Open eric-gitta-moore opened 1 year ago
可以访问youtu.be,不能访问google.com和google.com.hk
youtu.be的视频封面可以看到,视频加载就会转圈圈
OpenClash 调试日志
生成时间: 2023-03-23 22:33:38 插件版本: v0.45.103-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================# 主机型号: VMware, Inc. VMware Virtual Platform 固件版本: iStoreOS 21.02.3 2022121613 LuCI版本: git-22.258.47264-284140f 内核版本: 5.4.188 处理器架构: #此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: DNS劫持: Dnsmasq 转发 #DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874 #===================== 依赖检查 =====================# dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci >= 19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 未安装 unzip: 已安装 iptables-mod-tproxy: 已安装 kmod-ipt-tproxy: 已安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 kmod-ipt-nat: 已安装 #===================== 内核检查 =====================# 运行状态: 运行中 内核: 进程pid: 78494 运行权限: 78494: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2022.11.25-1-g4ca009a Tun内核文件: 存在 Tun内核运行权限: 正常 Dev内核版本: v1.12.0-1-g90b40a8 Dev内核文件: 存在 Dev内核运行权限: 正常 Meta内核版本: alpha-gbc5ab312 Meta内核文件: 存在 Meta内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/EEVPN.yaml 启动配置文件: /etc/openclash/EEVPN.yaml 运行模式: redir-host 默认代理模式: rule UDP流量转发(tproxy): 启用 自定义DNS: 停用 IPV6代理: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 停用 自定义规则: 停用 仅允许内网: 启用 仅代理命中规则流量: 停用 仅允许常用端口流量: 停用 绕过中国大陆IP: 停用 路由本机代理: 启用 #启动异常时建议关闭此项后重试 混合节点: 停用 保留配置: 停用 #启动异常时建议关闭此项后重试 第三方规则: 停用 #===================== 配置文件 =====================# mixed-port: 7893 allow-lan: true bind-address: "*" mode: rule log-level: silent external-controller: 0.0.0.0:9090 dns: enable: true ipv6: false default-nameserver: - 223.5.5.5 - 119.29.29.29 - 100.64.12.253 - 114.114.114.114 enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 use-hosts: true nameserver: - https://doh.pub/dns-query - https://dns.alidns.com/dns-query - 223.5.5.5 - 100.64.12.253 - 114.114.114.114 - 119.29.29.29 fallback: - https://doh.dns.sb/dns-query - https://dns.cloudflare.com/dns-query - https://dns.twnic.tw/dns-query - tls://8.8.4.4:853 fallback-filter: geoip: true ipcidr: - 240.0.0.0/4 - 0.0.0.0/32 listen: 0.0.0.0:7874 fake-ip-filter: - "+.*" proxy-groups: - name: EEVPN type: select proxies: - 自动选择 - 故障转移 - 香港 01 - 香港 02 - 台湾 01 - 台湾 02 - 新加坡 - 日本 - 美国 01 ChatGPT - 德国 - 芬兰 - 印度 - 意大利 - "\U0001F3F7官网:eevpn.com" - "\U0001F3F7国内免翻:11jiasu.com" - "\U0001F3F7邀请朋友获得20%佣金奖励" - name: 自动选择 type: url-test proxies: - 香港 01 - 香港 02 - 台湾 01 - 台湾 02 - 新加坡 - 日本 - 美国 01 ChatGPT - 德国 - 芬兰 - 印度 - 意大利 - "\U0001F3F7官网:eevpn.com" - "\U0001F3F7国内免翻:11jiasu.com" - "\U0001F3F7邀请朋友获得20%佣金奖励" url: http://www.gstatic.com/generate_204 interval: 86400 - name: 故障转移 type: fallback proxies: - 香港 01 - 香港 02 - 台湾 01 - 台湾 02 - 新加坡 - 日本 - 美国 01 ChatGPT - 德国 - 芬兰 - 印度 - 意大利 - "\U0001F3F7官网:eevpn.com" - "\U0001F3F7国内免翻:11jiasu.com" - "\U0001F3F7邀请朋友获得20%佣金奖励" url: http://www.gstatic.com/generate_204 interval: 7200 rules: - DST-PORT,7895,REJECT - DST-PORT,7892,REJECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - DOMAIN,a429f925-f4ea-4faf-92df-cb3a833e05e8.eevpn.xyz,DIRECT - DOMAIN-SUFFIX,services.googleapis.cn,EEVPN - DOMAIN-SUFFIX,xn--ngstr-lra8j.com,EEVPN - DOMAIN,safebrowsing.urlsec.qq.com,DIRECT - DOMAIN,safebrowsing.googleapis.com,DIRECT - DOMAIN,developer.apple.com,EEVPN - DOMAIN-SUFFIX,digicert.com,EEVPN - DOMAIN,ocsp.apple.com,EEVPN - DOMAIN,ocsp.comodoca.com,EEVPN - DOMAIN,ocsp.usertrust.com,EEVPN - DOMAIN,ocsp.sectigo.com,EEVPN - DOMAIN,ocsp.verisign.net,EEVPN - DOMAIN-SUFFIX,apple-dns.net,EEVPN - DOMAIN,testflight.apple.com,EEVPN - DOMAIN,sandbox.itunes.apple.com,EEVPN - DOMAIN,itunes.apple.com,EEVPN - DOMAIN-SUFFIX,apps.apple.com,EEVPN - DOMAIN-SUFFIX,blobstore.apple.com,EEVPN - DOMAIN,cvws.icloud-content.com,EEVPN - DOMAIN-SUFFIX,mzstatic.com,DIRECT - DOMAIN-SUFFIX,itunes.apple.com,DIRECT - DOMAIN-SUFFIX,icloud.com,DIRECT - DOMAIN-SUFFIX,icloud-content.com,DIRECT - DOMAIN-SUFFIX,me.com,DIRECT - DOMAIN-SUFFIX,aaplimg.com,DIRECT - DOMAIN-SUFFIX,cdn20.com,DIRECT - DOMAIN-SUFFIX,cdn-apple.com,DIRECT - DOMAIN-SUFFIX,akadns.net,DIRECT - DOMAIN-SUFFIX,akamaiedge.net,DIRECT - DOMAIN-SUFFIX,edgekey.net,DIRECT - DOMAIN-SUFFIX,mwcloudcdn.com,DIRECT - DOMAIN-SUFFIX,mwcname.com,DIRECT - DOMAIN-SUFFIX,apple.com,DIRECT - DOMAIN-SUFFIX,apple-cloudkit.com,DIRECT - DOMAIN-SUFFIX,apple-mapkit.com,DIRECT - DOMAIN-SUFFIX,126.com,DIRECT - DOMAIN-SUFFIX,126.net,DIRECT - DOMAIN-SUFFIX,127.net,DIRECT - DOMAIN-SUFFIX,163.com,DIRECT - DOMAIN-SUFFIX,360buyimg.com,DIRECT - DOMAIN-SUFFIX,36kr.com,DIRECT - DOMAIN-SUFFIX,acfun.tv,DIRECT - DOMAIN-SUFFIX,air-matters.com,DIRECT - DOMAIN-SUFFIX,aixifan.com,DIRECT - DOMAIN-KEYWORD,alicdn,DIRECT - DOMAIN-KEYWORD,alipay,DIRECT - DOMAIN-KEYWORD,taobao,DIRECT - DOMAIN-SUFFIX,amap.com,DIRECT - DOMAIN-SUFFIX,autonavi.com,DIRECT - DOMAIN-KEYWORD,baidu,DIRECT - DOMAIN-SUFFIX,bdimg.com,DIRECT - DOMAIN-SUFFIX,bdstatic.com,DIRECT - DOMAIN-SUFFIX,bilibili.com,DIRECT - DOMAIN-SUFFIX,bilivideo.com,DIRECT - DOMAIN-SUFFIX,caiyunapp.com,DIRECT - DOMAIN-SUFFIX,clouddn.com,DIRECT - DOMAIN-SUFFIX,cnbeta.com,DIRECT - DOMAIN-SUFFIX,cnbetacdn.com,DIRECT - DOMAIN-SUFFIX,cootekservice.com,DIRECT - DOMAIN-SUFFIX,csdn.net,DIRECT - DOMAIN-SUFFIX,ctrip.com,DIRECT - DOMAIN-SUFFIX,dgtle.com,DIRECT - DOMAIN-SUFFIX,dianping.com,DIRECT - DOMAIN-SUFFIX,douban.com,DIRECT - DOMAIN-SUFFIX,doubanio.com,DIRECT - DOMAIN-SUFFIX,duokan.com,DIRECT - DOMAIN-SUFFIX,easou.com,DIRECT - DOMAIN-SUFFIX,ele.me,DIRECT - DOMAIN-SUFFIX,feng.com,DIRECT - DOMAIN-SUFFIX,fir.im,DIRECT - DOMAIN-SUFFIX,frdic.com,DIRECT - DOMAIN-SUFFIX,g-cores.com,DIRECT - DOMAIN-SUFFIX,godic.net,DIRECT - DOMAIN-SUFFIX,gtimg.com,DIRECT - DOMAIN,cdn.hockeyapp.net,DIRECT - DOMAIN-SUFFIX,hongxiu.com,DIRECT - DOMAIN-SUFFIX,hxcdn.net,DIRECT - DOMAIN-SUFFIX,iciba.com,DIRECT - DOMAIN-SUFFIX,ifeng.com,DIRECT - DOMAIN-SUFFIX,ifengimg.com,DIRECT - DOMAIN-SUFFIX,ipip.net,DIRECT - DOMAIN-SUFFIX,iqiyi.com,DIRECT - DOMAIN-SUFFIX,jd.com,DIRECT - DOMAIN-SUFFIX,jianshu.com,DIRECT - DOMAIN-SUFFIX,knewone.com,DIRECT - DOMAIN-SUFFIX,le.com,DIRECT - DOMAIN-SUFFIX,lecloud.com,DIRECT - DOMAIN-SUFFIX,lemicp.com,DIRECT - DOMAIN-SUFFIX,licdn.com,DIRECT - DOMAIN-SUFFIX,luoo.net,DIRECT - DOMAIN-SUFFIX,meituan.com,DIRECT - DOMAIN-SUFFIX,meituan.net,DIRECT - DOMAIN-SUFFIX,mi.com,DIRECT - DOMAIN-SUFFIX,miaopai.com,DIRECT - DOMAIN-SUFFIX,microsoft.com,DIRECT - DOMAIN-SUFFIX,microsoftonline.com,DIRECT - DOMAIN-SUFFIX,miui.com,DIRECT - DOMAIN-SUFFIX,miwifi.com,DIRECT - DOMAIN-SUFFIX,mob.com,DIRECT - DOMAIN-SUFFIX,netease.com,DIRECT - DOMAIN-SUFFIX,office.com,DIRECT - DOMAIN-SUFFIX,office365.com,DIRECT - DOMAIN-KEYWORD,officecdn,DIRECT - DOMAIN-SUFFIX,oschina.net,DIRECT - DOMAIN-SUFFIX,ppsimg.com,DIRECT - DOMAIN-SUFFIX,pstatp.com,DIRECT - DOMAIN-SUFFIX,qcloud.com,DIRECT - DOMAIN-SUFFIX,qdaily.com,DIRECT - DOMAIN-SUFFIX,qdmm.com,DIRECT - DOMAIN-SUFFIX,qhimg.com,DIRECT - DOMAIN-SUFFIX,qhres.com,DIRECT - DOMAIN-SUFFIX,qidian.com,DIRECT - DOMAIN-SUFFIX,qihucdn.com,DIRECT - DOMAIN-SUFFIX,qiniu.com,DIRECT - DOMAIN-SUFFIX,qiniucdn.com,DIRECT - DOMAIN-SUFFIX,qiyipic.com,DIRECT - DOMAIN-SUFFIX,qq.com,DIRECT - DOMAIN-SUFFIX,qqurl.com,DIRECT - DOMAIN-SUFFIX,rarbg.to,DIRECT - DOMAIN-SUFFIX,ruguoapp.com,DIRECT - DOMAIN-SUFFIX,segmentfault.com,DIRECT - DOMAIN-SUFFIX,sinaapp.com,DIRECT - DOMAIN-SUFFIX,smzdm.com,DIRECT - DOMAIN-SUFFIX,snapdrop.net,DIRECT - DOMAIN-SUFFIX,sogou.com,DIRECT - DOMAIN-SUFFIX,sogoucdn.com,DIRECT - DOMAIN-SUFFIX,sohu.com,DIRECT - DOMAIN-SUFFIX,soku.com,DIRECT - DOMAIN-SUFFIX,speedtest.net,DIRECT - DOMAIN-SUFFIX,sspai.com,DIRECT - DOMAIN-SUFFIX,suning.com,DIRECT - DOMAIN-SUFFIX,taobao.com,DIRECT - DOMAIN-SUFFIX,tencent.com,DIRECT - DOMAIN-SUFFIX,tenpay.com,DIRECT - DOMAIN-SUFFIX,tianyancha.com,DIRECT - DOMAIN-SUFFIX,tmall.com,DIRECT - DOMAIN-SUFFIX,tudou.com,DIRECT - DOMAIN-SUFFIX,umetrip.com,DIRECT - DOMAIN-SUFFIX,upaiyun.com,DIRECT - DOMAIN-SUFFIX,upyun.com,DIRECT - DOMAIN-SUFFIX,veryzhun.com,DIRECT - DOMAIN-SUFFIX,weather.com,DIRECT - DOMAIN-SUFFIX,weibo.com,DIRECT - DOMAIN-SUFFIX,xiami.com,DIRECT - DOMAIN-SUFFIX,xiami.net,DIRECT - DOMAIN-SUFFIX,xiaomicp.com,DIRECT - DOMAIN-SUFFIX,ximalaya.com,DIRECT - DOMAIN-SUFFIX,xmcdn.com,DIRECT - DOMAIN-SUFFIX,xunlei.com,DIRECT - DOMAIN-SUFFIX,yhd.com,DIRECT - DOMAIN-SUFFIX,yihaodianimg.com,DIRECT - DOMAIN-SUFFIX,yinxiang.com,DIRECT - DOMAIN-SUFFIX,ykimg.com,DIRECT - DOMAIN-SUFFIX,youdao.com,DIRECT - DOMAIN-SUFFIX,youku.com,DIRECT - DOMAIN-SUFFIX,zealer.com,DIRECT - DOMAIN-SUFFIX,zhihu.com,DIRECT - DOMAIN-SUFFIX,zhimg.com,DIRECT - DOMAIN-SUFFIX,zimuzu.tv,DIRECT - DOMAIN-SUFFIX,zoho.com,DIRECT - DOMAIN-KEYWORD,amazon,EEVPN - DOMAIN-KEYWORD,google,EEVPN - DOMAIN-KEYWORD,gmail,EEVPN - DOMAIN-KEYWORD,youtube,EEVPN - DOMAIN-KEYWORD,facebook,EEVPN - DOMAIN-SUFFIX,fb.me,EEVPN - DOMAIN-SUFFIX,fbcdn.net,EEVPN - DOMAIN-KEYWORD,twitter,EEVPN - DOMAIN-KEYWORD,instagram,EEVPN - DOMAIN-KEYWORD,dropbox,EEVPN - DOMAIN-SUFFIX,twimg.com,EEVPN - DOMAIN-KEYWORD,blogspot,EEVPN - DOMAIN-SUFFIX,youtu.be,EEVPN - DOMAIN-KEYWORD,whatsapp,EEVPN - DOMAIN-KEYWORD,admarvel,REJECT - DOMAIN-KEYWORD,admaster,REJECT - DOMAIN-KEYWORD,adsage,REJECT - DOMAIN-KEYWORD,adsmogo,REJECT - DOMAIN-KEYWORD,adsrvmedia,REJECT - DOMAIN-KEYWORD,adwords,REJECT - DOMAIN-KEYWORD,adservice,REJECT - DOMAIN-SUFFIX,appsflyer.com,REJECT - DOMAIN-KEYWORD,domob,REJECT - DOMAIN-SUFFIX,doubleclick.net,REJECT - DOMAIN-KEYWORD,duomeng,REJECT - DOMAIN-KEYWORD,dwtrack,REJECT - DOMAIN-KEYWORD,guanggao,REJECT - DOMAIN-KEYWORD,lianmeng,REJECT - DOMAIN-SUFFIX,mmstat.com,REJECT - DOMAIN-KEYWORD,mopub,REJECT - DOMAIN-KEYWORD,omgmta,REJECT - DOMAIN-KEYWORD,openx,REJECT - DOMAIN-KEYWORD,partnerad,REJECT - DOMAIN-KEYWORD,pingfore,REJECT - DOMAIN-KEYWORD,supersonicads,REJECT - DOMAIN-KEYWORD,uedas,REJECT - DOMAIN-KEYWORD,umeng,REJECT - DOMAIN-KEYWORD,usage,REJECT - DOMAIN-SUFFIX,vungle.com,REJECT - DOMAIN-KEYWORD,wlmonitor,REJECT - DOMAIN-KEYWORD,zjtoolbar,REJECT - DOMAIN-SUFFIX,9to5mac.com,EEVPN - DOMAIN-SUFFIX,abpchina.org,EEVPN - DOMAIN-SUFFIX,adblockplus.org,EEVPN - DOMAIN-SUFFIX,adobe.com,EEVPN - DOMAIN-SUFFIX,akamaized.net,EEVPN - DOMAIN-SUFFIX,alfredapp.com,EEVPN - DOMAIN-SUFFIX,amplitude.com,EEVPN - DOMAIN-SUFFIX,ampproject.org,EEVPN - DOMAIN-SUFFIX,android.com,EEVPN - DOMAIN-SUFFIX,angularjs.org,EEVPN - DOMAIN-SUFFIX,aolcdn.com,EEVPN - DOMAIN-SUFFIX,apkpure.com,EEVPN - DOMAIN-SUFFIX,appledaily.com,EEVPN - DOMAIN-SUFFIX,appshopper.com,EEVPN - DOMAIN-SUFFIX,appspot.com,EEVPN - DOMAIN-SUFFIX,arcgis.com,EEVPN - DOMAIN-SUFFIX,archive.org,EEVPN - DOMAIN-SUFFIX,armorgames.com,EEVPN - DOMAIN-SUFFIX,aspnetcdn.com,EEVPN - DOMAIN-SUFFIX,att.com,EEVPN - DOMAIN-SUFFIX,awsstatic.com,EEVPN - DOMAIN-SUFFIX,azureedge.net,EEVPN - DOMAIN-SUFFIX,azurewebsites.net,EEVPN - DOMAIN-SUFFIX,bing.com,EEVPN - DOMAIN-SUFFIX,bintray.com,EEVPN - DOMAIN-SUFFIX,bit.com,EEVPN - DOMAIN-SUFFIX,bit.ly,EEVPN - DOMAIN-SUFFIX,bitbucket.org,EEVPN - DOMAIN-SUFFIX,bjango.com,EEVPN - DOMAIN-SUFFIX,bkrtx.com,EEVPN - DOMAIN-SUFFIX,blog.com,EEVPN - DOMAIN-SUFFIX,blogcdn.com,EEVPN - DOMAIN-SUFFIX,blogger.com,EEVPN - DOMAIN-SUFFIX,blogsmithmedia.com,EEVPN - DOMAIN-SUFFIX,blogspot.com,EEVPN - DOMAIN-SUFFIX,blogspot.hk,EEVPN - DOMAIN-SUFFIX,bloomberg.com,EEVPN - DOMAIN-SUFFIX,box.com,EEVPN - DOMAIN-SUFFIX,box.net,EEVPN - DOMAIN-SUFFIX,cachefly.net,EEVPN - DOMAIN-SUFFIX,chromium.org,EEVPN - DOMAIN-SUFFIX,cl.ly,EEVPN - DOMAIN-SUFFIX,cloudflare.com,EEVPN - DOMAIN-SUFFIX,cloudfront.net,EEVPN - DOMAIN-SUFFIX,cloudmagic.com,EEVPN - DOMAIN-SUFFIX,cmail19.com,EEVPN - DOMAIN-SUFFIX,cnet.com,EEVPN - DOMAIN-SUFFIX,cocoapods.org,EEVPN - DOMAIN-SUFFIX,comodoca.com,EEVPN - DOMAIN-SUFFIX,crashlytics.com,EEVPN - DOMAIN-SUFFIX,culturedcode.com,EEVPN - DOMAIN-SUFFIX,d.pr,EEVPN - DOMAIN-SUFFIX,danilo.to,EEVPN - DOMAIN-SUFFIX,dayone.me,EEVPN - DOMAIN-SUFFIX,db.tt,EEVPN - DOMAIN-SUFFIX,deskconnect.com,EEVPN - DOMAIN-SUFFIX,disq.us,EEVPN - DOMAIN-SUFFIX,disqus.com,EEVPN - DOMAIN-SUFFIX,disquscdn.com,EEVPN - DOMAIN-SUFFIX,dnsimple.com,EEVPN - DOMAIN-SUFFIX,docker.com,EEVPN - DOMAIN-SUFFIX,dribbble.com,EEVPN - DOMAIN-SUFFIX,droplr.com,EEVPN - DOMAIN-SUFFIX,duckduckgo.com,EEVPN - DOMAIN-SUFFIX,dueapp.com,EEVPN - DOMAIN-SUFFIX,dytt8.net,EEVPN - DOMAIN-SUFFIX,edgecastcdn.net,EEVPN - DOMAIN-SUFFIX,edgekey.net,EEVPN - DOMAIN-SUFFIX,edgesuite.net,EEVPN - DOMAIN-SUFFIX,engadget.com,EEVPN - DOMAIN-SUFFIX,entrust.net,EEVPN - DOMAIN-SUFFIX,eurekavpt.com,EEVPN - DOMAIN-SUFFIX,evernote.com,EEVPN - DOMAIN-SUFFIX,fabric.io,EEVPN - DOMAIN-SUFFIX,fast.com,EEVPN - DOMAIN-SUFFIX,fastly.net,EEVPN - DOMAIN-SUFFIX,fc2.com,EEVPN - DOMAIN-SUFFIX,feedburner.com,EEVPN - DOMAIN-SUFFIX,feedly.com,EEVPN - DOMAIN-SUFFIX,feedsportal.com,EEVPN - DOMAIN-SUFFIX,fiftythree.com,EEVPN - DOMAIN-SUFFIX,firebaseio.com,EEVPN - DOMAIN-SUFFIX,flexibits.com,EEVPN - DOMAIN-SUFFIX,flickr.com,EEVPN - DOMAIN-SUFFIX,flipboard.com,EEVPN - DOMAIN-SUFFIX,g.co,EEVPN - DOMAIN-SUFFIX,gabia.net,EEVPN - DOMAIN-SUFFIX,geni.us,EEVPN - DOMAIN-SUFFIX,gfx.ms,EEVPN - DOMAIN-SUFFIX,ggpht.com,EEVPN - DOMAIN-SUFFIX,ghostnoteapp.com,EEVPN - DOMAIN-SUFFIX,git.io,EEVPN - DOMAIN-KEYWORD,github,EEVPN - DOMAIN-SUFFIX,globalsign.com,EEVPN - DOMAIN-SUFFIX,gmodules.com,EEVPN - DOMAIN-SUFFIX,godaddy.com,EEVPN - DOMAIN-SUFFIX,golang.org,EEVPN - DOMAIN-SUFFIX,gongm.in,EEVPN - DOMAIN-SUFFIX,goo.gl,EEVPN - DOMAIN-SUFFIX,goodreaders.com,EEVPN - DOMAIN-SUFFIX,goodreads.com,EEVPN - DOMAIN-SUFFIX,gravatar.com,EEVPN - DOMAIN-SUFFIX,gstatic.com,EEVPN - DOMAIN-SUFFIX,gvt0.com,EEVPN - DOMAIN-SUFFIX,hockeyapp.net,EEVPN - DOMAIN-SUFFIX,hotmail.com,EEVPN - DOMAIN-SUFFIX,icons8.com,EEVPN - DOMAIN-SUFFIX,ifixit.com,EEVPN - DOMAIN-SUFFIX,ift.tt,EEVPN - DOMAIN-SUFFIX,ifttt.com,EEVPN - DOMAIN-SUFFIX,iherb.com,EEVPN - DOMAIN-SUFFIX,imageshack.us,EEVPN - DOMAIN-SUFFIX,img.ly,EEVPN - DOMAIN-SUFFIX,imgur.com,EEVPN - DOMAIN-SUFFIX,imore.com,EEVPN - DOMAIN-SUFFIX,instapaper.com,EEVPN - DOMAIN-SUFFIX,ipn.li,EEVPN - DOMAIN-SUFFIX,is.gd,EEVPN - DOMAIN-SUFFIX,issuu.com,EEVPN - DOMAIN-SUFFIX,itgonglun.com,EEVPN - DOMAIN-SUFFIX,itun.es,EEVPN - DOMAIN-SUFFIX,ixquick.com,EEVPN - DOMAIN-SUFFIX,j.mp,EEVPN - DOMAIN-SUFFIX,js.revsci.net,EEVPN - DOMAIN-SUFFIX,jshint.com,EEVPN - DOMAIN-SUFFIX,jtvnw.net,EEVPN - DOMAIN-SUFFIX,justgetflux.com,EEVPN - DOMAIN-SUFFIX,kat.cr,EEVPN - DOMAIN-SUFFIX,klip.me,EEVPN - DOMAIN-SUFFIX,libsyn.com,EEVPN - DOMAIN-SUFFIX,linkedin.com,EEVPN - DOMAIN-SUFFIX,line-apps.com,EEVPN - DOMAIN-SUFFIX,linode.com,EEVPN - DOMAIN-SUFFIX,lithium.com,EEVPN - DOMAIN-SUFFIX,littlehj.com,EEVPN - DOMAIN-SUFFIX,live.com,EEVPN - DOMAIN-SUFFIX,live.net,EEVPN - DOMAIN-SUFFIX,livefilestore.com,EEVPN - DOMAIN-SUFFIX,llnwd.net,EEVPN - DOMAIN-SUFFIX,macid.co,EEVPN - DOMAIN-SUFFIX,macromedia.com,EEVPN - DOMAIN-SUFFIX,macrumors.com,EEVPN - DOMAIN-SUFFIX,mashable.com,EEVPN - DOMAIN-SUFFIX,mathjax.org,EEVPN - DOMAIN-SUFFIX,medium.com,EEVPN - DOMAIN-SUFFIX,mega.co.nz,EEVPN - DOMAIN-SUFFIX,mega.nz,EEVPN - DOMAIN-SUFFIX,megaupload.com,EEVPN - DOMAIN-SUFFIX,microsofttranslator.com,EEVPN - DOMAIN-SUFFIX,mindnode.com,EEVPN - DOMAIN-SUFFIX,mobile01.com,EEVPN - DOMAIN-SUFFIX,modmyi.com,EEVPN - DOMAIN-SUFFIX,msedge.net,EEVPN - DOMAIN-SUFFIX,myfontastic.com,EEVPN - DOMAIN-SUFFIX,name.com,EEVPN - DOMAIN-SUFFIX,nextmedia.com,EEVPN - DOMAIN-SUFFIX,nsstatic.net,EEVPN - DOMAIN-SUFFIX,nssurge.com,EEVPN - DOMAIN-SUFFIX,nyt.com,EEVPN - DOMAIN-SUFFIX,nytimes.com,EEVPN - DOMAIN-SUFFIX,omnigroup.com,EEVPN - DOMAIN-SUFFIX,onedrive.com,EEVPN - DOMAIN-SUFFIX,onenote.com,EEVPN - DOMAIN-SUFFIX,ooyala.com,EEVPN - DOMAIN-SUFFIX,openvpn.net,EEVPN - DOMAIN-SUFFIX,openwrt.org,EEVPN - DOMAIN-SUFFIX,orkut.com,EEVPN - DOMAIN-SUFFIX,osxdaily.com,EEVPN - DOMAIN-SUFFIX,outlook.com,EEVPN - DOMAIN-SUFFIX,ow.ly,EEVPN - DOMAIN-SUFFIX,paddleapi.com,EEVPN - DOMAIN-SUFFIX,parallels.com,EEVPN - DOMAIN-SUFFIX,parse.com,EEVPN - DOMAIN-SUFFIX,pdfexpert.com,EEVPN - DOMAIN-SUFFIX,periscope.tv,EEVPN - DOMAIN-SUFFIX,pinboard.in,EEVPN - DOMAIN-SUFFIX,pinterest.com,EEVPN - DOMAIN-SUFFIX,pixelmator.com,EEVPN - DOMAIN-SUFFIX,pixiv.net,EEVPN - DOMAIN-SUFFIX,playpcesor.com,EEVPN - DOMAIN-SUFFIX,playstation.com,EEVPN - DOMAIN-SUFFIX,playstation.com.hk,EEVPN - DOMAIN-SUFFIX,playstation.net,EEVPN - DOMAIN-SUFFIX,playstationnetwork.com,EEVPN - DOMAIN-SUFFIX,pushwoosh.com,EEVPN - DOMAIN-SUFFIX,rime.im,EEVPN - DOMAIN-SUFFIX,servebom.com,EEVPN - DOMAIN-SUFFIX,sfx.ms,EEVPN - DOMAIN-SUFFIX,shadowsocks.org,EEVPN - DOMAIN-SUFFIX,sharethis.com,EEVPN - DOMAIN-SUFFIX,shazam.com,EEVPN - DOMAIN-SUFFIX,skype.com,EEVPN - DOMAIN-SUFFIX,smartdnsEEVPN.com,EEVPN - DOMAIN-SUFFIX,smartmailcloud.com,EEVPN - DOMAIN-SUFFIX,sndcdn.com,EEVPN - DOMAIN-SUFFIX,sony.com,EEVPN - DOMAIN-SUFFIX,soundcloud.com,EEVPN - DOMAIN-SUFFIX,sourceforge.net,EEVPN - DOMAIN-SUFFIX,spotify.com,EEVPN - DOMAIN-SUFFIX,squarespace.com,EEVPN - DOMAIN-SUFFIX,sstatic.net,EEVPN - DOMAIN-SUFFIX,st.luluku.pw,EEVPN - DOMAIN-SUFFIX,stackoverflow.com,EEVPN - DOMAIN-SUFFIX,startpage.com,EEVPN - DOMAIN-SUFFIX,staticflickr.com,EEVPN - DOMAIN-SUFFIX,steamcommunity.com,EEVPN - DOMAIN-SUFFIX,symauth.com,EEVPN - DOMAIN-SUFFIX,symcb.com,EEVPN - DOMAIN-SUFFIX,symcd.com,EEVPN - DOMAIN-SUFFIX,tapbots.com,EEVPN - DOMAIN-SUFFIX,tapbots.net,EEVPN - DOMAIN-SUFFIX,tdesktop.com,EEVPN - DOMAIN-SUFFIX,techcrunch.com,EEVPN - DOMAIN-SUFFIX,techsmith.com,EEVPN - DOMAIN-SUFFIX,thepiratebay.org,EEVPN - DOMAIN-SUFFIX,theverge.com,EEVPN - DOMAIN-SUFFIX,time.com,EEVPN - DOMAIN-SUFFIX,timeinc.net,EEVPN - DOMAIN-SUFFIX,tiny.cc,EEVPN - DOMAIN-SUFFIX,tinypic.com,EEVPN - DOMAIN-SUFFIX,tmblr.co,EEVPN - DOMAIN-SUFFIX,todoist.com,EEVPN - DOMAIN-SUFFIX,trello.com,EEVPN - DOMAIN-SUFFIX,trustasiassl.com,EEVPN - DOMAIN-SUFFIX,tumblr.co,EEVPN - DOMAIN-SUFFIX,tumblr.com,EEVPN - DOMAIN-SUFFIX,tweetdeck.com,EEVPN - DOMAIN-SUFFIX,tweetmarker.net,EEVPN - DOMAIN-SUFFIX,twitch.tv,EEVPN - DOMAIN-SUFFIX,txmblr.com,EEVPN - DOMAIN-SUFFIX,typekit.net,EEVPN - DOMAIN-SUFFIX,ubertags.com,EEVPN - DOMAIN-SUFFIX,ublock.org,EEVPN - DOMAIN-SUFFIX,ubnt.com,EEVPN - DOMAIN-SUFFIX,ulyssesapp.com,EEVPN - DOMAIN-SUFFIX,urchin.com,EEVPN - DOMAIN-SUFFIX,usertrust.com,EEVPN - DOMAIN-SUFFIX,v.gd,EEVPN - DOMAIN-SUFFIX,v2ex.com,EEVPN - DOMAIN-SUFFIX,vimeo.com,EEVPN - DOMAIN-SUFFIX,vimeocdn.com,EEVPN - DOMAIN-SUFFIX,vine.co,EEVPN - DOMAIN-SUFFIX,vivaldi.com,EEVPN - DOMAIN-SUFFIX,vox-cdn.com,EEVPN - DOMAIN-SUFFIX,vsco.co,EEVPN - DOMAIN-SUFFIX,vultr.com,EEVPN - DOMAIN-SUFFIX,w.org,EEVPN - DOMAIN-SUFFIX,w3schools.com,EEVPN - DOMAIN-SUFFIX,webtype.com,EEVPN - DOMAIN-SUFFIX,wikiwand.com,EEVPN - DOMAIN-SUFFIX,wikileaks.org,EEVPN - DOMAIN-SUFFIX,wikimedia.org,EEVPN - DOMAIN-SUFFIX,wikipedia.com,EEVPN - DOMAIN-SUFFIX,wikipedia.org,EEVPN - DOMAIN-SUFFIX,windows.com,EEVPN - DOMAIN-SUFFIX,windows.net,EEVPN - DOMAIN-SUFFIX,wire.com,EEVPN - DOMAIN-SUFFIX,wordpress.com,EEVPN - DOMAIN-SUFFIX,workflowy.com,EEVPN - DOMAIN-SUFFIX,wp.com,EEVPN - DOMAIN-SUFFIX,wsj.com,EEVPN - DOMAIN-SUFFIX,wsj.net,EEVPN - DOMAIN-SUFFIX,xda-developers.com,EEVPN - DOMAIN-SUFFIX,xeeno.com,EEVPN - DOMAIN-SUFFIX,xiti.com,EEVPN - DOMAIN-SUFFIX,yahoo.com,EEVPN - DOMAIN-SUFFIX,yimg.com,EEVPN - DOMAIN-SUFFIX,ying.com,EEVPN - DOMAIN-SUFFIX,yoyo.org,EEVPN - DOMAIN-SUFFIX,ytimg.com,EEVPN - DOMAIN-SUFFIX,telegra.ph,EEVPN - DOMAIN-SUFFIX,telegram.org,EEVPN - IP-CIDR,91.108.4.0/22,EEVPN,no-resolve - IP-CIDR,91.108.8.0/21,EEVPN,no-resolve - IP-CIDR,91.108.16.0/22,EEVPN,no-resolve - IP-CIDR,91.108.56.0/22,EEVPN,no-resolve - IP-CIDR,149.154.160.0/20,EEVPN,no-resolve - IP-CIDR6,2001:67c:4e8::/48,EEVPN,no-resolve - IP-CIDR6,2001:b28:f23d::/48,EEVPN,no-resolve - IP-CIDR6,2001:b28:f23f::/48,EEVPN,no-resolve - IP-CIDR,120.232.181.162/32,EEVPN,no-resolve - IP-CIDR,120.241.147.226/32,EEVPN,no-resolve - IP-CIDR,120.253.253.226/32,EEVPN,no-resolve - IP-CIDR,120.253.255.162/32,EEVPN,no-resolve - IP-CIDR,120.253.255.34/32,EEVPN,no-resolve - IP-CIDR,120.253.255.98/32,EEVPN,no-resolve - IP-CIDR,180.163.150.162/32,EEVPN,no-resolve - IP-CIDR,180.163.150.34/32,EEVPN,no-resolve - IP-CIDR,180.163.151.162/32,EEVPN,no-resolve - IP-CIDR,180.163.151.34/32,EEVPN,no-resolve - IP-CIDR,203.208.39.0/24,EEVPN,no-resolve - IP-CIDR,203.208.40.0/24,EEVPN,no-resolve - IP-CIDR,203.208.41.0/24,EEVPN,no-resolve - IP-CIDR,203.208.43.0/24,EEVPN,no-resolve - IP-CIDR,203.208.50.0/24,EEVPN,no-resolve - IP-CIDR,220.181.174.162/32,EEVPN,no-resolve - IP-CIDR,220.181.174.226/32,EEVPN,no-resolve - IP-CIDR,220.181.174.34/32,EEVPN,no-resolve - DOMAIN,injections.adguard.org,DIRECT - DOMAIN,local.adguard.org,DIRECT - DOMAIN-SUFFIX,local,DIRECT - IP-CIDR,127.0.0.0/8,DIRECT - IP-CIDR,172.16.0.0/12,DIRECT - IP-CIDR,192.168.0.0/16,DIRECT - IP-CIDR,10.0.0.0/8,DIRECT - IP-CIDR,17.0.0.0/8,DIRECT - IP-CIDR,100.64.0.0/10,DIRECT - IP-CIDR,224.0.0.0/4,DIRECT - IP-CIDR6,fe80::/10,DIRECT - DOMAIN-SUFFIX,cn,DIRECT - DOMAIN-KEYWORD,-cn,DIRECT - GEOIP,CN,DIRECT - MATCH,EEVPN redir-port: 7892 tproxy-port: 7895 port: 7890 socks-port: 7891 external-ui: "/usr/share/openclash/ui" ipv6: false profile: store-selected: true store-fake-ip: true authentication: - Clash:fkiD3Yjd #===================== 自定义覆写设置 =====================# #!