search

vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
16.67k stars 3.08k forks source link

udp端口不能打开,报错,节点支持udp转发 #1062

Closed bleeee closed 3 years ago

bleeee commented 3 years ago

报错不支持udp转发 level=warning msg="Failed to start Redir UDP Listener: operation not permitted"

OpenClash 调试日志

生成时间: 2020-12-06 10:19:05 插件版本: v0.41.06-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息


#===================== 系统信息 =====================#
主机型号: VMware, Inc. VMware7,1
固件版本: Openwrt Koolshare mod V2.36 r14941-67f6fa0a30
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.52
处理器架构: x86_64

#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT

#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
iptables-mod-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 24868
运行权限: 24868: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=i
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2020.11.23.g4474306
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: v0.17.0-232-ge389e33
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.3.0-2-g994cbff
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/Nexitally.yaml
启动配置文件: /etc/openclash/Nexitally.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发: 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
保留配置: 启用

#启动异常时建议关闭此项后重试
第三方规则: lhie1
第三方规则策略组设置:
GlobalTV: hk
AsianTV: DIRECT
Proxy: hk
Apple: hk
Netflix: hk
Spotify: hk
Steam: hk
AdBlock: DIRECT
Netease Music: 
Speedtest: hk
Telegram: hk
Microsoft: hk
PayPal: hk
Domestic: DIRECT
Others: hk

读取的配置文件策略组:
EMER
other
us
hk
jp
ge
uk
ir
kr
tw
in
sg
DIRECT
REJECT

#===================== 自定义规则 一 =====================#
#google wifi test
- DOMAIN,safebrowsing.googleapis.com,hk
- DOMAIN-SUFFIX,dl.google.com,hk
- DOMAIN-SUFFIX,gstatic.com,hk

#synology ipv6 ddns
- DOMAIN,checkipv6.synology.com,DIRECT

#china dns server tencent video relevent
- IP-CIDR,119.28.28.28/32,DIRECT
- IP-CIDR,119.29.29.29/32,DIRECT
#- DOMAIN,steampipe.akamaized.net,DIRECT
- DOMAIN,dns.alidns.com,DIRECT
- DST-PORT,853,DIRECT
- IP-CIDR,233.6.6.6/32,DIRECT
- IP-CIDR,233.5.5.5/32,DIRECT
- DOMAIN,doh.pub,DIRECT
- DOMAIN,dns.pub,DIRECT
- DOMAIN,doh.360.cn,DIRECT
- DOMAIN,dns.cfiec.net,DIRECT
- DOMAIN,dns.rubyfish.cn,DIRECT
- IP-CIDR,8.8.8.8/32,DIRECT
- IP-CIDR,1.1.1.1/32,DIRECT
- IP-CIDR,8.8.4.4/32,DIRECT
- DOMAIN,doh.rixcloud.dev,DIRECT
- IP-CIDR,182.254.118.118/32,DIRECT
- IP-CIDR,182.254.116.116/32,DIRECT

#plex.tv
- DOMAIN-SUFFIX,plex.tv,DIRECT

# > Hulu(フールー) override
- DOMAIN-SUFFIX,happyon.jp,jp
- DOMAIN-SUFFIX,hulu.jp,jp

# > Hulu override
- DOMAIN-SUFFIX,hulu.com,us
- DOMAIN-SUFFIX,huluim.com,us
- DOMAIN-SUFFIX,hulustream.com,us

#ubisoft

- DOMAIN-SUFFIX,ubi.com,hk
- DOMAIN-SUFFIX,ubisoft.com,hk

#tencent video (dns up there)
#- IP-CIDR,203.205.219.0/24,DIRECT
#- IP-CIDR,203.205.255.0/24,DIRECT
#- IP-CIDR,182.254.118.0/24,DIRECT

# > Private Tracker
- DOMAIN-SUFFIX,awesome-hd.me,hk
- DOMAIN-SUFFIX,broadcasthe.net,hk
- DOMAIN-SUFFIX,chdbits.co,hk
- DOMAIN-SUFFIX,classix-unlimited.co.uk,hk
- DOMAIN-SUFFIX,empornium.me,hk
- DOMAIN-SUFFIX,gazellegames.net,hk
- DOMAIN-SUFFIX,hdchina.org,hk
- DOMAIN-SUFFIX,hdsky.me,hk
- DOMAIN-SUFFIX,icetorrent.org,hk
- DOMAIN-SUFFIX,jpopsuki.eu,hk
- DOMAIN-SUFFIX,keepfrds.com,hk
- DOMAIN-SUFFIX,madsrevolution.net,hk
- DOMAIN-SUFFIX,m-team.cc,hk
- DOMAIN-SUFFIX,nanyangpt.com,hk
- DOMAIN-SUFFIX,ncore.cc,hk
- DOMAIN-SUFFIX,open.cd,hk
- DOMAIN-SUFFIX,ourbits.club,hk
- DOMAIN-SUFFIX,passthepopcorn.me,hk
- DOMAIN-SUFFIX,privatehd.to,hk
- DOMAIN-SUFFIX,redacted.ch,hk
- DOMAIN-SUFFIX,springsunday.net,hk
- DOMAIN-SUFFIX,tjupt.org,hk
- DOMAIN-SUFFIX,totheglory.im,hk

