kenyujy
commented
3 years ago OpenClash 调试日志
生成时间: 2021-02-05 23:02:24 插件版本: v0.41.14-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: innotek GmbH VirtualBox
固件版本: OpenWrt 19.07.5 r11257-5090152ae3
LuCI版本: git-21.029.68283-bf8b0bb-1
内核版本: 4.14.209
处理器架构: x86_64
#此项在使用Tun模式时应为ACCEPT
防火墙转发: ACCEPT
#此项有值时建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
jsonfilter: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
进程pid: 18172
运行权限: 18172: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.01.01.g0ab75c5
Tun内核文件: 存在
Tun内核运行权限: 正常
Game内核版本: v0.17.0-232-ge389e33
Game内核文件: 存在
Game内核运行权限: 正常
Dev内核版本: v1.3.5-4-g6fedd7e
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: fake-ip-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
#启动异常时建议关闭此项后重试
混合节点: 启用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 启用
#===================== 自定义规则 一 =====================#
##- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)
##排序在上的规则优先生效,如添加(去除规则前的#号):
##IP段:192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT
##IP段:192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT
##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理
##因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除
##仅设置路由器自身直连:
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT
##在线IP段转CIDR地址:http://ip2cidr.com
#===================== 自定义规则 二 =====================#
##- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)
#===================== 配置文件 =====================#
proxy-groups:
- name: Auto - UrlTest
type: url-test
proxies:
- russ
- russ2
url: https://cp.cloudflare.com/generate_204
interval: '600'
tolerance: '150'
- name: Proxy
type: select
proxies:
- Auto - UrlTest
- DIRECT
- russ
- russ2
- name: Domestic
type: select
proxies:
- DIRECT
- Proxy
- name: Others
type: select
proxies:
- Proxy
- DIRECT
- Domestic
- name: Apple
type: select
proxies:
- DIRECT
- Proxy
- name: Microsoft
type: select
proxies:
- DIRECT
- Proxy
- name: Netflix
type: select
proxies:
- GlobalTV
- DIRECT
- russ
- russ2
- name: Disney
type: select
proxies:
- GlobalTV
- DIRECT
- russ
- russ2
- name: Youtube
type: select
disable-udp: true
proxies:
- GlobalTV
- DIRECT
- russ
- russ2
- name: Spotify
type: select
proxies:
- GlobalTV
- DIRECT
- russ
- russ2
- name: Steam
type: select
proxies:
- DIRECT
- Proxy
- russ
- russ2
- name: AdBlock
type: select
proxies:
- REJECT
- DIRECT
- Proxy
- name: AsianTV
type: select
proxies:
- DIRECT
- Proxy
- russ
- russ2
- name: GlobalTV
type: select
proxies:
- Proxy
- DIRECT
- russ
- russ2
- name: Speedtest
type: select
proxies:
- Proxy
- DIRECT
- russ
- russ2
- name: Telegram
type: select
proxies:
- Proxy
- DIRECT
- russ
- russ2
- name: PayPal
type: select
proxies:
- DIRECT
- Proxy
- russ
- russ2
rules:
- RULE-SET,Reject,AdBlock
- RULE-SET,Special,DIRECT
- RULE-SET,Netflix,Netflix
- RULE-SET,Spotify,Spotify
- RULE-SET,YouTube,Youtube
- RULE-SET,Disney Plus,Disney
- RULE-SET,Bilibili,AsianTV
- RULE-SET,iQiyi,AsianTV
- RULE-SET,Letv,AsianTV
- RULE-SET,Netease Music,AsianTV
- RULE-SET,Tencent Video,AsianTV
- RULE-SET,Youku,AsianTV
- RULE-SET,WeTV,AsianTV
- RULE-SET,ABC,GlobalTV
- RULE-SET,Abema TV,GlobalTV
- RULE-SET,Amazon,GlobalTV
- RULE-SET,Apple News,GlobalTV
- RULE-SET,Apple TV,GlobalTV
- RULE-SET,Bahamut,GlobalTV
- RULE-SET,BBC iPlayer,GlobalTV
- RULE-SET,DAZN,GlobalTV
- RULE-SET,Discovery Plus,GlobalTV
- RULE-SET,encoreTVB,GlobalTV
- RULE-SET,Fox Now,GlobalTV
- RULE-SET,Fox+,GlobalTV
- RULE-SET,HBO,GlobalTV
- RULE-SET,Hulu Japan,GlobalTV
- RULE-SET,Hulu,GlobalTV
- RULE-SET,Japonx,GlobalTV
- RULE-SET,JOOX,GlobalTV
- RULE-SET,KKBOX,GlobalTV
- RULE-SET,KKTV,GlobalTV
- RULE-SET,Line TV,GlobalTV
- RULE-SET,myTV SUPER,GlobalTV
- RULE-SET,Pandora,GlobalTV
- RULE-SET,PBS,GlobalTV
- RULE-SET,Pornhub,GlobalTV
- RULE-SET,Soundcloud,GlobalTV
- RULE-SET,ViuTV,GlobalTV
- RULE-SET,Telegram,Telegram
- RULE-SET,Steam,Steam
- RULE-SET,Speedtest,Speedtest
- RULE-SET,PayPal,PayPal
- RULE-SET,Microsoft,Microsoft
- RULE-SET,PROXY,Proxy
- RULE-SET,Apple,Apple
- RULE-SET,Domestic,Domestic
