v1.8.0稳定版

~部分文字说明调整
~增加自定义配置文件启动失败后的文件存档

.github/workflows/bin_update.yml

@@ -32,7 +32,9 @@ jobs:
         
     - name: Update Dashboard
       run: |
-        cd \bin
+        mkdir -p bin/dashboard
+        mkdir -p bin/geodata
+        cd bin/dashboard
         echo 下载官方面板
         curl -kfSL -o clashdb.zip  https://github.com/Dreamacro/clash-dashboard/archive/gh-pages.zip
         echo 下载Meta面板
@@ -44,56 +46,56 @@ jobs:
         echo 解压缩
         unzip -o clashdb.zip > /dev/null
         unzip -o yacd.zip > /dev/null
-        cd \clash-dashboard-gh-pages
+        cd clash-dashboard-gh-pages
         tar -zcvf clashdb.tar.gz * > /dev/null
         mv -f clashdb.tar.gz ../
         cd ..
-        cd \yacd-gh-pages
+        cd yacd-gh-pages
         echo yacd特殊处理
         find -name '*.map' | xargs  rm -rf
         rm -rf report.html
         tar -zcvf yacd.tar.gz * > /dev/null
         mv -f yacd.tar.gz ../
         cd ..
-
+        
         echo 解压缩
         unzip -o meta_db.zip > /dev/null
         unzip -o meta_yacd.zip > /dev/null
-        cd \Razord-meta-gh-pages
+        cd Razord-meta-gh-pages
         tar -zcvf meta_db.tar.gz * > /dev/null
         mv -f meta_db.tar.gz ../
         cd ..
-        cd \Yacd-meta-gh-pages
+        cd Yacd-meta-gh-pages
         echo yacd特殊处理
         find -name '*.map' | xargs  rm -rf
         rm -rf report.html
         tar -zcvf meta_yacd.tar.gz * > /dev/null
         mv -f meta_yacd.tar.gz ../
         cd ..
-
+        
         rm -rf clashdb.zip
         rm -rf yacd.zip
         rm -rf meta_db.zip
         rm -rf meta_yacd.zip
-        rm -rf \clash-dashboard-gh-pages
-        rm -rf \yacd-gh-pages
-        rm -rf \Razord-meta-gh-pages
-        rm -rf \Yacd-meta-gh-pages
+        rm -rf clash-dashboard-gh-pages
+        rm -rf yacd-gh-pages
+        rm -rf Razord-meta-gh-pages
+        rm -rf Yacd-meta-gh-pages
         echo 面板更新完成！
         
     - name: Update GeoIP
       run: |
-        cd \bin
+        cd bin
         source version
-        curl -kfSL -O https://raw.githubusercontent.com/alecthw/mmdb_china_ip_list/release/Country.mmdb
-        curl -kfSL -o cn_mini.mmdb https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/Country.mmdb
-        curl -kfSL -o china_ip_list.txt https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt
-        curl -kfSL -o china_ipv6_list.txt https://raw.githubusercontent.com/ChanthMiao/China-IPv6-List/release/cn6.txt
-        curl -kfSL -O https://raw.githubusercontent.com/P3TERX/ca-certificates.crt/download/ca-certificates.crt
-        curl -kfSL -O https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat
+        curl -kfSL -o geodata/Country.mmdb https://raw.githubusercontent.com/alecthw/mmdb_china_ip_list/release/Country.mmdb
+        curl -kfSL -o geodata/cn_mini.mmdb https://raw.githubusercontent.com/Hackl0us/GeoIP2-CN/release/Country.mmdb
+        curl -kfSL -o geodata/china_ip_list.txt https://raw.githubusercontent.com/17mon/china_ip_list/master/china_ip_list.txt
+        curl -kfSL -o geodata/china_ipv6_list.txt https://raw.githubusercontent.com/ChanthMiao/China-IPv6-List/release/cn6.txt
+        curl -kfSL -o geodata/geosite.dat https://raw.githubusercontent.com/Loyalsoldier/v2ray-rules-dat/release/geosite.dat
+        curl -kfSL -o fix/ca-certificates.crt https://raw.githubusercontent.com/P3TERX/ca-certificates.crt/download/ca-certificates.crt
         sed -i '/GeoIP_v*/'d version
         echo GeoIP_v=`date '+%Y%m%d'` >> version
-        echo IP数据库及根证书文件更新完成！
+        echo 数据库及根证书文件更新完成！
 
     - name: Commit and push
       run: |
@@ -105,4 +107,4 @@ jobs:
       uses: Mattraks/delete-workflow-runs@main
       with:
         retain_days: 1
-        keep_minimum_runs: 3
+        keep_minimum_runs: 2

.github/workflows/update_clash_core.yaml

@@ -48,4 +48,8 @@ jobs:
         git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
         git add . && git commit -m "更新Clash内核至${download_version}" || exit 0
         git push
-        
+    - name: Cleanup Workflow
+      uses: Mattraks/delete-workflow-runs@main
+      with:
+        retain_days: 1
+        keep_minimum_runs: 2         

.github/workflows/update_dotnet_core.yaml

@@ -1,51 +0,0 @@
-name: Update DotNet Core
-on: 
-  workflow_dispatch:
-    inputs:
-      version:
-        description: 'version of Clash DotNet, such as v1.7.6'
-        required: true
-        type: string
-env:
-  download_version: ${{ github.event.inputs.version }}
-  download_url: https://github.com/ClashDotNetFramework/experimental-clash/releases/download
-jobs:
-  Update:
-    runs-on: ubuntu-latest
-    steps:
-    - name: Clone Repository
-      uses: actions/checkout@main
-    - name: Init Dependencies
-      run: |
-        wget https://github.com/upx/upx/releases/download/v3.96/upx-3.96-amd64_linux.tar.xz
-        wget https://github.com/upx/upx/releases/download/v3.93/upx-3.93-amd64_linux.tar.xz
-        tar xf upx-3.96-amd64_linux.tar.xz
-        tar xf upx-3.93-amd64_linux.tar.xz
-    - name: Download Core
-      run: |
-        archs="386 amd64 armv5 armv7 armv8 mips-softfloat mipsle-hardfloat mipsle-softfloat"
-        mkdir tmp
-        for arch in ${archs};do
-          wget "${download_url}/${download_version}/clash-linux-${arch}-${download_version}.gz" -O - | gunzip -c > ./tmp/clash-linux-${arch}
-          chmod +x ./tmp/clash-linux-${arch}
-          if [ "${arch}" != "armv5" ];then
-            if [[ ${arch} == mips* ]];then
-              ./upx-3.93-amd64_linux/upx ./tmp/clash-linux-${arch}
-            else
-              ./upx-3.96-amd64_linux/upx ./tmp/clash-linux-${arch}
-            fi
-          fi
-        done
-        rm -fr upx*
-    - name: Update
-      run: |
-        rm -fr ./bin/clash.net/*
-        cp ./tmp/* ./bin/clash.net/
-        rm -fr ./tmp
-        sed -i "s/clashnet_v=.*/clashnet_v=$(./bin/clash.net/clash-linux-amd64 -v 2>/dev/null | sed 's/ linux.*//;s/.* //')/" bin/version
-    - name: Commit and push
-      run: |
-        git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
-        git add . && git commit -m "更新DotNet内核至${download_version}" || exit 0
-        git push
-        

.github/workflows/update_meta.alpha_core.yaml

@@ -1,7 +1,7 @@
 name: Update Meta Alpha Core 
 on: 
   schedule:
-    - cron: "0 20 * * 1,3,5,6"
+    - cron: 0 20 * * *
   workflow_dispatch:
 
 env:
@@ -53,4 +53,8 @@ jobs:
         prerelease: true
         files: |
           ./tmp/* 
-        
+    - name: Cleanup Workflow
+      uses: Mattraks/delete-workflow-runs@main
+      with:
+        retain_days: 1
+        keep_minimum_runs: 2      

.github/workflows/update_meta_core.yaml

@@ -56,4 +56,8 @@ jobs:
         git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
         git add . && git commit -m "更新Meta内核至${download_version}" || exit 0
         git push
-        
+    - name: Cleanup Workflow
+      uses: Mattraks/delete-workflow-runs@main
+      with:
+        retain_days: 1
+        keep_minimum_runs: 2      

.github/workflows/update_premium.latest_core.yaml

@@ -1,7 +1,7 @@
 name: Update Premium latest Core 
 on: 
   schedule:
-    - cron: "0 20 * * 1,3,5,6"
+    - cron: 0 20 * * 6
   workflow_dispatch:
 
 env:
@@ -46,4 +46,8 @@ jobs:
         prerelease: true
         files: |
           ./tmp/* 
-        
+    - name: Cleanup Workflow
+      uses: Mattraks/delete-workflow-runs@main
+      with:
+        retain_days: 1
+        keep_minimum_runs: 2       

.github/workflows/update_premium_core.yaml

@@ -49,4 +49,8 @@ jobs:
         git config --global user.email "juewuy@gmail.com" && git config --global user.name "Bot"
         git add . && git commit -m "更新Premium内核至${download_version}" || exit 0
         git push
-        
+    - name: Cleanup Workflow
+      uses: Mattraks/delete-workflow-runs@main
+      with:
+        retain_days: 1
+        keep_minimum_runs: 2         

bin/release_version

@@ -1,8 +1,7 @@
+1.8.0
 1.7.0
 1.6.3
 1.5.1
 1.3.0
 1.2.0
 1.1.0
-1.0.0beta11
-0.9.7

bin/version

@@ -1,6 +1,6 @@
 clashnet_v=v1.7.6
 clashpre_v=2022.11.25
 clash_v=v1.7.1
-meta_v=v1.14.2
-GeoIP_v=20230408
-versionsh=1.7.4f
+meta_v=v1.15.0
+GeoIP_v=20230819
+versionsh=1.8.0

install.sh

@@ -2,8 +2,11 @@
 # Copyright (C) Juewuy
 
 type bash &>/dev/null && shtype=bash || shtype=sh 
-echo='echo -e' && [ -n "$(echo -e|grep e)" ] && echo=echo
-
+echo='echo -e' 
+[ -n "$(echo -e|grep e)" ] && {
+	echo "\033[31m不支持dash环境安装！请先输入bash命令后再运行安装命令！\033[0m"
+	exit
+}
 echo "***********************************************"
 echo "**                 欢迎使用                  **"
 echo "**                ShellClash                 **"
@@ -11,7 +14,7 @@ echo "**                             by  Juewuy    **"
 echo "***********************************************"
 #内置工具
 dir_avail(){
-	df $2 $1 |awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' |grep Ava |awk '{print $2}'
+	df $2 $1 |awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' |grep -E 'Ava|可用' |awk '{print $2}'
 }
 setconfig(){
 	configpath=$clashdir/mark
@@ -135,6 +138,7 @@ if [ -n "$systype" ];then
 			exit 1 ;;
 		esac
 	}
+	[ "$systype" = "ng_snapshot" ] && dir=/tmp/mnt
 else	
 	$echo " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
 	$echo " 2 在\033[32m/usr/share目录\033[0m下安装(适合Linux系统)"
@@ -198,6 +202,8 @@ echo -----------------------------------------------
 	[ -d "/jffs/scripts" ] && initdir='/jffs/scripts/nat-start' 
 	}
 [ -f "/data/etc/crontabs/root" ] && systype=mi_snapshot #小米设备
+[ -w "/var/mnt/cfg/firewall" ] && systype=ng_snapshot #NETGEAR设备
+
 #检查root权限
 if [ "$USER" != "root" -a -z "$systype" ];then
 	echo 当前用户:$USER