# certain google
- DOMAIN,mobile-gtalk.l.google.com,us
- DOMAIN,mtalk.google.com,us
#fast
- DOMAIN-SUFFIX,fast.com,hk
#netflix-amazon
- IP-CIDR,52.93.178.234/32,hk
- IP-CIDR,52.94.76.0/22,hk
- IP-CIDR,13.34.24.160/27,hk
- IP-CIDR,52.93.240.164/31,hk
- IP-CIDR,52.93.178.219/32,hk
- IP-CIDR,150.222.199.0/25,hk
- IP-CIDR,52.93.34.56/32,hk
- IP-CIDR,52.93.178.152/32,hk
- IP-CIDR,52.93.178.205/32,hk
- IP-CIDR,52.119.252.0/22,hk
- IP-CIDR,54.148.0.0/15,hk
- IP-CIDR,99.77.130.0/24,hk
- IP-CIDR,52.93.178.136/32,hk
- IP-CIDR,99.77.132.0/24,hk
- IP-CIDR,52.93.178.138/32,hk
- IP-CIDR,54.239.48.0/22,hk
- IP-CIDR,52.93.14.18/32,hk
- IP-CIDR,52.144.197.192/26,hk
- IP-CIDR,15.193.7.0/24,hk
- IP-CIDR,52.93.178.134/32,hk
- IP-CIDR,52.93.240.160/31,hk
- IP-CIDR,52.93.178.183/32,hk
- IP-CIDR,52.93.120.178/32,hk
- IP-CIDR,52.93.178.161/32,hk
- IP-CIDR,52.94.12.0/24,hk
- IP-CIDR,15.230.36.0/23,hk
- IP-CIDR,18.236.0.0/15,hk
- IP-CIDR,52.94.249.80/28,hk
- IP-CIDR,54.240.198.0/24,hk
- IP-CIDR,13.34.23.224/27,hk
- IP-CIDR,52.93.178.231/32,hk
- IP-CIDR,54.200.0.0/15,hk
- IP-CIDR,52.93.178.187/32,hk
- IP-CIDR,52.119.176.0/21,hk
- IP-CIDR,52.93.240.148/31,hk
- IP-CIDR,64.252.72.0/24,hk
- IP-CIDR,54.239.0.16/28,hk
- IP-CIDR,13.34.24.96/27,hk
- IP-CIDR,52.93.20.0/24,hk
- IP-CIDR,204.236.128.0/18,hk
- IP-CIDR,52.94.249.64/28,hk
- IP-CIDR,52.93.178.166/32,hk
- IP-CIDR,52.144.205.0/26,hk
- IP-CIDR,13.34.25.96/27,hk
- IP-CIDR,99.82.172.0/24,hk
- IP-CIDR,70.224.192.0/18,hk
- IP-CIDR,52.93.178.206/32,hk
- IP-CIDR,52.93.178.230/32,hk
- IP-CIDR,52.93.37.222/32,hk
- IP-CIDR,52.93.178.220/32,hk
- IP-CIDR,150.222.218.0/24,hk
- IP-CIDR,52.93.178.215/32,hk
- IP-CIDR,52.93.178.182/32,hk
- IP-CIDR,54.219.0.0/16,hk
- IP-CIDR,52.93.178.147/32,hk
- IP-CIDR,52.93.178.179/32,hk
- IP-CIDR,52.93.178.170/32,hk
- IP-CIDR,52.93.178.223/32,hk
- IP-CIDR,54.240.212.0/22,hk
- IP-CIDR,54.245.0.0/16,hk
- IP-CIDR,150.222.176.0/22,hk
- IP-CIDR,99.77.152.0/24,hk
- IP-CIDR,54.240.248.0/21,hk
- IP-CIDR,69.107.6.120/29,hk
- IP-CIDR,52.93.178.130/32,hk
- IP-CIDR,52.93.178.157/32,hk
- IP-CIDR,52.93.178.168/32,hk
- IP-CIDR,13.56.0.0/16,hk
- IP-CIDR,52.93.178.185/32,hk
- IP-CIDR,52.93.240.154/31,hk
- IP-CIDR,35.160.0.0/13,hk
- IP-CIDR,54.67.0.0/16,hk
- IP-CIDR,150.222.101.0/24,hk
- IP-CIDR,52.93.178.209/32,hk
- IP-CIDR,52.93.178.143/32,hk
- IP-CIDR,150.222.213.40/32,hk
- IP-CIDR,52.93.178.137/32,hk
- IP-CIDR,52.94.208.0/21,hk
- IP-CIDR,54.68.0.0/14,hk
- IP-CIDR,54.212.0.0/15,hk
- IP-CIDR,52.93.240.150/31,hk
- IP-CIDR,52.144.194.192/26,hk
- IP-CIDR,54.183.0.0/16,hk
- IP-CIDR,18.144.0.0/15,hk
- IP-CIDR,52.93.178.213/32,hk
- IP-CIDR,150.222.234.0/24,hk
- IP-CIDR,52.93.12.12/32,hk
- IP-CIDR,52.95.230.0/24,hk
- IP-CIDR,150.222.106.0/24,hk
- IP-CIDR,99.77.253.0/24,hk
- IP-CIDR,13.34.25.64/27,hk
- IP-CIDR,52.93.178.194/32,hk
- IP-CIDR,52.93.178.210/32,hk
- IP-CIDR,52.93.178.184/32,hk
- IP-CIDR,52.93.178.159/32,hk
- IP-CIDR,52.93.178.189/32,hk
- IP-CIDR,52.12.0.0/15,hk
- IP-CIDR,52.93.178.181/32,hk
- IP-CIDR,205.251.232.0/22,hk
- IP-CIDR,52.75.0.0/16,hk
- IP-CIDR,54.218.0.0/16,hk
- IP-CIDR,176.32.112.0/21,hk
- IP-CIDR,52.94.120.0/22,hk
- IP-CIDR,52.93.178.192/32,hk
- IP-CIDR,52.94.10.0/24,hk
- IP-CIDR,52.93.178.195/32,hk
- IP-CIDR,52.93.178.222/32,hk
- IP-CIDR,54.244.0.0/16,hk
- IP-CIDR,52.95.42.0/24,hk
- IP-CIDR,52.93.178.133/32,hk
- IP-CIDR,52.93.178.224/32,hk
- IP-CIDR,52.93.240.152/31,hk
- IP-CIDR,44.224.0.0/11,hk
- IP-CIDR,52.93.178.200/32,hk
- IP-CIDR,64.252.73.0/24,hk
- IP-CIDR,52.93.178.211/32,hk
- IP-CIDR,52.93.178.169/32,hk
- IP-CIDR,52.95.255.112/28,hk
- IP-CIDR,100.20.0.0/14,hk
- IP-CIDR,150.222.74.0/24,hk
- IP-CIDR,13.34.24.128/27,hk
- IP-CIDR,54.151.0.0/17,hk
- IP-CIDR,52.93.178.165/32,hk
- IP-CIDR,176.32.125.128/26,hk
- IP-CIDR,52.93.178.142/32,hk
- IP-CIDR,52.93.178.156/32,hk
- IP-CIDR,52.93.178.180/32,hk
- IP-CIDR,54.214.0.0/16,hk
- IP-CIDR,52.219.20.0/22,hk
- IP-CIDR,52.219.24.0/21,hk
- IP-CIDR,52.93.178.197/32,hk
- IP-CIDR,34.208.0.0/12,hk
- IP-CIDR,52.93.178.226/32,hk
- IP-CIDR,15.221.16.0/22,hk
- IP-CIDR,13.34.23.96/27,hk
- IP-CIDR,52.93.178.204/32,hk
- IP-CIDR,52.93.178.191/32,hk
- IP-CIDR,52.46.216.0/22,hk
- IP-CIDR,150.222.213.41/32,hk
- IP-CIDR,52.95.246.0/24,hk
- IP-CIDR,69.107.6.176/29,hk
- IP-CIDR,99.83.97.64/27,hk
- IP-CIDR,52.36.0.0/14,hk
- IP-CIDR,52.93.178.141/32,hk
- IP-CIDR,52.93.178.227/32,hk
- IP-CIDR,54.215.0.0/16,hk
- IP-CIDR,52.93.178.175/32,hk
- IP-CIDR,52.93.178.131/32,hk
