mark $fwmark" #跳转劫持的具体命令
+        [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "T&U旁路转发" ] && protocol=all
+        [ "$redir_mod" = "混合模式" ] && protocol=udp
+        [ "$redir_mod" = "TCP旁路转发" ] && protocol=tcp
+        if $iptable -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then
+            [ "$lan_proxy" = true ] && {
+                [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $iptable -I FORWARD -o utun -j ACCEPT
+                start_ipt_route iptables mangle PREROUTING shellcrash_mark $protocol
+            }
+            [ "$local_proxy" = true ] && start_ipt_route iptables mangle OUTPUT shellcrash_mark_out $protocol
+        else
+            logger "当前设备内核可能缺少x_mark模块支持，已放弃启动相关规则！" 31
+        fi
+        [ "$ipv6_redir" = "ON" ] && [ "$crashcore" != clashpre ] && {
+            if $ip6table -j MARK -h 2>/dev/null | grep -q '\--set-mark'; then
+                [ "$lan_proxy" = true ] && {
+                    [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && $ip6table -I FORWARD -o utun -j ACCEPT
+                    start_ipt_route ip6tables mangle PREROUTING shellcrashv6_mark $protocol
+                }
+                [ "$local_proxy" = true ] && start_ipt_route ip6tables mangle OUTPUT shellcrashv6_mark_out $protocol
+            else
+                logger "当前设备内核可能缺少xt_mark模块支持，已放弃启动相关规则！" 31
+            fi
+        }
+    }
+    [ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
+        JUMP="REDIRECT --to-ports $redir_port"                    #跳转劫持的具体命令
+        start_ipt_dns iptables PREROUTING shellcrash_vm_dns       #ipv4-局域网dns转发
+        start_ipt_route iptables nat PREROUTING shellcrash_vm tcp #ipv4-局域网tcp转发
+    }
+    #启动DNS劫持
+    [ "$firewall_area" -le 3 ] && {
+        [ "$lan_proxy" = true ] && {
+            start_ipt_dns iptables PREROUTING shellcrash_dns #ipv4-局域网dns转发
+            if $ip6table -j REDIRECT -h 2>/dev/null | grep -q '\--to-ports'; then
+                start_ipt_dns ip6tables PREROUTING shellcrashv6_dns #ipv6-局域网dns转发
+            else
+                $ip6table -I INPUT -p tcp --dport 53 -j REJECT >/dev/null 2>&1
+                $ip6table -I INPUT -p udp --dport 53 -j REJECT >/dev/null 2>&1
+            fi
+        }
+        [ "$local_proxy" = true ] && start_ipt_dns iptables OUTPUT shellcrash_dns_out #ipv4-本机dns转发
+    }
+    #屏蔽QUIC
+    [ "$quic_rj" = 'ON' -a "$lan_proxy" = true -a "$redir_mod" != "Redir模式" ] && {
+        [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" ] && {
+            set_cn_ip='-m set ! --match-set cn_ip dst'
+            set_cn_ip6='-m set ! --match-set cn_ip6 dst'
+        }
+        [ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
+            $iptable -I FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT >/dev/null 2>&1
+            $ip6table -I FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT >/dev/null 2>&1
+        }
+        [ "$redir_mod" = "Tproxy模式" ] && {
+            $iptable -I INPUT -p udp --dport 443 $set_cn_ip -j REJECT >/dev/null 2>&1
+            $ip6table -I INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT >/dev/null 2>&1
+        }
+    }
+}
--- a/scripts/starts/fw_nftables.sh
+++ b/scripts/starts/fw_nftables.sh
@@ -0,0 +1,211 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+RESERVED_IP=$(echo $reserve_ipv4 | sed 's/[[:space:]]\+/, /g')
+RESERVED_IP6=$(echo "$reserve_ipv6 $host_ipv6" | sed 's/[[:space:]]\+/, /g')
+
+add_ip6_route(){
+	#过滤保留地址及本机地址
+	nft add rule inet shellcrash $1 ip6 daddr {$RESERVED_IP6} return
+	#仅代理本机局域网网段流量
+	nft add rule inet shellcrash $1 ip6 saddr != {$HOST_IP6} return
+	#绕过CN_IPV6
+	[ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ipv6.txt ] && {
+		CN_IP6=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ipv6.txt)
+		[ -n "$CN_IP6" ] && {
+			nft add set inet shellcrash cn_ip6 { type ipv6_addr \; flags interval \; }
+			nft add element inet shellcrash cn_ip6 { $CN_IP6 }
+			nft add rule inet shellcrash $1 ip6 daddr @cn_ip6 return
+		}
+	}
+}
+start_nft_route() { #nftables-route通用工具
+    #$1:name  $2:hook(prerouting/output)  $3:type(nat/mangle/filter)  $4:priority(-100/-150)
+    [ "$common_ports" = "ON" ] && PORTS=$(echo $multiport | sed 's/,/, /g')
+	[ "$1" = 'prerouting' ] && HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
+    [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/[[:space:]]\+/, /g')"
+    [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/[[:space:]]\+/, /g')"
+    #添加新链
+    nft add chain inet shellcrash $1 { type $3 hook $2 priority $4 \; }
+    [ "$1" = 'prerouting_vm' ] && nft add rule inet shellcrash $1 ip saddr != {$HOST_IP} return #仅代理虚拟机流量
+    #过滤dns
+    nft add rule inet shellcrash $1 tcp dport 53 return
+    nft add rule inet shellcrash $1 udp dport 53 return
+    #防回环
+    nft add rule inet shellcrash $1 meta mark $routing_mark return
+    nft add rule inet shellcrash $1 meta skgid 7890 return
+    [ "$firewall_area" = 5 ] && nft add rule inet shellcrash $1 ip saddr $bypass_host return
+    [ -z "$ports" ] && nft add rule inet shellcrash $1 tcp dport {"$mix_port, $redir_port, $tproxy_port"} return
+    #过滤常用端口
+    [ -n "$PORTS" ] && {
+        nft add rule inet shellcrash $1 ip daddr != {28.0.0.0/8} tcp dport != {$PORTS} return
+		nft add rule inet shellcrash $1 ip daddr != {28.0.0.0/8} udp dport != {$PORTS} return
+        nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} tcp dport != {$PORTS} return
+		nft add rule inet shellcrash $1 ip6 daddr != {fc00::/16} udp dport != {$PORTS} return
+    }
+    #nft add rule inet shellcrash $1 ip saddr 28.0.0.0/8 return
+    nft add rule inet shellcrash $1 ip daddr {$RESERVED_IP} return #过滤保留地址
+    #过滤局域网设备
+    [ "$1" = 'prerouting' ] && {
+        [ "$macfilter_type" != "白名单" ] && {
+            [ -s "$CRASHDIR"/configs/mac ] && {
+                MAC=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/mac)
+                nft add rule inet shellcrash $1 ether saddr {$MAC} return
+            }
+            [ -s "$CRASHDIR"/configs/ip_filter ] && {
+                FL_IP=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/ip_filter)
+                nft add rule inet shellcrash $1 ip saddr {$FL_IP} return
+            }
+            nft add rule inet shellcrash $1 ip saddr != {$HOST_IP} return #仅代理本机局域网网段流量
+        }
+        [ "$macfilter_type" = "白名单" ] && {
+            [ -s "$CRASHDIR"/configs/mac ] && MAC=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/mac)
+            [ -s "$CRASHDIR"/configs/ip_filter ] && FL_IP=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/ip_filter)
+            if [ -n "$MAC" ] && [ -n "$FL_IP" ]; then
