openclash: update to 0.38.1

2020-05-10 11:26:20 +08:00 · 2020-05-10 11:26:20 +08:00 · 345da5313b
commit 345da5313b
parent f2c4cd42ff
27 changed files with 341 additions and 304 deletions
--- a/package/ctcgfw/luci-app-openclash/Makefile
+++ b/package/ctcgfw/luci-app-openclash/Makefile
@ -1,7 +1,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-openclash
-PKG_VERSION:=0.37.6
+PKG_VERSION:=0.38.1
 PKG_RELEASE:=beta
 PKG_MAINTAINER:=vernesong <https://github.com/vernesong/OpenClash>

@ -35,6 +35,12 @@ define Build/Prepare
 	mkdir -p $(PKG_BUILD_DIR)/files/etc/openclash/proxy_provider >/dev/null 2>&1
 	mkdir -p $(PKG_BUILD_DIR)/files/etc/openclash/backup >/dev/null 2>&1
 	mkdir -p $(PKG_BUILD_DIR)/files/etc/openclash/core >/dev/null 2>&1
+	mkdir -p $(PKG_BUILD_DIR)/files/usr/share/openclash/backup >/dev/null 2>&1
+	cp "$(PKG_BUILD_DIR)/files/etc/config/openclash" "$(PKG_BUILD_DIR)/files/usr/share/openclash/backup/openclash" >/dev/null 2>&1
+	cp "$(PKG_BUILD_DIR)/files/etc/openclash/custom/openclash_custom_rules.list" "$(PKG_BUILD_DIR)/files/usr/share/openclash/backup/openclash_custom_rules.list" >/dev/null 2>&1
+	cp "$(PKG_BUILD_DIR)/files/etc/openclash/custom/openclash_custom_rules_2.list" "$(PKG_BUILD_DIR)/files/usr/share/openclash/backup/openclash_custom_rules_2.list" >/dev/null 2>&1
+	cp "$(PKG_BUILD_DIR)/files/etc/openclash/custom/openclash_custom_hosts.list" "$(PKG_BUILD_DIR)/files/usr/share/openclash/backup/openclash_custom_hosts.list" >/dev/null 2>&1
+	cp "$(PKG_BUILD_DIR)/files/etc/openclash/custom/openclash_custom_fake_filter.list" "$(PKG_BUILD_DIR)/files/usr/share/openclash/backup/openclash_custom_fake_filter.list" >/dev/null 2>&1
 endef

 define Build/Configure
@ -50,14 +56,14 @@ if [ -f "/etc/config/openclash" ]; then
 	cp "/etc/config/openclash_custom_rules.list" "/tmp/openclash_custom_rules.list.bak" >/dev/null 2>&1
 	cp "/etc/config/openclash_custom_rules_2.list" "/tmp/openclash_custom_rules_2.list.bak" >/dev/null 2>&1
 	cp "/etc/config/openclash_custom_hosts.list" "/tmp/openclash_custom_hosts.list.bak" >/dev/null 2>&1
-	cp "/etc/config/openclash_custom_fake_black.conf" "/tmp/openclash_custom_fake_black.conf.bak" >/dev/null 2>&1
+	cp "/etc/config/openclash_custom_fake_filter.list" "/tmp/openclash_custom_fake_filter.list.bak" >/dev/null 2>&1
 	cp "/etc/openclash/history" "/tmp/openclash_history.bak" >/dev/null 2>&1
 fi
 if [ -f "/etc/openclash/custom/openclash_custom_rules.list" ]; then
 	cp "/etc/openclash/custom/openclash_custom_rules.list" "/tmp/openclash_custom_rules.list.bak" >/dev/null 2>&1
 	cp "/etc/openclash/custom/openclash_custom_rules_2.list" "/tmp/openclash_custom_rules_2.list.bak" >/dev/null 2>&1
 	cp "/etc/openclash/custom/openclash_custom_hosts.list" "/tmp/openclash_custom_hosts.list.bak" >/dev/null 2>&1
-	cp "/etc/openclash/custom/openclash_custom_fake_black.conf" "/tmp/openclash_custom_fake_black.conf.bak" >/dev/null 2>&1
+	cp "/etc/openclash/custom/openclash_custom_fake_filter.list" "/tmp/openclash_custom_fake_filter.list.bak" >/dev/null 2>&1
 fi
 endef

@ -83,14 +89,14 @@ cp "/etc/config/openclash" "/usr/share/openclash/backup/openclash" >/dev/null 2>
 cp "/etc/openclash/custom/openclash_custom_rules.list" "/usr/share/openclash/backup/openclash_custom_rules.list" >/dev/null 2>&1
 cp "/etc/openclash/custom/openclash_custom_rules_2.list" "/usr/share/openclash/backup/openclash_custom_rules_2.list" >/dev/null 2>&1
 cp "/etc/openclash/custom/openclash_custom_hosts.list" "/usr/share/openclash/backup/openclash_custom_hosts.list" >/dev/null 2>&1
-cp "/etc/openclash/custom/openclash_custom_fake_black.conf" "/usr/share/openclash/backup/openclash_custom_fake_black.conf" >/dev/null 2>&1
+cp "/etc/openclash/custom/openclash_custom_fake_filter.list" "/usr/share/openclash/backup/openclash_custom_fake_filter.list" >/dev/null 2>&1

 if [ -f "/tmp/openclash.bak" ]; then
 	mv "/tmp/openclash.bak" "/etc/config/openclash" >/dev/null 2>&1
 	mv "/tmp/openclash_custom_rules.list.bak" "/etc/openclash/custom/openclash_custom_rules.list" >/dev/null 2>&1
 	mv "/tmp/openclash_custom_rules_2.list.bak" "/etc/openclash/custom/openclash_custom_rules_2.list" >/dev/null 2>&1
 	mv "/tmp/openclash_custom_hosts.list.bak" "/etc/openclash/custom/openclash_custom_hosts.list" >/dev/null 2>&1
-	mv "/tmp/openclash_custom_fake_black.conf.bak" "/etc/openclash/custom/openclash_custom_fake_black.conf" >/dev/null 2>&1
+	mv "/tmp/openclash_custom_fake_filter.list.bak" "/etc/openclash/custom/openclash_custom_fake_filter.list" >/dev/null 2>&1
 	mv "/tmp/openclash_history.bak" "/etc/openclash/history" >/dev/null 2>&1
 fi
 if [ -f "/tmp/config.yaml" ]; then
@ -145,11 +151,11 @@ define Package/$(PKG_NAME)/prerm
 	cp "/etc/config/openclash" "/tmp/openclash.bak" >/dev/null 2>&1
 	cp "/etc/config/openclash_custom_rules.list" "/tmp/openclash_custom_rules.list.bak" >/dev/null 2>&1
 	cp "/etc/config/openclash_custom_hosts.list" "/tmp/openclash_custom_hosts.list.bak" >/dev/null 2>&1
-	cp "/etc/config/openclash_custom_fake_black.conf" "/tmp/openclash_custom_fake_black.conf.bak" >/dev/null 2>&1
+	cp "/etc/config/openclash_custom_fake_filter.list" "/tmp/openclash_custom_fake_filter.list.bak" >/dev/null 2>&1
 	cp "/etc/openclash/custom/openclash_custom_rules.list" "/tmp/openclash_custom_rules.list.bak" >/dev/null 2>&1
 	cp "/etc/openclash/custom/openclash_custom_rules_2.list" "/tmp/openclash_custom_rules_2.list.bak" >/dev/null 2>&1
 	cp "/etc/openclash/custom/openclash_custom_hosts.list" "/tmp/openclash_custom_hosts.list.bak" >/dev/null 2>&1
-	cp "/etc/openclash/custom/openclash_custom_fake_black.conf" "/tmp/openclash_custom_fake_black.conf.bak" >/dev/null 2>&1
+	cp "/etc/openclash/custom/openclash_custom_fake_filter.list" "/tmp/openclash_custom_fake_filter.list.bak" >/dev/null 2>&1
 endef

