pppoe拨号断开重连后，openclash反复的重置防火墙规则，且无法正常上网 v0.43.05-beta

[philly1021]

OpenClash 调试日志

生成时间: 2021-09-18 14:39:28 插件版本: v0.43.05-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Raspberry Pi 4 Model B Rev 1.4
固件版本: OpenWrt SNAPSHOT r0-09bfdd0
LuCI版本: git-21.238.35254-83494a9-1
内核版本: 5.4.143
处理器架构: aarch64_cortex-a72

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 5651
运行权限: 5651: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.09.15
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: 20210310-121-gbd4ed20
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.7.1
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/glados.yaml
启动配置文件: /etc/openclash/glados.yaml
运行模式: redir-host-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 启用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 自定义规则 一 =====================#
script:
##  shortcuts:
##    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
##    time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
##    time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21

rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT

##在线IP段转CIDR地址：http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
##  shortcuts:
##    common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]

rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy 匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy 匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy 匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT 匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT 匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT 匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT 匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT 匹配数据源端口(直连)

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
dns:
  enable: true
  listen: 127.0.0.1:7874
  nameserver:
  - 211.138.180.2
  - 211.138.180.3
  - 100.79.0.1
  - 114.114.114.114
  - 119.29.29.29
  fallback:
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  - https://cloudflare-dns.com/dns-query
  - https://dns.rubyfish.cn/dns-query
  ipv6: false
  enhanced-mode: redir-host
  default-nameserver:
  - 211.138.180.2
  - 211.138.180.3
  - 100.79.0.1
  - 114.114.114.114
  - 119.29.29.29

redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
tun:
  enable: true
  stack: system
  dns-hijack:
  - tcp://8.8.8.8:53
  - tcp://8.8.4.4:53
profile:
  store-selected: true

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sat Sep 18 14:39:31 2021
*nat
:PREROUTING ACCEPT [18:1042]
:INPUT ACCEPT [9:560]
:OUTPUT ACCEPT [43:2742]
:POSTROUTING ACCEPT [8:507]
:DOCKER - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j ACCEPT
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-WAN -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A DOCKER -i docker0 -j RETURN
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_vpn_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Sat Sep 18 14:39:31 2021

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sat Sep 18 14:39:31 2021
*mangle
:PREROUTING ACCEPT [805:107125]
:INPUT ACCEPT [278:32373]
:FORWARD ACCEPT [322:32196]
:OUTPUT ACCEPT [463:497798]
:POSTROUTING ACCEPT [771:529626]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A FORWARD -o pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.2.111/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.111/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.170/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.170/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.177/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.177/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.195/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.195/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_INPUT -i pppoe-WAN -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A RRDIPT_OUTPUT -o pppoe-WAN -j RETURN
COMMIT
# Completed on Sat Sep 18 14:39:31 2021

#IPv6 NAT chain

#IPv6 Mangle chain

#===================== IPSET状态 =====================#

Name: mwan3_connected_v4
Name: mwan3_connected_v6
Name: mwan3_source_v6
Name: mwan3_dynamic_v4
Name: mwan3_dynamic_v6
Name: mwan3_custom_v4
Name: mwan3_custom_v6
Name: cn
Name: ct
Name: cnc
Name: cmcc
Name: crtc
Name: cernet
Name: gwbn
Name: othernet
Name: localnetwork
Name: china_ip_route
Name: mwan3_connected

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         100.79.0.1      0.0.0.0         UG    0      0        0 pppoe-WAN
100.79.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-WAN
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via * dev pppoe-WAN proto static 
* dev pppoe-WAN proto kernel scope link src 100.79.121.184 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      5651/clash
tcp        0      0 :::7890                 :::*                    LISTEN      5651/clash
tcp        0      0 :::7891                 :::*                    LISTEN      5651/clash
tcp        0      0 :::7892                 :::*                    LISTEN      5651/clash
tcp        0      0 :::7893                 :::*                    LISTEN      5651/clash
tcp        0      0 :::7895                 :::*                    LISTEN      5651/clash
tcp        0      0 :::9090                 :::*                    LISTEN      5651/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           5651/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           5651/clash
udp        0      0 :::7891                 :::*                                5651/clash
udp        0      0 :::7892                 :::*                                5651/clash
udp        0      0 :::7893                 :::*                                5651/clash
udp        0      0 :::7895                 :::*                                5651/clash

#===================== 测试本机DNS查询 =====================#

Server:     211.138.180.2
Address:    211.138.180.2:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 36.152.44.96
Name:   www.a.shifen.com
Address: 36.152.44.95

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com

#===================== resolv.conf.d =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 18 Sep 2021 06:39:33 GMT
Etag: "575e1f7c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:36 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