/bin/sh . /usr/share/openclash/ruby.sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts LOG_OUT "Tip: Start Running Custom Overwrite Scripts..." LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S")) LOG_FILE="/tmp/openclash.log" CONFIG_FILE="$1" #config path #Simple Demo: #General Demo #1--config path #2--key name #3--value #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892" #ruby_edit "$CONFIG_FILE" "['secret']" "123456" #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true" #Hash Demo #1--config path #2--key name #3--hash type value #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}" #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}" #Array Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114" #Array Add From Yaml File Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value file path #5--value key name in #4 file #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']" #Ruby Script Demo: #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e " # begin # Value = YAML.load_file('$CONFIG_FILE'); # rescue Exception => e # puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】'; # end; #General # begin # Thread.new{ # Value['redir-port']=7892; # Value['tproxy-port']=7895; # Value['port']=7890; # Value['socks-port']=7891; # Value['mixed-port']=7893; # }.join; # rescue Exception => e # puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】'; # ensure # File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)}; # end" 2>/dev/null >> $LOG_FILE exit 0 #===================== 自定义防火墙设置 =====================# #!/bin/sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules LOG_OUT "Tip: Start Add Custom Firewall Rules..." exit 0 #===================== IPTABLES 防火墙设置 =====================# #IPv4 NAT chain # Generated by iptables-save v1.8.7 on Thu Mar 23 22:33:42 2023 *nat :PREROUTING ACCEPT [16:1108] :INPUT ACCEPT [45:2555] :OUTPUT ACCEPT [39:2340] :POSTROUTING ACCEPT [39:2340] :DOCKER - [0:0] :MINIUPNPD - [0:0] :MINIUPNPD-POSTROUTING - [0:0] :openclash - [0:0] :openclash_output - [0:0] :postrouting_docker_rule - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_wan_rule - [0:0] :prerouting_docker_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_wan_rule - [0:0] :zone_docker_postrouting - [0:0] :zone_docker_prerouting - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] -A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i eth0.12 -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting -A PREROUTING -p tcp -j openclash -A OUTPUT -j openclash_output -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o eth0.12 -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting -A DOCKER -i docker0 -j RETURN -A openclash -p tcp -m tcp --sport 8897 -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p tcp -j REDIRECT --to-ports 7892 -A openclash_output -p tcp -m tcp --sport 8897 -j RETURN -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule -A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule -A zone_lan_postrouting -j MINIUPNPD-POSTROUTING -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule -A zone_lan_prerouting -j MINIUPNPD -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule -A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule -A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT COMMIT # Completed on Thu Mar 23 22:33:42 2023 #IPv4 Mangle chain # Generated by iptables-save v1.8.7 on Thu Mar 23 22:33:42 2023 *mangle :PREROUTING ACCEPT [1610:467924] :INPUT ACCEPT [1608:467759] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1595:892973] :POSTROUTING ACCEPT [1616:898076] :openclash - [0:0] :openclash_upnp - [0:0] :qos_Default - [0:0] :qos_Default_ct - [0:0] -A PREROUTING -p udp -j openclash -A openclash -p udp -m udp --sport 500 -j RETURN -A openclash -p udp -m udp --sport 68 -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p udp -m udp --dport 53 -j RETURN -A openclash -p udp -j openclash_upnp -A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff -A qos_Default -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf -A qos_Default -m mark --mark 0x0/0xf -j qos_Default_ct -A qos_Default -p udp -m mark --mark 0x0/0xf0 -m length --length 0:500 -j MARK --set-xmark 0x22/0xff -A qos_Default -p icmp -j MARK --set-xmark 0x11/0xff -A qos_Default -p tcp -m mark --mark 0x0/0xf0 -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff -A qos_Default -p udp -m mark --mark 0x0/0xf0 -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff -A qos_Default -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff -A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff -A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff -A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment "ftp, smtp, http(s), imap" -j MARK --set-xmark 0x33/0xff -A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff -A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff -A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff COMMIT # Completed on Thu Mar 23 22:33:42 2023 #IPv4 Filter chain # Generated by iptables-save v1.8.7 on Thu Mar 23 22:33:42 2023 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :DOCKER - [0:0] :DOCKER-BLOCKED - [0:0] :DOCKER-ISOLATION-STAGE-1 - [0:0] :DOCKER-ISOLATION-STAGE-2 - [0:0] :DOCKER-USER - [0:0] :MINIUPNPD - [0:0] :forwarding_docker_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_docker_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :output_docker_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_docker_dest_ACCEPT - [0:0] :zone_docker_forward - [0:0] :zone_docker_input - [0:0] :zone_docker_output - [0:0] :zone_docker_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_ACCEPT - [0:0] -A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i eth0.12 -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i eth0.12 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o eth0.12 -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN -A DOCKER-USER -j DOCKER-BLOCKED -A DOCKER-USER -j RETURN -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT -A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule -A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule -A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT -A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule -A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o eth0.12 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_lan_input -j MINIUPNPD -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_src_ACCEPT -i eth0.12 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT COMMIT # Completed on Thu Mar 23 22:33:42 2023 #IPv6 NAT chain # Generated by ip6tables-save v1.8.7 on Thu Mar 23 22:33:42 2023 *nat :PREROUTING ACCEPT [260:52224] :INPUT ACCEPT [131:12693] :OUTPUT ACCEPT [165:15673] :POSTROUTING ACCEPT [165:15673] COMMIT # Completed on Thu Mar 23 22:33:42 2023 #IPv6 Mangle chain # Generated by ip6tables-save v1.8.7 on Thu Mar 23 22:33:42 2023 *mangle :PREROUTING ACCEPT [1009:111596] :INPUT ACCEPT [753:83282] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [645:73877] :POSTROUTING ACCEPT [660:77180] :qos_Default - [0:0] :qos_Default_ct - [0:0] -A qos_Default -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf -A qos_Default -m mark --mark 0x0/0xf -j qos_Default_ct -A qos_Default -p udp -m mark --mark 0x0/0xf0 -m length --length 0:500 -j MARK --set-xmark 0x22/0xff -A qos_Default -p icmp -j MARK --set-xmark 0x11/0xff -A qos_Default -p tcp -m mark --mark 0x0/0xf0 -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff -A qos_Default -p udp -m mark --mark 0x0/0xf0 -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff -A qos_Default -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff -A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff -A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff -A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment "ftp, smtp, http(s), imap" -j MARK --set-xmark 0x33/0xff -A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff -A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff -A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff COMMIT # Completed on Thu Mar 23 22:33:42 2023 #IPv6 Filter chain # Generated by ip6tables-save v1.8.7 on Thu Mar 23 22:33:42 2023 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :MINIUPNPD - [0:0] :forwarding_docker_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_docker_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :output_docker_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_docker_dest_ACCEPT - [0:0] :zone_docker_forward - [0:0] :zone_docker_input - [0:0] :zone_docker_output - [0:0] :zone_docker_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_ACCEPT - [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i eth0.12 -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i eth0.12 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o eth0.12 -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT -A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule -A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule -A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT -A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule -A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o eth0.12 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -j MINIUPNPD -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_src_ACCEPT -i eth0.12 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT COMMIT # Completed on Thu Mar 23 22:33:42 2023 #===================== IPSET状态 =====================# Name: china_ip_route Name: china_ip_route_pass Name: localnetwork #===================== 路由表状态 =====================# #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 100.64.12.253 0.0.0.0 UG 0 0 0 eth0.12 100.64.11.