 define Package/$(PKG_NAME)/postrm
--- a/package/ctcgfw/luci-app-openclash/files/etc/init.d/openclash
+++ b/package/ctcgfw/luci-app-openclash/files/etc/init.d/openclash
@ -29,9 +29,6 @@ add_cron()
  [ -z "$(grep "openclash.sh" "$CRON_FILE" 2>/dev/null)" ] && {
     [ "$(uci get openclash.config.auto_update 2>/dev/null)" -eq 1 ] && [ "$(uci get openclash.config.config_auto_update_mode 2>/dev/null)" -ne 1 ] && echo "0 $(uci get openclash.config.auto_update_time 2>/dev/null) * * $(uci get openclash.config.config_update_week_time 2>/dev/null) /usr/share/openclash/openclash.sh" >> $CRON_FILE
  }
-  [ -z "$(grep "openclash.sh" "$CRON_FILE" 2>/dev/null)" ] && {
-     [ "$(uci get openclash.config.auto_update 2>/dev/null)" -eq 1 ] && [ "$(uci get openclash.config.config_auto_update_mode 2>/dev/null)" -eq 1 ] && echo "*/$(uci get openclash.config.config_update_interval 2>/dev/null) * * * * /usr/share/openclash/openclash.sh" >> $CRON_FILE
-  }
  [ -z "$(grep "openclash_rule.sh" "$CRON_FILE" 2>/dev/null)" ] && {
  [ "$(uci get openclash.config.other_rule_auto_update 2>/dev/null)" -eq 1 ] && echo "0 $(uci get openclash.config.other_rule_update_day_time 2>/dev/null) * * $(uci get openclash.config.other_rule_update_week_time 2>/dev/null) /usr/share/openclash/openclash_rule.sh" >> $CRON_FILE
  }
@ -73,12 +70,11 @@ change_dns() {
 revert_dns() {
   uci del_list dhcp.@dnsmasq[0].server=127.0.0.1#"$3" >/dev/null 2>&1
   [ "$1" = "1" ] && {
-   	  [ -s "/tmp/resolv.conf.d/resolv.conf.auto" ] && {
-      uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.d/resolv.conf.auto >/dev/null 2>&1
-      }
-   	  [ -s "/tmp/resolv.conf.auto" ] && {
-      uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto >/dev/null 2>&1
-      }
+   	  if [ -s "/tmp/resolv.conf.d/resolv.conf.auto" ]; then
+         uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.d/resolv.conf.auto >/dev/null 2>&1
+      elif [ -s "/tmp/resolv.conf.auto" ]; then
+         uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto >/dev/null 2>&1
+      fi
      uci set dhcp.@dnsmasq[0].noresolv=0 >/dev/null 2>&1
   }
   [ "$2" = "1" ] && {
@ -88,22 +84,6 @@ revert_dns() {
   rm -rf /tmp/dnsmasq.d/dnsmasq_openclash.conf >/dev/null 2>&1
 }

-fake_block() {
-   if [ "$1" = "fake-ip" ]; then
-      if [ ! -f /etc/openclash/dnsmasq_fake_block.conf ]; then
-         /usr/share/openclash/openclash_fake_block.sh
-      elif [ "$(awk -F '/' '{print $3}' /etc/openclash/dnsmasq_fake_block.conf |head -1)" != "114.114.114.114" ] && [ -z "$2" ]; then
-         /usr/share/openclash/openclash_fake_block.sh
-      elif [ "$(awk -F '/' '{print $3}' /etc/openclash/dnsmasq_fake_block.conf |head -1)" != "$2" ] && [ ! -z "$2" ]; then
-         /usr/share/openclash/openclash_fake_block.sh
-      elif [ ! -z "$(grep "config servers" /etc/config/openclash)" ] && [ -z "$(grep -F '#Server Nodes' /etc/openclash/dnsmasq_fake_block.conf)" ]; then
-         /usr/share/openclash/openclash_fake_block.sh
-      fi
-      mkdir -p /tmp/dnsmasq.d
-      ln -s /etc/openclash/dnsmasq_fake_block.conf /tmp/dnsmasq.d/dnsmasq_openclash.conf
-   fi
-}
-
 yml_check()
 {
   #格式替换
@ -762,87 +742,10 @@ if [ "$operation_mode" = "redir-host" ] && [ "$en_mode" = "redir-host" ]; then
      config_list_foreach "config" "lan_ac_white_ips" lan_ac "lan_ac_white_ips"
   fi
 fi
-             
-if [ -z "$en_mode_tun" ]; then
-   #tcp
-   iptables -t nat -N openclash
-   iptables -t nat -A openclash -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1
-   iptables -t nat -A openclash -m set ! --match-set lan_ac_white_ips src -j RETURN >/dev/null 2>&1
-   iptables -t nat -A openclash -d 0.0.0.0/8 -j RETURN
-   iptables -t nat -A openclash -d 10.0.0.0/8 -j RETURN
-   iptables -t nat -A openclash -d 127.0.0.0/8 -j RETURN
-   iptables -t nat -A openclash -d 169.254.0.0/16 -j RETURN
-   iptables -t nat -A openclash -d 172.16.0.0/12 -j RETURN
-   iptables -t nat -A openclash -d 192.168.0.0/16 -j RETURN
-   iptables -t nat -A openclash -d 224.0.0.0/4 -j RETURN
-   iptables -t nat -A openclash -d 240.0.0.0/4 -j RETURN
-   if [ ! -z "$wan_ip4" ]; then
-      for wan_ip4s in $wan_ip4; do
-         iptables -t nat -A openclash -d "$wan_ip4s" -j RETURN 2>/dev/null
-      done
-   fi
-   iptables -t nat -A openclash -p tcp -j REDIRECT --to-ports "$proxy_port"
-   #iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j REDIRECT --to-ports "$proxy_port"
-   #iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j REDIRECT --to-ports "$proxy_port"
-   iptables -t nat -A PREROUTING -p tcp -j openclash
-                
-   #udp
-   if [ "$enable_udp_proxy" -eq 1 ]; then
-      ip rule add fwmark "$PROXY_FWMARK" table "$PROXY_ROUTE_TABLE"
-      ip route add local 0.0.0.0/0 dev lo table "$PROXY_ROUTE_TABLE"
-      iptables -t mangle -N openclash
-      iptables -t mangle -A openclash -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1
-      iptables -t mangle -A openclash -m set ! --match-set lan_ac_white_ips src -j RETURN >/dev/null 2>&1
-      iptables -t mangle -A openclash -d 0.0.0.0/8 -j RETURN
-      iptables -t mangle -A openclash -d 10.0.0.0/8 -j RETURN
-      iptables -t mangle -A openclash -d 127.0.0.0/8 -j RETURN
-      iptables -t mangle -A openclash -d 169.254.0.0/16 -j RETURN
-      iptables -t mangle -A openclash -d 172.16.0.0/12 -j RETURN
-      iptables -t mangle -A openclash -d 192.168.0.0/16 -j RETURN
-      iptables -t mangle -A openclash -d 224.0.0.0/4 -j RETURN
-      iptables -t mangle -A openclash -d 240.0.0.0/4 -j RETURN
-      if [ ! -z "$wan_ip4" ]; then
-         for wan_ip4s in $wan_ip4; do
-            iptables -t mangle -A openclash -d "$wan_ip4s" -j RETURN 2>/dev/null
-         done
-      fi
-                
-      iptables -t mangle -A openclash -p udp -j TPROXY --on-port "$proxy_port" --on-ip 0.0.0.0 --tproxy-mark "$PROXY_FWMARK"
-      iptables -t mangle -A PREROUTING -p udp -j openclash
-   fi
-                
-   if [ "$en_mode" = "fake-ip" ]; then
-      iptables -t nat -A OUTPUT -p tcp -d 198.18.0.0/16 -j REDIRECT --to-ports "$proxy_port"
-   fi
-                
-   if [ "$ipv6_enable" -eq 1 ]; then
-      #tcp
-      ip6tables -t nat -N openclash
-      if [ ! -z "$lan_ip6" ]; then
-         for lan_ip6s in $lan_ip6; do
-            ip6tables -t nat -A openclash -d "$lan_ip6s" -j RETURN 2>/dev/null
-         done
-      fi
-      ip6tables -t nat -A openclash -p tcp -j REDIRECT --to-ports "$proxy_port"
-      ip6tables -t nat -A PREROUTING -p tcp -j openclash
-                   
-      #udp
-      if [ "$enable_udp_proxy" -eq 1 ]; then
-         ip6tables -t mangle -N openclash
-         if [ ! -z "$lan_ip6" ]; then
-            for lan_ip6s in $lan_ip6; do
-               if [ "$enable_udp_proxy" -eq 1 ]; then
-                  ip6tables -t mangle -A openclash -d "$lan_ip6s" -j RETURN 2>/dev/null
-               fi
-            done
-         fi
-         ip6tables -t mangle -A openclash -p udp -j TPROXY --on-port "$proxy_port" --on-ip 0.0.0.0 --tproxy-mark "$PROXY_FWMARK"
-         ip6tables -t mangle -A PREROUTING -p udp -j openclash
-      fi
-   fi
-else
-   #TUN模式
+
+#local
   ipset create localnetwork hash:net
+   ipset add localnetwork 0.0.0.0/8
   ipset add localnetwork 127.0.0.0/8
   ipset add localnetwork 10.0.0.0/8
   ipset add localnetwork 169.254.0.0/16
@ -856,6 +759,66 @@ else
         ipset add localnetwork "$wan_ip4s" 2>/dev/null
      done
   fi
+
+if [ -z "$en_mode_tun" ]; then
+   #tcp
+   iptables -t nat -N openclash
+   iptables -t nat -F openclash
+   iptables -t nat -A openclash -m set --match-set localnetwork dst -j RETURN
+   iptables -t nat -A openclash -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1
+   iptables -t nat -A openclash -m set ! --match-set lan_ac_white_ips src -j RETURN >/dev/null 2>&1
+   iptables -t nat -A openclash -p tcp -j REDIRECT --to-ports "$proxy_port"
+   iptables -t nat -I PREROUTING -p tcp -d 8.8.8.8 -j REDIRECT --to-ports "$proxy_port"
+   iptables -t nat -I PREROUTING -p tcp -d 8.8.4.4 -j REDIRECT --to-ports "$proxy_port"
+   iptables -t nat -A PREROUTING -p tcp -j openclash
+
+   #udp
+   if [ "$enable_udp_proxy" -eq 1 ]; then
+      ip rule add fwmark "$PROXY_FWMARK" table "$PROXY_ROUTE_TABLE"
+      ip route add local 0.0.0.0/0 dev lo table "$PROXY_ROUTE_TABLE"
+      iptables -t mangle -N openclash
+      iptables -t mangle -A openclash -m set --match-set localnetwork dst -j RETURN
+      iptables -t mangle -A openclash -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1
+      iptables -t mangle -A openclash -m set ! --match-set lan_ac_white_ips src -j RETURN >/dev/null 2>&1
+      iptables -t mangle -A openclash -p udp -j TPROXY --on-port "$proxy_port" --on-ip 0.0.0.0 --tproxy-mark "$PROXY_FWMARK"
+      iptables -t mangle -A PREROUTING -p udp -j openclash
+   fi
+
+   if [ "$en_mode" = "fake-ip" ]; then
+   	  iptables -t nat -N openclash_output
+      iptables -t nat -F openclash_output
+   	  iptables -t nat -A openclash_output -m set --match-set localnetwork dst -j RETURN
+      iptables -t nat -A openclash_output -p tcp -d 198.18.0.0/16 -j REDIRECT --to-ports "$proxy_port"
+      iptables -t nat -A OUTPUT -p tcp -j openclash_output
+   fi
+
+   if [ "$ipv6_enable" -eq 1 ]; then
+      #tcp
+      ip6tables -t nat -N openclash
+      if [ ! -z "$lan_ip6" ]; then
+         for lan_ip6s in $lan_ip6; do
+            ip6tables -t nat -A openclash -d "$lan_ip6s" -j RETURN 2>/dev/null
+         done
+      fi
+      ip6tables -t nat -A openclash -p tcp -j REDIRECT --to-ports "$proxy_port"
+      ip6tables -t nat -A PREROUTING -p tcp -j openclash
+
+      #udp
+      #if [ "$enable_udp_proxy" -eq 1 ]; then
+      #   ip6tables -t mangle -N openclash
+      #   if [ ! -z "$lan_ip6" ]; then
+      #      for lan_ip6s in $lan_ip6; do
+      #         if [ "$enable_udp_proxy" -eq 1 ]; then
+      #            ip6tables -t mangle -A openclash -d "$lan_ip6s" -j RETURN 2>/dev/null
+      #         fi
+      #      done
+      #   fi
+      #   ip6tables -t mangle -A openclash -p udp -j TPROXY --on-port "$proxy_port" --tproxy-mark "$PROXY_FWMARK"
+      #   ip6tables -t mangle -A PREROUTING -p udp -j openclash
+      #fi
+   fi
+else
+   #TUN模式
   #启动TUN
   if [ "$en_mode_tun" = "2" ]; then
      ip tuntap add user root mode tun clash0
@ -879,9 +842,9 @@ else
      iptables -t mangle -A openclash -d 198.18.0.0/16 -j MARK --set-mark "$PROXY_FWMARK"
   fi
   iptables -t mangle -I OUTPUT -j openclash
+   iptables -t mangle -I PREROUTING -m set ! --match-set localnetwork dst -j MARK --set-mark "$PROXY_FWMARK"
   iptables -t mangle -I PREROUTING -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1
   iptables -t mangle -I PREROUTING -m set ! --match-set lan_ac_white_ips src -j RETURN >/dev/null 2>&1
-   iptables -t mangle -I PREROUTING -m set ! --match-set localnetwork dst -j MARK --set-mark "$PROXY_FWMARK"
   iptables -t nat -I PREROUTING -p tcp --dport 53 -j ACCEPT
   #ipv6
   #    if [ "$ipv6_enable" -eq 1 ]; then
@ -893,61 +856,67 @@ fi
 revert_firewall()
 {
   rm -rf /var/etc/openclash.include 2>/dev/null
-    
+
   #ipv4