public/README.md

@@ -0,0 +1,13 @@
+## ShellClash项目公共维护列表
+
+欢迎提交PR！您可以通过在线编辑功能并提交PR，以维护此处列表！<br>
+
+servers.list————用于维护内置订阅转换规则/服务器、脚本更新服务器<br>
+fake_ip_filter.list————用于fake-ip地址过滤<br>
+fallback-filter.list————用于fallback-DNS域名解析筛选<br>
+
+修改时：<br>
+
+请遵循列表内的文件格式，使用LF换行符及UTF8编码！<br>
+
+请勿删除列表末尾的空行！<br>

public/fake_ip_filter.list

@@ -0,0 +1,139 @@
+#LAN
+*.lan
+*.localdomain
+*.example
+*.invalid
+*.localhost
+*.test
+*.local
+*.home.arpa
+#放行NTP服务
+time.*.com
+time.*.gov
+time.*.edu.cn
+time.*.apple.com
+time-ios.apple.com
+time1.*.com
+time2.*.com
+time3.*.com
+time4.*.com
+time5.*.com
+time6.*.com
+time7.*.com
+ntp.*.com
+ntp1.*.com
+ntp2.*.com
+ntp3.*.com
+ntp4.*.com
+ntp5.*.com
+ntp6.*.com
+ntp7.*.com
+*.time.edu.cn
+*.ntp.org.cn
++.pool.ntp.org
+time1.cloud.tencent.com
+#放行网易云音乐
+music.163.com
+*.music.163.com
+*.126.net
+#百度音乐
+musicapi.taihe.com
+music.taihe.com
+#酷狗音乐
+songsearch.kugou.com
+trackercdn.kugou.com
+#酷我音乐
+*.kuwo.cn
+#JOOX音乐
+api-jooxtt.sanook.com
+api.joox.com
+joox.com
+#QQ音乐
+y.qq.com
+*.y.qq.com
+streamoc.music.tc.qq.com
+mobileoc.music.tc.qq.com
+isure.stream.qqmusic.qq.com
+dl.stream.qqmusic.qq.com
+aqqmusic.tc.qq.com
+amobile.music.tc.qq.com
+#虾米音乐
+*.xiami.com
+#咪咕音乐
+*.music.migu.cn
+music.migu.cn
+#win10本地连接检测
++.msftconnecttest.com
++.msftncsi.com
+#QQ登录
+localhost.ptlogin2.qq.com
+localhost.sec.qq.com
++.qq.com
++.tencent.com
+#Game
+#Nintendo Switch
++.srv.nintendo.net
+*.n.n.srv.nintendo.net
+#Sony PlayStation
++.stun.playstation.net
+#Microsoft Xbox
+xbox.*.*.microsoft.com
+*.*.xboxlive.com
+xbox.*.microsoft.com
+xnotify.xboxlive.com
+#Wotgame
++.battlenet.com.cn
++.wotgame.cn
++.wggames.cn
++.wowsgame.cn
++.wargaming.net
+#Golang
+proxy.golang.org
+#STUN
+stun.*.*
+stun.*.*.*
++.stun.*.*
++.stun.*.*.*
++.stun.*.*.*.*
++.stun.*.*.*.*.*
+#Linksys Router
+heartbeat.belkin.com
+*.linksys.com
+*.linksyssmartwifi.com
+#ASUS Router
+*.router.asus.com
+#Apple Software Update Service
+mesu.apple.com
+swscan.apple.com
+swquery.apple.com
+swdownload.apple.com
+swcdn.apple.com
+swdist.apple.com
+#Google
+lens.l.google.com
+stun.l.google.com
+na.b.g-tun.com
+#Netflix
++.nflxvideo.net
+#FinalFantasy XIV Worldwide Server & CN Server
+*.square-enix.com
+*.finalfantasyxiv.com
+*.ffxiv.com
+*.ff14.sdo.com
+ff.dorado.sdo.com
+#Bilibili
+*.mcdn.bilivideo.cn
+#Disney Plus
++.media.dssott.com
+#shark007 Codecs 
+shark007.net
+#Mijia
+Mijia Cloud
+#招商银行
++.cmbchina.com
++.cmbimg.com
+#AdGuard
+local.adguard.org
+#迅雷
++.sandai.net
++.n0808.com

public/fallback_filter.list

@@ -0,0 +1,2 @@
++.bing.com
++.linkedin.com

public/servers.list

@@ -0,0 +1,33 @@
+# ID&类型 说明 地址 其他说明 (类型：100-稳定源;200-测试源;300-基础sub;400-meta_sub;500-规则地址)
+
+101 Jsdelivr-CDN源 https://fastly.jsdelivr.net/gh/juewuy/ShellClash 稳定版 
+102 Github源(须clash服务启用) https://raw.githubusercontent.com/juewuy/ShellClash 稳定版 
+
+201 Jsdelivr-CDN源 https://fastly.jsdelivr.net/gh/juewuy/ShellClash@master 公测版 
+202 ShellClash私人源1 https://gh.jwsc.eu.org/master 公测版 
+203 ShellClash私人源2 https://gh.shellclash.workers.dev/https://raw.githubusercontent.com/juewuy/ShellClash 公测版
+204 Github源(须clash服务启用) https://raw.githubusercontent.com/juewuy/ShellClash/master 公测版
+205 (TG讨论组 https://t.me/ShellClash) http://t.jwsc.eu.org 内测版 
+206 wwng2333自建源  https://mirrors.csgo.ovh/ShellClash 公测版
+   
+301 墙洞提供 https://api.dler.io  
+302 SUB作者提供 https://sub.xeton.dev 
+303 猫熊提供 https://sub.maoxiongnet.com  
+ 
+401 肥羊提供,支持vless|hy https://sub.d1.mk  
+402 品云提供,支持vless|hy https://v.id9.cc
+403 作者提供,支持vless|hy https://sub.jwsc.eu.org
+
+499 作者提供,未加密仅备用 http://sub2.jwsc.eu.org  
+   
+501 Acl4SSR全能优化版 https://github.com/juewuy/ShellClash/raw/master/rules/ShellClash.ini (推荐)
+502 Acl4SSR精简优化版 https://github.com/juewuy/ShellClash/raw/master/rules/ShellClash_Mini.ini (推荐)
+503 Acl4SSR全能优化+去广告增强 https://github.com/juewuy/ShellClash/raw/master/rules/ShellClash_Block.ini  
+504 Acl4SSR极简版 https://github.com/juewuy/ShellClash/raw/master/rules/ShellClash_Nano.ini (适合自建节点)
+505 Acl4SSR分流&游戏增强 https://github.com/juewuy/ShellClash/raw/master/rules/ShellClash_Full.ini  
+506 Acl4SSR分流&游戏&去广告增强 https://github.com/juewuy/ShellClash/raw/master/rules/ShellClash_Full_Block.ini (低性能设备慎用)
+507 洞主规则精简版 https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/lhie1_clash.ini  
+508 洞主规则重度完整版 https://gist.githubusercontent.com/tindy2013/1fa08640a9088ac8652dbd40c5d2715b/raw/lhie1_dler.ini  
+509 Acl4SSR多国精简 https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_Online_Mini_MultiCountry.ini 
+510 Acl4SSR回国专用 https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_BackCN.ini  
+511 Acl4SSR增强国外GFW https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/config/ACL4SSR_WithGFW.ini (适合黑名单模式使用)

rules/922proxy.ini

@@ -0,0 +1,35 @@
+[custom]
+ruleset=国内直连流量,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/LocalAreaNetwork.list
+ruleset=国内直连流量,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/UnBan.list
+ruleset=国内直连流量,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/GoogleCN.list
+ruleset=普通外网流量,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyLite.list
+ruleset=国内直连流量,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaDomain.list
+ruleset=国内直连流量,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaCompanyIp.list
+ruleset=国内直连流量,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Download.list
+ruleset=国内直连流量,[]GEOIP,CN
+ruleset=普通外网流量,[]FINAL
+
+custom_proxy_group=922南北美`select`[]🇺🇲 美国自动`[]🇺🇲 美国手动`[]🇸🇬 新加坡自动`[]🇸🇬 新加坡手动`[]🇭🇰 香港自动`[]🇭🇰 香港手动`[]所有节点手选
+custom_proxy_group=922东南亚`select`[]🇸🇬 新加坡自动`[]🇸🇬 新加坡手动`[]🇨🇳 台湾自动`[]🇨🇳 台湾手动`[]🇭🇰 香港自动`[]🇭🇰 香港手动`[]所有节点手选
+custom_proxy_group=922IP验证`select`[]🇭🇰 香港自动`[]🇭🇰 香港手动`[]🇨🇳 台湾自动`[]🇨🇳 台湾手动`[]🇸🇬 新加坡自动`[]🇸🇬 新加坡手动`[]所有节点手选
+custom_proxy_group=922未知地址`select`[]🇸🇬 新加坡自动`[]🇸🇬 新加坡手动`[]所有节点自动`[]🇺🇲 美国自动`[]🇺🇲 美国手动`[]所有节点手选
+custom_proxy_group=abc全球节点`select`[]🇨🇳 台湾自动`[]🇨🇳 台湾手动`[]🇭🇰 香港自动`[]🇭🇰 香港手动`[]🇸🇬 新加坡自动`[]🇸🇬 新加坡手动`[]🇺🇲 美国自动`[]🇺🇲 美国手动`[]所有节点手选
+
+custom_proxy_group=🇭🇰 香港手动`select`(港|HK|🇭🇰|Hong Kong)
+custom_proxy_group=🇺🇲 美国手动`select`(美|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|US|United States|🇺🇲)
+custom_proxy_group=🇨🇳 台湾手动`select`(台|新北|彰化|TW|Taiwan)
+custom_proxy_group=🇸🇬 新加坡手动`select`(新加坡|坡|狮城|广新|SG|Singapore|🇸🇬)
+custom_proxy_group=所有节点手选`select`.*
+
+custom_proxy_group=普通外网流量`select`[]🇭🇰 香港自动`[]🇨🇳 台湾自动`[]🇸🇬 新加坡自动`[]🇺🇲 美国自动`[]所有节点自动`[]所有节点手选`[]DIRECT
+custom_proxy_group=国内直连流量`select`[]DIRECT`[]所有节点自动`[]所有节点手选
+
+custom_proxy_group=🇭🇰 香港自动`url-test`(港|HK|Hong Kong)`https://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🇺🇲 美国自动`url-test`(美|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|US|United States)`http://www.gstatic.com/generate_204`300,,150
+custom_proxy_group=🇨🇳 台湾自动`url-test`(台|新北|彰化|TW|Taiwan)`https://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🇸🇬 新加坡自动`url-test`(新加坡|坡|狮城|SG|Singapore)`https://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=所有节点自动`url-test`.*`https://www.gstatic.com/generate_204`300,,50
+
+enable_rule_generator=true
+overwrite_original_rules=true
+