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan 100.64.12.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.12 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 #ip route list default via 100.64.12.253 dev eth0.12 proto static 100.64.11.0/24 dev br-lan proto kernel scope link src 100.64.11.252 100.64.12.0/24 dev eth0.12 proto kernel scope link src 100.64.12.252 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown #ip rule show 0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default #===================== 端口占用状态 =====================# tcp 0 0 :::7893 :::* LISTEN 78494/clash tcp 0 0 :::7895 :::* LISTEN 78494/clash tcp 0 0 :::9090 :::* LISTEN 78494/clash tcp 0 0 :::7890 :::* LISTEN 78494/clash tcp 0 0 :::7891 :::* LISTEN 78494/clash tcp 0 0 :::7892 :::* LISTEN 78494/clash udp 0 0 :::7874 :::* 78494/clash udp 0 0 :::7891 :::* 78494/clash udp 0 0 :::7892 :::* 78494/clash udp 0 0 :::7893 :::* 78494/clash udp 0 0 :::7895 :::* 78494/clash #===================== 测试本机DNS查询(www.baidu.com) =====================# Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.baidu.com www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com Address 1: 14.119.104.189 Address 2: 14.215.177.38 *** Can't find www.baidu.com: No answer #===================== 测试内核DNS查询(www.instagram.com) =====================# #===================== resolv.conf.d =====================# # Interface lan12 nameserver 223.5.5.5 #===================== 测试本机网络连接(www.baidu.com) =====================# HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Thu, 23 Mar 2023 14:33:42 GMT Etag: "575e1f72-115" Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT Pragma: no-cache Server: bfe/1.0.8.18 #===================== 测试本机网络下载(raw.githubusercontent.com) =====================# HTTP/2 200 cache-control: max-age=300 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox content-type: text/plain; charset=utf-8 etag: "275ce7c4d332951875158904a2c8128e7ea40f4ae5057d32acf9f67754ef0e71" strict-transport-security: max-age=31536000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block x-github-request-id: 1E14:2C62:28A9BB:2F8B37:6418DDD8 accept-ranges: bytes date: Thu, 23 Mar 2023 14:33:42 GMT via: 1.1 varnish x-served-by: cache-qpg1246-QPG x-cache: HIT x-cache-hits: 2 x-timer: S1679582023.861046,VS0,VE0 vary: Authorization,Accept-Encoding,Origin access-control-allow-origin: * x-fastly-request-id: 8e7458121ced057bf03be3561e2abeb716aa840f expires: Thu, 23 Mar 2023 14:38:42 GMT source-age: 47 content-length: 83 #===================== 最近运行日志(自动切换为Debug模式) =====================# 2023-03-23 22:23:42 Warning: OpenClash Now Disabled, Need Start From Luci Page, Exit... 2023-03-23 22:24:36 OpenClash Restart... 2023-03-23 22:24:36 OpenClash Stoping... 2023-03-23 22:24:36 Step 1: Backup The Current Groups State... 2023-03-23 22:24:36 Step 2: Delete OpenClash Firewall Rules... 2023-03-23 22:24:37 Step 3: Close The OpenClash Daemons... 2023-03-23 22:24:37 Step 4: Close The Clash Core Process... 2023-03-23 22:24:37 Step 5: Restart Dnsmasq... 2023-03-23 22:24:37 Step 6: Delete OpenClash Residue File... 2023-03-23 22:24:37 OpenClash Start Running... 2023-03-23 22:24:37 Step 1: Get The Configuration... 2023-03-23 22:24:37 Step 2: Check The Components... 2023-03-23 22:24:37 Step 3: Modify The Config File... 2023-03-23 22:24:37 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:fkiD3Yjd】 2023-03-23 22:24:38 Tip: Start Running Custom Overwrite Scripts... 2023-03-23 22:24:38 Step 4: Start Running The Clash Core... 2023-03-23 22:24:38 Tip: No Special Configuration Detected, Use Dev Core to Start... 2023-03-23 22:24:39 Step 5: Check The Core Status... time="2023-03-23T14:24:39Z" level=info msg="Start initial compatible provider 故障转移" time="2023-03-23T14:24:39Z" level=info msg="Start initial compatible provider 自动选择" time="2023-03-23T14:24:39Z" level=info msg="Start initial compatible provider EEVPN" time="2023-03-23T14:24:39Z" level=info msg="Authentication of local server updated" 2023-03-23 22:24:42 Step 6: Wait For The File Downloading... 2023-03-23 22:24:42 Step 7: Set Firewall Rules... 2023-03-23 22:24:42 Tip: DNS Hijacking Mode is Dnsmasq Redirect... 2023-03-23 22:24:42 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules... 2023-03-23 22:24:42 Tip: Start Add Custom Firewall Rules... 2023-03-23 22:24:42 Step 8: Restart Dnsmasq... 2023-03-23 22:24:42 Step 9: Add Cron Rules, Start Daemons... 2023-03-23 22:24:42 OpenClash Start Successful! 2023-03-23 22:23:56【/tmp/clash_last_version】Download Failed:【curl: (28) Operation timed out after 60001 milliseconds with 0 bytes received】 2023-03-23 22:24:56【/tmp/clash_last_version】Download Failed:【curl: (52) Empty reply from server】 2023-03-23 22:33:00 OpenClash Restart... 