+                nft add rule inet shellcrash $1 ether saddr != {$MAC} ip saddr != {$FL_IP} return
+            elif [ -n "$MAC" ]; then
+                nft add rule inet shellcrash $1 ether saddr != {$MAC} return
+            elif [ -n "$FL_IP" ]; then
+                nft add rule inet shellcrash $1 ip saddr != {$FL_IP} return
+            else
+                nft add rule inet shellcrash $1 ip saddr != {$HOST_IP} return #仅代理本机局域网网段流量
+            fi
+        }
+    }
+    #绕过CN-IP
+    [ "$dns_mod" != "fake-ip" -a "$cn_ip_route" = "ON" -a -f "$BINDIR"/cn_ip.txt ] && {
+        CN_IP=$(awk '{printf "%s, ",$1}' "$BINDIR"/cn_ip.txt)
+        [ -n "$CN_IP" ] && {
+			nft add set inet shellcrash cn_ip { type ipv4_addr \; flags interval \; }
+			nft add element inet shellcrash cn_ip { $CN_IP }
+			nft add rule inet shellcrash $1 ip daddr @cn_ip return
+		}
+	}
+    #局域网ipv6支持
+    if [ "$ipv6_redir" = "ON" -a "$1" = 'prerouting' -a "$firewall_area" != 5 ]; then
+		HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
+        add_ip6_route "$1"
+    elif [ "$ipv6_redir" = "ON" -a "$1" = 'output' -a \( "$firewall_area" = 2 -o "$firewall_area" = 3 \) ]; then
+        HOST_IP6="::1, $(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')"
+		add_ip6_route "$1"
+    else
+        nft add rule inet shellcrash $1 meta nfproto ipv6 return
+    fi
+	#屏蔽quic
+	[ "$quic_rj" = 'ON' -a "$lan_proxy" = true ] && nft add rule inet shellcrash $1 udp dport {443, 8443} return
+    #添加通用路由
+    nft add rule inet shellcrash "$1" "$JUMP"
+    #处理特殊路由
+    [ "$redir_mod" = "混合模式" ] && {
+        nft add rule inet shellcrash $1 meta l4proto tcp mark set $((fwmark + 1))
+        nft add chain inet shellcrash "$1"_mixtcp { type nat hook $2 priority -100 \; }
+        nft add rule inet shellcrash "$1"_mixtcp mark $((fwmark + 1)) meta l4proto tcp redirect to $redir_port
+    }
+    #nft add rule inet shellcrash local_tproxy log prefix \"pre\" level debug
+}
+start_nft_dns() { #nftables-dns
+	[ "$1" = 'prerouting' ] && {
+		HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
+		HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
+	}
+    [ "$1" = 'output' ] && HOST_IP="127.0.0.0/8, $(echo $local_ipv4 | sed 's/[[:space:]]\+/, /g')"
+    [ "$1" = 'prerouting_vm' ] && HOST_IP="$(echo $vm_ipv4 | sed 's/[[:space:]]\+/, /g')"
+    nft add chain inet shellcrash "$1"_dns { type nat hook $2 priority -100 \; }
+    #过滤非dns请求
+    nft add rule inet shellcrash "$1"_dns udp dport != 53 return
+    nft add rule inet shellcrash "$1"_dns tcp dport != 53 return
+    #防回环
+    nft add rule inet shellcrash "$1"_dns meta mark $routing_mark return
+    nft add rule inet shellcrash "$1"_dns meta skgid { 453, 7890 } return
+    [ "$firewall_area" = 5 ] && nft add rule inet shellcrash "$1"_dns ip saddr $bypass_host return
+    nft add rule inet shellcrash "$1"_dns ip saddr != {$HOST_IP} return                              #屏蔽外部请求
+    [ "$1" = 'prerouting' ] && nft add rule inet shellcrash "$1"_dns ip6 saddr != {$HOST_IP6} return #屏蔽外部请求
+    #过滤局域网设备
+    [ "$1" = 'prerouting' ] && [ -s "$CRASHDIR"/configs/mac ] && {
+        MAC=$(awk '{printf "%s, ",$1}' "$CRASHDIR"/configs/mac)
+        if [ "$macfilter_type" = "黑名单" ]; then
+            nft add rule inet shellcrash "$1"_dns ether saddr {$MAC} return
+        else
+            nft add rule inet shellcrash "$1"_dns ether saddr != {$MAC} return
+        fi
+    }
+    nft add rule inet shellcrash "$1"_dns udp dport 53 redirect to "$dns_redir_port"
+    nft add rule inet shellcrash "$1"_dns tcp dport 53 redirect to "$dns_redir_port"
+}
+start_nft_wan() { #nftables公网防火墙
+	HOST_IP=$(echo $host_ipv4 | sed 's/[[:space:]]\+/, /g')
+	HOST_IP6=$(echo $host_ipv6 | sed 's/[[:space:]]\+/, /g')
+    nft add chain inet shellcrash input { type filter hook input priority -100 \; }
+    nft add rule inet shellcrash input iif lo accept #本机请求全放行
+	#端口放行
+	[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
+	accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$// ;s/,/, /")
+    [ -n "$accept_ports" ] && {
+		fw_wan_nfports="{ $(echo "$accept_ports" | sed 's/,/, /g') }"
+		nft add rule inet shellcrash input tcp dport $fw_wan_nfports meta mark set 0x67890 accept
+		nft add rule inet shellcrash input udp dport $fw_wan_nfports meta mark set 0x67890 accept
+	}
+	#端口拦截
+	reject_ports="{ $mix_port, $db_port }"
+	nft add rule inet shellcrash input ip saddr {$HOST_IP} accept
+	nft add rule inet shellcrash input ip6 saddr {$HOST_IP6} accept
+	nft add rule inet shellcrash input tcp dport $reject_ports reject
+	nft add rule inet shellcrash input udp dport $reject_ports reject
+	#fw4特殊处理
+	nft list chain inet fw4 input >/dev/null 2>&1 && \
+    nft list chain inet fw4 input | grep -q '67890' || \
+    nft insert rule inet fw4 input meta mark 0x67890 accept 2>/dev/null
+}
+start_nftables() { #nftables配置总入口
+    #初始化nftables
+    nft add table inet shellcrash 2>/dev/null
+    nft flush table inet shellcrash 2>/dev/null
+    #公网访问防火墙
+    [ "$fw_wan" != OFF ] && [ "$systype" != 'container' ] && start_nft_wan
+    #启动DNS劫持
+    [ "$firewall_area" -le 3 ] && {
+        [ "$lan_proxy" = true ] && start_nft_dns prerouting prerouting #局域网dns转发
+        [ "$local_proxy" = true ] && start_nft_dns output output       #本机dns转发
+    }
+    #分模式设置流量劫持
+    [ "$redir_mod" = "Redir模式" ] && {
+        JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令
+        [ "$lan_proxy" = true ] && start_nft_route prerouting prerouting nat -100
+        [ "$local_proxy" = true ] && start_nft_route output output nat -100
+    }
+    [ "$redir_mod" = "Tproxy模式" ] && (modprobe nft_tproxy >/dev/null 2>&1 || lsmod 2>/dev/null | grep -q nft_tproxy) && {
+        JUMP="meta l4proto {tcp, udp} mark set $fwmark tproxy to :$tproxy_port" #跳转劫持的具体命令
+        [ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150
+        [ "$local_proxy" = true ] && {
+            JUMP="meta l4proto {tcp, udp} mark set $fwmark" #跳转劫持的具体命令
+            start_nft_route output output route -150
+            nft add chain inet shellcrash mark_out { type filter hook prerouting priority -100 \; }
+            nft add rule inet shellcrash mark_out meta mark $fwmark meta l4proto {tcp, udp} tproxy to :$tproxy_port
+        }
+    }
+    [ "$tun_statu" = true ] && {
+        [ "$redir_mod" = "Tun模式" ] && JUMP="meta l4proto {tcp, udp} mark set $fwmark" #跳转劫持的具体命令
+        [ "$redir_mod" = "混合模式" ] && JUMP="meta l4proto udp mark set $fwmark"         #跳转劫持的具体命令
+        [ "$lan_proxy" = true ] && {
+            start_nft_route prerouting prerouting filter -150
+            #放行流量
+            nft list table inet fw4 >/dev/null 2>&1 || nft add table inet fw4