rules/ShellClash_Full_SL.ini

@@ -0,0 +1,61 @@
+[custom]
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/LocalAreaNetwork.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/UnBan.list
+ruleset=🛑 广告拦截,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanAD.list
+ruleset=🍃 应用净化,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/BanProgramAD.list
+ruleset=📢 谷歌FCM,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/GoogleFCM.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/GoogleCN.list
+ruleset=🎥 NETFLIX,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Netflix.list
+ruleset=🎥 NETFLIX,https://raw.githubusercontent.com/LM-Firefly/Rules/master/Global-Services/Netflix.list
+ruleset=🎥 DisneyP,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/DisneyPlus.list
+ruleset=🎥 YouTube,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/YouTube.list
+ruleset=📺 哔哩海外,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/BilibiliHMT.list
+ruleset=🤖 人工智能,https://raw.githubusercontent.com/juewuy/ShellClash/master/rules/ai.list
+ruleset=Ⓜ️ 微软服务,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Microsoft.list
+ruleset=🍎 苹果服务,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Apple.list
+ruleset=📲 电报消息,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Telegram.list
+ruleset=🎮 外服游戏,https://raw.githubusercontent.com/LM-Firefly/Rules/master/Game.list
+ruleset=🌍 国外媒体,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyMedia.list
+ruleset=🌏 国内媒体,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaMedia.list
+ruleset=🎶 网易音乐,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/NetEaseMusic.list
+ruleset=📺 巴哈姆特,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Ruleset/Bahamut.list
+ruleset=🚀 节点选择,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ProxyLite.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaDomain.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/ChinaCompanyIp.list
+ruleset=🎯 全球直连,https://raw.githubusercontent.com/ACL4SSR/ACL4SSR/master/Clash/Download.list
+ruleset=🎯 全球直连,[]GEOIP,CN
+ruleset=🐟 漏网之鱼,[]FINAL
+
+custom_proxy_group=🇭🇰 香港节点`select`(港|HK|🇭🇰|Hong Kong)
+custom_proxy_group=🇯🇵 日韩节点`select`(日本|川日|东京|大阪|泉日|埼玉|沪日|深日|[^-]日|JP|Japan|🇯🇵|KR|Korea|KOR|首尔|韩|韓)
+custom_proxy_group=🇺🇲 美国节点`select`(美|波特兰|达拉斯|俄勒冈|凤凰城|费利蒙|硅谷|拉斯维加斯|洛杉矶|圣何塞|圣克拉拉|西雅图|芝加哥|US|United States|🇺🇲)
+custom_proxy_group=🇨🇳 台湾节点`select`(台|新北|彰化|TW|Taiwan)
+custom_proxy_group=🇸🇬 新加坡节点`select`(新加坡|坡|狮城|广新|SG|Singapore|🇸🇬)
+custom_proxy_group=🚀 节点选择`select`[]♻️ 自动选择`[]📺 省流节点`[]👍 高级节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=🚀 手动切换`select`.*
+custom_proxy_group=♻️ 自动选择`url-test`.*`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=🛑 广告拦截`select`[]DIRECT`[]REJECT
+custom_proxy_group=🍃 应用净化`select`[]DIRECT`[]REJECT
+custom_proxy_group=🎮 外服游戏`select`[]🎯 全球直连`[]🎮 游戏节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 手动切换
+custom_proxy_group=📲 电报消息`select`[]🚀 节点选择`[]♻️ 自动选择`[]📺 省流节点`[]🇸🇬 新加坡节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=📢 谷歌FCM`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🚀 手动切换
+custom_proxy_group=🎥 NETFLIX`select`[]🎥 流媒体解锁`[]👍 高级节点`[]🇸🇬 新加坡节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 节点选择
+custom_proxy_group=🎥 DisneyP`select`[]🎥 流媒体解锁`[]👍 高级节点`[]🇸🇬 新加坡节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 节点选择
+custom_proxy_group=🎥 YouTube`select`[]📺 省流节点`[]👍 高级节点`[]🇸🇬 新加坡节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 节点选择
+custom_proxy_group=📺 哔哩海外`select`[]🎯 全球直连`[]🇨🇳 台湾节点`[]🇭🇰 香港节点
+custom_proxy_group=🌍 国外媒体`select`[]🚀 节点选择`[]♻️ 自动选择`[]📺 省流节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=🌏 国内媒体`select`[]DIRECT`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🚀 手动切换
+custom_proxy_group=🤖 人工智能`select`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🚀 手动切换
+custom_proxy_group=Ⓜ️ 微软服务`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🚀 手动切换
+custom_proxy_group=🍎 苹果服务`select`[]DIRECT`[]🚀 节点选择`[]🇺🇲 美国节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🚀 手动切换
+custom_proxy_group=📺 巴哈姆特`select`[]🇨🇳 台湾节点`[]🚀 节点选择`[]🚀 手动切换`[]DIRECT
+custom_proxy_group=🎶 网易音乐`select`[]DIRECT`[]🚀 节点选择`[]♻️ 自动选择`(网易|音乐|解锁|Music|NetEase)
+custom_proxy_group=🎯 全球直连`select`[]DIRECT`[]🚀 节点选择`[]♻️ 自动选择
+custom_proxy_group=🐟 漏网之鱼`select`[]🚀 节点选择`[]♻️ 自动选择`[]DIRECT`[]📺 省流节点`[]🇭🇰 香港节点`[]🇨🇳 台湾节点`[]🇸🇬 新加坡节点`[]🇯🇵 日韩节点`[]🇺🇲 美国节点`[]🚀 手动切换
+custom_proxy_group=🎮 游戏节点`select`(游戏|Game|game|加速)`
+custom_proxy_group=🎥 流媒体解锁`select`(NF|奈飞|解锁|Netflix|NETFLIX|Media)
+custom_proxy_group=📺 省流节点`url-test`(0\.[0-5]|低倍率|省流|大流量)`http://www.gstatic.com/generate_204`300,,50
+custom_proxy_group=👍 高级节点`url-test`(专线|专用|高级|直连|急速|高倍率|IEPL|IPLC|AIA|CTM|CC|iepl|iplc|aia|ctm|cc)`http://www.gstatic.com/generate_204`300,,50
+
+enable_rule_generator=true
+overwrite_original_rules=true

rules/ai.list

@@ -5,4 +5,11 @@ DOMAIN-SUFFIX,cdn.auth0.com
 DOMAIN-SUFFIX,openaiapi-site.azureedge.net
 DOMAIN-SUFFIX,opendns.com
 DOMAIN-SUFFIX,bing.com
-
+DOMAIN-SUFFIX,civitai.com
+DOMAIN,bard.google.com
+DOMAIN-SUFFIX,sentry.io
+DOMAIN-SUFFIX,intercom.io
+DOMAIN-SUFFIX,featuregates.org
+DOMAIN-SUFFIX,statsigapi.net
+DOMAIN-SUFFIX,claude.ai
+DOMAIN-SUFFIX,Anthropic.com

scripts/clash.service

@@ -5,6 +5,7 @@ After=network.target
 [Service]
 Type=simple
 User=root
+ExecStartPre=/etc/clash/start.sh bfstart
 ExecStart=/etc/clash/clash -d /etc/clash >/dev/null
 ExecStartPost=/etc/clash/start.sh afstart
 Restart=on-failure

scripts/clash.sh

@@ -1,12 +1,13 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-CFG_PATH=$clashdir/mark
-
+CFG_PATH=$clashdir/configs/ShellClash.cfg
+YAMLSDIR=$clashdir/yamls
+TMPDIR=/tmp/ShellClash && [ ! -f $TMPDIR ] && mkdir -p $TMPDIR
 #读取配置相关
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
-	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
+	[ -z "$3" ] && configpath=$CFG_PATH || configpath=$3
 	[ -n "$(grep -E "^${1}=" $configpath)" ] && sed -i "s#^${1}=\(.*\)#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 ckcmd(){
@@ -16,15 +17,19 @@ ckstatus(){
 
 	#服务器缺省地址
 	[ -z "$update_url" ] && update_url=https://fastly.jsdelivr.net/gh/juewuy/ShellClash
-	#检查/读取标识文件
-	[ ! -f $CFG_PATH ] && echo '#标识clash运行状态的文件，不明勿动！' > $CFG_PATH
-	#检查重复行并去除
-	[ -n "$(awk 'a[$0]++' $CFG_PATH)" ] && awk '!a[$0]++' $CFG_PATH > $CFG_PATH
-	#检查时间戳
-	touch /tmp/clash_start_time
-	#使用source加载配置文件
-	source $CFG_PATH
-	versionsh=$(cat $clashdir/init.sh | grep -E ^version= | sed 's/version=//')
+	#检查/读取脚本配置文件
+	if [ -f $CFG_PATH ];then
+		#检查重复行并去除
+		[ -n "$(awk 'a[$0]++' $CFG_PATH)" ] && awk '!a[$0]++' $CFG_PATH > $CFG_PATH
+		#检查时间戳
+		touch $TMPDIR/clash_start_time
+		#使用source加载配置文件
+		source $CFG_PATH > /dev/null
+	else
+		mkdir -p $clashdir/configs
+		echo '#标识clash运行状态的文件，不明勿动！' > $CFG_PATH
+	fi
+	versionsh=$(cat $clashdir/init.sh | grep -E ^version= | head -n 1 | sed 's/version=//')
 	[ -n "$versionsh" ] && versionsh_l=$versionsh
 	#设置默认核心资源目录
 	[ -z "$bindir" ] && bindir=$clashdir
@@ -37,7 +42,7 @@ ckstatus(){
 	[ -z "$local_proxy" ] && local_proxy=未开启
 	[ -z "$redir_mod" ] && redir_mod=纯净模式
 	#检查mac地址记录
-	[ ! -f $clashdir/mac ] && touch $clashdir/mac
+	[ ! -f $clashdir/configs/mac ] && touch $clashdir/configs/mac
 	#获取本机host地址
 	[ -z "$host" ] && host=$(ubus call network.interface.lan status 2>&1 | grep \"address\" | grep -oE '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}';)
 	[ -z "$host" ] && host=$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'lan' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/\/[0-9][0-9].*$//g' | head -n 1)
@@ -63,13 +68,13 @@ ckstatus(){
 		auto1="\033[36m允许\033[0mclash开机启动"
 	fi
 	#获取运行状态
-	PID=$(pidof clash)
+	PID=$(pidof clash | awk '{print $NF}')
 	if [ -n "$PID" ];then
 		run="\033[32m正在运行（$redir_mod）\033[0m"
 		VmRSS=`cat /proc/$PID/status|grep -w VmRSS|awk '{print $2,$3}'`
 		#获取运行时长
-		touch /tmp/clash_start_time #用于延迟启动的校验
-		start_time=$(cat /tmp/clash_start_time)
+		touch $TMPDIR/clash_start_time #用于延迟启动的校验
+		start_time=$(cat $TMPDIR/clash_start_time)
 		if [ -n "$start_time" ]; then 
 			time=$((`date +%s`-start_time))
 			day=$((time/86400))
@@ -98,7 +103,7 @@ ckstatus(){
 	#检查执行权限
 	[ ! -x $clashdir/start.sh ] && chmod +x $clashdir/start.sh
 	#检查/tmp内核文件
-	for file in `ls -F /tmp | grep -v [/\$] | grep -v '\ ' | grep -iE '^clash$|^clash-linux*|^clash.meta*'` ; do 
+	for file in `ls -F /tmp | grep -v [/\$] | grep -v '\ ' | grep -Ev  ".*[(gz)(zip)(7z)(tar)(xz)]$" | grep -iE '^clash$|^clash-linux*|^clash.meta*'` ; do 
 		file=/tmp/$file
 		chmod +x $file
 		tmp_version=$($file -v 2>/dev/null)
@@ -132,9 +137,9 @@ ckstatus(){
 		file=/tmp/$file
 		$bindir/clash -t -d $bindir -f $file &>/dev/null && {
 		echo -e "发现可用的YAML配置文件： \033[36m$file\033[0m "
-		read -p "加载为config.yaml配置文件/或者移除该文件？(1/0) > " res
+		read -p "加载为yaml配置文件/或者移除该文件？(1/0) > " res
 		[ "$res" = 1 ] && {
-			mv -f $file $clashdir/config.yaml
+			mv -f $file $clashdir/yamls/config.yaml
 			echo -e "\033[32m配置文件加载完成！\033[0m " 
 			sleep 1
 		}
@@ -146,6 +151,13 @@ ckstatus(){
 		echo -----------------------------------------------
 		}
 	done
+	#检查禁用配置覆写
+	[ "$disoverride" = "1" ] && {
+		echo -e "\033[33m你已经禁用了配置文件覆写功能，这会导致大量脚本功能无法使用！\033[0m "
+		read -p "是否取消禁用？(1/0) > " res
+		[ "$res" = 1 ] && unset disoverride && setconfig disoverride 
+		echo -----------------------------------------------
+	}
 }
 