   ip rule del fwmark "$PROXY_FWMARK" table "$PROXY_ROUTE_TABLE" >/dev/null 2>&1
   ip route del local 0.0.0.0/0 dev lo table "$PROXY_ROUTE_TABLE" >/dev/null 2>&1
-    
+
   iptables -t nat -D PREROUTING -p tcp --dport 53 -j ACCEPT >/dev/null 2>&1

   iptables -t mangle -F openclash >/dev/null 2>&1
-   iptables -t mangle -D PREROUTING -p udp -j openclash >/dev/null 2>&1
   iptables -t mangle -X openclash >/dev/null 2>&1
-    
+
   iptables -t nat -F openclash >/dev/null 2>&1
-   iptables -t nat -D PREROUTING -p tcp -j openclash >/dev/null 2>&1
   iptables -t nat -X openclash >/dev/null 2>&1
-    
-   out_lines=$(iptables -nvL OUTPUT -t mangle |sed 1,2d |sed -n '/198.18.0.0\/16/=' 2>/dev/null |sort -rn)
-   for out_line in $out_lines; do
-      iptables -t mangle -D OUTPUT "$out_line" >/dev/null 2>&1
-   done
-    
-   out_lines=$(iptables -nvL OUTPUT -t nat |sed 1,2d |sed -n '/198.18.0.0\/16/=' 2>/dev/null |sort -rn)
+
+   iptables -t nat -F openclash_output >/dev/null 2>&1
+   iptables -t nat -X openclash_output >/dev/null 2>&1
+
+   out_lines=$(iptables -nvL OUTPUT -t nat |sed 1,2d |sed -n '/openclash/=' 2>/dev/null |sort -rn)
   for out_line in $out_lines; do
      iptables -t nat -D OUTPUT "$out_line" >/dev/null 2>&1
   done
-    
-   #pre_lines=$(iptables -nvL PREROUTING -t nat |sed 1,2d |sed -n '/8\.8\./=' 2>/dev/null |sort -rn)
-   #for pre_line in $pre_lines; do
-   #   iptables -t nat -D PREROUTING "$pre_line" >/dev/null 2>&1
-   #done
-    
+
+   pre_lines=$(iptables -nvL PREROUTING -t nat |sed 1,2d |sed -n '/8\.8\./=' 2>/dev/null |sort -rn)
+   for pre_line in $pre_lines; do
+      iptables -t nat -D PREROUTING "$pre_line" >/dev/null 2>&1
+   done
+
+   pre_lines=$(iptables -nvL PREROUTING -t mangle |sed 1,2d |sed -n '/openclash/=' 2>/dev/null |sort -rn)
+   for pre_line in $pre_lines; do
+      iptables -t mangle -D PREROUTING "$pre_line" >/dev/null 2>&1
+   done
+
+   pre_lines=$(iptables -nvL PREROUTING -t nat |sed 1,2d |sed -n '/openclash/=' 2>/dev/null |sort -rn)
+   for pre_line in $pre_lines; do
+      iptables -t nat -D PREROUTING "$pre_line" >/dev/null 2>&1
+   done
+
   #ipv6
-   ip6tables -t mangle -F openclash >/dev/null 2>&1
-   ip6tables -t mangle -D PREROUTING -p udp -j openclash >/dev/null 2>&1
-   ip6tables -t mangle -X openclash >/dev/null 2>&1
-    
+   #ip6tables -t mangle -F openclash >/dev/null 2>&1
+   #ip6tables -t mangle -D PREROUTING -p udp -j openclash >/dev/null 2>&1
+   #ip6tables -t mangle -X openclash >/dev/null 2>&1
+
   ip6tables -t nat -F openclash >/dev/null 2>&1
   ip6tables -t nat -D PREROUTING -p tcp -j openclash >/dev/null 2>&1
   ip6tables -t nat -X openclash >/dev/null 2>&1
-    
+
   #TUN
   ip route del default dev clash0 table "$PROXY_ROUTE_TABLE" >/dev/null 2>&1
   ip route del default dev utun table "$PROXY_ROUTE_TABLE" >/dev/null 2>&1
   ip rule del fwmark "$PROXY_FWMARK" table "$PROXY_ROUTE_TABLE" >/dev/null 2>&1
   ip link set dev clash0 down >/dev/null 2>&1
   ip tuntap del clash0 mode tun >/dev/null 2>&1
-   
+
   iptables -t mangle -D OUTPUT -j openclash >/dev/null 2>&1
   iptables -t mangle -D PREROUTING -m set --match-set lan_ac_black_ips src -j RETURN >/dev/null 2>&1
   iptables -t mangle -D PREROUTING -m set ! --match-set lan_ac_white_ips src -j RETURN >/dev/null 2>&1
   iptables -t mangle -D PREROUTING -m set ! --match-set localnetwork dst -j MARK --set-mark "$PROXY_FWMARK" >/dev/null 2>&1
-   ip6tables -t mangle -D PREROUTING -j MARK --set-mark "$PROXY_FWMARK" >/dev/null 2>&1
   iptables -t mangle -F openclash >/dev/null 2>&1
   iptables -t mangle -X openclash >/dev/null 2>&1
-   
+   #ip6tables -t mangle -D PREROUTING -j MARK --set-mark "$PROXY_FWMARK" >/dev/null 2>&1
+
   ipset destroy localnetwork >/dev/null 2>&1
   ipset destroy lan_ac_white_ips >/dev/null 2>&1
   ipset destroy lan_ac_black_ips >/dev/null 2>&1
@ -968,7 +937,6 @@ get_config()
   lan_ip=$(uci get network.lan.ipaddr 2>/dev/null |awk -F '/' '{print $1}' 2>/dev/null)
   wan_ip4=$(ifconfig | grep 'inet addr' | awk '{print $2}' | cut -d: -f2 2>/dev/null)
   lan_ip6=$(ifconfig | grep 'inet6 addr' | awk '{print $3}' 2>/dev/null)
-   direct_dns=$(uci get openclash.config.direct_dns 2>/dev/null)
   disable_masq_cache=$(uci get openclash.config.disable_masq_cache 2>/dev/null)
   log_level=$(uci get openclash.config.log_level 2>/dev/null)
   proxy_mode=$(uci get openclash.config.proxy_mode 2>/dev/null)
@ -1056,7 +1024,6 @@ if [ "$enable" -eq 1 ] && [ -f "$CONFIG_FILE" ]; then