+            nft list chain inet fw4 forward >/dev/null 2>&1 || nft add chain inet fw4 forward { type filter hook forward priority filter \; } 2>/dev/null
+            nft list chain inet fw4 input >/dev/null 2>&1 || nft add chain inet fw4 input { type filter hook input priority filter \; } 2>/dev/null
+            nft list chain inet fw4 forward | grep -q 'oifname "utun" accept' || nft insert rule inet fw4 forward oifname "utun" accept
+            nft list chain inet fw4 input | grep -q 'iifname "utun" accept' || nft insert rule inet fw4 input iifname "utun" accept
+        }
+        [ "$local_proxy" = true ] && start_nft_route output output route -150
+    }
+    [ "$firewall_area" = 5 ] && {
+        [ "$redir_mod" = "T&U旁路转发" ] && JUMP="meta l4proto {tcp, udp} mark set $fwmark" #跳转劫持的具体命令
+        [ "$redir_mod" = "TCP旁路转发" ] && JUMP="meta l4proto tcp mark set $fwmark"        #跳转劫持的具体命令
+        [ "$lan_proxy" = true ] && start_nft_route prerouting prerouting filter -150
+        [ "$local_proxy" = true ] && start_nft_route output output route -150
+    }
+    [ "$vm_redir" = "ON" ] && [ -n "$$vm_ipv4" ] && {
+        start_nft_dns prerouting_vm prerouting
+        JUMP="meta l4proto tcp redirect to $redir_port" #跳转劫持的具体命令
+        start_nft_route prerouting_vm prerouting nat -100
+    }
+}
--- a/scripts/starts/fw_start.sh
+++ b/scripts/starts/fw_start.sh
@@ -0,0 +1,54 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#获取局域网host地址
+. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip
+#缺省值
+[ -z "$macfilter_type" ] && macfilter_type='黑名单'
+[ -z "$common_ports" ] && common_ports='ON'
+[ -z "$multiport" ] && multiport='22,80,443,8080,8443'
+[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
+[ -z "$redir_mod" ] && [ "$USER" = "root" -o "$USER" = "admin" ] && redir_mod='Redir模式'
+[ -z "$dns_mod" ] && dns_mod='redir_host'
+[ -z "$redir_mod" ] && firewall_area='4'
+
+#设置策略路由
+[ "$firewall_area" != 4 ] && {
+	[ "$redir_mod" = "Tproxy模式" ] && ip route add local default dev lo table $table 2>/dev/null
+	[ "$redir_mod" = "Tun模式" -o "$redir_mod" = "混合模式" ] && {
+		i=1
+		while [ -z "$(ip route list | grep utun)" -a "$i" -le 29 ]; do
+			sleep 1
+			i=$((i + 1))
+		done
+		if [ -z "$(ip route list | grep utun)" ]; then
+			logger "找不到tun模块，放弃启动tun相关防火墙规则！" 31
+		else
+			ip route add default dev utun table $table && tun_statu=true
+		fi
+	}
+	[ "$firewall_area" = 5 ] && ip route add default via $bypass_host table $table 2>/dev/null
+	[ "$redir_mod" != "Redir模式" ] && ip rule add fwmark $fwmark table $table 2>/dev/null
+}
+#添加ipv6路由
+[ "$ipv6_redir" = "ON" -a "$firewall_area" -le 3 ] && {
+	[ "$redir_mod" = "Tproxy模式" ] && ip -6 route add local default dev lo table $((table + 1)) 2>/dev/null
+	[ -n "$(ip route list | grep utun)" ] && ip -6 route add default dev utun table $((table + 1)) 2>/dev/null
+	[ "$redir_mod" != "Redir模式" ] && ip -6 rule add fwmark $fwmark table $((table + 1)) 2>/dev/null
+}
+#判断代理用途
+[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && local_proxy=true
+[ "$firewall_area" = 1 -o "$firewall_area" = 3 -o "$firewall_area" = 5 ] && lan_proxy=true
+#防火墙配置
+[ "$firewall_mod" = 'iptables' ] && . "$CRASHDIR"/starts/fw_iptables.sh && start_iptables
+[ "$firewall_mod" = 'nftables' ] && . "$CRASHDIR"/starts/fw_nftables.sh && start_nftables
+#修复部分虚拟机dns查询失败的问题
+[ "$firewall_area" = 2 -o "$firewall_area" = 3 ] && [ -z "$(grep '127.0.0.1' /etc/resolv.conf 2>/dev/null)" ] && [ "$systype" != 'container' ] && {
+	line=$(grep -n 'nameserver' /etc/resolv.conf | awk -F: 'FNR==1{print $1}')
+	sed -i "$line i\nameserver 127.0.0.1 #shellcrash-dns-repair" /etc/resolv.conf >/dev/null 2>&1
+}
+#移除openwrt-dnsmasq的DNS重定向
+[ "$(uci get dhcp.@dnsmasq[0].dns_redirect 2>/dev/null)" = 1 ] && {
+		uci del dhcp.@dnsmasq[0].dns_redirect
+		uci commit dhcp.@dnsmasq[0]
+}
--- a/scripts/starts/fw_stop.sh
+++ b/scripts/starts/fw_stop.sh
@@ -0,0 +1,136 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#初始化目录
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
+. "$CRASHDIR"/libs/get_config.sh
+. "$CRASHDIR"/libs/check_cmd.sh
+. "$CRASHDIR"/starts/fw_getlanip.sh && getlanip #获取局域网host地址
+#缺省值
+[ -z "$common_ports" ] && common_ports='ON'
+[ -z "$multiport" ] && multiport='22,80,443,8080,8443'
+[ "$common_ports" = "ON" ] && ports="-m multiport --dports $multiport"
+[ -f "$CRASHDIR"/configs/gateway.cfg ] && . "$CRASHDIR"/configs/gateway.cfg
+accept_ports=$(echo "$fw_wan_ports,$vms_port,$sss_port" | sed "s/,,/,/g ;s/^,// ;s/,$//")
+#重置iptables相关规则
+ckcmd iptables && {
+	ckcmd iptables && iptables -h | grep -q '\-w' && iptable='iptables -w' || iptable=iptables
+	#dns
+	$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_dns 2>/dev/null
+	$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_dns 2>/dev/null
+	$iptable -t nat -D OUTPUT -p udp --dport 53 -j shellcrash_dns_out 2>/dev/null
+	$iptable -t nat -D OUTPUT -p tcp --dport 53 -j shellcrash_dns_out 2>/dev/null
+	#redir
+	$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash 2>/dev/null
+	$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash 2>/dev/null
+	$iptable -t nat -D OUTPUT -p tcp $ports -j shellcrash_out 2>/dev/null
+	$iptable -t nat -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_out 2>/dev/null
+	#vm_dns
+	$iptable -t nat -D PREROUTING -p tcp --dport 53 -j shellcrash_vm_dns 2>/dev/null
+	$iptable -t nat -D PREROUTING -p udp --dport 53 -j shellcrash_vm_dns 2>/dev/null
+	#vm_redir
+	$iptable -t nat -D PREROUTING -p tcp $ports -j shellcrash_vm 2>/dev/null
+	$iptable -t nat -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_vm 2>/dev/null
+	#TPROXY&tun
+	$iptable -t mangle -D PREROUTING -p tcp $ports -j shellcrash_mark 2>/dev/null
+	$iptable -t mangle -D PREROUTING -p udp $ports -j shellcrash_mark 2>/dev/null
+	$iptable -t mangle -D PREROUTING -p tcp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
+	$iptable -t mangle -D PREROUTING -p udp -d 28.0.0.0/8 -j shellcrash_mark 2>/dev/null
+	$iptable -t mangle -D OUTPUT -p tcp $ports -j shellcrash_mark_out 2>/dev/null
+	$iptable -t mangle -D OUTPUT -p udp $ports -j shellcrash_mark_out 2>/dev/null
+	$iptable -t mangle -D OUTPUT -p tcp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
+	$iptable -t mangle -D OUTPUT -p udp -d 28.0.0.0/8 -j shellcrash_mark_out 2>/dev/null
+	$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
+	$iptable -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
+	#tun
+	$iptable -D FORWARD -o utun -j ACCEPT 2>/dev/null
+	#屏蔽QUIC
+	[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip='-m set ! --match-set cn_ip dst'
+	$iptable -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
+	$iptable -D FORWARD -p udp --dport 443 -o utun $set_cn_ip -j REJECT 2>/dev/null