- IP-CIDR,52.93.178.217/32,hk
- IP-CIDR,54.202.0.0/15,hk
- IP-CIDR,52.93.178.214/32,hk
- IP-CIDR,108.166.224.0/21,hk
- IP-CIDR,52.93.178.135/32,hk
- IP-CIDR,184.72.0.0/18,hk
- IP-CIDR,54.193.0.0/16,hk
- IP-CIDR,150.222.140.0/24,hk
- IP-CIDR,99.83.97.48/28,hk
- IP-CIDR,52.93.240.156/31,hk
- IP-CIDR,52.8.0.0/16,hk
- IP-CIDR,52.93.126.145/32,hk
- IP-CIDR,52.95.247.0/24,hk
- IP-CIDR,52.93.178.188/32,hk
- IP-CIDR,52.93.178.201/32,hk
- IP-CIDR,150.222.180.0/24,hk
- IP-CIDR,50.112.0.0/16,hk
- IP-CIDR,13.57.0.0/16,hk
- IP-CIDR,50.18.0.0/16,hk
- IP-CIDR,52.93.178.167/32,hk
- IP-CIDR,52.95.255.96/28,hk
- IP-CIDR,99.83.98.0/24,hk
- IP-CIDR,52.93.178.196/32,hk
- IP-CIDR,52.94.116.0/22,hk
- IP-CIDR,52.144.194.64/26,hk
- IP-CIDR,13.52.0.0/16,hk
- IP-CIDR,52.93.178.128/32,hk
- IP-CIDR,52.95.40.0/24,hk
- IP-CIDR,13.34.23.128/27,hk
- IP-CIDR,54.231.232.0/21,hk
- IP-CIDR,52.93.122.131/32,hk
- IP-CIDR,52.93.34.57/32,hk
- IP-CIDR,52.93.178.162/32,hk
- IP-CIDR,204.246.160.0/22,hk
- IP-CIDR,52.93.240.158/31,hk
- IP-CIDR,15.230.42.0/24,hk
- IP-CIDR,52.93.240.146/31,hk
- IP-CIDR,52.93.178.144/32,hk
- IP-CIDR,52.93.178.154/32,hk
- IP-CIDR,52.93.240.162/31,hk
- IP-CIDR,52.219.120.0/22,hk
- IP-CIDR,52.9.0.0/16,hk
- IP-CIDR,150.222.196.0/24,hk
- IP-CIDR,52.46.180.0/22,hk
- IP-CIDR,52.93.178.146/32,hk
- IP-CIDR,13.248.99.0/24,hk
- IP-CIDR,52.93.37.223/32,hk
- IP-CIDR,52.93.178.178/32,hk
- IP-CIDR,13.248.112.0/24,hk
- IP-CIDR,52.93.178.176/32,hk
- IP-CIDR,52.93.178.129/32,hk
- IP-CIDR,52.93.178.145/32,hk
- IP-CIDR,52.93.178.199/32,hk
- IP-CIDR,150.222.102.0/24,hk
- IP-CIDR,52.24.0.0/14,hk
- IP-CIDR,52.119.160.0/20,hk
- IP-CIDR,64.252.65.0/24,hk
- IP-CIDR,52.93.178.151/32,hk
- IP-CIDR,52.93.178.140/32,hk
- IP-CIDR,52.93.178.174/32,hk
- IP-CIDR,54.241.0.0/16,hk
- IP-CIDR,184.169.128.0/17,hk
- IP-CIDR,18.246.0.0/16,hk
- IP-CIDR,52.93.178.232/32,hk
- IP-CIDR,52.94.198.0/28,hk
- IP-CIDR,52.93.178.132/32,hk
- IP-CIDR,52.93.178.177/32,hk
- IP-CIDR,99.77.154.0/24,hk
- IP-CIDR,15.177.81.0/24,hk
- IP-CIDR,54.153.0.0/17,hk
- IP-CIDR,52.93.149.0/24,hk
- IP-CIDR,52.93.178.150/32,hk
- IP-CIDR,52.93.178.164/32,hk
- IP-CIDR,52.93.178.198/32,hk
- IP-CIDR,52.93.178.203/32,hk
- IP-CIDR,52.218.128.0/17,hk
- IP-CIDR,13.34.23.160/27,hk
- IP-CIDR,13.34.24.192/27,hk
- IP-CIDR,52.88.0.0/15,hk
- IP-CIDR,52.93.178.139/32,hk
- IP-CIDR,99.78.196.0/22,hk
- IP-CIDR,52.93.178.229/32,hk
- IP-CIDR,52.93.178.158/32,hk
- IP-CIDR,216.182.236.0/23,hk
- IP-CIDR,52.93.178.173/32,hk
- IP-CIDR,15.177.80.0/24,hk
- IP-CIDR,15.230.5.0/24,hk
- IP-CIDR,52.144.194.128/26,hk
- IP-CIDR,52.219.112.0/21,hk
- IP-CIDR,15.254.0.0/16,hk
- IP-CIDR,3.101.0.0/16,hk
- IP-CIDR,52.40.0.0/14,hk
- IP-CIDR,15.230.28.0/24,hk
- IP-CIDR,64.252.70.0/24,hk
- IP-CIDR,52.93.14.19/32,hk
- IP-CIDR,52.93.178.218/32,hk
- IP-CIDR,52.32.0.0/14,hk
- IP-CIDR,52.93.126.144/32,hk
- IP-CIDR,52.93.178.155/32,hk
- IP-CIDR,52.93.178.202/32,hk
- IP-CIDR,52.93.178.228/32,hk
- IP-CIDR,52.93.178.216/32,hk
- IP-CIDR,15.221.1.0/24,hk
- IP-CIDR,52.93.178.212/32,hk
- IP-CIDR,52.94.197.0/24,hk
- IP-CIDR,54.184.0.0/13,hk
- IP-CIDR,52.52.0.0/15,hk
- IP-CIDR,52.144.197.128/26,hk
- IP-CIDR,52.93.237.0/24,hk
- IP-CIDR,150.222.221.0/24,hk
- IP-CIDR,52.94.72.0/22,hk
- IP-CIDR,64.252.71.0/24,hk
- IP-CIDR,52.93.178.233/32,hk
- IP-CIDR,35.155.0.0/16,hk
- IP-CIDR,54.239.2.0/23,hk
- IP-CIDR,13.34.23.192/27,hk
- IP-CIDR,52.93.178.171/32,hk
- IP-CIDR,108.166.240.0/21,hk
- IP-CIDR,205.251.228.0/22,hk
- IP-CIDR,54.239.0.32/28,hk
- IP-CIDR,52.10.0.0/15,hk
- IP-CIDR,52.93.178.149/32,hk
- IP-CIDR,54.240.230.0/23,hk
- IP-CIDR,52.46.249.0/24,hk
- IP-CIDR,54.176.0.0/15,hk
- IP-CIDR,52.93.178.208/32,hk
- IP-CIDR,52.93.178.172/32,hk
- IP-CIDR,52.93.178.225/32,hk
- IP-CIDR,52.93.178.190/32,hk
- IP-CIDR,69.107.6.112/29,hk
- IP-CIDR,52.93.178.235/32,hk
- IP-CIDR,52.93.178.163/32,hk
- IP-CIDR,52.93.178.193/32,hk
- IP-CIDR,52.93.178.160/32,hk
- IP-CIDR,52.93.178.207/32,hk
- IP-CIDR,150.222.97.0/24,hk
- IP-CIDR,52.92.128.0/17,hk
- IP-CIDR,52.93.178.148/32,hk
- IP-CIDR,52.94.28.0/23,hk
- IP-CIDR,52.94.248.128/28,hk
- IP-CIDR,150.222.214.0/24,hk
- IP-CIDR,52.93.12.13/32,hk
- IP-CIDR,52.93.178.186/32,hk
- IP-CIDR,150.222.75.0/24,hk
- IP-CIDR,52.93.178.221/32,hk
- IP-CIDR,52.94.248.96/28,hk
- IP-CIDR,52.93.178.153/32,hk
- IP-CIDR,99.77.186.0/24,hk
- IP-CIDR,176.32.125.0/25,hk
- IP-CIDR,13.52.118.0/23,hk
- IP-CIDR,13.52.146.192/26,hk
- IP-CIDR,34.223.24.0/22,hk
- IP-CIDR,34.223.45.0/25,hk