#===================== 最近运行日志 =====================#

time="2021-09-18T09:47:15+08:00" level=info msg="Start initial compatible provider Geo"
time="2021-09-18T09:47:15+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874"
2021-09-18 09:47:18 Step 6: Wait For The File Downloading...
2021-09-18 09:47:18 Step 7: Set Control Panel...
2021-09-18 09:47:18 Step 8: Set Firewall Rules...
2021-09-18 09:47:23 Step 9: Restart Dnsmasq...
2021-09-18 09:47:26 Step 10: Add Cron Rules, Start Daemons...
2021-09-18 09:47:26 OpenClash Start Successful!
2021-09-18 09:48:53 Reload OpenClash Firewall Rules...
2021-09-18 09:49:10 Reload OpenClash Firewall Rules...
2021-09-18 09:49:24 Reload OpenClash Firewall Rules...
2021-09-18 09:49:28 Reload OpenClash Firewall Rules...
2021-09-18 09:49:40 Reload OpenClash Firewall Rules...
2021-09-18 09:49:45 Reload OpenClash Firewall Rules...
2021-09-18 09:50:04 Reload OpenClash Firewall Rules...
2021-09-18 09:50:15 OpenClash Stoping...
2021-09-18 09:50:15 Step 1: Backup The Current Groups State...
2021-09-18 09:50:15 Step 2: Delete OpenClash Firewall Rules...
2021-09-18 09:50:16 Step 3: Close The OpenClash Daemons...
2021-09-18 09:50:16 Step 4: Close The Clash Core Process...
2021-09-18 09:50:16 Step 5: Restart Dnsmasq...
2021-09-18 09:50:19 Step 6: Delete OpenClash Residue File...
2021-09-18 09:50:19 OpenClash Start Running...
2021-09-18 09:50:19 Step 1: Get The Configuration...
2021-09-18 09:50:20 Step 2: Check The Components...
2021-09-18 09:50:20 Step 3: Modify The Config File...
2021-09-18 09:50:23 Step 4: Start Running The Clash Core...
2021-09-18 09:50:23 Detected The Exclusive Function of The TUN Core, Use TUN Core to Start...
2021-09-18 09:50:27 Step 5: Check The Core Status...
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Auto"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Geo"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Express"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Video"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Proxy"
time="2021-09-18T09:50:27+08:00" level=info msg="Start initial compatible provider Economic"
time="2021-09-18T09:50:27+08:00" level=info msg="DNS server listening at: 127.0.0.1:7874"
2021-09-18 09:50:30 Step 6: Wait For The File Downloading...
2021-09-18 09:50:30 Step 7: Set Control Panel...
2021-09-18 09:50:30 Step 8: Set Firewall Rules...
2021-09-18 09:50:35 Step 9: Restart Dnsmasq...
2021-09-18 09:50:38 Step 10: Add Cron Rules, Start Daemons...
2021-09-18 09:50:38 OpenClash Start Successful!
2021-09-18 14:38:25 Reload OpenClash Firewall Rules...
2021-09-18 14:38:42 Reload OpenClash Firewall Rules...
2021-09-18 14:38:46 Reload OpenClash Firewall Rules...
2021-09-18 14:39:01 Reload OpenClash Firewall Rules...
2021-09-18 14:39:20 Reload OpenClash Firewall Rules...

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.2.195】 - Host:【collector.githubapp.com】 - DestinationIP:【3.208.40.10】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-Railgun-02】
2. SourceIP:【192.168.2.195】 - Host:【client.wns.windows.com】 - DestinationIP:【52.139.250.253】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-02】
3. SourceIP:【192.168.2.195】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.108.133】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-Railgun-02】
4. SourceIP:【192.168.2.195】 - Host:【collector.githubapp.com】 - DestinationIP:【3.208.40.10】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-Railgun-02】
5. SourceIP:【192.168.2.195】 - Host:【api.mousegesturesapi.com】 - DestinationIP:【3.232.105.212】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-Railgun-02】
6. SourceIP:【192.168.2.195】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.109.154】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-Railgun-02】
7. SourceIP:【192.168.2.195】 - Host:【mtalk.google.com】 - DestinationIP:【64.233.189.188】 - Network:【tcp】 - RulePayload:【google.com】 - Lastchain:【GLaDOS-Railgun-02】
8. SourceIP:【192.168.2.195】 - Host:【api.github.com】 - DestinationIP:【192.30.255.116】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-Railgun-02】
9. SourceIP:【192.168.2.195】 - Host:【skydrive.wns.windows.com】 - DestinationIP:【52.139.250.253】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-Railgun-00】
10. SourceIP:【192.168.2.195】 - Host:【github.com】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-Railgun-00】
11. SourceIP:【192.168.2.195】 - Host:【api.ipify.org】 - DestinationIP:【50.17.226.156】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-Railgun-00】
12. SourceIP:【192.168.2.195】 - Host:【o.ss2.us】 - DestinationIP:【143.204.121.38】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-Railgun-02】
13. SourceIP:【192.168.2.195】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.109.154】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-Railgun-02】

[vernesong]

重置不是插件主动进行的，是因为其他原因导致防火墙重启，插件才重新加载防火墙

[PPPoFR]