             echo "第九步: 重启 Dnsmasq 程序..." >$START_LOG
             change_dns "$enable_redirect_dns" "$disable_masq_cache"
-             fake_block "$en_mode" "$direct_dns"
             /etc/init.d/dnsmasq restart >/dev/null 2>&1
             if pidof clash >/dev/null; then
                echo "第十步: 还原策略组节点状态..." >$START_LOG
--- a/package/ctcgfw/luci-app-openclash/files/etc/openclash/custom/openclash_custom_fake_filter.list
+++ b/package/ctcgfw/luci-app-openclash/files/etc/openclash/custom/openclash_custom_fake_filter.list
@ -1,22 +1,11 @@
+*.lan
 #放行NTP服务
 time.windows.com
 time.nist.gov
 time.apple.com
 time.asia.apple.com
-cn.ntp.org.cn
-edu.ntp.org.cn
-hk.ntp.org.cn
-tw.ntp.org.cn
-us.ntp.org.cn
-sgp.ntp.org.cn
-kr.ntp.org.cn
-jp.ntp.org.cn
-de.ntp.org.cn
-ina.ntp.org.cn
-0.openwrt.pool.ntp.org
-1.openwrt.pool.ntp.org
-2.openwrt.pool.ntp.org
-3.openwrt.pool.ntp.org
+*.ntp.org.cn
+*.openwrt.pool.ntp.org
 time1.cloud.tencent.com
 time.ustc.edu.cn
 pool.ntp.org
@ -36,12 +25,7 @@ time4.aliyun.com
 time5.aliyun.com
 time6.aliyun.com
 time7.aliyun.com
-s1c.time.edu.cn
-s2m.time.edu.cn
-s1b.time.edu.cn
-s1e.time.edu.cn
-s2a.time.edu.cn
-s2b.time.edu.cn
+*.time.edu.cn
 time1.apple.com
 time2.apple.com
 time3.apple.com
@ -55,28 +39,23 @@ time3.google.com
 time4.google.com
 #放行网易云音乐
 music.163.com
-interface.music.163.com
-interface3.music.163.com
-apm.music.163.com
-apm3.music.163.com
-clientlog.music.163.com
-clientlog3.music.163.com
-music.126.net
-vod.126.net
+*.music.163.com
+*.126.net
 #百度音乐
-sug.qianqian.com
+musicapi.taihe.com
 music.taihe.com
 #酷狗音乐
 songsearch.kugou.com
 trackercdn.kugou.com
 #酷我音乐
-kuwo.cn
+*.kuwo.cn
 #JOOX音乐
 api-jooxtt.sanook.com
 api.joox.com
 joox.com
 #QQ音乐
 y.qq.com
+*.y.qq.com
 streamoc.music.tc.qq.com
 mobileoc.music.tc.qq.com
 isure.stream.qqmusic.qq.com
@ -84,19 +63,19 @@ dl.stream.qqmusic.qq.com
 aqqmusic.tc.qq.com
 amobile.music.tc.qq.com
 #虾米音乐
-xiami.com
+*.xiami.com
 #咪咕音乐
+*.music.migu.cn
 music.migu.cn
-migu.cn
 #win10本地连接检测
-msftconnecttest.com
-msftncsi.com
+*.msftconnecttest.com
+*.msftncsi.com
 #QQ快捷登录
-ptlogin2.qq.com
+localhost.ptlogin2.qq.com
 #Nintendo Switch
-srv.nintendo.net
+*.*.*.srv.nintendo.net
 #Sony PlayStation
-stun.playstation.net
+*.*.stun.playstation.net
 #Microsoft Xbox
-microsoft.com
-xboxlive.com
+xbox.*.*.microsoft.com
+*.*.xboxlive.com
--- a/package/ctcgfw/luci-app-openclash/files/etc/openclash/openclash_version
+++ b/package/ctcgfw/luci-app-openclash/files/etc/openclash/openclash_version
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/controller/openclash.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/controller/openclash.lua
@ -5,10 +5,12 @@ function index()
 		return
 	end

-	local page = entry({"admin", "services", "openclash"}, alias("admin", "services", "openclash", "client"), _("OpenClash"), 50)
+	local page
+
+	page = entry({"admin", "services", "openclash"}, alias("admin", "services", "openclash", "client"), _("OpenClash"), 50)
 	page.dependent = true
 	page.acl_depends = { "luci-app-openclash" }
-	entry({"admin", "services", "openclash", "client"},form("openclash/client"),_("Overviews"), 20).leaf = true
+	entry({"admin", "services", "openclash", "client"},cbi("openclash/client"),_("Overviews"), 20).leaf = true
 	entry({"admin", "services", "openclash", "status"},call("action_status")).leaf=true
 	entry({"admin", "services", "openclash", "state"},call("action_state")).leaf=true
 	entry({"admin", "services", "openclash", "startlog"},call("action_start")).leaf=true
@ -32,7 +34,7 @@ function index()
 	entry({"admin", "services", "openclash", "groups-config"},cbi("openclash/groups-config"), nil).leaf = true
 	entry({"admin", "services", "openclash", "proxy-provider-config"},cbi("openclash/proxy-provider-config"), nil).leaf = true
 	entry({"admin", "services", "openclash", "config"},form("openclash/config"),_("Config Manage"), 70).leaf = true
-	entry({"admin", "services", "openclash", "log"},form("openclash/log"),_("Server Logs"), 80).leaf = true
+	entry({"admin", "services", "openclash", "log"},cbi("openclash/log"),_("Server Logs"), 80).leaf = true

 end
 local fs = require "luci.openclash"
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/client.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/client.lua
@ -99,9 +99,9 @@ end
 e[t].check=translate(config_check(CONFIG_FILE))
 end
 end
-form=SimpleForm("filelist")
-form.reset=false
-form.submit=false
+
+form = Map("openclash")
+form.pageaction = false
 tb=form:section(Table,e)
 st=tb:option(DummyValue,"state",translate("State"))
 st.template="openclash/cfg_check"
@ -139,9 +139,9 @@ local t = {
    {enable, disable}
 }