 #启动相关
@@ -170,15 +182,15 @@ startover(){
 }
 clashstart(){
 	#检查yaml配置文件
-	if [ ! -f "$clashdir/config.yaml" ];then
-		echo -----------------------------------------------
+	echo -----------------------------------------------
+	if [ -s $clashdir/yamls/config.yaml -o -n "$Url" -o -n "$Https" ];then
+		$clashdir/start.sh start
+		sleep 1
+		[ -n "$(pidof clash)" ] && startover
+	else
 		echo -e "\033[31m没有找到配置文件，请先导入配置文件！\033[0m"
 		source $clashdir/getdate.sh && clashlink
 	fi
-	echo -----------------------------------------------
-	$clashdir/start.sh start
-	sleep 1
-	[ -n "$(pidof clash)" ] && startover
 }
 checkrestart(){
 	echo -----------------------------------------------
@@ -206,7 +218,7 @@ log_pusher(){
 	case $num in
 	1)
 		echo -----------------------------------------------
-		cat /tmp/ShellClash_log
+		cat $TMPDIR/ShellClash_log
 		exit
 	;;
 	2)
@@ -284,7 +296,9 @@ log_pusher(){
 			read -p "确认关闭Bark日志推送？(1/0) > " res
 			[ "$res" = 1 ] && {
 				push_bark=
+				bark_param=
 				setconfig push_bark
+				setconfig bark_param
 			}
 		else
 			#echo -e "\033[33m详细设置指南请参考 https://juewuy.github.io/ \033[0m"
@@ -295,6 +309,14 @@ log_pusher(){
 			if [ -n "$url" ];then
 				push_bark=$url
 				setconfig push_bark $url
+				echo -----------------------------------------------
+				echo -e "\033[32m例: ?group=ShellClash\033[0m"
+				read -p "请输入你的Bark请求参数(默认回车为空) > " param
+				param=$(echo $param | sed 's/\&/\\\&/g')
+				if [ -n "$param" ];then
+					bark_param=$param
+					setconfig bark_param \'$param\'
+				fi
 				$clashdir/start.sh logger "已完成Bark日志推送设置！" 32
 			else
 				echo -e "\033[31m输入错误，请重新输入！\033[0m"
@@ -354,9 +376,9 @@ log_pusher(){
 	esac
 }
 setport(){
-	source $CFG_PATH
+	source $CFG_PATH > /dev/null
 	[ -z "$secret" ] && secret=未设置
-	[ -z "$authentication" ] && authentication=未设置
+	[ -z "$authentication" ] && auth=未设置 || auth=******
 	inputport(){
 		read -p "请输入端口号(1-65535) > " portx
 		if [ -z "$portx" ]; then
@@ -378,7 +400,7 @@ setport(){
 	}
 	echo -----------------------------------------------
 	echo -e " 1 修改Http/Sock5端口：	\033[36m$mix_port\033[0m"
-	echo -e " 2 设置Http/Sock5密码：	\033[36m$authentication\033[0m"
+	echo -e " 2 设置Http/Sock5密码：	\033[36m$auth\033[0m"
 	echo -e " 3 修改静态路由端口：	\033[36m$redir_port\033[0m"
 	echo -e " 4 修改DNS监听端口：	\033[36m$dns_port\033[0m"
 	echo -e " 5 修改面板访问端口：	\033[36m$db_port\033[0m"
@@ -534,7 +556,6 @@ setdns(){
 		else
 			echo -e "\033[31m当前设备未安装OpenSSL，无法启用加密DNS，Linux系统请自行搜索安装方式！\033[0m"
 		fi
-		rm -rf /tmp/ssl_test
 		sleep 2
 		setdns
 		
@@ -593,10 +614,11 @@ setipv6(){
 	[ -z "$ipv6_dns" ] && ipv6_dns=已开启
 	[ -z "$cn_ipv6_route" ] && cn_ipv6_route=未开启
 	echo -----------------------------------------------
-	echo -e " 1 ipv6内核支持:  \033[36m$ipv6_support\033[0m  ——用于ipv6节点及规则支持"
+	[ "$disoverride" != "1" ] && echo -e " 1 ipv6内核支持:  \033[36m$ipv6_support\033[0m  ——用于ipv6节点及规则支持"
 	echo -e " 2 ipv6透明代理:  \033[36m$ipv6_redir\033[0m  ——代理ipv6流量"
-	echo -e " 3 ipv6-DNS解析:  \033[36m$ipv6_dns\033[0m  ——决定内置DNS是否返回ipv6地址"	
+	[ "$disoverride" != "1" ] && echo -e " 3 ipv6-DNS解析:  \033[36m$ipv6_dns\033[0m  ——决定内置DNS是否返回ipv6地址"	
 	echo -e " 4 CNIP绕过内核:  \033[36m$cn_ipv6_route\033[0m  ——优化性能，不兼容fake-ip"	
+	echo -e " 0 返回上级菜单"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num		
 	case $num in
@@ -645,6 +667,82 @@ setipv6(){
 	;;
 	esac
 }
+setfirewall(){
+	set_cust_host_ipv4(){		
+		echo -----------------------------------------------
+		echo -e "当前已自动设置透明路由的网段为: \033[32m$(ip a 2>&1 | grep -w 'inet' | grep 'global' | grep 'br' | grep -v 'iot' | grep -E ' 1(92|0|72)\.' | sed 's/.*inet.//g' | sed 's/br.*$//g' | tr '\n' ' ' && echo ) \033[0m"
+		echo -e "当前已添加的自定义网段为:\033[36m$cust_host_ipv4\033[0m"
+		echo -----------------------------------------------	
+		echo -e "\033[33m自定义网段不会覆盖自动获取的网段地址，无需重复添加\033[0m"
+		echo -e " 1 移除所有自定义网段"
+		echo -e " 0 返回上级菜单"
+		read -p "请输入需要额外添加的网段 > " text
+		case $text in
+		1)
+			unset cust_host_ipv4
+			setconfig cust_host_ipv4
+			set_cust_host_ipv4
+		;;
+		0)
+		;;
+		*)
+			if [ -n "$(echo $text | grep -Eo '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}'$)" -a -z "$(echo $cust_host_ipv4 | grep "$text")" ];then
+				cust_host_ipv4="$cust_host_ipv4 $text"
+				setconfig cust_host_ipv4 "'$cust_host_ipv4'"
+			else
+				echo -----------------------------------------------
+				echo -e "\033[31m请输入正确的网段地址！\033[0m"
+			fi
+			sleep 1
+			set_cust_host_ipv4
+		;;
+		esac
+	}
+	[ -z "$public_support" ] && public_support=未开启
+	[ -z "$public_mixport" ] && public_mixport=未开启
+	[ -z "$ipv6_dns" ] && ipv6_dns=已开启
+	[ -z "$cn_ipv6_route" ] && cn_ipv6_route=未开启
+	echo -----------------------------------------------
+	echo -e " 1 公网访问Dashboard面板:	\033[36m$public_support\033[0m"
+	echo -e " 2 公网访问Socks/Http代理:	\033[36m$public_mixport\033[0m"
+	echo -e " 3 自定义透明路由ipv4网段:	适合vlan等复杂网络环境"	
+	echo -----------------------------------------------
+	read -p "请输入对应数字 > " num		
+	case $num in
+	1)
+		if [ "$public_support" = "未开启" ]; then 
+			public_support=已开启
+		else
+			public_support=未开启
+		fi
+		setconfig public_support $public_support
+		setfirewall   
+	;;
+	2)
+		if [ "$public_mixport" = "未开启" ]; then 
+			if [ "$mix_port" = "7890" -o -z "$authentication" ];then
+				echo -----------------------------------------------
+				echo -e "\033[33m为了安全考虑，请先修改默认Socks/Http端口并设置代理密码\033[0m"
+				sleep 1
+				setport
+			else
+				public_mixport=已开启
+			fi
+		else
+			public_mixport=未开启
+		fi
+		setconfig public_mixport $public_mixport
+		setfirewall   
+	;;
+	3)
+		set_cust_host_ipv4
+		setfirewall
+	;;
+	*)
+		errornum
+	;;
+	esac
+}
 checkport(){
 	for portx in $dns_port $mix_port $redir_port $db_port ;do
 		if [ -n "$(netstat -ntul 2>&1 |grep '\:$portx ')" ];then
@@ -654,7 +752,7 @@ checkport(){
 			echo -e "\033[0m-----------------------------------------------"
 			echo -e "\033[36m请修改默认端口配置！\033[0m"
 			setport
-			source $CFG_PATH
+			source $CFG_PATH > /dev/null
 			checkport
 		fi
 	done
@@ -663,7 +761,7 @@ macfilter(){
 	add_mac(){
 		echo -----------------------------------------------
 		echo 已添加的mac地址：
-		cat $clashdir/mac
+		cat $clashdir/configs/mac
 		echo -----------------------------------------------
 		echo -e "\033[33m序号   设备IP       设备mac地址       设备名称\033[32m"
 		cat $dhcpdir | awk '{print " "NR" "$3,$2,$4}'
@@ -674,9 +772,9 @@ macfilter(){
 		read -p "请输入对应序号或直接输入mac地址 > " num
 		if [ -z "$num" -o "$num" = 0 ]; then
 			i=
-		elif [ -n "$(echo $num | grep -E '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$')" ];then
-			if [ -z "$(cat $clashdir/mac | grep -E "$num")" ];then
-				echo $num | grep -oE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$' >> $clashdir/mac
+		elif [ -n "$(echo $num | grep -aE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$')" ];then
+			if [ -z "$(cat $clashdir/configs/mac | grep -E "$num")" ];then
+				echo $num | grep -oE '^([0-9A-Fa-f]{2}[:]){5}([0-9A-Fa-f]{2})$' >> $clashdir/configs/mac
 			else
 				echo -----------------------------------------------
 				echo -e "\033[31m已添加的设备，请勿重复添加！\033[0m"
@@ -684,8 +782,8 @@ macfilter(){
 			add_mac
 		elif [ $num -le $(cat $dhcpdir 2>/dev/null | awk 'END{print NR}') ]; then
 			macadd=$(cat $dhcpdir | awk '{print $2}' | sed -n "$num"p)
-			if [ -z "$(cat $clashdir/mac | grep -E "$macadd")" ];then
-				echo $macadd >> $clashdir/mac
+			if [ -z "$(cat $clashdir/configs/mac | grep -E "$macadd")" ];then
+				echo $macadd >> $clashdir/configs/mac
 			else
 				echo -----------------------------------------------
 				echo -e "\033[31m已添加的设备，请勿重复添加！\033[0m"
@@ -699,12 +797,12 @@ macfilter(){
 	}
 	del_mac(){
 		echo -----------------------------------------------
-		if [ -z "$(cat $clashdir/mac)" ];then
+		if [ -z "$(cat $clashdir/configs/mac)" ];then
 			echo -e "\033[31m列表中没有需要移除的设备！\033[0m"
 		else
 			echo -e "\033[33m序号   设备IP       设备mac地址       设备名称\033[0m"
 			i=1
-			for mac in $(cat $clashdir/mac); do
+			for mac in $(cat $clashdir/configs/mac); do
 				dev_ip=$(cat $dhcpdir | grep $mac | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip='000.000.00.00'
 				dev_mac=$(cat $dhcpdir | grep $mac | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$mac
 				dev_name=$(cat $dhcpdir | grep $mac | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备'
@@ -716,8 +814,8 @@ macfilter(){
 			read -p "请输入需要移除的设备的对应序号 > " num
 			if [ -z "$num" ]||[ "$num" -le 0 ]; then
 				n=
-			elif [ $num -le $(cat $clashdir/mac | wc -l) ];then
-				sed -i "${num}d" $clashdir/mac
+			elif [ $num -le $(cat $clashdir/configs/mac | wc -l) ];then
+				sed -i "${num}d" $clashdir/configs/mac
 				echo -----------------------------------------------
 				echo -e "\033[32m对应设备已移除！\033[0m"
 				del_mac
@@ -746,11 +844,11 @@ macfilter(){
 	echo -e "\033[30;47m请在此添加或移除设备\033[0m"
 	echo -e "当前过滤方式为：\033[33m$macfilter_type模式\033[0m"
 	echo -e "仅列表内设备\033[36m$macfilter_scrip经过\033[0mClash内核"
-	if [ -n "$(cat $clashdir/mac)" ]; then
+	if [ -n "$(cat $clashdir/configs/mac)" ]; then
 		echo -----------------------------------------------
 		echo -e "当前已过滤设备为：\033[36m"
 		echo -e "\033[33m   设备IP       设备mac地址       设备名称\033[0m"
-		for mac in $(cat $clashdir/mac); do
+		for mac in $(cat $clashdir/configs/mac); do
 			dev_ip=$(cat $dhcpdir | grep $mac | awk '{print $3}') && [ -z "$dev_ip" ] && dev_ip='000.000.00.00'
 			dev_mac=$(cat $dhcpdir | grep $mac | awk '{print $2}') && [ -z "$dev_mac" ] && dev_mac=$mac
 			dev_name=$(cat $dhcpdir | grep $mac | awk '{print $4}') && [ -z "$dev_name" ] && dev_name='未知设备'
@@ -781,7 +879,7 @@ macfilter(){
 		del_mac
 		macfilter
 	elif [ "$num" = 4 ]; then
-		:>$clashdir/mac
+		:>$clashdir/configs/mac
 		echo -----------------------------------------------
 		echo -e "\033[31m设备列表已清空！\033[0m"
 		macfilter
@@ -795,7 +893,7 @@ localproxy(){
 	[ -f /etc/rc.common -a -w /etc/passwd ] && local_enh=1
 	echo -----------------------------------------------
 	[ -n "$local_enh" ] && {
-		[ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐！)"
+		ckcmd iptables && [ -n "$(lsmod | grep ^xt_owner)" ] && echo -e " 1 使用\033[32miptables增强模式\033[0m配置(支持docker,推荐！)"
 		ckcmd nft && echo -e " 2 使用\033[32mnftables增强模式\033[0m配置(支持docker,推荐！)"
 	}
 	echo -e " 3 使用\033[33m环境变量\033[0m方式配置(部分应用可能无法使用,不推荐！)"
@@ -868,13 +966,12 @@ setboot(){
 	2)
 		if [ "$start_old" = "未开启" ] > /dev/null 2>&1; then 
 			echo -e "\033[33m改为使用保守模式启动clash服务！！\033[0m"
-			echo -e "\033[31m注意：部分设备保守模式可能无法禁用开机启动！！\033[0m"
 			start_old=已开启
 			setconfig start_old $start_old
 			$clashdir/start.sh stop
 		else
 			if [ -f /etc/init.d/clash -o -w /etc/systemd/system -o -w /usr/lib/systemd/system ];then
-				echo -e "\033[32m改为使用默认方式启动clash服务！！\033[0m"
+				echo -e "\033[32m改为使用系统守护进程启动clash服务！！\033[0m"
 				$clashdir/start.sh cronset "ShellClash初始化"
 				start_old=未开启
 				setconfig start_old $start_old
@@ -995,7 +1092,6 @@ clashcfg(){
 		[ -n "$(iptables -j TPROXY 2>&1 | grep 'on-port')" ] && sup_tp=1
 		[ -n "$(lsmod | grep '^tun')" ] || ip tuntap &>/dev/null && sup_tun=1
 		ckcmd nft && sup_nft=1
-		#[ -n "$(lsmod | grep 'nft_tproxy')" ] && sup_nft=2
 		echo -----------------------------------------------
 		echo -e "当前代理模式为：\033[47;30m $redir_mod \033[0m；Clash核心为：\033[47;30m $clashcore \033[0m"
 		echo -e "\033[33m切换模式后需要手动重启clash服务以生效！\033[0m"
@@ -1028,7 +1124,12 @@ clashcfg(){
 			set_redir_config
 			