#HKT
- IP-CIDR,203.198.80.0/24,hk
- IP-CIDR,203.198.13.0/24,hk
- IP-CIDR,203.205.255.0/24,hk
- IP-CIDR,203.205.219.0/24,hk
- IP-CIDR,219.76.23.0/24,hk

##- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)

##排序在上的规则优先生效,如添加(去除规则前的#号):
##IP段:192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段:192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,192.168.1.25/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT
##- SRC-IP-CIDR,192.168.18.2/32,DIRECT
##- SRC-IP-CIDR,111.161.237.105/32,DIRECT
##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理
##因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除
##在线IP段转CIDR地址:http://ip2cidr.com
#===================== 自定义规则 二 =====================#
##- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
redir-port: 7892
allow-lan: true
mode: rule
log-level: warning
external-controller: 0.0.0.0:9090
dns:
  enable: true
  listen: 0.0.0.0:7874
  enhanced-mode: redir-host
  nameserver:
  - https://233.6.6.6/dns-query
  - https://233.5.5.5/dns-query
  - 202.99.96.68
  - 202.99.104.68
  fallback:
  - tls://8.8.8.8:853
  - https://1.1.1.1/dns-query
  - tls://1.1.1.1:853
  - tls://8.8.4.4:853
  ipv6: true
  use-hosts: true
  fallback-filter:
    geoip: true
    ipcidr:
    - 0.0.0.0/8
    - 10.0.0.0/8
    - 100.64.0.0/10
    - 127.0.0.0/8
    - 169.254.0.0/16
    - 172.16.0.0/12
    - 192.0.0.0/24
    - 192.0.2.0/24
    - 192.88.99.0/24
    - 192.168.0.0/16
    - 198.18.0.0/15
    - 198.51.100.0/24
    - 203.0.113.0/24
    - 224.0.0.0/4
    - 240.0.0.0/4
    - 255.255.255.255/32
cfw-bypass:
- qq.com
- music.163.com
- localhost
- 127.*
- 10.*
- 172.16.*
- 172.17.*
- 172.18.*
- 172.19.*
- 172.20.*
- 172.21.*
- 172.22.*
- 172.23.*
- 172.24.*
- 172.25.*
- 172.26.*
- 172.27.*
- 172.28.*
- 172.29.*
- 172.30.*
- 172.31.*
- 192.168.*
- "<local>"
cfw-latency-timeout: 5000
proxy-groups:
- name: EMER
  type: select
  disable-udp: false
  proxies:
- name: other
  type: select
  disable-udp: false
  proxies:
- name: us
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: hk
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: jp
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: ge
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: uk
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: ir
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: kr
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: tw
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: in
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
- name: sg
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  url: http://www.gstatic.com/generate_204
  interval: '30'
rules:
- DOMAIN,safebrowsing.googleapis.com,hk
- DOMAIN-SUFFIX,dl.google.com,hk
- DOMAIN-SUFFIX,gstatic.com,hk
- DOMAIN,checkipv6.synology.com,DIRECT
- IP-CIDR,119.28.28.28/32,DIRECT
- IP-CIDR,119.29.29.29/32,DIRECT
- DOMAIN,dns.alidns.com,DIRECT
- DST-PORT,853,DIRECT
- IP-CIDR,233.6.6.6/32,DIRECT
- IP-CIDR,233.5.5.5/32,DIRECT
- DOMAIN,doh.pub,DIRECT
- DOMAIN,dns.pub,DIRECT
- DOMAIN,doh.360.cn,DIRECT
- DOMAIN,dns.cfiec.net,DIRECT
- DOMAIN,dns.rubyfish.cn,DIRECT
- IP-CIDR,8.8.8.8/32,DIRECT
- IP-CIDR,1.1.1.1/32,DIRECT
- IP-CIDR,8.8.4.4/32,DIRECT
- DOMAIN,doh.rixcloud.dev,DIRECT
- IP-CIDR,182.254.118.118/32,DIRECT
- IP-CIDR,182.254.116.116/32,DIRECT
- DOMAIN-SUFFIX,plex.tv,DIRECT
- DOMAIN-SUFFIX,happyon.jp,jp
- DOMAIN-SUFFIX,hulu.jp,jp
- DOMAIN-SUFFIX,hulu.com,us
- DOMAIN-SUFFIX,huluim.com,us
- DOMAIN-SUFFIX,hulustream.com,us
- DOMAIN-SUFFIX,ubi.com,hk
- DOMAIN-SUFFIX,ubisoft.com,hk
- DOMAIN-SUFFIX,awesome-hd.me,hk
- DOMAIN-SUFFIX,broadcasthe.net,hk
- DOMAIN-SUFFIX,chdbits.co,hk
- DOMAIN-SUFFIX,classix-unlimited.co.uk,hk
- DOMAIN-SUFFIX,empornium.me,hk
- DOMAIN-SUFFIX,gazellegames.net,hk
- DOMAIN-SUFFIX,hdchina.org,hk
- DOMAIN-SUFFIX,hdsky.me,hk
- DOMAIN-SUFFIX,icetorrent.org,hk
- DOMAIN-SUFFIX,jpopsuki.eu,hk
- DOMAIN-SUFFIX,keepfrds.com,hk
- DOMAIN-SUFFIX,madsrevolution.net,hk
- DOMAIN-SUFFIX,m-team.cc,hk
- DOMAIN-SUFFIX,nanyangpt.com,hk
- DOMAIN-SUFFIX,ncore.cc,hk
- DOMAIN-SUFFIX,open.cd,hk
- DOMAIN-SUFFIX,ourbits.club,hk
- DOMAIN-SUFFIX,passthepopcorn.me,hk
- DOMAIN-SUFFIX,privatehd.to,hk
- DOMAIN-SUFFIX,redacted.ch,hk
- DOMAIN-SUFFIX,springsunday.net,hk
- DOMAIN-SUFFIX,tjupt.org,hk
- DOMAIN-SUFFIX,totheglory.im,hk
- DOMAIN,mobile-gtalk.l.google.com,us
- DOMAIN,mtalk.google.com,us
- DOMAIN-SUFFIX,fast.com,hk
- IP-CIDR,52.93.178.234/32,hk
- IP-CIDR,52.94.76.0/22,hk
- IP-CIDR,13.34.24.160/27,hk
- IP-CIDR,52.93.240.164/31,hk
- IP-CIDR,52.93.178.219/32,hk
- IP-CIDR,150.222.199.0/25,hk
- IP-CIDR,52.93.34.56/32,hk
- IP-CIDR,52.93.178.152/32,hk
- IP-CIDR,52.93.178.205/32,hk
- IP-CIDR,52.119.252.0/22,hk
- IP-CIDR,54.148.0.0/15,hk
- IP-CIDR,99.77.130.0/24,hk
- IP-CIDR,52.93.178.136/32,hk
- IP-CIDR,99.77.132.0/24,hk
- IP-CIDR,52.93.178.138/32,hk
- IP-CIDR,54.239.48.0/22,hk
- IP-CIDR,52.93.14.18/32,hk
- IP-CIDR,52.144.197.192/26,hk
- IP-CIDR,15.193.7.0/24,hk
- IP-CIDR,52.93.178.134/32,hk
- IP-CIDR,52.93.240.160/31,hk
- IP-CIDR,52.93.178.183/32,hk
- IP-CIDR,52.93.120.178/32,hk
- IP-CIDR,52.93.178.161/32,hk
- IP-CIDR,52.94.12.0/24,hk
- IP-CIDR,15.230.36.0/23,hk
- IP-CIDR,18.236.0.0/15,hk
- IP-CIDR,52.94.249.80/28,hk
- IP-CIDR,54.240.198.0/24,hk
- IP-CIDR,13.34.23.224/27,hk
- IP-CIDR,52.93.178.231/32,hk
- IP-CIDR,54.200.0.0/15,hk
- IP-CIDR,52.93.178.187/32,hk
- IP-CIDR,52.119.176.0/21,hk
- IP-CIDR,52.93.240.148/31,hk
- IP-CIDR,64.252.72.0/24,hk
- IP-CIDR,54.239.0.16/28,hk
- IP-CIDR,13.34.24.96/27,hk
- IP-CIDR,52.93.20.0/24,hk
- IP-CIDR,204.236.128.0/18,hk
- IP-CIDR,52.94.249.64/28,hk
- IP-CIDR,52.93.178.166/32,hk
- IP-CIDR,52.144.205.0/26,hk