这边也有类似的问题，43.03、43.04、43.05，重置防火墙规则后无法正常上网。42.10、43.01同样会重置防火墙规则，但重置后一切正常。

[vernesong]

你现在的情况是频繁重置导致防火墙规则未正常添加，建议还是先找找是哪个插件在重启防火墙

[philly1021]

你现在的情况是你自己的某个边缘结局未曾添加，还是先找什么推荐在重启防火墙

先做一下总结吧，我重新用纯净版无插件系统安装openclash，进行了兼容模式（Redir）和tun模式两种测试

看了系统日志，系统重启防火墙应该是pppoe重新拨号触发的，之后触发了openclash重置防火墙

兼容模式： 正常启动openclash后所有连接正常 重新进行pppoe拨号后，进行了两次重置防火墙规则之后不再重置，等待几分钟后，国内网站似乎可以正常访问（似乎的意思是时快时慢，整体的延迟变高了），国外网站概率访问 手动重启openclash，所有访问恢复正常

tun模式： 正常启动openclash后所有连接正常 重新进行pppoe拨号后，进行多次重置防火墙规则（多次测试发现有时三次有时两次）之后不再重置，等待几分钟后，国内网站概率访问（多次测试有时可以访问，有时不可以），国外网站无法访问 手动重启openclash，所有访问恢复正常

可以看出兼容模式情况好得多，tun模式就很糟糕了，但只要重启openclash，就可以恢复正常

[philly1021]

兼容模式 连接正常时的日志

连接测试

id: 6e18e4c8-990e-45e4-b453-f01263453d99
start: 2021-09-23T07:19:07.17647552Z
download: 9.1 KB
upload: 1.1 KB
rule: DomainKeyword
rulePayload: instagram
chains: 
  1: GLaDOS-N2-05
  2: Auto-Fast
  3: Auto
  4: Proxy
metadata: 
  sourceIP: 192.168.1.195
  sourcePort: 12356
  host: www.instagram.com
  destinationIP: 157.240.12.36
  destinationPort: 443
  network: tcp
  type: Redir

OpenClash 调试日志

生成时间: 2021-09-23 15:19:11 插件版本: v0.43.05-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Raspberry Pi 4 Model B Rev 1.4
固件版本: ImmortalWrt 18.06-SNAPSHOT r0-0a719bb
LuCI版本: git-21.262.22722-2fe3b29-1
内核版本: 5.4.145
处理器架构: aarch64_cortex-a72

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 12174
运行权限: 12174: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.09.15
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: 20210310-121-gbd4ed20
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.7.1
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/glados.yaml
启动配置文件: /etc/openclash/glados.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:19:13 2021
*nat
:PREROUTING ACCEPT [21:2546]
:INPUT ACCEPT [86:6595]
:OUTPUT ACCEPT [185:11341]
:POSTROUTING ACCEPT [24:1461]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p tcp -j openclash
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-WAN -m comment --comment "!fw3" -j zone_wan_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Sep 23 15:19:13 2021

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:19:13 2021
*mangle
:PREROUTING ACCEPT [5227:3853499]
:INPUT ACCEPT [5183:3854172]
:FORWARD ACCEPT [60:2809]
:OUTPUT ACCEPT [3353:4247405]
:POSTROUTING ACCEPT [3407:4249974]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Thu Sep 23 15:19:13 2021

#IPv6 NAT chain

#IPv6 Mangle chain

#===================== IPSET状态 =====================#

Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         *      0.0.0.0         UG    0      0        0 pppoe-WAN
*      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-WAN
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via * dev pppoe-WAN proto static 
* dev pppoe-WAN proto kernel scope link src 100.79.84.231 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7891                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7892                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7893                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7895                 :::*                    LISTEN      12174/clash
tcp        0      0 :::9090                 :::*                    LISTEN      12174/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           12174/clash
udp        0      0 :::51906                :::*                                12174/clash
udp        0      0 :::58925                :::*                                12174/clash
udp        0      0 :::7891                 :::*                                12174/clash
udp        0      0 :::7892                 :::*                                12174/clash
udp        0      0 :::7893                 :::*                                12174/clash
udp        0      0 :::7895                 :::*                                12174/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 36.152.44.96
Name:   www.a.shifen.com
Address: 36.152.44.95

#===================== resolv.conf.auto =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== resolv.conf.d =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 23 Sep 2021 07:19:13 GMT
Etag: "575e1f7c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:36 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "8ff790eec875f63046229028d039a0d25cc0992af45d94e93bad646a0c1aaedf"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: D24C:4F71:8C158A:9FC555:614BDFA1
accept-ranges: bytes
date: Thu, 23 Sep 2021 07:19:13 GMT
via: 1.1 varnish
x-served-by: cache-tyo11934-TYO
x-cache: HIT
x-cache-hits: 1
x-timer: S1632381554.986988,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 8fd66675cb435d2e7f2845335e5a96121f7439c4
expires: Thu, 23 Sep 2021 07:24:13 GMT
source-age: 269
content-length: 80