+	#公网访问
+	$iptable -D INPUT -i lo -j ACCEPT 2>/dev/null
+	for ip in $host_ipv4; do
+		$iptable -D INPUT -s $ip -j ACCEPT 2>/dev/null
+	done
+	$iptable -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
+	$iptable -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
+	$iptable -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
+	$iptable -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
+	#清理shellcrash自建表
+	for text in shellcrash_dns shellcrash shellcrash_out shellcrash_dns_out shellcrash_vm shellcrash_vm_dns; do
+		$iptable -t nat -F "$text" 2>/dev/null
+		$iptable -t nat -X "$text" 2>/dev/null
+	done
+	for text in shellcrash_mark shellcrash_mark_out; do
+		$iptable -t mangle -F "$text" 2>/dev/null
+		$iptable -t mangle -X "$text" 2>/dev/null
+	done
+}
+#重置ipv6规则
+ckcmd ip6tables && {
+	ckcmd ip6tables && ip6tables -h | grep -q '\-w' && ip6table='ip6tables -w' || ip6table=ip6tables
+	#dns
+	$ip6table -t nat -D PREROUTING -p tcp --dport 53 -j shellcrashv6_dns 2>/dev/null
+	$ip6table -t nat -D PREROUTING -p udp --dport 53 -j shellcrashv6_dns 2>/dev/null
+	#redir
+	$ip6table -t nat -D PREROUTING -p tcp $ports -j shellcrashv6 2>/dev/null
+	$ip6table -t nat -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6 2>/dev/null
+	$ip6table -t nat -D OUTPUT -p tcp $ports -j shellcrashv6_out 2>/dev/null
+	$ip6table -t nat -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_out 2>/dev/null
+	$ip6table -D INPUT -p tcp --dport 53 -j REJECT 2>/dev/null
+	$ip6table -D INPUT -p udp --dport 53 -j REJECT 2>/dev/null
+	#mark
+	$ip6table -t mangle -D PREROUTING -p tcp $ports -j shellcrashv6_mark 2>/dev/null
+	$ip6table -t mangle -D PREROUTING -p udp $ports -j shellcrashv6_mark 2>/dev/null
+	$ip6table -t mangle -D PREROUTING -p tcp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
+	$ip6table -t mangle -D PREROUTING -p udp -d fc00::/16 -j shellcrashv6_mark 2>/dev/null
+	$ip6table -t mangle -D OUTPUT -p tcp $ports -j shellcrashv6_mark_out 2>/dev/null
+	$ip6table -t mangle -D OUTPUT -p udp $ports -j shellcrashv6_mark_out 2>/dev/null
+	$ip6table -t mangle -D OUTPUT -p tcp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
+	$ip6table -t mangle -D OUTPUT -p udp -d fc00::/16 -j shellcrashv6_mark_out 2>/dev/null
+	$ip6table -D INPUT -p udp --dport 443 $set_cn_ip -j REJECT 2>/dev/null
+	$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p tcp -j TPROXY --on-port $tproxy_port 2>/dev/null
+	$ip6table -t mangle -D PREROUTING -m mark --mark $fwmark -p udp -j TPROXY --on-port $tproxy_port 2>/dev/null
+	#tun
+	$ip6table -D FORWARD -o utun -j ACCEPT 2>/dev/null
+	#屏蔽QUIC
+	[ "$dns_mod" != "fake-ip" ] && [ "$cn_ip_route" != "OFF" ] && set_cn_ip6='-m set ! --match-set cn_ip6 dst'
+	$ip6table -D INPUT -p udp --dport 443 $set_cn_ip6 -j REJECT 2>/dev/null
+	$ip6table -D FORWARD -p udp --dport 443 -o utun $set_cn_ip6 -j REJECT 2>/dev/null
+	#公网访问
+	$ip6table -D INPUT -i lo -j ACCEPT 2>/dev/null
+	for ip in $host_ipv6; do
+		$ip6table -D INPUT -s $ip -j ACCEPT 2>/dev/null
+	done
+	$ip6table -D INPUT -p tcp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
+	$ip6table -D INPUT -p udp -m multiport --dports "$accept_ports" -j ACCEPT 2>/dev/null
+	$ip6table -D INPUT -p tcp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
+	$ip6table -D INPUT -p udp -m multiport --dports "$mix_port,$db_port" -j REJECT 2>/dev/null
+	#清理shellcrash自建表
+	for text in shellcrashv6_dns shellcrashv6 shellcrashv6_out; do
+		$ip6table -t nat -F "$text" 2>/dev/null
+		$ip6table -t nat -X "$text" 2>/dev/null
+	done
+	for text in shellcrashv6_mark shellcrashv6_mark_out; do
+		$ip6table -t mangle -F "$text" 2>/dev/null
+		$ip6table -t mangle -X "$text" 2>/dev/null
+	done
+	$ip6table -t mangle -F shellcrashv6_mark 2>/dev/null
+	$ip6table -t mangle -X shellcrashv6_mark 2>/dev/null
+}
+#清理ipset规则
+ipset destroy cn_ip >/dev/null 2>&1
+ipset destroy cn_ip6 >/dev/null 2>&1
+#清理路由规则
+ip rule del fwmark $fwmark table $table 2>/dev/null
+ip route flush table $table 2>/dev/null
+ip -6 rule del fwmark $fwmark table $((table + 1)) 2>/dev/null
+ip -6 route flush table $((table + 1)) 2>/dev/null
+#重置nftables相关规则
+ckcmd nft && nft delete table inet shellcrash >/dev/null 2>&1
+#还原防火墙文件
+[ -s /etc/init.d/firewall.bak ] && mv -f /etc/init.d/firewall.bak /etc/init.d/firewall
+#others
+sed -i '/shellcrash-dns-repair/d' /etc/resolv.conf 2>/dev/null
+
--- a/scripts/starts/general_init.sh
+++ b/scripts/starts/general_init.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+#初始化目录
+[ -z "$CRASHDIR" ] && CRASHDIR=$( cd $(dirname $0);cd ..;pwd)
+profile=/etc/profile
+. "$CRASHDIR"/libs/set_profile.sh
+. "$CRASHDIR"/libs/set_cron.sh
+. "$CRASHDIR"/configs/ShellCrash.cfg
+#padavan和华硕环境变量目录设置
+if [ -d "/etc/storage/clash" -o -d "/etc/storage/ShellCrash" ]; then
+	i=1
+	while [ ! -w /etc/profile -a "$i" -lt 10 ]; do
+		sleep 3 && i=$((i + 1))
+	done
+	[ -w "$profile" ] || profile=/etc_ro/profile
+	[ "$zip_type" = 'upx' ] || mount -t tmpfs -o remount,rw,size=45M tmpfs /tmp #增加/tmp空间以适配新的内核压缩方式
+	sed -i '' "$profile"                        #将软链接转化为一般文件
+elif [ -d "/jffs" ]; then
+	sleep 60
+	[ -w "$profile" ] || profile=$(cat /etc/profile | grep -oE '\-f.*jffs.*profile' | awk '{print $2}')
+fi
+#写入环境变量
+set_profile "$profile"
+#启动进程或删除守护进程
+if [ -f "$CRASHDIR"/.dis_startup ] || [ -f "$CRASHDIR"/.start_error ];then
+	cronset "保守模式守护进程"
+else
+	"$CRASHDIR"/start.sh start
+fi
--- a/scripts/starts/shellcrash.openrc
+++ b/scripts/starts/shellcrash.openrc
@@ -6,7 +6,7 @@ description="Custom proxy service for ShellCrash"
 #获取目录
 CRASHDIR=$(cat /etc/profile | grep CRASHDIR | awk -F "\"" '{print $2}')
 [ -z "$CRASHDIR" ] && CRASHDIR=$(cat ~/.bashrc | grep CRASHDIR | awk -F "\"" '{print $2}')
-source ${CRASHDIR}/configs/command.env #加载启动命令和启动目录
+. ${CRASHDIR}/configs/command.env #加载启动命令和启动目录

 # PID 文件
 pidfile="/run/shellcrash.pid"
@@ -21,7 +21,7 @@ start() {

    # 如果 firewal_area=5 则运行主旁转发脚本
    if grep -q 'firewall_area=5' "$CRASHDIR/configs/ShellCrash.cfg" 2>/dev/null; then
-        "$CRASHDIR/start.sh" start_firewall
+        "$CRASHDIR"/starts/fw_start.sh
        eend $? "Firewall start failed"
        return
    fi
@@ -34,7 +34,7 @@ start() {
    fi

    # 必要文件检测
-    "$CRASHDIR/start.sh" bfstart
+    "$CRASHDIR"/starts/bfstart.sh
    if [ "$?" != "0" ]; then
        eend 1 "bfstart check failed"
        return
@@ -53,7 +53,7 @@ start() {
    [ $ret -ne 0 ] && return

    # 启动后操作
-    "$CRASHDIR/start.sh" afstart &
+    "$CRASHDIR"/starts/afstart.sh &
 }

 stop() {
@@ -67,7 +67,7 @@ stop() {
    rm -f "${pidfile}"

    # 清理 firewall、proxy
-    "$CRASHDIR/start.sh" stop_firewall
+    "$CRASHDIR"/starts/fw_stop.sh

    eend $?