- RULE-SET,Domestic IPs,Domestic
- RULE-SET,LAN,DIRECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- GEOIP,CN,Domestic
- MATCH,Others
dns:
nameserver:
- https://cloudflare-dns.com/dns-query
- https://dns.google/dns-query
- https://1.1.1.1/dns-query
- tls://8.8.8.8:853
fallback:
- tls://1.1.1.1:853
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
listen: 127.0.0.1:7874
fake-ip-filter:
- "*.lan"
- time.windows.com
- time.nist.gov
- time.apple.com
- time.asia.apple.com
- "*.ntp.org.cn"
- "*.openwrt.pool.ntp.org"
- time1.cloud.tencent.com
- time.ustc.edu.cn
- pool.ntp.org
- ntp.ubuntu.com
- ntp.aliyun.com
- ntp1.aliyun.com
- ntp2.aliyun.com
- ntp3.aliyun.com
- ntp4.aliyun.com
- ntp5.aliyun.com
- ntp6.aliyun.com
- ntp7.aliyun.com
- time1.aliyun.com
- time2.aliyun.com
- time3.aliyun.com
- time4.aliyun.com
- time5.aliyun.com
- time6.aliyun.com
- time7.aliyun.com
- "*.time.edu.cn"
- time1.apple.com
- time2.apple.com
- time3.apple.com
- time4.apple.com
- time5.apple.com
- time6.apple.com
- time7.apple.com
- time1.google.com
- time2.google.com
- time3.google.com
- time4.google.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "*.msftconnecttest.com"
- "*.msftncsi.com"
- localhost.ptlogin2.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.microsoft.com
- "+.xboxlive.com"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
fallback-filter:
geoip: false
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
redir-port: 7892
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
log-level: debug
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
tun:
enable: true
stack: system
dns-hijack:
- tcp://8.8.8.8:53
- tcp://8.8.4.4:53
rule-providers:
Reject:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Reject.yaml
path: "./rule_provider/Reject"
interval: 86400
Special:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Special.yaml
path: "./rule_provider/Special"
interval: 86400
Netflix:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Netflix.yaml
path: "./rule_provider/Netflix"
interval: 86400
Spotify:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Spotify.yaml
path: "./rule_provider/Spotify"
interval: 86400
YouTube:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/YouTube.yaml
path: "./rule_provider/YouTube"
interval: 86400
Bilibili:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Bilibili.yaml
path: "./rule_provider/Bilibili"
interval: 86400
iQiyi:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/iQiyi.yaml
path: "./rule_provider/iQiyi"
interval: 86400
Letv:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Letv.yaml
path: "./rule_provider/Letv"
interval: 86400
Netease Music:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Netease%20Music.yaml
path: "./rule_provider/Netease_Music"
interval: 86400
Tencent Video:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Tencent%20Video.yaml
path: "./rule_provider/Tencent_Video"
interval: 86400
Youku:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Youku.yaml
path: "./rule_provider/Youku"
interval: 86400
WeTV:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/WeTV.yaml
path: "./rule_provider/WeTV"
interval: 86400
ABC:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/ABC.yaml
path: "./rule_provider/ABC"
interval: 86400
Abema TV:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Abema%20TV.yaml
path: "./rule_provider/Abema_TV"
interval: 86400
Amazon:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Amazon.yaml
path: "./rule_provider/Amazon"
interval: 86400
Apple News:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Apple%20News.yaml
path: "./rule_provider/Apple_News"
interval: 86400
Apple TV:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Apple%20TV.yaml
path: "./rule_provider/Apple_TV"
interval: 86400
Bahamut:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Bahamut.yaml
path: "./rule_provider/Bahamut"
interval: 86400
BBC iPlayer:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/BBC%20iPlayer.yaml
path: "./rule_provider/BBC_iPlayer"
interval: 86400
DAZN:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/DAZN.yaml