#===================== 最近运行日志 =====================#

2021-09-23 15:17:49 Step 1: Get The Configuration...
2021-09-23 15:17:49 Step 2: Check The Components...
2021-09-23 15:17:50 Step 3: Modify The Config File...
2021-09-23 15:17:52 Step 4: Start Running The Clash Core...
2021-09-23 15:17:52 No Special Configuration Detected, Use Dev Core to Start...
2021-09-23 15:17:55 Step 5: Check The Core Status...
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Economic"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Proxy"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Express"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Auto"
2021-09-23 15:17:58 Step 6: Wait For The File Downloading...
2021-09-23 15:17:59 Step 7: Set Control Panel...
2021-09-23 15:17:59 Step 8: Set Firewall Rules...
2021-09-23 15:17:59 Step 9: Restart Dnsmasq...
2021-09-23 15:18:02 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:18:02 OpenClash Start Successful!
2021-09-23 15:18:26 OpenClash Stoping...
2021-09-23 15:18:26 Step 1: Backup The Current Groups State...
2021-09-23 15:18:26 Step 2: Delete OpenClash Firewall Rules...
2021-09-23 15:18:27 Step 3: Close The OpenClash Daemons...
2021-09-23 15:18:27 Step 4: Close The Clash Core Process...
2021-09-23 15:18:27 Step 5: Restart Dnsmasq...
2021-09-23 15:18:30 Step 6: Delete OpenClash Residue File...
2021-09-23 15:18:30 OpenClash Start Running...
2021-09-23 15:18:30 Step 1: Get The Configuration...
2021-09-23 15:18:30 Step 2: Check The Components...
2021-09-23 15:18:31 Step 3: Modify The Config File...
2021-09-23 15:18:34 Step 4: Start Running The Clash Core...
2021-09-23 15:18:34 No Special Configuration Detected, Use Dev Core to Start...
2021-09-23 15:18:37 Step 5: Check The Core Status...
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Economic"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Express"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Proxy"
2021-09-23 15:18:40 Step 6: Wait For The File Downloading...
2021-09-23 15:18:40 Step 7: Set Control Panel...
2021-09-23 15:18:40 Step 8: Set Firewall Rules...
2021-09-23 15:18:40 Step 9: Restart Dnsmasq...
2021-09-23 15:18:43 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:18:43 OpenClash Start Successful!

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.1.195】 - Host:【api.skk.moe】 - DestinationIP:【104.16.241.99】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
2. SourceIP:【192.168.1.195】 - Host:【api.skk.moe】 - DestinationIP:【104.16.241.99】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
3. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【120.209.100.179】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.29.203.118】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.1.195】 - Host:【myip.ipip.net】 - DestinationIP:【117.23.61.188】 - Network:【tcp】 - RulePayload:【ipip.net】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.1.195】 - Host:【myip.ipip.net】 - DestinationIP:【117.23.61.188】 - Network:【tcp】 - RulePayload:【ipip.net】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.1.195】 - Host:【api.ipify.org】 - DestinationIP:【50.19.104.221】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
8. SourceIP:【100.79.84.231】 - Host:【Empty】 - DestinationIP:【180.103.181.71】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.1.195】 - Host:【www.instagram.com】 - DestinationIP:【157.240.12.36】 - Network:【tcp】 - RulePayload:【instagram】 - Lastchain:【GLaDOS-N2-05】
10. SourceIP:【192.168.1.195】 - Host:【api.mousegesturesapi.com】 - DestinationIP:【3.229.141.11】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
11. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【111.30.178.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.1.195】 - Host:【github.com】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-N2-05】
13. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.29.205.100】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
14. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.28.217.111】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【116.163.14.117】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
16. SourceIP:【192.168.1.129】 - Host:【v3-b.douyinvod.com】 - DestinationIP:【112.29.202.240】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
17. SourceIP:【192.168.1.195】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.12.31】 - Network:【udp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
18. SourceIP:【192.168.1.153】 - Host:【Empty】 - DestinationIP:【139.199.215.251】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.29.207.183】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】

[philly1021]