 }
--- a/scripts/starts/shellcrash.procd
+++ b/scripts/starts/shellcrash.procd
@@ -8,16 +8,16 @@ USE_PROCD=1
 #获取目录
 CRASHDIR=$(cat /etc/profile | grep CRASHDIR | awk -F "\"" '{print $2}')
 [ -z "$CRASHDIR" ] && CRASHDIR=$(cat ~/.bashrc | grep CRASHDIR | awk -F "\"" '{print $2}')
-source ${CRASHDIR}/configs/command.env #加载启动命令和启动目录
+. "$CRASHDIR"/configs/command.env #加载启动命令和启动目录

 start_service() {
 	if [ -n "$(cat $CRASHDIR/configs/ShellCrash.cfg | grep 'firewall_area=5')" ]; then
-		$CRASHDIR/start.sh start_firewall #主旁转发
+		"$CRASHDIR"/starts/fw_start.sh #主旁转发
 	else
 		#本机代理用户
 		[ -n "$(grep 'shellcrash:x:0:7890' /etc/passwd)" ] && USER=shellcrash || USER=root
 		#检测必须文件
-		$CRASHDIR/start.sh bfstart
+		"$CRASHDIR"/starts/bfstart.sh
 		if [ "$?" = "0" ]; then
 			#使用procd创建clash后台进程
 			procd_open_instance
@@ -28,11 +28,11 @@ start_service() {
 			procd_set_param stdout 0
 			procd_close_instance
 			#启动结束执行
-			$CRASHDIR/start.sh afstart &
+			"$CRASHDIR"/starts/afstart.sh &
 		fi
 	fi
 }
 stop_service() {
 	procd_close_instance
-	$CRASHDIR/start.sh stop_firewall
+	"$CRASHDIR"/starts/fw_stop.sh
 }
--- a/scripts/starts/shellcrash.service
+++ b/scripts/starts/shellcrash.service
@@ -5,12 +5,11 @@ After=network.target
 [Service]
 Type=simple
 User=shellcrash
-User=shellcrash
 StandardOutput=null
-ExecStartPre=/etc/ShellCrash/start.sh bfstart
+ExecStartPre=/etc/ShellCrash/starts/bfstart.sh
 ExecStart=/etc/ShellCrash/CrashCore run -D /etc/ShellCrash -C /tmp/ShellCrash/jsons >/dev/null
-ExecStartPost=/etc/ShellCrash/start.sh afstart
-ExecStopPost=/etc/ShellCrash/start.sh stop_firewall
+ExecStartPost=/etc/ShellCrash/starts/afstart.sh
+ExecStopPost=/etc/ShellCrash/starts/fw_stop.sh
 Restart=on-abnormal
 RestartSec=10s
 LimitNOFILE=infinity
--- a/scripts/starts/singbox_check.sh
+++ b/scripts/starts/singbox_check.sh
@@ -0,0 +1,11 @@
+
+singbox_check() { #singbox启动前检查
+    #检测singboxr专属功能
+    [ "$crashcore" != "singboxr" ] && [ -n "$(cat "$CRASHDIR"/jsons/*.json | grep -oE '"shadowsocksr"|"providers"')" ] && {
+		. "$CRASHDIR"/starts/core_exchange.sh && core_exchange singboxr 'singboxr内核专属功能'
+	}
+    check_core
+    #预下载cn.srs数据库
+    [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && ! grep -Eq '"tag" *:[[:space:]]*"cn"' "$CRASHDIR"/jsons/*.json && check_geo ruleset/cn.srs srs_geosite_cn.srs
+    return 0
+}
--- a/scripts/starts/singbox_config_check.sh
+++ b/scripts/starts/singbox_config_check.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+check_config() { #检查singbox配置文件
+    #检测节点或providers
+    if ! grep -qE '"(socks|http|shadowsocks(r)?|vmess|trojan|wireguard|hysteria(2)?|vless|shadowtls|tuic|ssh|tor|providers|anytls|soduku)"' "$core_config_new"; then
+        echo "-----------------------------------------------"
+        logger "获取到了配置文件【$core_config_new】，但似乎并不包含正确的节点信息！" 31
+        echo "请尝试使用6-2或者6-3的方式生成配置文件！"
+        exit 1
+    fi
+    #删除不兼容的旧版内容
+    [ "$(wc -l <"$core_config_new")" -lt 3 ] && {
+        sed -i 's/^.*"inbounds":/{"inbounds":/' "$core_config_new"
+        sed -i 's/{[^{}]*"dns-out"[^{}]*}//g' "$core_config_new"
+    }
+    #检查不支持的旧版内容
+    grep -q '"sni"' "$core_config_new" && {
+        logger "获取到了不支持的旧版(<1.12)配置文件【$core_config_new】！" 31
+        echo "请尝试使用支持1.12以上版本内核的方式生成配置文件！"
+        exit 1
+    }
+    #检测并去除无效策略组
+    [ -n "$url_type" ] && {
+        #获得无效策略组名称
+        grep -oE '\{"type":"urltest","tag":"[^"]*","outbounds":\["DIRECT"\]' "$core_config_new" | sed -n 's/.*"tag":"\([^"]*\)".*/\1/p' >"$TMPDIR"/singbox_tags
+        #删除策略组
+        sed -i 's/{"type":"urltest","tag":"[^"]*","outbounds":\["DIRECT"\]}//g; s/{"type":"[^"]*","tag":"[^"]*","outbounds":\["DIRECT"\],"url":"[^"]*","interval":"[^"]*","tolerance":[^}]*}//g' "$core_config_new"
+        #删除全部包含策略组名称的规则
+        while read line; do
+            sed -i "s/\"$line\"//g" "$core_config_new"
+        done <"$TMPDIR"/singbox_tags
+        rm -rf "$TMPDIR"/singbox_tags
+    }
+    #清理多余逗号
+    sed -i 's/,\+/,/g; s/\[,/\[/g; s/,]/]/g' "$core_config_new"
+}
--- a/scripts/starts/singbox_modify.sh
+++ b/scripts/starts/singbox_modify.sh
@@ -0,0 +1,394 @@
+#!/bin/sh
+# Copyright (C) Juewuy
+
+ #修饰singbox配置文件
+parse_singbox_dns() { #dns转换
+    first_dns=$(echo "$1" | cut -d',' -f1 | cut -d' ' -f1)
+    type=""
+    server=""
+    port=""
+    case "$first_dns" in
+        *://*)
+            type="${first_dns%%://*}"
+            tmp="${first_dns#*://}"
+            ;;
+        *)
+            type="udp"
+            tmp="$first_dns"
+            ;;
+    esac
+    case "$tmp" in
+        \[*\]*)
+            server="${tmp%%]*}"
+            server="${server#[}"
+            port="${tmp#*\]}"
+            port="${port#:}"
+            ;;
+        *)
+            server="${tmp%%[:/]*}"
+            port="${tmp#*:}"
+            [ "$port" = "$tmp" ] && port=""
+            ;;
+    esac
+    if [ -z "$port" ]; then
+        case "$type" in
+            udp|tcp) port=53 ;;
+            doh|https) port=443 ;;
+            dot|tls) port=853 ;;
+            *) port=53 ;;
+        esac
+    fi
+    # 输出
+	echo '"type": "'"$type"'", "server": "'"$server"'", "server_port": '"$port"','
+}
+modify_json() {
+    #提取配置文件以获得outbounds.json,providers.json及route.json
+    "$TMPDIR"/CrashCore format -c $core_config >"$TMPDIR"/format.json
+    echo '{' >"$TMPDIR"/jsons/outbounds.json
+    echo '{' >"$TMPDIR"/jsons/route.json
+    cat "$TMPDIR"/format.json | sed -n '/"outbounds":/,/^  "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/outbounds.json
+    [ "$crashcore" = "singboxr" ] && {
+        echo '{' >"$TMPDIR"/jsons/providers.json
+        cat "$TMPDIR"/format.json | sed -n '/^  "providers":/,/^  "[a-z]/p' | sed '$d' >>"$TMPDIR"/jsons/providers.json
+    }
+    cat "$TMPDIR"/format.json | sed -n '/"route":/,/^\(  "[a-z]\|}\)/p' | sed '$d' >>"$TMPDIR"/jsons/route.json
+    #生成endpoints.json
+	[ "$ts_service" = ON ] || [ "$wg_service" = ON ] && [ "$zip_type" != upx ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		. "$CRASHDIR"/libs/sb_endpoints.sh
+	}
+	#生成log.json
+    cat >"$TMPDIR"/jsons/log.json <<EOF
+{ "log": { "level": "info", "timestamp": true } }
+EOF
+    #生成add_hosts.json
+    if [ "$hosts_opt" != "OFF" ]; then #本机hosts
+        [ -s /data/etc/custom_hosts ] && custom_hosts='"/data/etc/custom_hosts",'
+        #NTP劫持