 		elif [ "$num" = 3 ]; then
-			redir_mod=Tproxy混合	
+			if [ -f /etc/init.d/qca-nss-ecm -a "$systype" = "mi_snapshot" ] ;then
+				read -p "当前设备的QOS服务与本模式冲突，是否禁用相关功能？(1/0) > " res
+				[ "$res" = '1' ] && $clashdir/misnap_init.sh tproxyfix && redir_mod=Tproxy混合
+			else
+				redir_mod=Tproxy混合
+			fi	
 			set_redir_config
 			
 		elif [ "$num" = 4 ]; then
@@ -1036,7 +1137,12 @@ clashcfg(){
 			set_redir_config
 			
 		elif [ "$num" = 5 ]; then
-			redir_mod=Tproxy模式	
+			if [ -f /etc/init.d/qca-nss-ecm -a "$systype" = "mi_snapshot" ] ;then
+				read -p "当前设备的QOS服务与本模式冲突，是否禁用相关功能？(1/0) > " res
+				[ "$res" = '1' ] && $clashdir/misnap_init.sh tproxyfix && redir_mod=Tproxy模式
+			else
+				redir_mod=Tproxy模式
+			fi	
 			set_redir_config
 			
 		elif [ "$num" = 6 ]; then
@@ -1078,9 +1184,9 @@ clashcfg(){
 		echo -e "\033[33m切换模式后需要手动重启clash服务以生效！\033[0m"
 		echo -----------------------------------------------
 		echo -e " 1 fake-ip模式：   \033[32m响应速度更快\033[0m"
-		echo -e "                   兼容性比较差，部分应用可能打不开"
+		echo -e "                   不支持绕过CN-IP功能"
 		echo -e " 2 redir_host模式：\033[32m兼容性更好\033[0m"
-		echo -e "                   不支持Tun模式，抗污染能力略差"
+		echo -e "                   需搭配加密DNS使用"
 		echo " 0 返回上级菜单"
 		read -p "请输入对应数字 > " num
 		if [ -z "$num" ]; then
@@ -1118,26 +1224,30 @@ clashcfg(){
 		echo -e "示例：*.b.com"
 		echo -e "示例：*.*.b.com\033[0m"
 		echo -----------------------------------------------
-		if [ -f $clashdir/fake_ip_filter ];then
+		if [ -s $clashdir/configs/fake_ip_filter ];then
 			echo -e "\033[33m已添加Fake-ip过滤地址：\033[0m"
-			cat $clashdir/fake_ip_filter | awk '{print NR" "$1}'
+			cat $clashdir/configs/fake_ip_filter | awk '{print NR" "$1}'
 		else
 			echo -e "\033[33m你还未添加Fake-ip过滤地址\033[0m" 
 		fi
 		echo -----------------------------------------------
 		echo -e "\033[32m输入数字直接移除对应地址，输入地址直接添加！\033[0m"
 		read -p "请输入数字或地址 > " input
-		if [ -z "$input" -o "input" = 0 ];then
-			i=
-		elif [ "$input" -le "$(cat $clashdir/fake_ip_filter | wc -l)" ];then
-			sed -i "${input}d" $clashdir/fake_ip_filter	2>/dev/null
+		case $input in
+		0) ;;
+		'') ;;
+		[0-99])
+			sed -i "${input}d" $clashdir/configs/fake_ip_filter	2>/dev/null
 			echo -e "\033[32m移除成功！\033[0m"	
 			fake_ip_filter
-		else
+		;;
+		*)
 			echo -e "你输入的地址是：\033[32m$input\033[0m"	
 			read -p "确认添加？(1/0) > " res
-			[ "$res" = 1 ] && echo $input >> $clashdir/fake_ip_filter || fake_ip_filter
-		fi
+			[ "$res" = 1 ] && echo $input >> $clashdir/configs/fake_ip_filter
+			fake_ip_filter
+		;;
+		esac
 	}
 	#获取设置默认显示
 	[ -z "$skip_cert" ] && skip_cert=已开启
@@ -1147,21 +1257,25 @@ clashcfg(){
 	[ -z "$cn_ip_route" ] && cn_ip_route=未开启
 	[ -z "$local_proxy" ] && local_proxy=未开启
 	[ -z "$quic_rj" ] && quic_rj=未开启
-	[ -z "$(cat $clashdir/mac)" ] && mac_return=未开启 || mac_return=已启用
+	[ -z "$(cat $clashdir/configs/mac)" ] && mac_return=未开启 || mac_return=已启用
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用功能设置菜单：\033[0m"
 	echo -----------------------------------------------
 	echo -e " 1 切换Clash运行模式: 	\033[36m$redir_mod\033[0m"
-	echo -e " 2 切换DNS运行模式：	\033[36m$dns_mod\033[0m"
-	echo -e " 3 跳过本地证书验证：	\033[36m$skip_cert\033[0m   ————解决节点证书验证错误"
+	[ "$disoverride" != "1" ] && {
+		echo -e " 2 切换DNS运行模式：	\033[36m$dns_mod\033[0m"
+		echo -e " 3 跳过本地证书验证：	\033[36m$skip_cert\033[0m   ————解决节点证书验证错误"
+	}
 	echo -e " 4 只代理常用端口： 	\033[36m$common_ports\033[0m   ————用于过滤P2P流量"
 	echo -e " 5 过滤局域网设备：	\033[36m$mac_return\033[0m   ————使用黑/白名单进行过滤"
 	echo -e " 6 设置本机代理服务:	\033[36m$local_proxy\033[0m   ————使本机流量经过clash内核"
 	echo -e " 7 屏蔽QUIC流量:	\033[36m$quic_rj\033[0m   ————优化视频性能"
-	[ "$dns_mod" = "fake-ip" ] && \
-	echo -e " 8 管理Fake-ip过滤列表" || \
-	echo -e " 8 CN_IP绕过内核:	\033[36m$cn_ip_route\033[0m   ————优化性能，不兼容Fake-ip"
+	[ "$disoverride" != "1" ] && {
+		[ "$dns_mod" = "fake-ip" ] && \
+		echo -e " 8 管理Fake-ip过滤列表" || \
+		echo -e " 8 CN_IP绕过内核:	\033[36m$cn_ip_route\033[0m   ————优化性能，不兼容Fake-ip"
+	}
 	echo -----------------------------------------------
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
@@ -1200,7 +1314,9 @@ clashcfg(){
 		set_common_ports(){
 			if [ "$common_ports" = "未开启" ]; then 
 				echo -e "\033[33m已设为仅代理【$multiport】等常用端口！！\033[0m"
+				echo -e "\033[31m注意，fake-ip模式下，非常用端口的域名连接将不受影响！！\033[0m"
 				common_ports=已开启
+				sleep 1
 			else
 				echo -e "\033[33m已设为代理全部端口！！\033[0m"
 				common_ports=未开启
@@ -1217,7 +1333,12 @@ clashcfg(){
 		clashcfg  
 