path: "./rule_provider/DAZN"
interval: 86400
Discovery Plus:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Discovery%20Plus.yaml
path: "./rule_provider/Discovery_Plus"
interval: 86400
Disney Plus:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Disney%20Plus.yaml
path: "./rule_provider/Disney_Plus"
interval: 86400
encoreTVB:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/encoreTVB.yaml
path: "./rule_provider/encoreTVB"
interval: 86400
Fox Now:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Fox%20Now.yaml
path: "./rule_provider/Fox_Now"
interval: 86400
Fox+:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Fox%2B.yaml
path: "./rule_provider/Fox+"
interval: 86400
HBO:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/HBO.yaml
path: "./rule_provider/HBO"
interval: 86400
Hulu Japan:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Hulu%20Japan.yaml
path: "./rule_provider/Hulu_Japan"
interval: 86400
Hulu:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Hulu.yaml
path: "./rule_provider/Hulu"
interval: 86400
Japonx:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Japonx.yaml
path: "./rule_provider/Japonx"
interval: 86400
JOOX:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/JOOX.yaml
path: "./rule_provider/JOOX"
interval: 86400
KKBOX:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/KKBOX.yaml
path: "./rule_provider/KKBOX"
interval: 86400
KKTV:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/KKTV.yaml
path: "./rule_provider/KKTV"
interval: 86400
Line TV:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Line%20TV.yaml
path: "./rule_provider/Line_TV"
interval: 86400
myTV SUPER:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/myTV%20SUPER.yaml
path: "./rule_provider/myTV_SUPER"
interval: 86400
Pandora:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Pandora.yaml
path: "./rule_provider/Pandora"
interval: 86400
PBS:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/PBS.yaml
path: "./rule_provider/PBS"
interval: 86400
Pornhub:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Pornhub.yaml
path: "./rule_provider/Pornhub"
interval: 86400
Soundcloud:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/Soundcloud.yaml
path: "./rule_provider/Soundcloud"
interval: 86400
ViuTV:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Media/ViuTV.yaml
path: "./rule_provider/ViuTV"
interval: 86400
Telegram:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Telegram.yaml
path: "./rule_provider/Telegram"
interval: 86400
Steam:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Steam.yaml
path: "./rule_provider/Steam"
interval: 86400
Speedtest:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Speedtest.yaml
path: "./rule_provider/Speedtest"
interval: 86400
PayPal:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/PayPal.yaml
path: "./rule_provider/PayPal"
interval: 86400
Microsoft:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Microsoft.yaml
path: "./rule_provider/Microsoft"
interval: 86400
PROXY:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Proxy.yaml
path: "./rule_provider/Proxy"
interval: 86400
Domestic:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Domestic.yaml
path: "./rule_provider/Domestic"
interval: 86400
Apple:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Apple.yaml
path: "./rule_provider/Apple"
interval: 86400
Domestic IPs:
type: http
behavior: ipcidr
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/Domestic%20IPs.yaml
path: "./rule_provider/Domestic_IPs"
interval: 86400
LAN:
type: http
behavior: classical
url: https://cdn.jsdelivr.net/gh/lhie1/Rules@master/Clash/Provider/LAN.yaml
path: "./rule_provider/LAN"
interval: 86400
script:
code: |
def main(ctx, metadata):
port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
ruleset_action = {"Reject": "AdBlock",
"Special": "DIRECT",
"Netflix": "Netflix",
"Spotify": "Spotify",
"YouTube": "Youtube",
"Disney Plus": "Disney",
"Bilibili": "AsianTV",
"iQiyi": "AsianTV",
"Letv": "AsianTV",
"Netease Music": "AsianTV",