- IP-CIDR,13.34.25.96/27,hk
- IP-CIDR,99.82.172.0/24,hk
- IP-CIDR,70.224.192.0/18,hk
- IP-CIDR,52.93.178.206/32,hk
- IP-CIDR,52.93.178.230/32,hk
- IP-CIDR,52.93.37.222/32,hk
- IP-CIDR,52.93.178.220/32,hk
- IP-CIDR,150.222.218.0/24,hk
- IP-CIDR,52.93.178.215/32,hk
- IP-CIDR,52.93.178.182/32,hk
- IP-CIDR,54.219.0.0/16,hk
- IP-CIDR,52.93.178.147/32,hk
- IP-CIDR,52.93.178.179/32,hk
- IP-CIDR,52.93.178.170/32,hk
- IP-CIDR,52.93.178.223/32,hk
- IP-CIDR,54.240.212.0/22,hk
- IP-CIDR,54.245.0.0/16,hk
- IP-CIDR,150.222.176.0/22,hk
- IP-CIDR,99.77.152.0/24,hk
- IP-CIDR,54.240.248.0/21,hk
- IP-CIDR,69.107.6.120/29,hk
- IP-CIDR,52.93.178.130/32,hk
- IP-CIDR,52.93.178.157/32,hk
- IP-CIDR,52.93.178.168/32,hk
- IP-CIDR,13.56.0.0/16,hk
- IP-CIDR,52.93.178.185/32,hk
- IP-CIDR,52.93.240.154/31,hk
- IP-CIDR,35.160.0.0/13,hk
- IP-CIDR,54.67.0.0/16,hk
- IP-CIDR,150.222.101.0/24,hk
- IP-CIDR,52.93.178.209/32,hk
- IP-CIDR,52.93.178.143/32,hk
- IP-CIDR,150.222.213.40/32,hk
- IP-CIDR,52.93.178.137/32,hk
- IP-CIDR,52.94.208.0/21,hk
- IP-CIDR,54.68.0.0/14,hk
- IP-CIDR,54.212.0.0/15,hk
- IP-CIDR,52.93.240.150/31,hk
- IP-CIDR,52.144.194.192/26,hk
- IP-CIDR,54.183.0.0/16,hk
- IP-CIDR,18.144.0.0/15,hk
- IP-CIDR,52.93.178.213/32,hk
- IP-CIDR,150.222.234.0/24,hk
- IP-CIDR,52.93.12.12/32,hk
- IP-CIDR,52.95.230.0/24,hk
- IP-CIDR,150.222.106.0/24,hk
- IP-CIDR,99.77.253.0/24,hk
- IP-CIDR,13.34.25.64/27,hk
- IP-CIDR,52.93.178.194/32,hk
- IP-CIDR,52.93.178.210/32,hk
- IP-CIDR,52.93.178.184/32,hk
- IP-CIDR,52.93.178.159/32,hk
- IP-CIDR,52.93.178.189/32,hk
- IP-CIDR,52.12.0.0/15,hk
- IP-CIDR,52.93.178.181/32,hk
- IP-CIDR,205.251.232.0/22,hk
- IP-CIDR,52.75.0.0/16,hk
- IP-CIDR,54.218.0.0/16,hk
- IP-CIDR,176.32.112.0/21,hk
- IP-CIDR,52.94.120.0/22,hk
- IP-CIDR,52.93.178.192/32,hk
- IP-CIDR,52.94.10.0/24,hk
- IP-CIDR,52.93.178.195/32,hk
- IP-CIDR,52.93.178.222/32,hk
- IP-CIDR,54.244.0.0/16,hk
- IP-CIDR,52.95.42.0/24,hk
- IP-CIDR,52.93.178.133/32,hk
- IP-CIDR,52.93.178.224/32,hk
- IP-CIDR,52.93.240.152/31,hk
- IP-CIDR,44.224.0.0/11,hk
- IP-CIDR,52.93.178.200/32,hk
- IP-CIDR,64.252.73.0/24,hk
- IP-CIDR,52.93.178.211/32,hk
- IP-CIDR,52.93.178.169/32,hk
- IP-CIDR,52.95.255.112/28,hk
- IP-CIDR,100.20.0.0/14,hk
- IP-CIDR,150.222.74.0/24,hk
- IP-CIDR,13.34.24.128/27,hk
- IP-CIDR,54.151.0.0/17,hk
- IP-CIDR,52.93.178.165/32,hk
- IP-CIDR,176.32.125.128/26,hk
- IP-CIDR,52.93.178.142/32,hk
- IP-CIDR,52.93.178.156/32,hk
- IP-CIDR,52.93.178.180/32,hk
- IP-CIDR,54.214.0.0/16,hk
- IP-CIDR,52.219.20.0/22,hk
- IP-CIDR,52.219.24.0/21,hk
- IP-CIDR,52.93.178.197/32,hk
- IP-CIDR,34.208.0.0/12,hk
- IP-CIDR,52.93.178.226/32,hk
- IP-CIDR,15.221.16.0/22,hk
- IP-CIDR,13.34.23.96/27,hk
- IP-CIDR,52.93.178.204/32,hk
- IP-CIDR,52.93.178.191/32,hk
- IP-CIDR,52.46.216.0/22,hk
- IP-CIDR,150.222.213.41/32,hk
- IP-CIDR,52.95.246.0/24,hk
- IP-CIDR,69.107.6.176/29,hk
- IP-CIDR,99.83.97.64/27,hk
- IP-CIDR,52.36.0.0/14,hk
- IP-CIDR,52.93.178.141/32,hk
- IP-CIDR,52.93.178.227/32,hk
- IP-CIDR,54.215.0.0/16,hk
- IP-CIDR,52.93.178.175/32,hk
- IP-CIDR,52.93.178.131/32,hk
- IP-CIDR,52.93.178.217/32,hk
- IP-CIDR,54.202.0.0/15,hk
- IP-CIDR,52.93.178.214/32,hk
- IP-CIDR,108.166.224.0/21,hk
- IP-CIDR,52.93.178.135/32,hk
- IP-CIDR,184.72.0.0/18,hk
- IP-CIDR,54.193.0.0/16,hk
- IP-CIDR,150.222.140.0/24,hk
- IP-CIDR,99.83.97.48/28,hk
- IP-CIDR,52.93.240.156/31,hk
- IP-CIDR,52.8.0.0/16,hk
- IP-CIDR,52.93.126.145/32,hk
- IP-CIDR,52.95.247.0/24,hk
- IP-CIDR,52.93.178.188/32,hk
- IP-CIDR,52.93.178.201/32,hk
- IP-CIDR,150.222.180.0/24,hk
- IP-CIDR,50.112.0.0/16,hk
- IP-CIDR,13.57.0.0/16,hk
- IP-CIDR,50.18.0.0/16,hk
- IP-CIDR,52.93.178.167/32,hk
- IP-CIDR,52.95.255.96/28,hk
- IP-CIDR,99.83.98.0/24,hk
- IP-CIDR,52.93.178.196/32,hk
- IP-CIDR,52.94.116.0/22,hk
- IP-CIDR,52.144.194.64/26,hk
- IP-CIDR,13.52.0.0/16,hk
- IP-CIDR,52.93.178.128/32,hk
- IP-CIDR,52.95.40.0/24,hk
- IP-CIDR,13.34.23.128/27,hk
- IP-CIDR,54.231.232.0/21,hk
- IP-CIDR,52.93.122.131/32,hk
- IP-CIDR,52.93.34.57/32,hk
- IP-CIDR,52.93.178.162/32,hk
- IP-CIDR,204.246.160.0/22,hk
- IP-CIDR,52.93.240.158/31,hk
- IP-CIDR,15.230.42.0/24,hk
- IP-CIDR,52.93.240.146/31,hk
- IP-CIDR,52.93.178.144/32,hk
- IP-CIDR,52.93.178.154/32,hk
- IP-CIDR,52.93.240.162/31,hk
- IP-CIDR,52.219.120.0/22,hk
- IP-CIDR,52.9.0.0/16,hk
- IP-CIDR,150.222.196.0/24,hk
- IP-CIDR,52.46.180.0/22,hk
- IP-CIDR,52.93.178.146/32,hk
- IP-CIDR,13.248.99.0/24,hk
- IP-CIDR,52.93.37.223/32,hk
- IP-CIDR,52.93.178.178/32,hk
- IP-CIDR,13.248.112.0/24,hk
- IP-CIDR,52.93.178.176/32,hk
- IP-CIDR,52.93.178.129/32,hk
- IP-CIDR,52.93.178.145/32,hk
- IP-CIDR,52.93.178.199/32,hk
- IP-CIDR,150.222.102.0/24,hk
- IP-CIDR,52.24.0.0/14,hk
- IP-CIDR,52.119.160.0/20,hk
- IP-CIDR,64.252.65.0/24,hk
- IP-CIDR,52.93.178.151/32,hk
- IP-CIDR,52.93.178.140/32,hk
- IP-CIDR,52.93.178.174/32,hk
- IP-CIDR,54.241.0.0/16,hk
- IP-CIDR,184.169.128.0/17,hk
- IP-CIDR,18.246.0.0/16,hk
- IP-CIDR,52.93.178.232/32,hk
- IP-CIDR,52.94.198.0/28,hk
- IP-CIDR,52.93.178.132/32,hk
- IP-CIDR,52.93.178.177/32,hk
- IP-CIDR,99.77.154.0/24,hk
- IP-CIDR,15.177.81.0/24,hk
- IP-CIDR,54.153.0.0/17,hk
- IP-CIDR,52.93.149.0/24,hk
- IP-CIDR,52.93.178.150/32,hk
- IP-CIDR,52.93.178.164/32,hk
- IP-CIDR,52.93.178.198/32,hk
- IP-CIDR,52.93.178.203/32,hk
- IP-CIDR,52.218.128.0/17,hk
- IP-CIDR,13.34.23.160/27,hk
- IP-CIDR,13.34.24.192/27,hk
- IP-CIDR,52.88.0.0/15,hk
- IP-CIDR,52.93.178.139/32,hk
- IP-CIDR,99.78.196.0/22,hk
- IP-CIDR,52.93.178.229/32,hk
- IP-CIDR,52.93.178.158/32,hk
- IP-CIDR,216.182.236.0/23,hk
- IP-CIDR,52.93.178.173/32,hk
- IP-CIDR,15.177.80.0/24,hk
- IP-CIDR,15.230.5.0/24,hk
- IP-CIDR,52.144.194.128/26,hk
- IP-CIDR,52.219.112.0/21,hk
- IP-CIDR,15.254.0.0/16,hk