 	elif [ "$num" = 5 ]; then	
+		checkcfg_mac=$(cat $clashdir/configs/mac)
 		macfilter
+		if [ -n "$PID" ];then
+			checkcfg_mac_new=$(cat $clashdir/configs/mac)
+			[ "$checkcfg_mac" != "$checkcfg_mac_new" ] && checkrestart
+		fi
 		clashcfg
 		
 	elif [ "$num" = 6 ]; then	
@@ -1254,7 +1375,6 @@ clashcfg(){
 		echo -----------------------------------------------
 		if [ "$dns_mod" = "fake-ip" ];then
 			fake_ip_filter
-			clashcfg
 		else
 			if [ -n "$(ipset -v 2>/dev/null)" -o -n "$(echo $redir_mod | grep Nft)" ];then
 				if [ "$cn_ip_route" = "未开启" ]; then 
@@ -1294,43 +1414,33 @@ clashadv(){
 	echo -e "\033[30;47m欢迎使用进阶模式菜单：\033[0m"
 	echo -e "\033[33m如您并不了解clash的运行机制，请勿更改本页面功能！\033[0m"
 	echo -----------------------------------------------
-	echo -e " 1 ipv6相关"
+	[ "$disoverride" != "1" ] && echo -e " 1 ipv6相关"
 	#echo -e " 2 配置Meta特性"
-	echo -e " 3 启用节点绕过:	\033[36m$proxies_bypass\033[0m	————用于防止多设备多重流量"
-	echo -e " 4 启用域名嗅探:	\033[36m$sniffer\033[0m	————用于流媒体及防DNS污染"
-	echo -e " 5 启用公网访问:	\033[36m$public_support\033[0m	————需要路由拨号+公网IP"
-	echo -e " 6 配置内置DNS服务	\033[36m$dns_no\033[0m"
-	echo -e " 7 使用自定义配置"
-	echo -e " 8 手动指定相关端口、秘钥及本机host"
+	echo -e " 3 配置公网及局域网防火墙"
+	[ "$disoverride" != "1" ] && {
+		echo -e " 4 启用域名嗅探:	\033[36m$sniffer\033[0m	————用于流媒体及防DNS污染"
+		echo -e " 5 启用节点绕过:	\033[36m$proxies_bypass\033[0m	————用于防止多设备多重流量"
+		echo -e " 6 配置内置DNS服务	\033[36m$dns_no\033[0m"
+	}
 	echo -----------------------------------------------
 	echo -e " 9 \033[31m重置/备份/还原\033[0m脚本设置"
 	echo -e " 0 返回上级菜单 \033[0m"
 	echo -----------------------------------------------
 	read -p "请输入对应数字 > " num
-	if [ -z "$num" ]; then
-		errornum
-	elif [ "$num" = 0 ]; then
-		i=
-		
-	elif [ "$num" = 1 ]; then
+	case "$num" in
+	1)
 		setipv6
 		clashadv
-		
-	elif [ "$num" = 3 ]; then
-		echo -----------------------------------------------
-		if [ "$proxies_bypass" = "未启用" ];then
-			proxies_bypass=已启用
-			echo -e "\033[33m仅当ShellClash与子网络同类应用使用相同节点配置时方可生效！\033[0m"
-			sleep 1
-		else
-			proxies_bypass=未启用
-		fi
-		setconfig proxies_bypass $proxies_bypass
-		echo -e "\033[32m设置成功！\033[0m"
-		sleep 1		
-		clashadv
-		
-	elif [ "$num" = 4 ]; then
+	;;	
+	2)
+		setmeta
+		clashadv	
+	;;	
+	3)
+		setfirewall
+		clashadv	
+	;;	
+	4)
 		echo -----------------------------------------------
 		if [ "$sniffer" = "未启用" ];then
 			if [ "$clashcore" = "clash" ];then
@@ -1349,92 +1459,26 @@ clashadv(){
 		echo -e "\033[32m设置成功！\033[0m"
 		sleep 1		
 		clashadv
-		
-	elif [ "$num" = 5 ]; then
-		if [ "$public_support" = "未开启" ]; then 
-			echo -e "\033[32m已开启公网访问Dashboard端口，安全起见建议设置面板访问密码！！\033[0m"
-			echo -e "\033[33m如需访问Http/Sock5代理，请在端口设置中修改默认端口并设置访问密码！\033[0m"
-			echo -e "\033[31m如未设置密码或仍使用默认端口，将自动拒绝连接！！！\033[0m"
-			public_support=已开启
-			setconfig public_support $public_support
-			sleep 3
-		else
-			echo -e "\033[32m已禁止公网访问Dashboard端口及Http/Sock5代理端口！！\033[0m"
-			echo -e "\033[33m如果你的防火墙默认放行公网流量，可能禁用失败！\033[0m"
-			public_support=未开启
-			setconfig public_support $public_support
+	;;
+	5)
+		echo -----------------------------------------------
+		if [ "$proxies_bypass" = "未启用" ];then
+			proxies_bypass=已启用
+			echo -e "\033[33m仅当ShellClash与子网络同类应用使用相同节点配置时方可生效！\033[0m"
 			sleep 1
-		fi
-			clashadv
-		
-	elif [ "$num" = 6 ]; then
-		source $CFG_PATH
-		if [ "$dns_no" = "已禁用" ];then
-			read -p "检测到内置DNS已被禁用，是否启用内置DNS？(1/0) > " res
-			if [ "$res" = "1" ];then
-				setconfig dns_no
-				setdns
-			fi
 		else
-			setdns
-		fi
-		clashadv	
-		
-	elif [ "$num" = 8 ]; then
-		source $CFG_PATH
-		if [ -n "$(pidof clash)" ];then
-			echo -----------------------------------------------
-			echo -e "\033[33m检测到clash服务正在运行，需要先停止clash服务！\033[0m"
-			read -p "是否停止clash服务？(1/0) > " res
-			if [ "$res" = "1" ];then
-				$clashdir/start.sh stop
-				setport
-			fi
-		else
-			setport
+			proxies_bypass=未启用
 		fi
+		setconfig proxies_bypass $proxies_bypass
+		echo -e "\033[32m设置成功！\033[0m"
+		sleep 1		
 		clashadv
-		
-	elif [ "$num" = 7 ]; then
-		[ ! -f $clashdir/user.yaml ] && cat > $clashdir/user.yaml <<EOF
-#用于编写自定义设定(可参考https://lancellc.gitbook.io/clash)，例如
-#新版已经支持直接读取系统hosts(/etc/hosts)并写入配置文件，无需在此处添加！
-#新版meta内核已经支持yaml-v3，所有能在脚本中修改的条目请勿在此处配置以免报错！
-#port: 7890
-EOF
-		[ ! -f $clashdir/rules.yaml ] && cat > $clashdir/rules.yaml <<EOF
-#用于编写自定义规则(此处规则将优先生效)，(可参考https://lancellc.gitbook.io/clash/clash-config-file/rules)：
-#例如“🚀 节点选择”、“🎯 全球直连”这样的自定义规则组必须与config.yaml中的代理规则组相匹配，否则将无法运行
-# 【#】号代表注释！！！注释条目不会生效！！！
-# - DOMAIN-SUFFIX,google.com,🚀 节点选择
-# - DOMAIN-KEYWORD,baidu,🎯 全球直连
-# - DOMAIN,ad.com,REJECT
-# - SRC-IP-CIDR,192.168.1.201/32,DIRECT
-# - IP-CIDR,127.0.0.0/8,DIRECT
-# - IP-CIDR6,2620:0:2d0:200::7/32,🚀 节点选择
-# - DST-PORT,80,DIRECT
-# - SRC-PORT,7777,DIRECT
-EOF
-		[ ! -f $clashdir/proxies.yaml ] && cat > $clashdir/proxies.yaml <<EOF
-#proxies:
-#  - {name: "test", server: 192.168.1.1, port: 9050, type: socks5, udp: true}
-EOF
-		[ ! -f $clashdir/proxy-groups.yaml ] && cat > $clashdir/proxy-groups.yaml <<EOF
-#proxy-groups:
-#  - name: OFFICE
-#    type: select
-#    proxies:
-#      - office-router
-EOF
-		echo -e "\033[32m已经启用自定义配置功能！\033[0m"
-		echo -e "Windows下请\n使用\033[33mwinscp软件\033[0m进入$clashdir目录后手动编辑！\033[0m"
-		echo -e "Shell下(\033[31m部分旧设备可能不显示中文\033[0m)可\n使用【\033[36mvi $clashdir/user.yaml\033[0m】编辑自定义设定文件;\n使用【\033[36mvi $clashdir/rules.yaml\033[0m】编辑自定义规则文件。"
-		echo -e "使用【\033[36mvi $clashdir/proxies.yaml\033[0m】编辑自定义代理文件;\n使用【\033[36mvi $clashdir/proxy-groups.yaml\033[0m】编辑自定义策略组文件。"
-		echo -e "如需自定义节点，可以在config.yaml文件中修改或者直接替换config.yaml文件！\033[0m"
-		sleep 3
+	;;
+	6)
+		setdns	
 		clashadv
-		
-	elif [ "$num" = 9 ]; then	
+	;;
+	9)
 		echo -e " 1 备份脚本设置"
 		echo -e " 2 还原脚本设置"
 		echo -e " 3 重置脚本设置"
@@ -1463,10 +1507,30 @@ EOF
 		fi
 		echo -e "\033[33m请重新启动脚本！\033[0m"
 		exit 0
-
-	else
-		errornum
-	fi
+	;;
+	*)	errornum	;;
+	esac
+}
+#工具脚本
+autoSSH(){
+	echo -----------------------------------------------
+	echo -e "\033[33m本功能使用软件命令进行固化不保证100%成功！\033[0m"
+	echo -e "\033[33m如有问题请加群反馈：\033[36;4mhttps://t.me/ShellClash\033[0m"
+	read -p "请输入需要还原的SSH密码(不影响当前密码,回车可跳过) > " mi_autoSSH_pwd
+	mi_autoSSH=已配置
+	cp -f /etc/dropbear/dropbear_rsa_host_key $clashdir/configs/dropbear_rsa_host_key 2>/dev/null
+	cp -f /etc/dropbear/authorized_keys $clashdir/configs/authorized_keys 2>/dev/null
+	ckcmd nvram && {
+		nvram set ssh_en=1  
+		nvram set telnet_en=1  
+		nvram set uart_en=1  
+		nvram set boot_wait=on  
+		nvram commit
+	}
+	echo -e "\033[32m设置成功！\033[0m"
+	setconfig mi_autoSSH $mi_autoSSH
+	setconfig mi_autoSSH_pwd $mi_autoSSH_pwd
+	sleep 1
 }
 tools(){
 	ssh_tools(){
@@ -1535,8 +1599,8 @@ tools(){
 			}
 	#获取设置默认显示
 	[ -n "$(cat /etc/crontabs/root 2>&1| grep otapredownload)" ] && mi_update=禁用 || mi_update=启用
-	[ "$mi_autoSSH" = "已启用" ] && mi_autoSSH_type=32m已启用 || mi_autoSSH_type=31m未启用
-	[ -f $clashdir/tun.ko ] && mi_tunfix=32m已启用 || mi_tunfix=31m未启用
+	[ "$mi_autoSSH" = "已配置" ] && mi_autoSSH_type=32m已配置 || mi_autoSSH_type=31m未配置
+	[ -f $clashdir/tools/tun.ko ] && mi_tunfix=32m已启用 || mi_tunfix=31m未启用
 	#
 	echo -----------------------------------------------
 	echo -e "\033[30;47m欢迎使用其他工具菜单：\033[0m"
@@ -1578,17 +1642,17 @@ tools(){
 		