兼容模式 重连wan口后的日志

系统日志

Thu Sep 23 15:20:19 2021 daemon.info pppd[5544]: Terminating on signal 15
Thu Sep 23 15:20:19 2021 daemon.info pppd[5544]: Connect time 7.9 minutes.
Thu Sep 23 15:20:19 2021 daemon.info pppd[5544]: Sent 2387569 bytes, received 13617870 bytes.
Thu Sep 23 15:20:19 2021 daemon.notice netifd: Network device 'pppoe-WAN' link is down
Thu Sep 23 15:20:19 2021 daemon.notice ttyd[2512]: rops_handle_POLLIN_netlink: DELADDR
Thu Sep 23 15:20:19 2021 daemon.notice pppd[5544]: Connection terminated.
Thu Sep 23 15:20:19 2021 daemon.info pppd[5544]: Sent PADT
Thu Sep 23 15:20:19 2021 daemon.info pppd[5544]: Exit.
Thu Sep 23 15:20:19 2021 daemon.notice netifd: Interface 'WAN' is now down
Thu Sep 23 15:20:19 2021 kern.info kernel: [  814.829291] bcmgenet fd580000.ethernet eth0: Link is Down
Thu Sep 23 15:20:19 2021 daemon.notice netifd: Interface 'WAN' is disabled
Thu Sep 23 15:20:19 2021 kern.warn kernel: [  814.838405] bcmgenet: Skipping UMAC reset
Thu Sep 23 15:20:19 2021 kern.info kernel: [  814.843729] bcmgenet fd580000.ethernet: configuring instance for external RGMII
Thu Sep 23 15:20:19 2021 daemon.notice netifd: Interface 'WAN' is enabled
Thu Sep 23 15:20:19 2021 daemon.notice netifd: Interface 'WAN' is setting up now
Thu Sep 23 15:20:19 2021 kern.info kernel: [  814.851393] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
Thu Sep 23 15:20:19 2021 daemon.err insmod: module is already loaded - slhc
Thu Sep 23 15:20:19 2021 daemon.err insmod: module is already loaded - ppp_generic
Thu Sep 23 15:20:19 2021 daemon.err insmod: module is already loaded - pppox
Thu Sep 23 15:20:19 2021 daemon.err insmod: module is already loaded - pppoe
Thu Sep 23 15:20:19 2021 daemon.notice netifd: WAN (15801): uci: Entry not found
Thu Sep 23 15:20:19 2021 daemon.notice netifd: WAN (15801): sh: out of range
Thu Sep 23 15:20:19 2021 daemon.info pppd[15811]: Plugin rp-pppoe.so loaded.
Thu Sep 23 15:20:19 2021 daemon.info pppd[15811]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8
Thu Sep 23 15:20:19 2021 daemon.notice pppd[15811]: pppd 2.4.8 started by root, uid 0
Thu Sep 23 15:20:19 2021 daemon.info pppd[15811]: PPP session is 19318
Thu Sep 23 15:20:19 2021 daemon.warn pppd[15811]: Connected to 00:00:5e:00:01:83 via interface eth0
Thu Sep 23 15:20:19 2021 kern.info kernel: [  815.063445] pppoe-WAN: renamed from ppp0
Thu Sep 23 15:20:19 2021 daemon.info pppd[15811]: Renamed interface ppp0 to pppoe-WAN
Thu Sep 23 15:20:19 2021 daemon.info pppd[15811]: Using interface pppoe-WAN
Thu Sep 23 15:20:19 2021 daemon.notice pppd[15811]: Connect: pppoe-WAN <--> eth0
Thu Sep 23 15:20:22 2021 daemon.info pppd[15811]: syncppp not active
Thu Sep 23 15:20:22 2021 daemon.info pppd[15811]: Remote message: Authentication success,Welcome!
Thu Sep 23 15:20:22 2021 daemon.notice pppd[15811]: PAP authentication succeeded
Thu Sep 23 15:20:22 2021 daemon.notice pppd[15811]: peer from calling number 00:00:5E:00:01:83 authorized
Thu Sep 23 15:20:22 2021 daemon.notice ttyd[2512]: rops_handle_POLLIN_netlink: DELADDR
Thu Sep 23 15:20:22 2021 daemon.notice pppd[15811]: primary   DNS address 211.138.180.2
Thu Sep 23 15:20:22 2021 daemon.notice pppd[15811]: secondary DNS address 211.138.180.3
Thu Sep 23 15:20:22 2021 daemon.notice netifd: Network device 'pppoe-WAN' link is up
Thu Sep 23 15:20:22 2021 daemon.notice netifd: Interface 'WAN' is now up
Thu Sep 23 15:20:23 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Thu Sep 23 15:20:23 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Thu Sep 23 15:20:26 2021 daemon.info dnsmasq[16421]: Connected to system UBus
Thu Sep 23 15:20:26 2021 user.notice firewall: Reloading firewall due to ifup of WAN (pppoe-WAN)
Thu Sep 23 15:20:27 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Thu Sep 23 15:20:28 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Thu Sep 23 15:20:30 2021 daemon.info dnsmasq[17176]: Connected to system UBus
Thu Sep 23 15:20:31 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Thu Sep 23 15:20:31 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Thu Sep 23 15:20:34 2021 daemon.info dnsmasq[17734]: Connected to system UBus

连接测试

找不到任何连接日志！

1. 可能是插件未在运行

2. 可能是缓存导致浏览直接使用IP地址进行访问

3. 可能是DNS未劫持成功，导致Clash无法正确反推出域名连接

4. 可能是所填地址无法进行解析和连接

OpenClash 调试日志

生成时间: 2021-09-23 15:24:21 插件版本: v0.43.05-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Raspberry Pi 4 Model B Rev 1.4
固件版本: ImmortalWrt 18.06-SNAPSHOT r0-0a719bb
LuCI版本: git-21.262.22722-2fe3b29-1
内核版本: 5.4.145
处理器架构: aarch64_cortex-a72