"Tencent Video": "AsianTV",
"Youku": "AsianTV",
"WeTV": "AsianTV",
"ABC": "GlobalTV",
"Abema TV": "GlobalTV",
"Amazon": "GlobalTV",
"Apple News": "GlobalTV",
"Apple TV": "GlobalTV",
"Bahamut": "GlobalTV",
"BBC iPlayer": "GlobalTV",
"DAZN": "GlobalTV",
"Discovery Plus": "GlobalTV",
"encoreTVB": "GlobalTV",
"Fox Now": "GlobalTV",
"Fox+": "GlobalTV",
"HBO": "GlobalTV",
"Hulu Japan": "GlobalTV",
"Hulu": "GlobalTV",
"Japonx": "GlobalTV",
"JOOX": "GlobalTV",
"KKBOX": "GlobalTV",
"KKTV": "GlobalTV",
"Line TV": "GlobalTV",
"myTV SUPER": "GlobalTV",
"Pandora": "GlobalTV",
"PBS": "GlobalTV",
"Pornhub": "GlobalTV",
"Soundcloud": "GlobalTV",
"ViuTV": "GlobalTV",
"Telegram": "Telegram",
"Steam": "Steam",
"Speedtest": "Speedtest",
"PayPal": "PayPal",
"Microsoft": "Microsoft",
"PROXY": "Proxy",
"Apple": "Apple",
"Domestic": "Domestic",
"Domestic IPs": "Domestic",
"LAN": "DIRECT"
}
port = int(metadata["dst_port"])
if port not in port_list:
return "DIRECT"
for rule_name in ctx.rule_providers.keys():
if ctx.rule_providers[rule_name].match(metadata):
return ruleset_action[rule_name]
ip = metadata["dst_ip"] or ctx.resolve_ip(metadata["host"])
if ip == "":
return "DIRECT"
code = ctx.geoip(ip)
if code == "CN":
return "Domestic"
return "Others"
interface-name: eth0
#===================== 防火墙设置 =====================#
#NAT chain
# Generated by iptables-save v1.8.3 on Fri Feb 5 23:02:25 2021
*nat
:PREROUTING ACCEPT [92:7145]
:INPUT ACCEPT [59:5165]
:OUTPUT ACCEPT [82:4952]
:POSTROUTING ACCEPT [115:6932]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p tcp -m tcp --dport 53 -j ACCEPT
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Fri Feb 5 23:02:25 2021
#Mangle chain
# Generated by iptables-save v1.8.3 on Fri Feb 5 23:02:25 2021
*mangle
:PREROUTING ACCEPT [3309:553689]
:INPUT ACCEPT [2410:394159]
:FORWARD ACCEPT [899:159530]
:OUTPUT ACCEPT [2149:753472]
:POSTROUTING ACCEPT [3048:913002]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -j openclash
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 546 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 546 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -m owner ! --uid-owner 65534 -m set ! --match-set common_ports dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Fri Feb 5 23:02:25 2021
#===================== IPSET状态 =====================#
Name: localnetwork
Name: common_ports
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.20.10.1 0.0.0.0 UG 0 0 0 eth0
172.20.10.0 0.0.0.0 255.255.255.240 U 0 0 0 eth0
198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun
#ip route list
default via 172.20.10.1 dev eth0 proto static
172.20.10.0/28 dev eth0 proto kernel scope link src 172.20.10.5
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== Tun设备状态 =====================#
utun: tun pi filter
#===================== 端口占用状态 =====================#
tcp 0 0 198.18.0.1:7777 0.0.0.0:* LISTEN 18172/clash
tcp 0 0 :::7890 :::* LISTEN 18172/clash
tcp 0 0 :::7891 :::* LISTEN 18172/clash
tcp 0 0 :::7892 :::* LISTEN 18172/clash
tcp 0 0 :::7893 :::* LISTEN 18172/clash
tcp 0 0 :::9090 :::* LISTEN 18172/clash
udp 0 0 127.0.0.1:7874 0.0.0.0:* 18172/clash
udp 0 0 198.18.0.1:7777 0.0.0.0:* 18172/clash
udp 0 0 :::7891 :::* 18172/clash
udp 0 0 :::7892 :::* 18172/clash
udp 0 0 :::7893 :::* 18172/clash
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
Address 1: 198.18.0.4
*** Can't find www.baidu.com: No answer
#===================== resolv.conf.auto =====================#
# Interface lan
nameserver 172.20.10.1
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Fri, 05 Feb 2021 23:02:27 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Content-Type: text/plain; charset=utf-8
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
ETag: "00cdb0532e41777645c9ad3e0a65a1b1ac87d6afaf72cf6e33d925dbbd05be97"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 58D6:2047:397C82:3CC3C5:601CFB02
Accept-Ranges: bytes
Date: Fri, 05 Feb 2021 23:02:28 GMT
Via: 1.1 varnish
X-Served-By: cache-fra19132-FRA
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1612566149.949777,VS0,VE1