 	elif [ "$num" = 7 ]; then
 		echo -----------------------------------------------
-		if [ ! -f $clashdir/ShellDDNS.sh ];then
+		if [ ! -f $clashdir/tools/ShellDDNS.sh ];then
 			echo -e "正在获取在线脚本……"
-			$clashdir/start.sh webget /tmp/ShellDDNS.sh $update_url/tools/ShellDDNS.sh
+			$clashdir/start.sh webget $TMPDIR/ShellDDNS.sh $update_url/tools/ShellDDNS.sh
 			if [ "$?" = "0" ];then
-				mv -f /tmp/ShellDDNS.sh $clashdir/ShellDDNS.sh
-				source $clashdir/ShellDDNS.sh
+				mv -f $TMPDIR/ShellDDNS.sh $clashdir/tools/ShellDDNS.sh
+				source $clashdir/tools/ShellDDNS.sh
 			else
 				echo -e "\033[31m文件下载失败！\033[0m"
 			fi
 		else
-			source $clashdir/ShellDDNS.sh
+			source $clashdir/tools/ShellDDNS.sh
 		fi
 		sleep 1
 		tools  
@@ -1601,44 +1665,31 @@ tools(){
 		tools	
 		
 	elif [ "$num" = 6 ]; then
-		if [ "$mi_autoSSH" = "已启用" ];then
-			mi_autoSSH=禁用
+		if [ "$systype" = "mi_snapshot" ];then
+			autoSSH
 		else
-			if [ "$systype" = "mi_snapshot" ];then
-				echo -----------------------------------------------
-				echo -e "\033[33m本功能使用软件命令进行固化不保证100%成功！\033[0m"
-				echo -e "\033[33m如有问题请加群反馈：\033[36;4mhttps://t.me/ShellClash\033[0m"
-				read -p "请输入需要还原的SSH密码(不影响当前密码,回车可跳过) > " mi_autoSSH_pwd
-				mi_autoSSH=已启用
-				cp -f /etc/dropbear/dropbear_rsa_host_key $clashdir/dropbear_rsa_host_key 2>/dev/null
-				cp -f /etc/dropbear/authorized_keys $clashdir/authorized_keys 2>/dev/null
-				echo -e "\033[32m设置成功！\033[0m"
-				sleep 1
-			else
-				echo 不支持的设备！
-			fi
+			echo 不支持的设备！
 		fi
-		setconfig mi_autoSSH $mi_autoSSH
-		setconfig mi_autoSSH_pwd $mi_autoSSH_pwd
 		tools		
 	elif [ "$num" = 8 ]; then
-		if [ -f $clashdir/tun.ko ];then
+		if [ -f $clashdir/tools/tun.ko ];then
 			read -p "是否禁用此功能并移除相关补丁？(1/0) > " res
 			[ "$res" = 1 ] && {
-				rm -rf $clashdir/tun.ko
+				rm -rf $clashdir/tools/tun.ko
 				echo -e "\033[33m补丁文件已移除，请立即重启设备以防止出错！\033[0m"
 			}
 		elif [ -z "$(modinfo tun)" ];then
-			echo -e "\033[33m本功能需要修改系统文件，可能导致未知的不稳定情况产生！\033[0m"
-			echo -e "\033[33m本功能采集的Tun模块不一定适用于你的设备！\033[0m"
-			read -p "是否继续？(1/0) > " res
+			echo -e "\033[33m本功能需要修改系统文件，不保证没有任何风险！\033[0m"
+			echo -e "\033[33m本功能采集的Tun模块并不一定适用于你的设备！\033[0m"
+			sleep 1
+			read -p "我已知晓，出现问题会自行承担！(1/0) > " res
 			if [ "$res" = 1 ];then
 				tunfixlink="${update_url}/bin/fix/tun.ko"
 				echo -----------------------------------------------
 				echo 正在连接服务器获取Tun模块补丁文件…………
-				$clashdir/start.sh webget /tmp/tun.ko $tunfixlink
+				$clashdir/start.sh webget $TMPDIR/tun.ko $tunfixlink
 				if [ "$?" = "0" ];then
-					mv -f /tmp/tun.ko $clashdir && \
+					mv -f $TMPDIR/tun.ko $clashdir/tools/tun.ko && \
 					$clashdir/misnap_init.sh tunfix && \
 					echo -e "\033[32m设置成功！请重启clash服务！\033[0m"
 				else
@@ -1695,15 +1746,15 @@ clashcron(){
 						echo 将在$week1的$hour点$min分$cronname（旧的任务会被覆盖）
 						read -p  "是否确认添加定时任务？(1/0) > " res
 						if [ "$res" = '1' ]; then
-							cronwords="$min $hour * * $week $cronset >/dev/null 2>&1 #$week1的$hour点$min分$cronname"
-							tmpcron=/tmp/cron_$USER
+							cronwords="$min $hour * * $week $cronset #$week1的$hour点$min分$cronname"
+							tmpcron=$TMPDIR/cron_$USER
 							croncmd -l > $tmpcron
 							sed -i "/$cronname/d" $tmpcron
 							sed -i '/^$/d' $tmpcron
 							echo "$cronwords" >> $tmpcron
 							croncmd $tmpcron
 							#华硕/Padavan固件存档在本地,其他则删除
-							[ "$clashdir" = "/jffs/clash" -o "$clashdir" = "/etc/storage/clash" ] && mv -f $tmpcron $clashdir/cron || rm -f $tmpcron
+							[ "$clashdir" = "/jffs/clash" -o "$clashdir" = "/etc/storage/clash" ] && mv -f $tmpcron $clashdir/tools/cron || rm -f $tmpcron
 							echo -----------------------------------------------
 							echo -e "\033[31m定时任务已添加！！！\033[0m"
 						fi
@@ -1726,9 +1777,9 @@ clashcron(){
 		elif [ "$num" = 0 ]; then
 			i=
 		elif [ "$num" = 9 ]; then
-			croncmd -l > /tmp/conf && sed -i "/$cronname/d" /tmp/conf && croncmd /tmp/conf
-			sed -i "/$cronname/d" $clashdir/cron 2>/dev/null
-			rm -f /tmp/conf
+			croncmd -l > $TMPDIR/conf && sed -i "/$cronname/d" $TMPDIR/conf && croncmd $TMPDIR/conf
+			sed -i "/$cronname/d" $clashdir/tools/cron 2>/dev/null
+			rm -f $TMPDIR/conf
 			echo -----------------------------------------------
 			echo -e "\033[31m定时任务：$cronname已删除！\033[0m"
 		elif [ "$num" = 8 ]; then	
@@ -1794,11 +1845,10 @@ clashcron(){
 		echo -e "\033[33m可包含空格，请确保命令可执行！\033[0m"
 		read -p "请输入命令语句 > " script
 		if [ -n "$script" ];then
-			cronset=\'$script\'
+			cronset=$script
 			echo -e "请检查输入：\033[32m$cronset\033[0m"
 			read -p "请输入任务备注 > " txt
 			[ -n "$txt" ] && cronname=$txt || cronname=ShellClash自定义
-			cronset="$clashdir/start.sh updateyaml"
 			setcron	
 		else
 			echo -e "\033[31m输入错误，请重新输入！\033[0m"
@@ -1811,9 +1861,9 @@ clashcron(){
 		read -p "请输入备注的关键词 > " txt
 		[ -n "$txt" ] && {
 			cronname=$txt
-			croncmd -l > /tmp/conf && sed -i "/$cronname/d" /tmp/conf && croncmd /tmp/conf
-			sed -i "/$cronname/d" $clashdir/cron 2>/dev/null
-			rm -f /tmp/conf
+			croncmd -l > $TMPDIR/conf && sed -i "/$cronname/d" $TMPDIR/conf && croncmd $TMPDIR/conf
+			sed -i "/$cronname/d" $clashdir/tools/cron 2>/dev/null
+			rm -f $TMPDIR/conf
 			echo -----------------------------------------------
 			echo -e "所有关键词\033[32m$cronname\033[0m匹配的定时任务均已删除！\033[0m"
 			sleep 1
@@ -1926,9 +1976,9 @@ case "$1" in
 		echo "	-h 帮助列表"
 		echo "	-u 卸载脚本"
 		echo -----------------------------------------
-		echo "	$clashdir/start.sh start	启动服务"
-		echo "	$clashdir/start.sh stop		停止服务"
-		echo "	$clashdir/start.sh init		写入服务"
+		echo "	clash -s start	启动服务"
+		echo "	clash -s stop		停止服务"
+		echo "	安装目录/start.sh init		开机初始化"
 		echo -----------------------------------------
 		echo "在线求助：t.me/ShellClash"
 		echo "官方博客：juewuy.github.io"
@@ -1947,12 +1997,22 @@ case "$1" in
 		$shtype -x $clashdir/start.sh $2 $3 $4 $5 $6
 	;;
 	-u)
-		read -p "确认卸载ShellClash？（警告：该操作不可逆！）[1/0] " res
+		read -p "确认卸载ShellClash？(警告：该操作不可逆！)[1/0] > " res
 		if [ "$res" = '1' ]; then
 			$clashdir/start.sh stop
 			$clashdir/start.sh cronset "clash服务"
 			$clashdir/start.sh cronset "订阅链接"
 			$clashdir/start.sh cronset "ShellClash初始化"
+			read -p "是否保留脚本配置及订阅文件？[1/0] > " res
+			if [ "$res" = '1' ]; then
+				mv -f $clashdir/configs /tmp/clash_$USER
+				mv -f $clashdir/yamls /tmp/clash_$USER
+				rm -rf $clashdir/*
+				mv -f /tmp/clash_$USER/configs $clashdir
+				mv -f /tmp/clash_$USER/yamls $clashdir
+			else
+				rm -rf $clashdir
+			fi
 			[ -w ~/.bashrc ] && profile=~/.bashrc
 			[ -w /etc/profile ] && profile=/etc/profile
 			sed -i '/alias clash=*/'d $profile
@@ -1963,7 +2023,6 @@ case "$1" in
 			sed -i '/ShellClash初始化/'d /etc/storage/started_script.sh 2>/dev/null
 			sed -i '/ShellClash初始化/'d /jffs/.asusrouter 2>/dev/null
 			rm -rf $bindir 
-			rm -rf $clashdir
 			rm -rf /etc/init.d/clash
 			rm -rf /etc/systemd/system/clash.service
 			rm -rf /usr/lib/systemd/system/clash.service