- IP-CIDR,3.101.0.0/16,hk
- IP-CIDR,52.40.0.0/14,hk
- IP-CIDR,15.230.28.0/24,hk
- IP-CIDR,64.252.70.0/24,hk
- IP-CIDR,52.93.14.19/32,hk
- IP-CIDR,52.93.178.218/32,hk
- IP-CIDR,52.32.0.0/14,hk
- IP-CIDR,52.93.126.144/32,hk
- IP-CIDR,52.93.178.155/32,hk
- IP-CIDR,52.93.178.202/32,hk
- IP-CIDR,52.93.178.228/32,hk
- IP-CIDR,52.93.178.216/32,hk
- IP-CIDR,15.221.1.0/24,hk
- IP-CIDR,52.93.178.212/32,hk
- IP-CIDR,52.94.197.0/24,hk
- IP-CIDR,54.184.0.0/13,hk
- IP-CIDR,52.52.0.0/15,hk
- IP-CIDR,52.144.197.128/26,hk
- IP-CIDR,52.93.237.0/24,hk
- IP-CIDR,150.222.221.0/24,hk
- IP-CIDR,52.94.72.0/22,hk
- IP-CIDR,64.252.71.0/24,hk
- IP-CIDR,52.93.178.233/32,hk
- IP-CIDR,35.155.0.0/16,hk
- IP-CIDR,54.239.2.0/23,hk
- IP-CIDR,13.34.23.192/27,hk
- IP-CIDR,52.93.178.171/32,hk
- IP-CIDR,108.166.240.0/21,hk
- IP-CIDR,205.251.228.0/22,hk
- IP-CIDR,54.239.0.32/28,hk
- IP-CIDR,52.10.0.0/15,hk
- IP-CIDR,52.93.178.149/32,hk
- IP-CIDR,54.240.230.0/23,hk
- IP-CIDR,52.46.249.0/24,hk
- IP-CIDR,54.176.0.0/15,hk
- IP-CIDR,52.93.178.208/32,hk
- IP-CIDR,52.93.178.172/32,hk
- IP-CIDR,52.93.178.225/32,hk
- IP-CIDR,52.93.178.190/32,hk
- IP-CIDR,69.107.6.112/29,hk
- IP-CIDR,52.93.178.235/32,hk
- IP-CIDR,52.93.178.163/32,hk
- IP-CIDR,52.93.178.193/32,hk
- IP-CIDR,52.93.178.160/32,hk
- IP-CIDR,52.93.178.207/32,hk
- IP-CIDR,150.222.97.0/24,hk
- IP-CIDR,52.92.128.0/17,hk
- IP-CIDR,52.93.178.148/32,hk
- IP-CIDR,52.94.28.0/23,hk
- IP-CIDR,52.94.248.128/28,hk
- IP-CIDR,150.222.214.0/24,hk
- IP-CIDR,52.93.12.13/32,hk
- IP-CIDR,52.93.178.186/32,hk
- IP-CIDR,150.222.75.0/24,hk
- IP-CIDR,52.93.178.221/32,hk
- IP-CIDR,52.94.248.96/28,hk
- IP-CIDR,52.93.178.153/32,hk
- IP-CIDR,99.77.186.0/24,hk
- IP-CIDR,176.32.125.0/25,hk
- IP-CIDR,13.52.118.0/23,hk
- IP-CIDR,13.52.146.192/26,hk
- IP-CIDR,34.223.24.0/22,hk
- IP-CIDR,34.223.45.0/25,hk
- IP-CIDR,203.198.80.0/24,hk
- IP-CIDR,203.198.13.0/24,hk
- IP-CIDR,203.205.255.0/24,hk
- IP-CIDR,203.205.219.0/24,hk
- IP-CIDR,219.76.23.0/24,hk
- RULE-SET,Reject,DIRECT
- RULE-SET,Special,DIRECT
- RULE-SET,Netflix,hk
- RULE-SET,Spotify,hk
- RULE-SET,YouTube,hk
- RULE-SET,Bilibili,DIRECT
- RULE-SET,iQiyi,DIRECT
- RULE-SET,Letv,DIRECT
- RULE-SET,Netease Music,DIRECT
- RULE-SET,Tencent Video,DIRECT
- RULE-SET,Youku,DIRECT
- RULE-SET,ABC,hk
- RULE-SET,Abema TV,hk
- RULE-SET,Amazon,hk
- RULE-SET,Apple News,hk
- RULE-SET,Apple TV,hk
- RULE-SET,Bahamut,hk
- RULE-SET,BBC iPlayer,hk
- RULE-SET,DAZN,hk
- RULE-SET,Disney Plus,hk
- RULE-SET,encoreTVB,hk
- RULE-SET,Fox Now,hk
- RULE-SET,Fox+,hk
- RULE-SET,HBO,hk
- RULE-SET,Hulu Japan,hk
- RULE-SET,Hulu,hk
- RULE-SET,Japonx,hk
- RULE-SET,JOOX,hk
- RULE-SET,KKBOX,hk
- RULE-SET,KKTV,hk
- RULE-SET,Line TV,hk
- RULE-SET,myTV SUPER,hk
- RULE-SET,Pandora,hk
- RULE-SET,PBS,hk
- RULE-SET,Pornhub,hk
- RULE-SET,Soundcloud,hk
- RULE-SET,ViuTV,hk
- RULE-SET,Telegram,hk
- RULE-SET,Steam,hk
- RULE-SET,Speedtest,hk
- RULE-SET,PayPal,hk
- RULE-SET,Microsoft,hk
- RULE-SET,PROXY,hk
- RULE-SET,Apple,hk
- RULE-SET,Domestic,DIRECT
- RULE-SET,Domestic IPs,DIRECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- GEOIP,CN,DIRECT
- MATCH,hk
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
ipv6: true
hosts:
  p.conn.aiseet.atianqi.com: 121.51.162.20
  p.conn.t002.ottcn.com: 121.51.162.20
  p.conn.cp81.ott.cibntv.net: 121.51.162.20
  p.conn.ptyg.gitv.tv: 121.51.162.20
  p.conn.ott.video.qq.com: 121.51.162.20
  common.mpush.qq.com: 121.51.162.20
  git.dler.io: 113.52.132.52
  chdbits.co: 104.26.10.119
rule-providers:
  Reject:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Reject.yaml
    path: "./rule_provider/Reject"
    interval: 86400
  Special:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Special.yaml
    path: "./rule_provider/Special"
    interval: 86400
  Netflix:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Netflix.yaml
    path: "./rule_provider/Netflix"
    interval: 86400
  Spotify:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Spotify.yaml
    path: "./rule_provider/Spotify"
    interval: 86400
  YouTube:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/YouTube.yaml
    path: "./rule_provider/YouTube"
    interval: 86400
  Bilibili:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Bilibili.yaml
    path: "./rule_provider/Bilibili"
    interval: 86400
  iQiyi:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/iQiyi.yaml
    path: "./rule_provider/iQiyi"
    interval: 86400
  Letv:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Letv.yaml
    path: "./rule_provider/Letv"
    interval: 86400
  Netease Music:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Netease%20Music.yaml
    path: "./rule_provider/Netease_Music"
    interval: 86400
  Tencent Video:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Tencent%20Video.yaml
    path: "./rule_provider/Tencent_Video"
    interval: 86400
  Youku:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Youku.yaml
    path: "./rule_provider/Youku"
    interval: 86400
  ABC:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/ABC.yaml
    path: "./rule_provider/ABC"
    interval: 86400
  Abema TV:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Abema%20TV.yaml
    path: "./rule_provider/Abema_TV"
    interval: 86400
  Amazon:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Amazon.yaml
    path: "./rule_provider/Amazon"
    interval: 86400
  Apple News:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Apple%20News.yaml
    path: "./rule_provider/Apple_News"
    interval: 86400
  Apple TV:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Apple%20TV.yaml
    path: "./rule_provider/Apple_TV"
    interval: 86400