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 12174
运行权限: 12174: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.09.15
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: 20210310-121-gbd4ed20
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.7.1
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/glados.yaml
启动配置文件: /etc/openclash/glados.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:24:23 2021
*nat
:PREROUTING ACCEPT [149:15606]
:INPUT ACCEPT [608:53289]
:OUTPUT ACCEPT [1305:82821]
:POSTROUTING ACCEPT [198:12516]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-WAN -m comment --comment "!fw3" -j zone_wan_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Sep 23 15:24:23 2021

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:24:23 2021
*mangle
:PREROUTING ACCEPT [12359:2512143]
:INPUT ACCEPT [12438:2544953]
:FORWARD ACCEPT [117:8307]
:OUTPUT ACCEPT [13118:8305793]
:POSTROUTING ACCEPT [13188:8311516]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Thu Sep 23 15:24:23 2021

#IPv6 NAT chain

#IPv6 Mangle chain

#===================== IPSET状态 =====================#

Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         *      0.0.0.0         UG    0      0        0 pppoe-WAN
*      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-WAN
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via 100.79.0.1 dev pppoe-WAN proto static 
100.79.0.1 dev pppoe-WAN proto kernel scope link src 100.79.77.158 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7891                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7892                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7893                 :::*                    LISTEN      12174/clash
tcp        0      0 :::7895                 :::*                    LISTEN      12174/clash
tcp        0      0 :::9090                 :::*                    LISTEN      12174/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           12174/clash
udp        0      0 :::59679                :::*                                12174/clash
udp        0      0 :::35925                :::*                                12174/clash
udp        0      0 :::50499                :::*                                12174/clash
udp        0      0 :::60820                :::*                                12174/clash
udp        0      0 :::7891                 :::*                                12174/clash
udp        0      0 :::7892                 :::*                                12174/clash
udp        0      0 :::7893                 :::*                                12174/clash
udp        0      0 :::7895                 :::*                                12174/clash
udp        0      0 :::50922                :::*                                12174/clash
udp        0      0 :::34988                :::*                                12174/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 36.152.44.96
Name:   www.a.shifen.com
Address: 36.152.44.95

#===================== resolv.conf.auto =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== resolv.conf.d =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 23 Sep 2021 07:24:23 GMT
Etag: "575e1f7b-115"
Last-Modified: Mon, 13 Jun 2016 02:50:35 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "8ff790eec875f63046229028d039a0d25cc0992af45d94e93bad646a0c1aaedf"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: A9D0:5CB4:51DC76:69DD89:614BF943
accept-ranges: bytes
date: Thu, 23 Sep 2021 07:24:24 GMT
via: 1.1 varnish
x-served-by: cache-nrt18327-NRT
x-cache: HIT
x-cache-hits: 1
x-timer: S1632381864.156905,VS0,VE147
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 44048a17f886fcaae7fc4f2fb5f32a119a0ece23
expires: Thu, 23 Sep 2021 07:29:24 GMT
source-age: 0
content-length: 80

#===================== 最近运行日志 =====================#

2021-09-23 15:17:55 Step 5: Check The Core Status...
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Economic"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Proxy"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Express"
time="2021-09-23T07:17:56Z" level=info msg="Start initial compatible provider Auto"
2021-09-23 15:17:58 Step 6: Wait For The File Downloading...
2021-09-23 15:17:59 Step 7: Set Control Panel...
2021-09-23 15:17:59 Step 8: Set Firewall Rules...
2021-09-23 15:17:59 Step 9: Restart Dnsmasq...
2021-09-23 15:18:02 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:18:02 OpenClash Start Successful!
2021-09-23 15:18:26 OpenClash Stoping...
2021-09-23 15:18:26 Step 1: Backup The Current Groups State...
2021-09-23 15:18:26 Step 2: Delete OpenClash Firewall Rules...
2021-09-23 15:18:27 Step 3: Close The OpenClash Daemons...
2021-09-23 15:18:27 Step 4: Close The Clash Core Process...
2021-09-23 15:18:27 Step 5: Restart Dnsmasq...
2021-09-23 15:18:30 Step 6: Delete OpenClash Residue File...
2021-09-23 15:18:30 OpenClash Start Running...
2021-09-23 15:18:30 Step 1: Get The Configuration...
2021-09-23 15:18:30 Step 2: Check The Components...
2021-09-23 15:18:31 Step 3: Modify The Config File...
2021-09-23 15:18:34 Step 4: Start Running The Clash Core...
2021-09-23 15:18:34 No Special Configuration Detected, Use Dev Core to Start...
2021-09-23 15:18:37 Step 5: Check The Core Status...
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Economic"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Express"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Proxy"
2021-09-23 15:18:40 Step 6: Wait For The File Downloading...
2021-09-23 15:18:40 Step 7: Set Control Panel...
2021-09-23 15:18:40 Step 8: Set Firewall Rules...
2021-09-23 15:18:40 Step 9: Restart Dnsmasq...
2021-09-23 15:18:43 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:18:43 OpenClash Start Successful!
2021-09-23 15:19:43 Watchdog: Reset Firewall For Enabling Redirect...
2021-09-23 15:20:26 Reload OpenClash Firewall Rules...
2021-09-23 15:20:30 Reload OpenClash Firewall Rules...
2021-09-23 15:20:34 Reload OpenClash Firewall Rules...
2021-09-23 15:20:43 Watchdog: Reset Firewall For Enabling Redirect...