-ap = SimpleForm("apply")
-ap.reset = false
-ap.submit = false
+ap = Map("openclash")
+ap.pageaction = false
+
 ss = ap:section(Table, t)

 o = ss:option(Button, "enable") 
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/config.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/config.lua
@ -334,7 +334,7 @@ s = m:section(Table, tab)
 local conf = string.sub(luci.sys.exec("uci get openclash.config.config_path 2>/dev/null"), 1, -2)
 local dconf = "/etc/openclash/default.yaml"
 local conf_name = fs.basename(conf)
-if not conf_name then conf_name = "config.yaml" end
+if not conf_name or conf == "" then conf_name = "config.yaml" end

 sev = s:option(Value, "user")
 sev.template = "cbi/tvalue"
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/groups-config.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/groups-config.lua
@ -86,6 +86,7 @@ uci:foreach("openclash", "groups",
 o:value("DIRECT")
 o:value("REJECT")
 o:depends("type", "select")
+o:depends("type", "relay")
 o.rmempty = true

 local t = {
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/log.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/log.lua
@ -25,23 +25,20 @@ local t = {
    {refresh, clean}
 }

-a = SimpleForm("apply")
-a.reset = false
-a.submit = false
-s = a:section(Table, t)
+a = m:section(Table, t)

-o = s:option(Button, "refresh") 
+o = a:option(Button, "refresh") 
 o.inputtitle = translate("Refresh Log")
 o.inputstyle = "apply"
 o.write = function()
  HTTP.redirect(luci.dispatcher.build_url("admin", "services", "openclash", "log"))
 end

-o = s:option(Button, "clean")
+o = a:option(Button, "clean")
 o.inputtitle = translate("Clean Log")
 o.inputstyle = "apply"
 o.write = function()
  SYS.call("echo '' >/tmp/openclash.log")
 end

-return m, a
+return m
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/proxy-provider-config.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/proxy-provider-config.lua
@ -101,7 +101,7 @@ o.description = font_red..bold_on..translate("No Need Set when Config Create, Th
 o.rmempty = true
 m.uci:foreach("openclash", "groups",
 		function(s)
-			if s.name ~= "" and s.name ~= nil and s.type ~= "relay" then
+			if s.name ~= "" and s.name ~= nil then
 			   o:value(s.name)
 			end
 		end)
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/servers-config.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/servers-config.lua
@ -279,7 +279,7 @@ o.inputtitle = translate("Commit Configurations")
 o.inputstyle = "apply"
 o.write = function()
   m.uci:commit(openclash)
-   sys.call("sh /usr/share/openclash/cfg_servers_address_fake_block.sh &")
+   sys.call("/usr/share/openclash/cfg_servers_address_fake_filter.sh &")
   luci.http.redirect(m.redirect)
 end

--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/settings.lua
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/model/cbi/openclash/settings.lua
@ -175,25 +175,19 @@ o:value("0", translate("Disable"))
 o:value("1", translate("Enable"))
 o.default=0

-o = s:taboption("dns", Value, "direct_dns", translate("Specify DNS Server"))
-o.description = translate("Specify DNS Server For List, Only One IP Server Address Support")
-o.default="114.114.114.114"
-o.placeholder = translate("114.114.114.114 or 127.0.0.1#5300")
-o:depends("dns_advanced_setting", "1")
-
-o = s:taboption("dns", Button, translate("Fake-IP Block List Update")) 
-o.title = translate("Fake-IP Block List Update")
+o = s:taboption("dns", Button, translate("Fake-IP-Filter List Update")) 
+o.title = translate("Fake-IP-Filter List Update")
 o:depends("dns_advanced_setting", "1")
 o.inputtitle = translate("Check And Update")
 o.inputstyle = "reload"
 o.write = function()
  m.uci:set("openclash", "config", "enable", 1)
  m.uci:commit("openclash")
-  SYS.call("/usr/share/openclash/openclash_fake_block.sh >/dev/null 2>&1 && /etc/init.d/openclash restart >/dev/null 2>&1 &")
+  SYS.call("/usr/share/openclash/openclash_fake_filter.sh >/dev/null 2>&1 && /etc/init.d/openclash restart >/dev/null 2>&1 &")
  HTTP.redirect(DISP.build_url("admin", "services", "openclash"))
 end

-custom_fake_black = s:taboption("dns", Value, "custom_fake_black")
+custom_fake_black = s:taboption("dns", Value, "custom_fake_filter")
 custom_fake_black.template = "cbi/tvalue"
 custom_fake_black.description = translate("Domain Names In The List Do Not Return Fake-IP, One rule per line")
 custom_fake_black.rows = 20
@ -201,13 +195,13 @@ custom_fake_black.wrap = "off"
 custom_fake_black:depends("dns_advanced_setting", "1")

 function custom_fake_black.cfgvalue(self, section)
-	return NXFS.readfile("/etc/openclash/custom/openclash_custom_fake_black.conf") or ""
+	return NXFS.readfile("/etc/openclash/custom/openclash_custom_fake_filter.list") or ""
 end
 function custom_fake_black.write(self, section, value)

 	if value then
 		value = value:gsub("\r\n?", "\n")
-		NXFS.writefile("/etc/openclash/custom/openclash_custom_fake_black.conf", value)
+		NXFS.writefile("/etc/openclash/custom/openclash_custom_fake_filter.list", value)
 	end
 end
 end
--- a/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/view/openclash/update.htm
+++ b/package/ctcgfw/luci-app-openclash/files/usr/lib/lua/luci/view/openclash/update.htm
@ -44,7 +44,11 @@
 </fieldset>
 <fieldset class="cbi-section">
 	<table width="100%">
-	  <tr><td width="100%" colspan="4" align="center" id="restore"><%:Collecting data...%></td></tr>
+	  <tr><td width="100%" colspan="4">
+	  	<p align="center" id="restore">
+	  		<%:Collecting data...%>
+	  	</p>
+	  </td></tr>
 	</table>
 </fieldset>

--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/cfg_servers_address_fake_block.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/cfg_servers_address_fake_block.sh
@ -1,13 +0,0 @@
-#!/bin/sh
-
-status=$(ps|grep -c /usr/share/openclash/cfg_servers_address_fake_block.sh)
-[ "$status" -gt "3" ] && exit 0
-
-en_mode=$(uci get openclash.config.en_mode 2>/dev/null)
-if pidof clash >/dev/null && [ "$en_mode" != "redir-host" ]; then
-   rm -rf /tmp/dnsmasq.d/dnsmasq_openclash.conf >/dev/null 2>&1
-   /usr/share/openclash/openclash_fake_block.sh
-   mkdir -p /tmp/dnsmasq.d
-   ln -s /etc/openclash/dnsmasq_fake_block.conf /tmp/dnsmasq.d/dnsmasq_openclash.conf >/dev/null 2>&1
-   /etc/init.d/dnsmasq restart >/dev/null 2>&1
-fi
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/cfg_servers_address_fake_filter.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/cfg_servers_address_fake_filter.sh
@ -0,0 +1,18 @@
+#!/bin/sh
+
+status=$(ps|grep -c /usr/share/openclash/cfg_servers_address_fake_filter.sh)
+[ "$status" -gt "3" ] && exit 0
+
+START_LOG="/tmp/openclash_start.log"
+en_mode=$(uci get openclash.config.en_mode 2>/dev/null)
+
+if pidof clash >/dev/null && [ -z "$(echo "$en_mode" |grep "redir-host")" ]; then
+   rm -rf /tmp/dnsmasq.d/dnsmasq_openclash.conf >/dev/null 2>&1
+   /usr/share/openclash/openclash_fake_filter.sh
+   if [ -s "/etc/openclash/servers_fake_filter.conf" ]; then
+      mkdir -p /tmp/dnsmasq.d
+      ln -s /etc/openclash/servers_fake_filter.conf /tmp/dnsmasq.d/dnsmasq_openclash.conf >/dev/null 2>&1
+      /etc/init.d/dnsmasq restart >/dev/null 2>&1
+   fi
+   echo "" >$START_LOG
+fi
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash.sh
@ -6,6 +6,7 @@ START_LOG="/tmp/openclash_start.log"
 LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
 LOG_FILE="/tmp/openclash.log"
 CFG_FILE="/tmp/config.yaml"
+CRON_FILE="/etc/crontabs/root"
 CONFIG_PATH=$(uci get openclash.config.config_path 2>/dev/null)
 servers_update=$(uci get openclash.config.servers_update 2>/dev/null)
 dns_port=$(uci get openclash.config.dns_port 2>/dev/null)
@ -15,7 +16,7 @@ if_restart=0

 urlencode() {
    local data
-    if [ "$#" -eq "1" ]; then
+    if [ "$#" -eq 1 ]; then
       data=$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")
       if [ ! -z "$data" ]; then
           echo "${data##/?}"
@ -23,6 +24,13 @@ urlencode() {
    fi
 }