  Bahamut:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Bahamut.yaml
    path: "./rule_provider/Bahamut"
    interval: 86400
  BBC iPlayer:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/BBC%20iPlayer.yaml
    path: "./rule_provider/BBC_iPlayer"
    interval: 86400
  DAZN:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/DAZN.yaml
    path: "./rule_provider/DAZN"
    interval: 86400
  Disney Plus:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Disney%20Plus.yaml
    path: "./rule_provider/Disney_Plus"
    interval: 86400
  encoreTVB:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/encoreTVB.yaml
    path: "./rule_provider/encoreTVB"
    interval: 86400
  Fox Now:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Fox%20Now.yaml
    path: "./rule_provider/Fox_Now"
    interval: 86400
  Fox+:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Fox%2B.yaml
    path: "./rule_provider/Fox+"
    interval: 86400
  HBO:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/HBO.yaml
    path: "./rule_provider/HBO"
    interval: 86400
  Hulu Japan:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Hulu%20Japan.yaml
    path: "./rule_provider/Hulu_Japan"
    interval: 86400
  Hulu:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Hulu.yaml
    path: "./rule_provider/Hulu"
    interval: 86400
  Japonx:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Japonx.yaml
    path: "./rule_provider/Japonx"
    interval: 86400
  JOOX:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/JOOX.yaml
    path: "./rule_provider/JOOX"
    interval: 86400
  KKBOX:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/KKBOX.yaml
    path: "./rule_provider/KKBOX"
    interval: 86400
  KKTV:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/KKTV.yaml
    path: "./rule_provider/KKTV"
    interval: 86400
  Line TV:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Line%20TV.yaml
    path: "./rule_provider/Line_TV"
    interval: 86400
  myTV SUPER:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/myTV%20SUPER.yaml
    path: "./rule_provider/myTV_SUPER"
    interval: 86400
  Pandora:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Pandora.yaml
    path: "./rule_provider/Pandora"
    interval: 86400
  PBS:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/PBS.yaml
    path: "./rule_provider/PBS"
    interval: 86400
  Pornhub:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Pornhub.yaml
    path: "./rule_provider/Pornhub"
    interval: 86400
  Soundcloud:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/Soundcloud.yaml
    path: "./rule_provider/Soundcloud"
    interval: 86400
  ViuTV:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Media/ViuTV.yaml
    path: "./rule_provider/ViuTV"
    interval: 86400
  Telegram:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Telegram.yaml
    path: "./rule_provider/Telegram"
    interval: 86400
  Steam:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Steam.yaml
    path: "./rule_provider/Steam"
    interval: 86400
  Speedtest:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Speedtest.yaml
    path: "./rule_provider/Speedtest"
    interval: 86400
  PayPal:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/PayPal.yaml
    path: "./rule_provider/PayPal"
    interval: 86400
  Microsoft:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Microsoft.yaml
    path: "./rule_provider/Microsoft"
    interval: 86400
  PROXY:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Proxy.yaml
    path: "./rule_provider/Proxy"
    interval: 86400
  Domestic:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Domestic.yaml
    path: "./rule_provider/Domestic"
    interval: 86400
  Apple:
    type: http
    behavior: classical
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Apple.yaml
    path: "./rule_provider/Apple"
    interval: 86400
  Domestic IPs:
    type: http
    behavior: ipcidr
    url: https://gitee.com/lhie1/Rules/raw/master/Clash/Provider/Domestic%20IPs.yaml
    path: "./rule_provider/Domestic_IPs"
    interval: 86400
script:
  code: |
    def main(ctx, metadata):
        port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
        ruleset_action = {"Reject": "DIRECT",
            "Special": "DIRECT",
            "Netflix": "hk",
            "Spotify": "hk",
            "YouTube": "hk",
            "Bilibili": "DIRECT",
            "iQiyi": "DIRECT",
            "Letv": "DIRECT",
            "Netease Music": "DIRECT",
            "Tencent Video": "DIRECT",
            "Youku": "DIRECT",
            "ABC": "hk",
            "Abema TV": "hk",
            "Amazon": "hk",
            "Apple News": "hk",
            "Apple TV": "hk",
            "Bahamut": "hk",
            "BBC iPlayer": "hk",
            "DAZN": "hk",
            "Disney Plus": "hk",
            "encoreTVB": "hk",
            "Fox Now": "hk",
            "Fox+": "hk",
            "HBO": "hk",
            "Hulu Japan": "hk",
            "Hulu": "hk",
            "Japonx": "hk",
            "JOOX": "hk",
            "KKBOX": "hk",
            "KKTV": "hk",
            "Line TV": "hk",
            "myTV SUPER": "hk",
            "Pandora": "hk",
            "PBS": "hk",
            "Pornhub": "hk",
            "Soundcloud": "hk",
            "ViuTV": "hk",
            "Telegram": "hk",
            "Steam": "hk",
            "Speedtest": "hk",
            "PayPal": "hk",
            "Microsoft": "hk",
            "PROXY": "hk",
            "Apple": "hk",
            "Domestic": "DIRECT",
            "Domestic IPs": "DIRECT"
            }
        port = int(metadata["dst_port"])