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.29.205.100】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【121.36.116.16】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.29.205.88】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【111.30.178.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
5. SourceIP:【100.79.77.158】 - Host:【Empty】 - DestinationIP:【180.103.181.71】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【36.150.88.107】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.1.195】 - Host:【www.baidu.com】 - DestinationIP:【36.152.44.95】 - Network:【tcp】 - RulePayload:【baidu.com】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.29.203.118】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.1.195】 - Host:【myip.ipip.net】 - DestinationIP:【117.23.61.188】 - Network:【tcp】 - RulePayload:【ipip.net】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.153】 - Host:【Empty】 - DestinationIP:【211.233.84.186】 - Network:【udp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
11. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.30.175.197】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【39.156.150.160】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【42.236.37.116】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
14. SourceIP:【192.168.1.195】 - Host:【api.mousegesturesapi.com】 - DestinationIP:【3.229.141.11】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
15. SourceIP:【192.168.1.195】 - Host:【api.mousegesturesapi.com】 - DestinationIP:【3.218.3.57】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
16. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【223.111.166.105】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
17. SourceIP:【192.168.1.153】 - Host:【Empty】 - DestinationIP:【58.83.177.195】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
18. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【180.163.230.245】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.1.153】 - Host:【Empty】 - DestinationIP:【139.199.215.251】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
20. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【183.192.169.15】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
21. SourceIP:【192.168.1.129】 - Host:【v3-b.douyinvod.com】 - DestinationIP:【112.29.202.240】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【203.205.239.141】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【8.133.123.143】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
24. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【120.204.17.121】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.30.172.221】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
26. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【220.243.141.86】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
27. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【111.30.178.34】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
28. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【120.209.100.179】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【112.124.32.90】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
30. SourceIP:【192.168.1.129】 - Host:【dig.bdurl.net】 - DestinationIP:【106.14.23.11】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】

[philly1021]

tun模式 连接正常时的日志

连接测试

id: 16e28c85-aafd-46be-8b12-5c959df37311
start: 2021-09-23T07:27:39.874642122Z
download: 6.2 KB
upload: 1.1 KB
rule: DomainSuffix
rulePayload: google.com
chains: 
  1: GLaDOS-N2-05
  2: Auto-Fast
  3: Auto
  4: Proxy
metadata: 
  sourceIP: 192.168.1.195
  sourcePort: 6861
  host: www.google.com
  destinationIP: 154.83.14.134
  destinationPort: 443
  network: tcp
  type: TUN

id: 9702ed6b-5bf4-422d-b040-0b2e6026fc25
start: 2021-09-23T07:27:41.68107576Z
download: 8.0 KB
upload: 2.1 KB
rule: DomainSuffix
rulePayload: google.com
chains: 
  1: GLaDOS-N2-05
  2: Auto-Fast
  3: Auto
  4: Proxy
metadata: 
  sourceIP: 192.168.1.195
  sourcePort: 4441
  host: www.google.com
  destinationIP: 154.83.14.134
  destinationPort: 443
  network: tcp
  type: TUN

OpenClash 调试日志

生成时间: 2021-09-23 15:29:06 插件版本: v0.43.05-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Raspberry Pi 4 Model B Rev 1.4
固件版本: ImmortalWrt 18.06-SNAPSHOT r0-0a719bb
LuCI版本: git-21.262.22722-2fe3b29-1
内核版本: 5.4.145
处理器架构: aarch64_cortex-a72

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 27782
运行权限: 27782: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.09.15
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: 20210310-121-gbd4ed20
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.7.1
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/glados.yaml
启动配置文件: /etc/openclash/glados.yaml
运行模式: redir-host-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:29:08 2021
*nat
:PREROUTING ACCEPT [783:60810]
:INPUT ACCEPT [643:44860]
:OUTPUT ACCEPT [1019:68248]
:POSTROUTING ACCEPT [444:36523]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p tcp -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-WAN -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Sep 23 15:29:08 2021

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:29:08 2021
*mangle
:PREROUTING ACCEPT [20973:6738144]
:INPUT ACCEPT [18284:6458738]
:FORWARD ACCEPT [2681:277790]
:OUTPUT ACCEPT [17083:11023062]
:POSTROUTING ACCEPT [19687:11297772]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -j openclash
-A FORWARD -o pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Thu Sep 23 15:29:08 2021