+        cat >"$TMPDIR"/jsons/add_hosts.json <<EOF
+{
+  "dns": {
+    "servers": [
+      {
+        "type": "hosts",
+        "tag": "hosts",
+        "path": [
+          $custom_hosts
+          "$HOME/.hosts",
+		  "/etc/hosts"
+        ],
+        "predefined": {
+          "localhost": [
+            "127.0.0.1",
+            "::1"
+          ],
+          "time.android.com": "203.107.6.88",
+          "time.facebook.com": "203.107.6.88"
+        }
+      }
+	],
+    "rules": [
+      {
+        "ip_accept_any": true,
+        "server": "hosts"
+      }
+	]}
+}
+EOF
+    fi
+    #生成dns.json
+    [ "$ipv6_dns" != "OFF" ] && strategy='prefer_ipv4' || strategy='ipv4_only'
+    #获取detour出口
+	auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '自动' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
+    [ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "urltest"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
+    [ -z "$auto_detour" ] && auto_detour=$(grep -E '"type": "selector"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | head -n 1 | sed 's/^[[:space:]]*"tag": //;s/,$//')
+    [ -z "$auto_detour" ] && auto_detour='"DIRECT"'
+	#ecs优化
+	[ "$ecs_subnet" = ON ] && {
+		. "$CRASHDIR"/libs/get_ecsip.sh
+		client_subnet='"client_subnet": "'"$ecs_address"'",'
+	}
+    #根据dns模式生成
+    [ "$dns_mod" = "redir_host" ] && {
+        global_dns=dns_proxy
+        direct_dns='{ "inbound": [ "dns-in" ], "server": "dns_direct" }'
+    }
+    [ "$dns_mod" = "fake-ip" ] || [ "$dns_mod" = "mix" ] && {
+        global_dns=dns_fakeip
+        fake_ip_filter_domain=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -Ev '#|\*|\+|Mijia' | sed '/^\s*$/d' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
+        fake_ip_filter_suffix=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep -v '.\*' | grep -E '\*|\+' | sed 's/^[*+]\.//' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
+        fake_ip_filter_regex=$(cat ${CRASHDIR}/configs/fake_ip_filter ${CRASHDIR}/configs/fake_ip_filter.list 2>/dev/null | grep '.\*' | sed 's/\./\\\\./g' | sed 's/\*/.\*/' | sed 's/^+/.\+/' | awk '{printf "\"%s\", ",$1}' | sed 's/, $//')
+        [ -n "$fake_ip_filter_domain" ] && fake_ip_filter_domain="{ \"domain\": [$fake_ip_filter_domain], \"server\": \"dns_direct\" },"
+        [ -n "$fake_ip_filter_suffix" ] && fake_ip_filter_suffix="{ \"domain_suffix\": [$fake_ip_filter_suffix], \"server\": \"dns_direct\" },"
+        [ -n "$fake_ip_filter_regex" ] && fake_ip_filter_regex="{ \"domain_regex\": [$fake_ip_filter_regex], \"server\": \"dns_direct\" },"
+        proxy_dns='{ "query_type": ["A", "AAAA"], "server": "dns_fakeip", "strategy": "'"$strategy"'", "rewrite_ttl": 1 }'
+        #mix模式插入fakeip过滤规则
+        [ "$dns_mod" = "mix" ] && direct_dns='{ "rule_set": ["cn"], "server": "dns_direct" },'
+    }
+    [ "$dns_mod" = "route" ] && {
+        global_dns=dns_proxy
+        direct_dns='{ "rule_set": ["cn"], "server": "dns_direct" }'
+    }
+    #防泄露设置
+    [ "$dns_protect" = "OFF" ] && sed -i 's/"server": "dns_proxy"/"server": "dns_direct"/g' "$TMPDIR"/jsons/route.json
+    #生成add_rule_set.json
+    [ "$dns_mod" = "mix" ] || [ "$dns_mod" = "route" ] && ! grep -Eq '"tag" *:[[:space:]]*"cn"' "$CRASHDIR"/jsons/*.json && {
+		[ "$crashcore" = "singboxr" ] && srs_path='"path": "./ruleset/cn.srs",'
+        cat >"$TMPDIR"/jsons/add_rule_set.json <<EOF
+{
+  "route": {
+    "rule_set": [
+      {
+        "tag": "cn",
+        "type": "remote",
+        "format": "binary",
+        $srs_path
+        "url": "https://testingcf.jsdelivr.net/gh/DustinWin/ruleset_geodata@sing-box-ruleset/cn.srs",
+        "download_detour": "DIRECT"
+      }
+    ]
+  }
+}
+EOF
+}
+    cat >"$TMPDIR"/jsons/dns.json <<EOF
+{
+  "dns": {
+    "servers": [
+      {
+        "tag": "dns_proxy",
+        $(parse_singbox_dns "$dns_fallback")
+		"routing_mark": $routing_mark,
+		"detour": $auto_detour,
+        "domain_resolver": "dns_resolver"
+      },
+      {
+        "tag": "dns_direct",
+        $(parse_singbox_dns "$dns_nameserver")
+		"routing_mark": $routing_mark,
+        "domain_resolver": "dns_resolver"
+      },
+      {
+        "tag": "dns_fakeip",
+        "type": "fakeip",
+        "inet4_range": "28.0.0.0/8",
+        "inet6_range": "fc00::/16"
+      },
+      {
+        "tag": "dns_resolver",
+        $(parse_singbox_dns "$dns_resolver")
+		"routing_mark": $routing_mark
+      }
+    ],
+    "rules": [
+      { "clash_mode": "Direct", "server": "dns_direct", "strategy": "$strategy" },
+      { "domain_suffix": ["services.googleapis.cn"], "server": "dns_fakeip", "strategy": "$strategy", "rewrite_ttl": 1 },
+      $fake_ip_filter_domain
+      $fake_ip_filter_suffix
+      $fake_ip_filter_regex
+	  { "clash_mode": "Global", "query_type": ["A", "AAAA"], "server": "$global_dns", "strategy": "$strategy", "rewrite_ttl": 1 },
+      $direct_dns
+	  $proxy_dns
+    ],
+    "final": "dns_proxy",
+	"strategy": "$strategy",
+    "independent_cache": true,
+	$client_subnet
+    "reverse_mapping": true
+  }
+}
+EOF
+    #生成add_route.json
+    #域名嗅探配置
+    [ "$sniffer" != OFF ] && sniffer_set='{ "action": "sniff", "timeout": "500ms" },'
+	[ "$ts_service" = ON ] && tailscale_set='{ "inbound": [ "ts-ep" ], "port": 53, "action": "hijack-dns" },'
+    cat >"$TMPDIR"/jsons/add_route.json <<EOF
+{
+  "route": {
+	"default_domain_resolver": "dns_resolver",
+    "default_mark": $routing_mark,
+	"rules": [
+	  { "inbound": [ "dns-in" ], "action": "hijack-dns" },
+	  $tailscale_set
+	  $sniffer_set
+      { "clash_mode": "Direct" , "outbound": "DIRECT" },
+      { "clash_mode": "Global" , "outbound": "GLOBAL" }
+	]
+  }
+}
+EOF
+    #生成certificate.json
+    cat >"$TMPDIR"/jsons/certificate.json <<EOF
+{
+  "certificate": {
+    "store": "mozilla"
+  }
+}
+EOF
+    #生成inbounds.json
+    [ -n "$authentication" ] && {
+        username=$(echo $authentication | awk -F ':' '{print $1}') #混合端口账号密码
+        password=$(echo $authentication | awk -F ':' '{print $2}')
+        userpass='"users": [{ "username": "'$username'", "password": "'$password'" }], '
+    }
+    cat >"$TMPDIR"/jsons/inbounds.json <<EOF
+{
+  "inbounds": [
+    {
+      "type": "mixed",
+      "tag": "mixed-in",
+      "listen": "::",
+      $userpass
+      "listen_port": $mix_port
+    },
+    {
+      "type": "direct",
+      "tag": "dns-in",