scripts/clashservice

@@ -8,7 +8,7 @@ USE_PROCD=1
 #获取目录
 DIR=$(cat /etc/profile | grep clashdir | awk -F "\"" '{print $2}')
 [ -z "$DIR" ] && DIR=$(cat ~/.bashrc | grep clashdir | awk -F "\"" '{print $2}')
-BINDIR=$(cat $DIR/mark | grep bindir | awk -F "=" '{print $2}')
+BINDIR=$(cat $DIR/configs/ShellClash.cfg | grep bindir | awk -F "=" '{print $2}')
 [ -z "$BINDIR" ] && BINDIR=$DIR
 
 start_service() {
@@ -37,7 +37,7 @@ start() {
 			#其他设置
 			$DIR/start.sh afstart
 			#设置守护进程
-			$DIR/start.sh deamon
+			$DIR/start.sh daemon
 		fi
 	else
 		start_service

scripts/init.sh

@@ -1,11 +1,11 @@
 #!/bin/sh
 # Copyright (C) Juewuy
 
-version=1.7.4f
+version=1.8.0
 
 setdir(){
 	dir_avail(){
-		df $2 $1 |awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' |grep Ava |awk '{print $2}'
+		df $2 $1 |awk '{ for(i=1;i<=NF;i++){ if(NR==1){ arr[i]=$i; }else{ arr[i]=arr[i]" "$i; } } } END{ for(i=1;i<=NF;i++){ print arr[i]; } }' |grep -E 'Ava|可用' |awk '{print $2}'
 	}
 	set_usb_dir(){
 		echo -e "请选择安装目录"
@@ -74,6 +74,7 @@ if [ -n "$systype" ];then
 			exit 1 ;;
 		esac
 	}
+	[ "$systype" = "ng_snapshot" ] && dir=/tmp/mnt
 else
 	echo -e "\033[33m安装ShellClash至少需要预留约1MB的磁盘空间\033[0m"	
 	echo -e " 1 在\033[32m/etc目录\033[0m下安装(适合root用户)"
@@ -123,7 +124,7 @@ fi
 }
 setconfig(){
 	#参数1代表变量名，参数2代表变量值,参数3即文件路径
-	[ -z "$3" ] && configpath=$clashdir/mark || configpath=$3
+	[ -z "$3" ] && configpath=$clashdir/configs/ShellClash.cfg || configpath=$3
 	[ -n "$(grep -E "^${1}=" $configpath)" ] && sed -i "s#^${1}=\(.*\)#${1}=${2}#g" $configpath || echo "${1}=${2}" >> $configpath
 }
 
@@ -139,6 +140,7 @@ $clashdir/start.sh stop 2>/dev/null #防止进程冲突
 	[ -d "/jffs/scripts" ] && initdir='/jffs/scripts/nat-start' 
 	}
 [ -f "/data/etc/crontabs/root" ] && systype=mi_snapshot #小米设备
+[ -w "/var/mnt/cfg/firewall" ] && systype=ng_snapshot #NETGEAR设备
 
 #检查环境变量
 [ -z "$clashdir" -a -d /tmp/SC_tmp ] && {
@@ -149,7 +151,8 @@ mkdir -p $clashdir
 mv -f /tmp/SC_tmp/* $clashdir 2>/dev/null
 
 #初始化
-[ -f "$clashdir/mark" ] || echo '#ShellClash配置文件，不明勿动！' > $clashdir/mark
+mkdir -p $clashdir/configs
+[ -f "$clashdir/configs/ShellClash.cfg" ] || echo '#ShellClash配置文件，不明勿动！' > $clashdir/configs/ShellClash.cfg
 #本地安装跳过新手引导
 #[ -z "$url" ] && setconfig userguide 1
 #判断系统类型写入不同的启动文件
@@ -206,8 +209,8 @@ fi
 	chmod a+rx $initdir 2>/dev/null
 	setconfig initdir $initdir
 	}
-#小米镜像化OpenWrt额外设置
-if [ "$systype" = "mi_snapshot" ];then
+#镜像化OpenWrt(snapshot)额外设置
+if [ "$systype" = "mi_snapshot" -o "$systype" = "ng_snapshot" ];then
 	chmod 755 $clashdir/misnap_init.sh
 	uci set firewall.ShellClash=include
 	uci set firewall.ShellClash.type='script'
@@ -227,6 +230,22 @@ fi
 #删除临时文件
 rm -rf /tmp/*lash*gz
 rm -rf /tmp/SC_tmp
-
+#转换&清理旧版本文件
+mkdir -p $clashdir/yamls
+mkdir -p $clashdir/tools
+for file in config.yaml.bak user.yaml proxies.yaml proxy-groups.yaml rules.yaml others.yaml ;do
+	mv -f $clashdir/$file $clashdir/yamls/$file 2>/dev/null
+done
+	[ ! -L $clashdir/config.yaml ] && mv -f $clashdir/config.yaml $clashdir/yamls/config.yaml 2>/dev/null
+for file in fake_ip_filter mac web_save servers.list fake_ip_filter.list fallback_filter.list;do
+	mv -f $clashdir/$file $clashdir/configs/$file 2>/dev/null
+done
+	mv -f $clashdir/mark $clashdir/configs/ShellClash.cfg 2>/dev/null
+for file in cron dropbear_rsa_host_key authorized_keys tun.ko ShellDDNS.sh;do
+	mv -f $clashdir/$file $clashdir/tools/$file 2>/dev/null
+done
+for file in log clash.service mark? mark.bak;do
+	rm -rf $clashdir/$file
+done
 sleep 1
 echo -e "\033[32m脚本初始化完成,请输入\033[30;47m clash \033[0;33m命令开始使用！\033[0m"

scripts/misnap_init.sh

@@ -6,20 +6,25 @@ profile=/etc/profile
 
 autoSSH(){
 	#自动开启SSH
-	[ "$(nvram get ssh_en)" = 0 ] && nvram set ssh_en=1 && nvram commit
     [ "`uci -c /usr/share/xiaoqiang get xiaoqiang_version.version.CHANNEL`" != 'stable' ] && {
-	uci -c /usr/share/xiaoqiang set xiaoqiang_version.version.CHANNEL='stable' 
-    uci -c /usr/share/xiaoqiang commit xiaoqiang_version.version
+		uci -c /usr/share/xiaoqiang set xiaoqiang_version.version.CHANNEL='stable' 
+		uci -c /usr/share/xiaoqiang commit xiaoqiang_version.version
 	}
 	[ -z "$(pidof dropbear)" -o -z "$(netstat -ntul | grep :22)" ] && {
-	sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
-	/etc/init.d/dropbear restart
-	mi_autoSSH_pwd=$(grep 'mi_autoSSH_pwd=' $clashdir/mark | awk -F "=" '{print $2}')
-	[ -n "$mi_autoSSH_pwd" ] && echo -e "$mi_autoSSH_pwd\n$mi_autoSSH_pwd" | passwd root
+		sed -i 's/channel=.*/channel="debug"/g' /etc/init.d/dropbear
+		/etc/init.d/dropbear restart
+		mi_autoSSH_pwd=$(grep 'mi_autoSSH_pwd=' $clashdir/mark | awk -F "=" '{print $2}')
+		[ -n "$mi_autoSSH_pwd" ] && echo -e "$mi_autoSSH_pwd\n$mi_autoSSH_pwd" | passwd root
 	}
+	#配置nvram
+	[ "$(nvram get ssh_en)" = 0 ] && nvram set ssh_en=1 
+	[ "$(nvram get telnet_en)" = 0 ] && nvram set telnet_en=1
+	nvram commit &> /dev/null
 	#备份还原SSH秘钥
-	[ -f $clashdir/dropbear_rsa_host_key ] && ln -sf $clashdir/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
-	[ -f $clashdir/authorized_keys ] && ln -sf $clashdir/authorized_keys /etc/dropbear/authorized_keys
+	[ -f $clashdir/configs/dropbear_rsa_host_key ] && ln -sf $clashdir/configs/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key
+	[ -f $clashdir/configs/authorized_keys ] && ln -sf $clashdir/configs/authorized_keys /etc/dropbear/authorized_keys
+	#自动清理升级备份文件夹
+	rm -rf /data/etc_bak
 }
 tunfix(){
 	ko_dir=$(modinfo ip_tables | grep  -Eo '/lib/modules.*/ip_tables.ko' | sed 's|/ip_tables.ko||' )
@@ -29,29 +34,38 @@ tunfix(){
 	mkdir -p /tmp/overlay/work
 	mount -o noatime,lowerdir=${ko_dir},upperdir=/tmp/overlay/upper,workdir=/tmp/overlay/work -t overlay "overlay_mods_only" ${ko_dir}
 	#将tun.ko链接到lib
-	ln -s $clashdir/tun.ko ${ko_dir}/tun.ko
+	ln -sf $clashdir/tools/tun.ko ${ko_dir}/tun.ko
+}
+tproxyfix(){
+	sed -i 's/sysctl -w net.bridge.bridge-nf-call-ip/#sysctl -w net.bridge.bridge-nf-call-ip/g' /etc/init.d/qca-nss-ecm
+	sysctl -w net.bridge.bridge-nf-call-iptables=0
+	sysctl -w net.bridge.bridge-nf-call-ip6tables=0
 }
 init(){
+	#等待启动完成
+	log_file=$(uci get system.@system[0].log_file)
+	local i=0
+	while [ "$i" -lt 20 ]; do
+		sleep 3
+		[ -n "$(grep 'init complete' $log_file)" ] && i=20 || i=$((i + 1))
+	done
 	#初始化环境变量
 	sed -i "/alias clash/d" $profile
 	sed -i "/export clashdir/d" $profile
 	echo "alias clash=\"$clashdir/clash.sh\"" >>$profile
 	echo "export clashdir=\"$clashdir\"" >>$profile
 	#软固化功能
-	[ "$(grep 'mi_autoSSH=' $clashdir/mark | awk -F "=" '{print $2}')" = "已启用" ] && autoSSH
+	autoSSH
 	#设置init.d服务
 	cp -f $clashdir/clashservice /etc/init.d/clash
 	chmod 755 /etc/init.d/clash
 	#启动服务
 	if [ ! -f $clashdir/.dis_startup ]; then
-		log_file=$(uci get system.@system[0].log_file)
-		while [ "$i" -lt 10 ]; do
-			sleep 5
-			[ -n "$(grep 'init complete' $log_file)" ] && i=10 || i=$((i + 1))
-		done
 		#AX6S/AX6000修复tun功能
-		[ -f $clashdir/tun.ko -a ! -f /lib/modules/4.4.198/tun.ko ] && tunfix && sleep 10
-		#
+		[ -f $clashdir/configs/tun.ko ] && tunfix
+		#小米7000/小米万兆修复tproxy
+		[ -f /etc/init.d/qca-nss-ecm ] && [ -n "$(grep 'redir_mod=Tproxy' $clashdir/configs/ShellClash.cfg )" ] && tproxyfix
+		#启动服务
 		/etc/init.d/clash start
 		/etc/init.d/clash enable
 	fi
@@ -59,13 +73,11 @@ init(){
 
 case "$1" in
 	tunfix) tunfix ;;
+	tproxyfix) tproxyfix ;;
 	init) init ;;
 	*)
 		if [ -z $(pidof clash) ];then
-			init
-		else
-			sleep 10
-			$clashdir/start.sh restart
+			init &
 		fi
 	;;
 esac