+kill_watchdog() {
+   watchdog_pids=$(ps |grep openclash_watchdog.sh |grep -v grep |awk '{print $1}' 2>/dev/null)
+      for watchdog_pid in $watchdog_pids; do
+         kill -9 "$watchdog_pid" >/dev/null 2>&1
+      done
+}
+
 config_download()
 {
 if [ "$URL_TYPE" == "v2rayn" ]; then
@ -78,7 +86,7 @@ config_su_check()
   echo "配置文件下载成功，检查是否有更新..." >$START_LOG
   if [ -f "$CONFIG_FILE" ]; then
      cmp -s "$BACKPACK_FILE" "$CFG_FILE"
-         if [ "$?" -ne "0" ]; then
+         if [ "$?" -ne 0 ]; then
            echo "配置文件【$name】有更新，开始替换..." >$START_LOG
            mv "$CFG_FILE" "$CONFIG_FILE" 2>/dev/null
            cp "$CONFIG_FILE" "$BACKPACK_FILE"
@ -115,12 +123,12 @@ config_error()
 change_dns()
 {
   if pidof clash >/dev/null; then
-      if [ "$enable_redirect_dns" -ne "0" ]; then
+      if [ "$enable_redirect_dns" -ne 0 ]; then
         uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1
         uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#"$dns_port" >/dev/null 2>&1
         uci delete dhcp.@dnsmasq[0].resolvfile >/dev/null 2>&1
         uci set dhcp.@dnsmasq[0].noresolv=1 >/dev/null 2>&1
-         [ "$disable_masq_cache" -eq "1" ] && {
+         [ "$disable_masq_cache" -eq 1 ] && {
            uci set dhcp.@dnsmasq[0].cachesize=0 >/dev/null 2>&1
         }
         uci commit dhcp
@ -135,10 +143,7 @@ config_download_direct()
   if pidof clash >/dev/null; then
      echo "配置文件【$name】下载失败，尝试不使用代理下载配置文件..." >$START_LOG
      
-      watchdog_pids=$(ps |grep openclash_watchdog.sh |grep -v grep |awk '{print $1}' 2>/dev/null)
-      for watchdog_pid in $watchdog_pids; do
-         kill -9 "$watchdog_pid" >/dev/null 2>&1
-      done
+      kill_watchdog

      uci del_list dhcp.@dnsmasq[0].server=127.0.0.1#"$dns_port" >/dev/null 2>&1
      uci set dhcp.@dnsmasq[0].resolvfile=/tmp/resolv.conf.auto >/dev/null 2>&1
@ -150,7 +155,7 @@ config_download_direct()

      config_download
      
-      if [ "$?" -eq "0" ] && [ -s "$CFG_FILE" ]; then
+      if [ "$?" -eq 0 ] && [ -s "$CFG_FILE" ]; then
      	 change_dns
         config_su_check
      else
@ -171,7 +176,7 @@ sub_info_get()
   config_get "address" "$section" "address" ""
   config_get "keyword" "$section" "keyword" ""

-   if [ "$enabled" = "0" ]; then
+   if [ "$enabled" -eq 0 ]; then
      return
   fi
   
@ -196,7 +201,7 @@ sub_info_get()

   config_download

-   if [ "$?" -eq "0" ] && [ -s "$CFG_FILE" ]; then
+   if [ "$?" -eq 0 ] && [ -s "$CFG_FILE" ]; then
   	  config_encode
   	  grep "^ \{0,\}Proxy Group:" "$CFG_FILE" >/dev/null 2>&1 && grep "^ \{0,\}Rule:" "$CFG_FILE" >/dev/null 2>&1
      if [ "$?" -eq 0 ]; then
@ -219,4 +224,11 @@ config_load "openclash"
 config_foreach sub_info_get "config_subscribe"
 uci delete openclash.config.config_update_path >/dev/null 2>&1
 uci commit openclash
-[ "$if_restart" == "1" ] && /etc/init.d/openclash restart >/dev/null 2>&1
+
+if [ "$if_restart" -eq 1 ]; then
+   /etc/init.d/openclash restart >/dev/null 2>&1
+else
+   sed -i '/openclash.sh/d' $CRON_FILE 2>/dev/null
+   [ "$(uci get openclash.config.auto_update 2>/dev/null)" -eq 1 ] && [ "$(uci get openclash.config.config_auto_update_mode 2>/dev/null)" -ne 1 ] && echo "0 $(uci get openclash.config.auto_update_time 2>/dev/null) * * $(uci get openclash.config.config_update_week_time 2>/dev/null) /usr/share/openclash/openclash.sh" >> $CRON_FILE
+   /etc/init.d/cron restart
+fi
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_core.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_core.sh
@ -23,25 +23,27 @@ case $CORE_TYPE in
 	"Tun")
   CORE_CV=$(/etc/openclash/core/clash_tun -v 2>/dev/null |awk -F ' ' '{print $2}')
   CORE_LV=$(sed -n 2p /tmp/clash_last_version 2>/dev/null)
-   if [ "$en_mode" = "fake-ip-tun" ] || [ "$en_mode" = "redir-host-tun" ] || [ -z "$(pidof clash)" ]; then
+   if [ "$en_mode" = "fake-ip-tun" ] || [ "$en_mode" = "redir-host-tun" ]; then
      if_restart=1
   fi
   ;;
 	"Game")
   CORE_CV=$(/etc/openclash/core/clash_game -v 2>/dev/null |awk -F ' ' '{print $2}')
   CORE_LV=$(sed -n 3p /tmp/clash_last_version 2>/dev/null)
-   if [ "$en_mode" = "fake-ip-vpn" ] || [ "$en_mode" = "redir-host-vpn" ] || [ -z "$(pidof clash)" ]; then
+   if [ "$en_mode" = "fake-ip-vpn" ] || [ "$en_mode" = "redir-host-vpn" ]; then
      if_restart=1
   fi
   ;;
   *)
   CORE_CV=$(/etc/openclash/core/clash -v 2>/dev/null |awk -F ' ' '{print $2}')
   CORE_LV=$(sed -n 1p /tmp/clash_last_version 2>/dev/null)
-   if [ "$en_mode" = "fake-ip" ] || [ "$en_mode" = "redir-host" ] || [ -z "$(pidof clash)" ]; then
+   if [ "$en_mode" = "fake-ip" ] || [ "$en_mode" = "redir-host" ]; then
      if_restart=1
   fi
 esac

+[ -z "$(pidof clash)" ] && if_restart=0
+
 if [ "$CORE_CV" != "$CORE_LV" ] || [ -z "$CORE_CV" ]; then
   if [ "$CPU_MODEL" != 0 ]; then
   if pidof clash >/dev/null; then
@ -98,7 +100,10 @@ if [ "$CORE_CV" != "$CORE_LV" ] || [ -z "$CORE_CV" ]; then
      rm -rf /tmp/clash.tar.gz >/dev/null 2>&1
      rm -rf /tmp/clash.gz >/dev/null 2>&1
      mkdir -p /etc/openclash/core
-      [ "$if_restart" -eq 1 ] && kill -9 "$(pidof clash|sed 's/$//g')" 2>/dev/null && /etc/init.d/openclash stop
+      if [ "$if_restart" -eq 1 ]; then
+      	 kill -9 "$(pidof clash|sed 's/$//g')" 2>/dev/null
+      	 /etc/init.d/openclash stop
+      fi
      echo "【"$CORE_TYPE"】版本内核下载成功，开始更新..." >$START_LOG
 			case $CORE_TYPE in
      	"Tun")
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_debug.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_debug.sh
@ -6,13 +6,13 @@ status=$(ps|grep -c /usr/share/openclash/openclash_debug.sh)

 DEBUG_LOG="/tmp/openclash_debug.log"
 LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
+uci commit openclash

 enable_custom_dns=$(uci get openclash.config.enable_custom_dns 2>/dev/null)
 rule_source=$(uci get openclash.config.rule_source 2>/dev/null)
 enable_custom_clash_rules=$(uci get openclash.config.enable_custom_clash_rules 2>/dev/null) 
 ipv6_enable=$(uci get openclash.config.ipv6_enable 2>/dev/null)
 enable_redirect_dns=$(uci get openclash.config.enable_redirect_dns 2>/dev/null)
-direct_dns=$(uci get openclash.config.direct_dns 2>/dev/null)
 disable_masq_cache=$(uci get openclash.config.disable_masq_cache 2>/dev/null)
 proxy_mode=$(uci get openclash.config.proxy_mode 2>/dev/null)
 intranet_allowed=$(uci get openclash.config.intranet_allowed 2>/dev/null)
@ -110,6 +110,9 @@ cat >> "$DEBUG_LOG" <<-EOF
 运行状态: 未运行
 EOF
 fi
+if [ "$core_type" = "0" ]; then
+   core_type="未选择架构"
+fi
 cat >> "$DEBUG_LOG" <<-EOF
 已选择的架构: $core_type