Vary: Authorization,Accept-Encoding, Accept-Encoding
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: 7f644ca02196a947a7092cde6894a97834a226d2
Expires: Fri, 05 Feb 2021 23:07:28 GMT
Source-Age: 146
#===================== 最近运行日志 =====================#
time="2021-02-05T23:01:38Z" level=info msg="[TCP] 172.20.10.2:56508 --> 151.101.108.133 match Match() using Others[russ2]"
time="2021-02-05T23:01:38Z" level=info msg="[TCP] 172.20.10.2:42286 --> 117.23.61.188 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:01:38Z" level=info msg="[TCP] 172.20.10.2:36922 --> 113.96.133.160 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:01:38Z" level=info msg="[TCP] 172.20.10.2:42290 --> 117.23.61.188 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:01:38Z" level=info msg="[TCP] 172.20.10.2:42348 --> 125.73.209.67 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:01:43Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:01:44Z" level=info msg="[TCP] 172.20.10.2:34552 --> 34.107.221.82 match Match() using Others[russ2]"
time="2021-02-05T23:01:44Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:01:45Z" level=info msg="[TCP] 172.20.10.2:34560 --> 34.107.221.82 match Match() using Others[russ2]"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:15Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:36944 --> 113.96.133.160 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:40236 --> 103.201.128.6 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:42390 --> 125.73.209.67 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:56552 --> 151.101.108.133 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:55910 --> 50.19.252.36 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:59108 --> 13.250.177.223 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:42330 --> 117.23.61.188 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:48564 --> 172.217.31.238 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:40140 --> 104.16.241.99 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:42336 --> 117.23.61.188 match RuleSet(Domestic IPs) using Domestic[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:56550 --> 151.101.108.133 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:55922 --> 50.19.252.36 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:59342 --> 104.21.2.130 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:56554 --> 151.101.108.133 match Match() using Others[russ2]"
time="2021-02-05T23:02:16Z" level=info msg="[TCP] 172.20.10.2:39136 --> 44.237.239.70 match Match() using Others[russ2]"
time="2021-02-05T23:02:18Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:18Z" level=info msg="[TCP] 172.20.10.2:42224 --> 13.224.164.13 match Match() using Others[russ2]"
time="2021-02-05T23:02:25Z" level=debug msg="[DNS] www.baidu.com --> 104.193.88.77"
time="2021-02-05T23:02:25Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:26Z" level=info msg="[TCP] 198.18.0.1:60872 --> www.baidu.com match RuleSet(Domestic) using Domestic[russ2]"
time="2021-02-05T23:02:27Z" level=debug msg="[DNS] raw.githubusercontent.com --> 151.101.192.133"
time="2021-02-05T23:02:27Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:27Z" level=debug msg="[DNS] raw.githubusercontent.com --> 151.101.192.133"
time="2021-02-05T23:02:27Z" level=debug msg="[Rule] find process name Process error: protocol not supported"
time="2021-02-05T23:02:28Z" level=info msg="[TCP] 198.18.0.1:49474 --> raw.githubusercontent.com match RuleSet(PROXY) using Proxy[russ2]"
time="2021-02-05T23:02:28Z" level=info msg="[TCP] 198.18.0.1:49480 --> raw.githubusercontent.com match RuleSet(PROXY) using Proxy[russ2]"
vernesong
adminidor
求教大佬,x86 64 openwrt 软路由,添加了v2ray机场主界面国外ip正确显示机场服务器的所在地 俄罗斯,注界面显示访问youtube正常 国内网站可以访问,但是不能访问外国网页
每次刷新国外网站,日志显示protocol not supported 2021-02-06 06:38:01 level=info msg="[TCP] 172.20.10.2:39700 --> 104.16.241.99 match Match() using Others[russ2]" 2021-02-06 06:38:00 level=debug msg="[Rule] find process name Process error: protocol not supported"