+      "listen": "::",
+      "listen_port": $dns_port
+    },
+    {
+      "type": "redirect",
+      "tag": "redirect-in",
+      "listen": "::",
+      "listen_port": $redir_port
+    },
+    {
+      "type": "tproxy",
+      "tag": "tproxy-in",
+      "listen": "::",
+      "listen_port": $tproxy_port
+    }
+  ]
+}
+EOF
+    #inbounds.json添加自定义入站
+	[ "$vms_service" = ON ] || [ "$sss_service" = ON ] && {
+		. "$CRASHDIR"/configs/gateway.cfg
+		. "$CRASHDIR"/libs/sb_inbounds.sh
+	}
+    if [ "$redir_mod" = "混合模式" -o "$redir_mod" = "Tun模式" ]; then
+        [ "ipv6_redir" = 'ON' ] && ipv6_address='"fe80::e5c5:2469:d09b:609a/64",'
+        cat >>"$TMPDIR"/jsons/tun.json <<EOF
+{
+  "inbounds": [
+    {
+      "type": "tun",
+      "tag": "tun-in",
+      "interface_name": "utun",
+      "address": [
+        $ipv6_address
+        "28.0.0.1/30"
+      ],
+      "auto_route": false,
+      "stack": "system"
+    }
+  ]
+}
+EOF
+    fi
+    #生成add_outbounds.json
+    grep -qE '"tag": "DIRECT"' "$TMPDIR"/jsons/outbounds.json || add_direct='{ "tag": "DIRECT", "type": "direct" }'
+    grep -qE '"tag": "REJECT"' "$TMPDIR"/jsons/outbounds.json || add_reject='{ "tag": "REJECT", "type": "block" }'
+    grep -qE '"tag": "GLOBAL"' "$TMPDIR"/jsons/outbounds.json || {
+        auto_proxies=$(grep -E '"type": "(selector|urltest)"' -A 1 "$TMPDIR"/jsons/outbounds.json | grep '"tag":' | sed 's/^[[:space:]]*"tag": //;$ s/,$//')
+        [ -n "$auto_proxies" ] && add_global='{ "tag": "GLOBAL", "type": "selector", "outbounds": ['"$auto_proxies"', "DIRECT"]}'
+    }
+    [ -n "$add_direct" -a -n "$add_reject" ] && add_direct="${add_direct},"
+    [ -n "$add_reject" -a -n "$add_global" ] && add_reject="${add_reject},"
+    [ -n "$add_direct$add_reject$add_global" ] && cat >"$TMPDIR"/jsons/add_outbounds.json <<EOF
+{
+  "outbounds": [
+	$add_direct
+	$add_reject
+	$add_global
+  ]
+}
+EOF
+    #生成experimental.json
+    cat >"$TMPDIR"/jsons/experimental.json <<EOF
+{
+  "experimental": {
+    "clash_api": {
+      "external_controller": "0.0.0.0:$db_port",
+      "external_ui": "ui",
+	  "external_ui_download_url": "$external_ui_url",
+      "secret": "$secret",
+      "default_mode": "Rule"
+    }
+  }
+}
+EOF
+    #生成自定义规则文件
+    [ -n "$(grep -Ev ^# "$CRASHDIR"/yamls/rules.yaml 2>/dev/null)" ] && {
+        cat "$CRASHDIR"/yamls/rules.yaml |
+            sed '/#.*/d' |
+            sed 's/,no-resolve//g' |
+            grep -oE '\-.*,.*,.*' |
+            sed 's/- DOMAIN-SUFFIX,/{ "domain_suffix": [ "/g' |
+            sed 's/- DOMAIN-KEYWORD,/{ "domain_keyword": [ "/g' |
+            sed 's/- IP-CIDR,/{ "ip_cidr": [ "/g' |
+            sed 's/- SRC-IP-CIDR,/{ "._ip_cidr": [ "/g' |
+            sed 's/- DST-PORT,/{ "port": [ "/g' |
+            sed 's/- SRC-PORT,/{ "._port": [ "/g' |
+            sed 's/- GEOIP,/{ "geoip": [ "/g' |
+            sed 's/- GEOSITE,/{ "geosite": [ "/g' |
+            sed 's/- IP-CIDR6,/{ "ip_cidr": [ "/g' |
+            sed 's/- DOMAIN,/{ "domain": [ "/g' |
+            sed 's/- PROCESS-NAME,/{ "process_name": [ "/g' |
+            sed 's/,/" ], "outbound": "/g' |
+            sed 's/$/" },/g' |
+            sed '1i\{ "route": { "rules": [ ' |
+            sed '$s/,$/ ] } }/' >"$TMPDIR"/jsons/cust_add_rules.json
+        [ ! -s "$TMPDIR"/jsons/cust_add_rules.json ] && rm -rf "$TMPDIR"/jsons/cust_add_rules.json
+    }
+    #清理route.json中的process_name规则以及"auto_detect_interface"
+    sed -i '/"process_name": \[/,/],$/d' "$TMPDIR"/jsons/route.json
+    sed -i '/"process_name": "[^"]*",/d' "$TMPDIR"/jsons/route.json
+    sed -i 's/"auto_detect_interface": true/"auto_detect_interface": false/g' "$TMPDIR"/jsons/route.json
+    #跳过本地tls证书验证
+    if [ "$skip_cert" != "OFF" ]; then
+        sed -i 's/"insecure": false/"insecure": true/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
+    else
+        sed -i 's/"insecure": true/"insecure": false/' "$TMPDIR"/jsons/outbounds.json "$TMPDIR"/jsons/providers.json 2>/dev/null
+    fi
+    #判断可用并修饰outbounds&providers&route.json结尾
+    for file in outbounds providers route; do
+        if [ -n "$(grep ${file} "$TMPDIR"/jsons/${file}.json 2>/dev/null)" ]; then
+            sed -i 's/^  },$/  }/; s/^  ],$/  ]/' "$TMPDIR"/jsons/${file}.json
+            echo '}' >>"$TMPDIR"/jsons/${file}.json
+        else
+            rm -rf "$TMPDIR"/jsons/${file}.json
+        fi
+    done
+    #加载自定义配置文件
+    mkdir -p "$TMPDIR"/jsons_base
+    #以下为覆盖脚本的自定义文件
+    for char in log dns ntp certificate experimental; do
+        [ -s "$CRASHDIR"/jsons/${char}.json ] && {
+            ln -sf "$CRASHDIR"/jsons/${char}.json "$TMPDIR"/jsons/cust_${char}.json
+            mv -f "$TMPDIR"/jsons/${char}.json "$TMPDIR"/jsons_base #如果重复则临时备份
+        }
+    done
+    #以下为增量添加的自定义文件
+    for char in others endpoints inbounds outbounds providers route services; do
+        [ -s "$CRASHDIR"/jsons/${char}.json ] && {
+            ln -sf "$CRASHDIR"/jsons/${char}.json "$TMPDIR"/jsons/cust_${char}.json
+        }
+    done
+    #测试自定义配置文件
+    if ! error=$("$TMPDIR"/CrashCore check -D "$BINDIR" -C "$TMPDIR"/jsons 2>&1); then
+        echo $error
+        error_file=$(echo $error | grep -Eo 'cust.*\.json' | sed 's/cust_//g')
+        [ "$error_file" = 'add_rules.json' ] && error_file="$CRASHDIR"/yamls/rules.yaml自定义规则 || error_file="$CRASHDIR"/jsons/$error_file
+        logger "自定义配置文件校验失败，请检查【${error_file}】文件！" 31
+        logger "尝试使用基础配置文件启动~" 33
+        #清理自定义配置文件并还原基础配置
+        rm -rf "$TMPDIR"/jsons/cust_*
+        mv -f "$TMPDIR"/jsons_base/* "$TMPDIR"/jsons 2>/dev/null
+    fi
+    #清理缓存
+    rm -rf "$TMPDIR"/*.json
+    rm -rf "$TMPDIR"/jsons_base
+    return 0
+}
--- a/scripts/starts/snapshot_init.sh
+++ b/scripts/starts/snapshot_init.sh
@@ -1,8 +1,17 @@
 #!/bin/sh
 # Copyright (C) Juewuy

-CRASHDIR="$(uci get firewall.ShellCrash.path | sed 's/\/misnap_init.sh//')"
-profile=/etc/profile
+CRASHDIR="$(uci get firewall.ShellCrash.path | sed 's/\/starts.*//')"
+#防止提前自启
+/etc/init.d/shellcrash disable
+crontab -l | grep -v 'start_legacy_wd.sh shellcrash' | crontab -
+#防止usb未加载
+i=0
+while [ ! -f "$CRASHDIR/configs/ShellCrash.cfg" ]; do
+	[ $i -gt 20 ] && exit 1
+	i=$((i + 1))
+	sleep 3
+done
 . "$CRASHDIR"/configs/ShellCrash.cfg

 autoSSH(){
@@ -14,7 +23,6 @@ autoSSH(){
 	[ -z "$(pidof dropbear)" -o -z "$(netstat -ntul | grep :22)" ] && {