@ -195,7 +198,6 @@ UDP流量转发: $(ts_cf "$enable_udp_proxy")
 DNS劫持: $(ts_cf "$enable_redirect_dns")
 自定义DNS: $(ts_cf "$enable_custom_dns")
 IPV6-DNS解析: $(ts_cf "$ipv6_enable")
-Real-IP-DNS地址: $direct_dns
 禁用Dnsmasq缓存: $(ts_cf "$disable_masq_cache")
 自定义规则: $(ts_cf "$enable_custom_clash_rules")
 仅允许内网: $(ts_cf "$intranet_allowed")
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_fake_block.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_fake_block.sh
@ -1,40 +0,0 @@
-#!/bin/bash /etc/rc.common
-
-START_LOG="/tmp/openclash_start.log"
-echo "正在设置Fake-IP黑名单..." >$START_LOG
-
-direct_dns=$(uci get openclash.config.direct_dns 2>/dev/null)
-[ -z "$direct_dns" ] && {
-	direct_dns="114.114.114.114"
-	}
-rm -rf /etc/openclash/dnsmasq_fake_block.conf 2>/dev/null
-for i in `cat /etc/openclash/custom/openclash_custom_fake_black.conf`
-do
-   if [ -z "$(echo $i |grep '^ \{0,\}#' 2>/dev/null)" ]; then
-      echo "server=/$i/$direct_dns" >>/etc/openclash/dnsmasq_fake_block.conf
-	 fi
-done
-
-cfg_server_address()
-{
-	 local section="$1"
-   config_get "server" "$section" "server" ""
-   
-   IFIP=$(echo $server |grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$")
-   if [ -z "$IFIP" ] && [ ! -z "$server" ]; then
-      echo "server=/$server/$direct_dns" >>/etc/openclash/dnsmasq_fake_block.conf
-      noip="false"
-   else
-      return
-   fi
-}
-
-#Fake下正确检测节点延迟
-noip="true"
-echo "#Server Nodes" >>/etc/openclash/dnsmasq_fake_block.conf
-config_load "openclash"
-config_foreach cfg_server_address "servers"
-[ "$noip" = "true" ] && {
-   sed -i '/#Server Nodes/d' /etc/openclash/dnsmasq_fake_block.conf 2>/dev/null
-}
-echo "" >$START_LOG
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_fake_filter.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_fake_filter.sh
@ -0,0 +1,46 @@
+#!/bin/bash
+. /lib/functions.sh
+
+START_LOG="/tmp/openclash_start.log"
+CUSTOM_FILE="/etc/openclash/custom/openclash_custom_fake_filter.list"
+FAKE_FILTER_FILE="/etc/openclash/fake_filter.list"
+SER_FAKE_FILTER_FILE="/etc/openclash/servers_fake_filter.conf"
+
+echo "正在设置Fake-IP黑名单..." >$START_LOG
+
+rm -rf "$FAKE_FILTER_FILE" 2>/dev/null
+if [ -s "$CUSTOM_FILE" ]; then
+   cat "$CUSTOM_FILE" |while read -r line
+   do
+      if [ -z "$(echo $line |grep '^ \{0,\}#' 2>/dev/null)" ]; then
+         echo "  - '$line'" >> "$FAKE_FILTER_FILE"
+      else
+         continue
+	    fi
+   done
+   if [ -s "$FAKE_FILTER_FILE" ]; then
+      sed -i '1i\##Custom fake-ip-filter##' "$FAKE_FILTER_FILE"
+      echo "##Custom fake-ip-filter END##" >> "$FAKE_FILTER_FILE"
+   else
+      rm -rf "$FAKE_FILTER_FILE" 2>/dev/null
+   fi
+fi
+
+cfg_server_address()
+{
+	 local section="$1"
+   config_get "server" "$section" "server" ""
+   
+   IFIP=$(echo $server |grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$")
+   if [ -z "$IFIP" ] && [ ! -z "$server" ]; then
+      echo "server=/$server/114.114.114.114" >> "$SER_FAKE_FILTER_FILE"
+   else
+      return
+   fi
+}
+
+#Fake下正确检测节点延迟
+
+rm -rf "$SER_FAKE_FILTER_FILE" 2>/dev/null
+config_load "openclash"
+config_foreach cfg_server_address "servers"
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_watchdog.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/openclash_watchdog.sh
@ -8,8 +8,10 @@ PROXY_ROUTE_TABLE="0x162"
 enable_redirect_dns=$(uci get openclash.config.enable_redirect_dns 2>/dev/null)
 dns_port=$(uci get openclash.config.dns_port 2>/dev/null)
 disable_masq_cache=$(uci get openclash.config.disable_masq_cache 2>/dev/null)
-CRASH_NUM=0
 en_mode=$(uci get openclash.config.en_mode 2>/dev/null)
+cfg_update_interval=$(uci get openclash.config.config_update_interval 2>/dev/null)
+CRASH_NUM=0
+CFG_UPDATE_INT=0

 if [ "$en_mode" = "fake-ip-tun" ] || [ "$en_mode" = "redir-host-tun" ]; then
   core_type="Tun"
@ -22,8 +24,11 @@ fi
 while :;
 do
   LOGTIME=$(date "+%Y-%m-%d %H:%M:%S")
+   cfg_update=$(uci get openclash.config.auto_update 2>/dev/null)
+   cfg_update_mode=$(uci get openclash.config.config_auto_update_mode 2>/dev/null)
+   cfg_update_interval_now=$(uci get openclash.config.config_update_interval 2>/dev/null)
   enable=$(uci get openclash.config.enable)
-   
+
 if [ "$enable" -eq 1 ]; then
 	if ! pidof clash >/dev/null; then
 		 CRASH_NUM=$(expr "$CRASH_NUM" + 1)
@ -71,14 +76,14 @@ fi
   fi
   
 ## DNS转发劫持
-   if [ "$enable_redirect_dns" != "0" ]; then
+   if [ "$enable_redirect_dns" -ne 0 ]; then
      if [ -z "$(uci get dhcp.@dnsmasq[0].server 2>/dev/null |grep "$dns_port")" ] || [ ! -z "$(uci get dhcp.@dnsmasq[0].server 2>/dev/null |awk -F ' ' '{print $2}')" ]; then
         echo "$LOGTIME Watchdog: Force Reset DNS Hijack." >> $LOG_FILE
         uci del dhcp.@dnsmasq[-1].server >/dev/null 2>&1
         uci add_list dhcp.@dnsmasq[0].server=127.0.0.1#"$dns_port"
         uci delete dhcp.@dnsmasq[0].resolvfile
         uci set dhcp.@dnsmasq[0].noresolv=1
-         [ "$disable_masq_cache" -eq "1" ] && {
+         [ "$disable_masq_cache" -eq 1 ] && {
         	uci set dhcp.@dnsmasq[0].cachesize=0
         }
         uci commit dhcp
@ -86,5 +91,20 @@ fi
      fi
   fi

+## 配置文件循环更新
+   if [ "$cfg_update" -eq 1 ] && [ "$cfg_update_mode" -eq 1 ]; then
+      if [ -z "$cfg_update_interval_now" ]; then
+         cfg_update_interval_now=60
+      fi
+      if [ -z "$cfg_update_interval" ]; then
+         cfg_update_interval=60
+      fi
+      [ "$cfg_update_interval" -ne "$cfg_update_interval_now" ] && CFG_UPDATE_INT=0 && cfg_update_interval="$cfg_update_interval_now"
+      if [ "$CFG_UPDATE_INT" -ne 0 ]; then
+         [ "$(expr "$CFG_UPDATE_INT" % "$cfg_update_interval_now")" -eq 0 ] && /usr/share/openclash/openclash.sh
+      fi
+      CFG_UPDATE_INT=$(expr "$CFG_UPDATE_INT" + 1)
+   fi
+
   sleep 60
 done 2>/dev/null
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_change.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_change.sh
@ -1,4 +1,5 @@
 #!/bin/sh
+
    #删除旧hosts配置
    hostlen=$(sed -n '/hosts:/=' "$7" 2>/dev/null)
    dnslen=$(sed -n '/dns:/=' "$7" 2>/dev/null)
@ -186,4 +187,30 @@
       sed -i '/^hosts:/a\##Custom HOSTS##' "$7" 2>/dev/null
 	     sed -i '/##Custom HOSTS##/r/etc/openclash/custom/openclash_custom_hosts.list' "$7" 2>/dev/null
 	     sed -i "/^hosts:/,/^dns:/ {s/^ \{0,\}'/  '/}" "$7" 2>/dev/null #修改参数空格
-	  fi
+	  fi
+	  
+	  sed -i "s/^ \{0,\}- /  - /" "$7" 2>/dev/null
+	  if [ ! -z "$(grep "^ \{0,\}default-nameserver:" "$7")" ]; then
+       sed -i "/^ \{0,\}default-nameserver:/c\  default-nameserver:" "$7"
+    fi
+    
+#fake-ip-filter
+    sed -i '/##Custom fake-ip-filter##/,/##Custom fake-ip-filter END##/d' "$7" 2>/dev/null    
+	  if [ "$2" = "fake-ip" ]; then
+      if [ ! -f "/etc/openclash/fake_filter.list" ] || [ ! -z "$(grep "config servers" /etc/config/openclash)" ]; then
+         /usr/share/openclash/openclash_fake_filter.sh
+      fi
+      if [ -s "/etc/openclash/servers_fake_filter.conf" ]; then
+         mkdir -p /tmp/dnsmasq.d
+         ln -s /etc/openclash/servers_fake_filter.conf /tmp/dnsmasq.d/dnsmasq_openclash.conf
+      fi
+      if [ -s "/etc/openclash/fake_filter.list" ]; then
+      	if [ ! -z "$(grep "^ \{0,\}fake-ip-filter:" "$7")" ]; then
+      	   sed -i "/^ \{0,\}fake-ip-filter:/c\  fake-ip-filter:" "$7"
+      	   sed -i '/fake-ip-filter:/r/etc/openclash/fake_filter.list' "$7" 2>/dev/null
+      	else
+      	   echo "  fake-ip-filter:" >> "$7"
+      	   sed -i '/fake-ip-filter:/r/etc/openclash/fake_filter.list' "$7" 2>/dev/null
+        fi
+      fi
+   fi
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_groups_get.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_groups_get.sh
@ -5,6 +5,7 @@ status=$(ps|grep -c /usr/share/openclash/yml_groups_get.sh)