        if port not in port_list:
            return "DIRECT"

        for rule_name in ctx.rule_providers.keys():
            if ctx.rule_providers[rule_name].match(metadata):
                return ruleset_action[rule_name]

        ip = metadata["dst_ip"] or ctx.resolve_ip(metadata["host"])

        if ip == "":
          return "DIRECT"

        code = ctx.geoip(ip)
        if code == "LAN":
          return "DIRECT"

        if code == "CN":
          return "DIRECT"

        return "hk"
interface-name: bond0

#===================== 防火墙设置 =====================#

#NAT chain

# Generated by iptables-save v1.8.4 on Sun Dec  6 10:19:05 2020
*nat
:PREROUTING ACCEPT [1026:244013]
:INPUT ACCEPT [899:237974]
:OUTPUT ACCEPT [873:57821]
:POSTROUTING ACCEPT [164:11771]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_IPTV_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_IPTV_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_IPTV_postrouting - [0:0]
:zone_IPTV_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -j REDIRECT --to-ports 7892
-A PREROUTING -i br-lan -p tcp -m tcp --dport 53 -j DNAT --to-destination 192.168.1.1
-A PREROUTING -i br-lan -p udp -m udp --dport 53 -j DNAT --to-destination 192.168.1.1
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_IPTV_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_IPTV_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 22912 -j DNAT --to-destination 192.168.1.25:32400
-A MINIUPNPD -p tcp -m tcp --dport 14443 -j DNAT --to-destination 192.168.1.221:32400
-A MINIUPNPD -p tcp -m tcp --dport 5001 -j DNAT --to-destination 192.168.1.25:5001
-A MINIUPNPD -p tcp -m tcp --dport 5000 -j DNAT --to-destination 192.168.1.25:5000
-A MINIUPNPD -p tcp -m tcp --dport 25 -j DNAT --to-destination 192.168.1.25:25
-A MINIUPNPD -p tcp -m tcp --dport 465 -j DNAT --to-destination 192.168.1.25:465
-A MINIUPNPD -p tcp -m tcp --dport 587 -j DNAT --to-destination 192.168.1.25:587
-A MINIUPNPD -p tcp -m tcp --dport 110 -j DNAT --to-destination 192.168.1.25:110
-A MINIUPNPD -p tcp -m tcp --dport 995 -j DNAT --to-destination 192.168.1.25:995
-A MINIUPNPD -p tcp -m tcp --dport 143 -j DNAT --to-destination 192.168.1.25:143
-A MINIUPNPD -p tcp -m tcp --dport 993 -j DNAT --to-destination 192.168.1.25:993
-A MINIUPNPD -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.1.25:1194
-A MINIUPNPD -p tcp -m tcp --dport 55512 -j DNAT --to-destination 192.168.1.25:55512
-A MINIUPNPD -p tcp -m tcp --dport 55514 -j DNAT --to-destination 192.168.1.25:55514
-A MINIUPNPD -p udp -m udp --dport 55512 -j DNAT --to-destination 192.168.1.25:55512
-A MINIUPNPD -p udp -m udp --dport 55514 -j DNAT --to-destination 192.168.1.25:55514
-A MINIUPNPD -p udp -m udp --dport 48179 -j DNAT --to-destination 192.168.1.234:47999
-A MINIUPNPD -p udp -m udp --dport 48190 -j DNAT --to-destination 192.168.1.234:48010
-A MINIUPNPD -p udp -m udp --dport 48178 -j DNAT --to-destination 192.168.1.234:47998
-A MINIUPNPD -p udp -m udp --dport 48180 -j DNAT --to-destination 192.168.1.234:48000
-A MINIUPNPD -p udp -m udp --dport 48182 -j DNAT --to-destination 192.168.1.234:48002
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 32400 -j MASQUERADE --to-ports 22912
-A MINIUPNPD-POSTROUTING -s 192.168.1.221/32 -p tcp -m tcp --sport 32400 -j MASQUERADE --to-ports 14443
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 5001 -j MASQUERADE --to-ports 5001
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 5000 -j MASQUERADE --to-ports 5000
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 25 -j MASQUERADE --to-ports 25
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 465 -j MASQUERADE --to-ports 465
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 587 -j MASQUERADE --to-ports 587
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 110 -j MASQUERADE --to-ports 110
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 995 -j MASQUERADE --to-ports 995
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 143 -j MASQUERADE --to-ports 143
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 993 -j MASQUERADE --to-ports 993
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p udp -m udp --sport 1194 -j MASQUERADE --to-ports 1194
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 55512 -j MASQUERADE --to-ports 55512
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p tcp -m tcp --sport 55514 -j MASQUERADE --to-ports 55514
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p udp -m udp --sport 55512 -j MASQUERADE --to-ports 55512
-A MINIUPNPD-POSTROUTING -s 192.168.1.25/32 -p udp -m udp --sport 55514 -j MASQUERADE --to-ports 55514
-A MINIUPNPD-POSTROUTING -s 192.168.1.234/32 -p udp -m udp --sport 47999 -j MASQUERADE --to-ports 48179
-A MINIUPNPD-POSTROUTING -s 192.168.1.234/32 -p udp -m udp --sport 48010 -j MASQUERADE --to-ports 48190
-A MINIUPNPD-POSTROUTING -s 192.168.1.234/32 -p udp -m udp --sport 47998 -j MASQUERADE --to-ports 48178
-A MINIUPNPD-POSTROUTING -s 192.168.1.234/32 -p udp -m udp --sport 48000 -j MASQUERADE --to-ports 48180
-A MINIUPNPD-POSTROUTING -s 192.168.1.234/32 -p udp -m udp --sport 48002 -j MASQUERADE --to-ports 48182
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set lan_ac_black_ips src -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -m multiport --dports 80,443 -j REDIRECT --to-ports 7892
-A zone_IPTV_postrouting -m comment --comment "!fw3: Custom IPTV postrouting rule chain" -j postrouting_IPTV_rule
-A zone_IPTV_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_IPTV_prerouting -m comment --comment "!fw3: Custom IPTV prerouting rule chain" -j prerouting_IPTV_rule
-A zone_IPTV_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Sun Dec  6 10:19:05 2020

#Mangle chain

# Generated by iptables-save v1.8.4 on Sun Dec  6 10:19:05 2020
*mangle
:PREROUTING ACCEPT [68084:48911002]
:INPUT ACCEPT [28774:8137100]
:FORWARD ACCEPT [39117:40760302]
:OUTPUT ACCEPT [22244:4557974]
:POSTROUTING ACCEPT [61470:45321489]
:mwan3_connected - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_IPTV - [0:0]
:mwan3_iface_in_wan - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_balanced - [0:0]
:mwan3_policy_iptvonly - [0:0]
:mwan3_policy_wan_only - [0:0]
:mwan3_rule_https - [0:0]
:mwan3_rules - [0:0]
:openclash - [0:0]
-A PREROUTING -j mwan3_hook
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone IPTV MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j mwan3_hook
-A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected
-A mwan3_iface_in_IPTV -i eth0 -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_IPTV -i eth0 -m mark --mark 0x0/0x3f00 -m comment --comment IPTV -j MARK --set-xmark 0x200/0x3f00
-A mwan3_iface_in_wan -i pppoe-wan -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_wan -i pppoe-wan -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_IPTV
-A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_policy_iptvonly -m mark --mark 0x0/0x3f00 -m comment --comment "IPTV 3 3" -j MARK --set-xmark 0x200/0x3f00
-A mwan3_policy_wan_only -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x100/0x3f00
-A mwan3_rule_https -m mark --mark 0x100/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00
-A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_wan_only
-A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src
-A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src
-A mwan3_rules -p tcp -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -j mwan3_rule_https
-A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_wan_only
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set lan_ac_black_ips src -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Sun Dec  6 10:19:05 2020

#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         X               0.0.0.0         UG    0      0        0 pppoe-wan
X                0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via X dev pppoe-wan proto static 
X dev pppoe-wan proto kernel scope link src X 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
#ip rule show
0:  from all lookup local
1000:   from all fwmark 0x162 lookup 354
1001:   from all iif pppoe-wan lookup 1
1002:   from all iif eth0 lookup 2
2001:   from all fwmark 0x100/0x3f00 lookup 1
2002:   from all fwmark 0x200/0x3f00 lookup 2
2061:   from all fwmark 0x3d00/0x3f00 blackhole
2062:   from all fwmark 0x3e00/0x3f00 unreachable
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#
tcp        0      0 :::9090                 :::*                    LISTEN      24868/clash
tcp        0      0 :::7890                 :::*                    LISTEN      24868/clash
tcp        0      0 :::7891                 :::*                    LISTEN      24868/clash
tcp        0      0 :::7892                 :::*                    LISTEN      24868/clash
tcp        0      0 :::7893                 :::*                    LISTEN      24868/clash
udp        0      0 :::7874                 :::*                                24868/clash
udp        0      0 :::7891                 :::*                                24868/clash
udp        0      0 :::7893                 :::*                                24868/clash

#===================== 测试本机DNS查询 =====================#

Name:      www.baidu.com
Address 1: 110.242.68.3
Address 2: 110.242.68.4

#===================== resolv.conf.d =====================#
# Interface IPTV
nameserver 192.168.18.1
# Interface wan
nameserver 202.99.96.68
nameserver 202.99.104.68
# Interface wan_6
nameserver 2408:8888::8
nameserver 2408:8899::8

#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sun, 06 Dec 2020 02:19:05 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "37c90545872644d531698407d8d115d7dd22e029a208ca661b2fc863eb54b67b"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
Via: 1.1 varnish (Varnish/6.0), 1.1 varnish
X-GitHub-Request-Id: 5814:1300:1F32A7:241E45:5FCC3F47
Accept-Ranges: bytes
Date: Sun, 06 Dec 2020 02:19:06 GMT
X-Served-By: cache-hkg17933-HKG
X-Cache: HIT, HIT
X-Cache-Hits: 1, 1
X-Timer: S1607221146.209962,VS0,VE1
Vary: Authorization,Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: 34275fe2c0c7c268e312cf028fef2e53e1117a76
Expires: Sun, 06 Dec 2020 02:24:06 GMT
Source-Age: 101
vernesong commented 3 years ago

节点什么协议

bleeee commented 3 years ago

节点什么协议

SSR,之前vmess也不好使

bleeee commented 3 years ago

koollede固件问题