2023-03-23 22:33:00 OpenClash Stoping... 2023-03-23 22:33:00 Step 1: Backup The Current Groups State... 2023-03-23 22:33:00 Step 2: Delete OpenClash Firewall Rules... 2023-03-23 22:33:02 Step 3: Close The OpenClash Daemons... 2023-03-23 22:33:02 Step 4: Close The Clash Core Process... 2023-03-23 22:33:02 Step 5: Restart Dnsmasq... 2023-03-23 22:33:02 Step 6: Delete OpenClash Residue File... 2023-03-23 22:33:03 OpenClash Start Running... 2023-03-23 22:33:03 Step 1: Get The Configuration... 2023-03-23 22:33:03 Step 2: Check The Components... 2023-03-23 22:33:03 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start... 2023-03-23 22:33:03 Step 3: Modify The Config File... 2023-03-23 22:33:03 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:fkiD3Yjd】 2023-03-23 22:33:04 Setting Secondary DNS Server List... 2023-03-23 22:33:04 Tip: Start Running Custom Overwrite Scripts... 2023-03-23 22:33:04 Step 4: Start Running The Clash Core... 2023-03-23 22:33:04 Tip: No Special Configuration Detected, Use Dev Core to Start... 2023-03-23 22:33:05 Step 5: Check The Core Status... time="2023-03-23T14:33:05Z" level=info msg="Start initial compatible provider 自动选择" time="2023-03-23T14:33:05Z" level=info msg="Start initial compatible provider EEVPN" time="2023-03-23T14:33:05Z" level=info msg="Start initial compatible provider 故障转移" time="2023-03-23T14:33:05Z" level=info msg="RESTful API listening at: [::]:9090" time="2023-03-23T14:33:05Z" level=info msg="Authentication of local server updated" 2023-03-23 22:33:08 Step 6: Wait For The File Downloading... 2023-03-23 22:33:08 Step 7: Set Firewall Rules... 2023-03-23 22:33:08 Tip: DNS Hijacking Mode is Dnsmasq Redirect... 2023-03-23 22:33:08 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules... 2023-03-23 22:33:08 Tip: Start Add Custom Firewall Rules... 2023-03-23 22:33:08 Step 8: Restart Dnsmasq... 2023-03-23 22:33:08 Step 9: Add Cron Rules, Start Daemons... 2023-03-23 22:33:08 OpenClash Start Successful! time="2023-03-23T14:33:46Z" level=info msg="[TCP] 100.64.12.241:51591 --> 1.180.21.196:443 match GeoIP(CN) using DIRECT" time="2023-03-23T14:33:46Z" level=info msg="[TCP] 100.64.12.241:56458 --> 1.180.21.196:443 match GeoIP(CN) using DIRECT" time="2023-03-23T14:33:46Z" level=info msg="[TCP] 100.64.12.241:62455 --> 1.180.21.196:443 match GeoIP(CN) using DIRECT" time="2023-03-23T14:33:46Z" level=info msg="[TCP] 100.64.12.241:50424 --> 1.180.21.196:443 match GeoIP(CN) using DIRECT" time="2023-03-23T14:33:46Z" level=info msg="[TCP] 100.64.12.241:59721 --> 117.21.204.45:443 match GeoIP(CN) using DIRECT" time="2023-03-23T14:33:47Z" level=info msg="[TCP] 100.64.12.241:61658 --> 117.21.204.45:443 match GeoIP(CN) using DIRECT" time="2023-03-23T14:33:48Z" level=info msg="[TCP] 100.64.12.241:50708 --> 23.62.46.142:443 match Match() using EEVPN[台湾 01]" time="2023-03-23T14:33:48Z" level=info msg="[TCP] 100.64.12.241:64019 --> 23.62.46.142:443 match Match() using EEVPN[台湾 01]" time="2023-03-23T14:33:49Z" level=info msg="[TCP] 100.64.12.241:58300 --> 199.59.149.202:443 match Match() using EEVPN[台湾 01]" #===================== 最近运行日志获取完成(自动切换为silent模式) =====================# #===================== 活动连接信息 =====================# 1. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【20.198.162.76】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【台湾 01】 2. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【1.180.21.196】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 3. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【1.180.21.196】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 4. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【1.180.21.196】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 5. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【117.21.204.45】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 6. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【23.62.46.142】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【台湾 01】 7. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【23.62.46.142】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【台湾 01】 8. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【20.198.162.76】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【台湾 01】 9. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【1.180.21.196】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 10. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【117.21.204.45】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 11. SourceIP:【100.64.12.241】 - Host:【Empty】 - DestinationIP:【199.59.149.202】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【台湾 01】
关闭QoS无效
root@wrtVPN:~# /etc/init.d/qos status inactive root@wrtVPN:~# curl google.com -L curl: (52) Empty reply from server root@wrtVPN:~# curl -L youtu.be <!DOCTYPE html><html style="font-size: 10px;fo
可以访问youtu.be,不能访问google.com和google.com.hk
youtu.be的视频封面可以看到,视频加载就会转圈圈
OpenClash 调试日志
生成时间: 2023-03-23 22:33:38 插件版本: v0.45.103-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
关闭QoS无效