 		sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
 		/etc/init.d/dropbear restart
-		mi_autoSSH_pwd=$(grep 'mi_autoSSH_pwd=' $CRASHDIR/configs/ShellCrash.cfg | awk -F "=" '{print $2}')
 		[ -n "$mi_autoSSH_pwd" ] && echo -e "$mi_autoSSH_pwd\n$mi_autoSSH_pwd" | passwd root
 	}
 	#配置nvram
@@ -22,8 +30,8 @@ autoSSH(){
 	[ "$(nvram get telnet_en)" = 0 ] && nvram set telnet_en=1
 	nvram commit &> /dev/null
 	#备份还原SSH秘钥
-	[ -f $CRASHDIR/configs/dropbear_rsa_host_key ] && ln -sf $CRASHDIR/configs/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
-	[ -f $CRASHDIR/configs/authorized_keys ] && ln -sf $CRASHDIR/configs/authorized_keys /etc/dropbear/authorized_keys
+	[ -f "$CRASHDIR"/configs/dropbear_rsa_host_key ] && ln -sf "$CRASHDIR"/configs/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
+	[ -f "$CRASHDIR"/configs/authorized_keys ] && ln -sf "$CRASHDIR"/configs/authorized_keys /etc/dropbear/authorized_keys
 }
 tunfix(){
 	ko_dir=$(modinfo ip_tables | grep  -Eo '/lib/modules.*/ip_tables.ko' | sed 's|/ip_tables.ko||' )
@@ -31,9 +39,9 @@ tunfix(){
 	mkdir -p /tmp/overlay
 	mkdir -p /tmp/overlay/upper
 	mkdir -p /tmp/overlay/work
-	mount -o noatime,lowerdir=${ko_dir},upperdir=/tmp/overlay/upper,workdir=/tmp/overlay/work -t overlay "overlay_mods_only" ${ko_dir}
+	mount -o noatime,lowerdir="$ko_dir",upperdir=/tmp/overlay/upper,workdir=/tmp/overlay/work -t overlay "overlay_mods_only" "$ko_dir"
 	#将tun.ko链接到lib
-	ln -sf $CRASHDIR/tools/tun.ko ${ko_dir}/tun.ko || $CRASHDIR/start.sh loggger "小米Tun模块修复失败！"
+	ln -sf "$CRASHDIR"/tools/tun.ko "$ko_dir"/tun.ko
 }
 tproxyfix(){
 	sed -i 's/sysctl -w net.bridge.bridge-nf-call-ip/#sysctl -w net.bridge.bridge-nf-call-ip/g' /etc/init.d/qca-nss-ecm
@@ -47,37 +55,46 @@ auto_clean(){
 	/etc/init.d/stat_points stop 2>/dev/null
 	/etc/init.d/stat_points disable 2>/dev/null
 	sed -i '\#/logrotate#{ /^[[:space:]]*#/!s/^/#ShellCrash自动注释 / }' /etc/crontabs/root
-	rm -rf /data/usr/log
+	sed -i '\#/sec_cfg_bak#{ /^[[:space:]]*#/!s/^/#ShellCrash自动注释 / }' /etc/crontabs/root
+	rm -rf /data/usr/log /data/usr/sec_cfg
+	
+}
+auto_start(){
+	#设置init.d服务
+	[ ! -x /etc/init.d/shellcrash ] && {
+		cp -f "$CRASHDIR"/starts/shellcrash.procd /etc/init.d/shellcrash
+		chmod 755 /etc/init.d/shellcrash
+	}
+	#初始化环境变量
+	grep -q '^export CRASHDIR=' '/etc/profile' || {
+		. "$CRASHDIR"/libs/set_profile.sh
+		set_profile '/etc/profile' 
+	}
+	#启动服务
+	if [ ! -f "$CRASHDIR"/.dis_startup ] && [ ! -f "$CRASHDIR"/.start_error ]; then
+		#AX6S/AX6000修复tun功能
+		[ -s "$CRASHDIR"/tools/tun.ko ] && tunfix
+		#小米7000/小米万兆修复tproxy
+		[ -f /etc/init.d/qca-nss-ecm ] && echo "$redir_mod" | grep -q 'Tproxy' && tproxyfix
+		#自动覆盖根证书文件
+		[ -s "$CRASHDIR"/tools/ca-certificates.crt ] && cp -f "$CRASHDIR"/tools/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
+		#启动服务
+		"$CRASHDIR"/start.sh stop
+		/etc/init.d/shellcrash start && /etc/init.d/shellcrash enable
+	fi
 }
 init(){
 	#等待启动完成
 	while ! ip a| grep -q lan; do
 		sleep 10
 	done
-	sleep 20
-	#初始化环境变量
-    [ -z "$my_alias" ] && my_alias=crash
-    sed -i "/ShellCrash\/menu.sh/"d "$profile"
-    echo "alias ${my_alias}=\"sh $CRASHDIR/menu.sh\"" >>"$profile"
-	sed -i "/export CRASHDIR/d" "$profile"
-	echo "export CRASHDIR=\"$CRASHDIR\"" >>"$profile"
 	autoSSH #软固化功能
 	auto_clean #自动清理
-	#设置init.d服务
-	cp -f $CRASHDIR/shellcrash.procd /etc/init.d/shellcrash
-	chmod 755 /etc/init.d/shellcrash
-	#启动服务
-	if [ ! -f $CRASHDIR/.dis_startup ]; then
-		#AX6S/AX6000修复tun功能
-		[ -s $CRASHDIR/tools/tun.ko ] && tunfix
-		#小米7000/小米万兆修复tproxy
-		[ -f /etc/init.d/qca-nss-ecm ] && [ -n "$(grep 'redir_mod=Tproxy' $CRASHDIR/configs/ShellCrash.cfg )" ] && tproxyfix
-		#自动覆盖根证书文件
-		[ -s $CRASHDIR/tools/ca-certificates.crt ] && cp -f $CRASHDIR/tools/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
-		#启动服务
-		$CRASHDIR/start.sh start
-		/etc/init.d/shellcrash enable
-	fi
+	auto_start
+	#启动自定义服务
+	[ -s /data/auto_start.sh ] && /bin/sh /data/auto_start.sh &
+	#兼容auto_ssh脚本
+	[ -s /data/auto_ssh/auto_ssh.sh ] && /bin/sh /data/auto_ssh/auto_ssh.sh &
 }

 case "$1" in
@@ -86,7 +103,7 @@ case "$1" in
 	auto_clean) auto_clean ;;
 	init) init ;;
 	*)
-		if [ -z $(pidof CrashCore) ];then
+		if [ -z "$(pidof CrashCore)" ];then
 			init &
 		fi
 	;;
--- a/scripts/starts/start_error.sh
+++ b/scripts/starts/start_error.sh
@@ -0,0 +1,14 @@
+
+if [ "$start_old" != "ON" ] && ckcmd journalctl; then
+	journalctl -u shellcrash >"$TMPDIR"/core_test.log
+else
+	PID=$(pidof CrashCore) && [ -n "$PID" ] && kill -9 "$PID" >/dev/null 2>&1
+	${COMMAND} >"$TMPDIR"/core_test.log 2>&1 &
+	sleep 2
+	kill $! >/dev/null 2>&1
+fi
+touch "$CRASHDIR"/.start_error #标记启动失败，防止自启
+error=$(cat "$TMPDIR"/core_test.log | grep -iEo 'error.*=.*|.*ERROR.*|.*FATAL.*')
+logger "服务启动失败！请查看报错信息！详细信息请查看$TMPDIR/core_test.log" 33
+logger "$error" 31
+"$CRASHDIR"/start.sh stop
--- a/scripts/starts/start_legacy.sh
+++ b/scripts/starts/start_legacy.sh
@@ -0,0 +1,15 @@
+
+. "$CRASHDIR"/libs/check_cmd.sh
+
+start_legacy(){	
+	ckcmd nohup && _nohup=nohup
+	if ckcmd su && grep -q 'shellcrash:x:0:7890' /etc/passwd;then
+		su shellcrash -c "$_nohup $1 >/dev/null 2>&1 & echo \$! > /tmp/ShellCrash/$2.pid"
+	elif ckcmd setsid; then
+        $_nohup setsid $1 >/dev/null 2>&1 &
+        echo $! > "/tmp/ShellCrash/$2.pid"
+	else
+		$_nohup $1 >/dev/null 2>&1 &
+		echo $! > "/tmp/ShellCrash/$2.pid"
+	fi
+}
--- a/scripts/starts/start_legacy_wd.sh
+++ b/scripts/starts/start_legacy_wd.sh
@@ -0,0 +1,30 @@
+
+[ -z "$CRASHDIR" ] && CRASHDIR=$(cd "$(dirname "$0")"/.. && pwd)
+PIDFILE="/tmp/ShellCrash/$1.pid"
+LOCKDIR="/tmp/ShellCrash/start_$1.lock"
+
+[ -f "$CRASHDIR"/.start_error ] && [ ! -f /tmp/ShellCrash/crash_start_time ] && exit 1 #当启动失败后禁止开机自启动
+mkdir "$LOCKDIR" 2>/dev/null || exit 1
+
+if [ -f "$PIDFILE" ]; then
+	PID="$(cat "$PIDFILE")"
+	if [ -n "$PID" ] && [ "$PID" -eq "$PID" ] 2>/dev/null; then
+		if kill -0 "$PID" 2>/dev/null || [ -d "/proc/$PID" ]; then
+			rm -d "$LOCKDIR" 2>/dev/null
+			return 0
+		fi
+	else
+		rm -f "$PIDFILE"
+	fi
+fi
+
+#如果没有进程则拉起
+if [ "$1" = "shellcrash" ]; then
+	"$CRASHDIR"/start.sh start
+else
+	[ -f "$CRASHDIR/starts/start_legacy.sh" ] && . "$CRASHDIR/starts/start_legacy.sh"
+	killall bot_tg.sh 2>/dev/null
+	start_legacy "$CRASHDIR/menus/bot_tg.sh" "$1"
+fi
+
+rm -d "$LOCKDIR" 2>/dev/null
--- a/Show More
+++ b/Show More