 START_LOG="/tmp/openclash_start.log"
 CFG_FILE="/etc/config/openclash"
+servers_update=$(uci get openclash.config.servers_update 2>/dev/null)
 servers_if_update=$(uci get openclash.config.servers_if_update 2>/dev/null)
 CONFIG_FILE=$(uci get openclash.config.config_path 2>/dev/null)
 CONFIG_NAME=$(echo "$CONFIG_FILE" |awk -F '/' '{print $5}' 2>/dev/null)
@ -109,7 +110,7 @@ cfg_delete()
 config_load "openclash"
 config_foreach cfg_group_name "groups"

-if [ "$servers_if_update" -eq 1 ] && [ "$config_group_exist" -eq 1 ]; then
+if [ "$servers_if_update" -eq 1 ] && [ "$servers_update" -eq 1 ] && [ "$config_group_exist" -eq 1 ]; then
   /usr/share/openclash/yml_proxys_get.sh
   exit 0
 else
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_groups_set.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_groups_set.sh
@ -195,7 +195,7 @@ yml_groups_set()
   set_group=0
   set_proxy_provider=0
   
-   if [ "$type" = "select" ]; then
+   if [ "$type" = "select" ] || [ "$type" = "relay" ]; then
      config_list_foreach "$section" "other_group" set_other_groups #加入其他策略组
   fi
   
@ -209,9 +209,7 @@ yml_groups_set()

   echo "  use: $group_name" >>$GROUP_FILE
   
-   if [ "$type" != "relay" ]; then
-      config_foreach set_proxy_provider "proxy-provider" "$group_name" #加入代理集
-   fi
+   config_foreach set_proxy_provider "proxy-provider" "$group_name" #加入代理集

   if [ "$set_group" -eq 1 ]; then
      sed -i "/^ \{0,\}proxies: ${group_name}/c\  proxies:" $GROUP_FILE
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_proxys_get.sh
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/openclash/yml_proxys_get.sh
@ -159,7 +159,7 @@ cfg_new_provider_groups_get()
   ${uci_add}groups="${1}"
 }

-[ "$servers_update" -eq "1" ] && {
+[ "$servers_update" -eq 1 ] && {
 echo "" >"$match_provider"
 provider_nums=0
 config_load "openclash"
@ -214,7 +214,7 @@ do
   
   #代理集存在时获取代理集编号
   provider_nums=$(grep -Fw "$provider_name" "$match_provider" |awk -F '.' '{print $1}')
-   if [ "$servers_update" -eq "1" ] && [ ! -z "$provider_nums" ]; then
+   if [ "$servers_update" -eq 1 ] && [ ! -z "$provider_nums" ]; then
      sed -i "/^${provider_nums}\./c\#match#" "$match_provider" 2>/dev/null
      uci_set="uci -q set openclash.@proxy-provider["$provider_nums"]."
      ${uci_set}manual="0"
@ -237,7 +237,7 @@ do
      uci_set="uci -q set $name.$uci_name_tmp."
      uci_add="uci -q add_list $name.$uci_name_tmp."
   
-      if [ -z "$new_servers_group" ] && [ "$servers_if_update" = "1" ] && [ "$servers_update" -eq "1" ]; then
+      if [ -z "$new_servers_group" ] && [ "$servers_if_update" = "1" ] && [ "$servers_update" -eq 1 ]; then
         ${uci_set}enabled="0"
      else
         ${uci_set}enabled="1"
@ -429,7 +429,7 @@ cfg_new_servers_groups_get()
 	   
 echo "开始更新【$CONFIG_NAME】的服务器节点配置..." >$START_LOG

-[ "$servers_update" -eq "1" ] && {
+[ "$servers_update" -eq 1 ] && {
 echo "" >"$match_servers"
 server_num=0
 config_load "openclash"
@ -483,7 +483,7 @@ do
   
 #节点存在时获取节点编号
   server_num=$(grep -Fw "$server_name" "$match_servers" |awk -F '.' '{print $1}')
-   if [ "$servers_update" -eq "1" ] && [ ! -z "$server_num" ]; then
+   if [ "$servers_update" -eq 1 ] && [ ! -z "$server_num" ]; then
      sed -i "/^${server_num}\./c\#match#" "$match_servers" 2>/dev/null
   fi
   
@ -568,7 +568,7 @@ do
   
   echo "正在读取【$CONFIG_NAME】-【$server_type】-【$server_name】服务器节点配置..." >$START_LOG
   
-   if [ "$servers_update" -eq "1" ] && [ ! -z "$server_num" ]; then
+   if [ "$servers_update" -eq 1 ] && [ ! -z "$server_num" ]; then
 #更新已有节点
      uci_set="uci -q set openclash.@servers["$server_num"]."
      uci_add="uci -q add_list $name.$uci_name_tmp."
@ -646,7 +646,7 @@ do
      uci_set="uci -q set $name.$uci_name_tmp."
      uci_add="uci -q add_list $name.$uci_name_tmp."

-      if [ -z "$new_servers_group" ] && [ "$servers_if_update" = "1" ] && [ "$servers_update" -eq "1" ]; then
+      if [ -z "$new_servers_group" ] && [ "$servers_if_update" = "1" ] && [ "$servers_update" -eq 1 ]; then
         ${uci_set}enabled="0"
      else
         ${uci_set}enabled="1"
@ -772,7 +772,7 @@ fi

 uci set openclash.config.servers_if_update=0
 uci commit openclash
-/usr/share/openclash/cfg_servers_address_fake_block.sh
+/usr/share/openclash/cfg_servers_address_fake_filter.sh
 echo "配置文件【$CONFIG_NAME】读取完成！" >$START_LOG
 sleep 3
 echo "" >$START_LOG
--- a/package/ctcgfw/luci-app-openclash/files/usr/share/rpcd/acl.d/luci-app-openclash.json
+++ b/package/ctcgfw/luci-app-openclash/files/usr/share/rpcd/acl.d/luci-app-openclash.json
@ -0,0 +1,11 @@
+{
+	"luci-app-openclash": {
+		"description": "Grant UCI access for luci-app-openclash",
+		"read": {
+			"uci": [ "openclash" ]
+		},
+		"write": {
+			"uci": [ "openclash" ]
+		}
+	}
+}
--- a/package/ctcgfw/luci-app-openclash/i18n/zh-cn/openclash.zh-cn.po
+++ b/package/ctcgfw/luci-app-openclash/i18n/zh-cn/openclash.zh-cn.po
@ -203,7 +203,7 @@ msgstr "指定下方列表中域名的DNS服务器，只支持填写一个IP地
 msgid "Domain Names In The List Do Not Return Fake-IP, One rule per line"
 msgstr "每行请只填写一个域名，列表中的域名在（Fake-IP模式）下查询DNS时将返回真实IP地址，更改后点击上方按钮生效"

-msgid "Fake-IP Block List Update"
+msgid "Fake-IP-Filter List Update"
 msgstr "更新Fake-IP域名黑名单"

 msgid "Set OpenClash Upstream DNS Resolve Server"