#IPv6 NAT chain

#IPv6 Mangle chain

#===================== IPSET状态 =====================#

Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         100.79.0.1      0.0.0.0         UG    0      0        0 pppoe-WAN
100.79.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-WAN
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun
#ip route list
default via * dev pppoe-WAN proto static 
* dev pppoe-WAN proto kernel scope link src 100.79.77.158 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      27782/clash
tcp        0      0 :::7890                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7891                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7892                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7893                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7895                 :::*                    LISTEN      27782/clash
tcp        0      0 :::9090                 :::*                    LISTEN      27782/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           27782/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           27782/clash
udp        0      0 :::37601                :::*                                27782/clash
udp        0      0 :::33788                :::*                                27782/clash
udp        0      0 :::52362                :::*                                27782/clash
udp        0      0 :::52644                :::*                                27782/clash
udp        0      0 :::46658                :::*                                27782/clash
udp        0      0 :::7891                 :::*                                27782/clash
udp        0      0 :::7892                 :::*                                27782/clash
udp        0      0 :::7893                 :::*                                27782/clash
udp        0      0 :::7895                 :::*                                27782/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 36.152.44.96
Name:   www.a.shifen.com
Address: 36.152.44.95

#===================== resolv.conf.auto =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== resolv.conf.d =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 23 Sep 2021 07:29:08 GMT
Etag: "575e1f74-115"
Last-Modified: Mon, 13 Jun 2016 02:50:28 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "8ff790eec875f63046229028d039a0d25cc0992af45d94e93bad646a0c1aaedf"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: D24C:4F71:8C158A:9FC555:614BDFA1
accept-ranges: bytes
date: Thu, 23 Sep 2021 07:29:08 GMT
via: 1.1 varnish
x-served-by: cache-tyo11954-TYO
x-cache: HIT
x-cache-hits: 2
x-timer: S1632382149.852077,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: bffb90b0790db46d4b594fb10e02c9dc72f18722
expires: Thu, 23 Sep 2021 07:34:08 GMT
source-age: 115
content-length: 80

#===================== 最近运行日志 =====================#

time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Economic"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Express"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Proxy"
2021-09-23 15:18:40 Step 6: Wait For The File Downloading...
2021-09-23 15:18:40 Step 7: Set Control Panel...
2021-09-23 15:18:40 Step 8: Set Firewall Rules...
2021-09-23 15:18:40 Step 9: Restart Dnsmasq...
2021-09-23 15:18:43 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:18:43 OpenClash Start Successful!
2021-09-23 15:19:43 Watchdog: Reset Firewall For Enabling Redirect...
2021-09-23 15:20:26 Reload OpenClash Firewall Rules...
2021-09-23 15:20:30 Reload OpenClash Firewall Rules...
2021-09-23 15:20:34 Reload OpenClash Firewall Rules...
2021-09-23 15:20:43 Watchdog: Reset Firewall For Enabling Redirect...
2021-09-23 15:25:32 OpenClash Stoping...
2021-09-23 15:25:32 Step 1: Backup The Current Groups State...
2021-09-23 15:25:32 Step 2: Delete OpenClash Firewall Rules...
2021-09-23 15:25:33 Step 3: Close The OpenClash Daemons...
2021-09-23 15:25:33 Step 4: Close The Clash Core Process...
2021-09-23 15:25:33 Step 5: Restart Dnsmasq...
2021-09-23 15:25:36 Step 6: Delete OpenClash Residue File...
2021-09-23 15:25:36 OpenClash Start Running...
2021-09-23 15:25:36 Step 1: Get The Configuration...
2021-09-23 15:25:36 Step 2: Check The Components...
2021-09-23 15:25:37 Step 3: Modify The Config File...
2021-09-23 15:25:40 Step 4: Start Running The Clash Core...
2021-09-23 15:25:40 Detected The Exclusive Function of The TUN Core, Use TUN Core to Start...
2021-09-23 15:25:43 Step 5: Check The Core Status...
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Express"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Economic"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Auto"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Proxy"
time="2021-09-23T07:25:43Z" level=info msg="DNS server listening at: 127.0.0.1:7874"
2021-09-23 15:25:46 Step 6: Wait For The File Downloading...
2021-09-23 15:25:46 Step 7: Set Control Panel...
2021-09-23 15:25:46 Step 8: Set Firewall Rules...
2021-09-23 15:25:46 Step 9: Restart Dnsmasq...
2021-09-23 15:25:49 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:25:49 OpenClash Start Successful!

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.1.195】 - Host:【static.doubleclick.net】 - DestinationIP:【120.253.255.165】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【223.167.166.53】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【39.145.65.238】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【111.30.169.50】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.1.195】 - Host:【raw.githubusercontent.com】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-N2-05】
6. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【8.133.123.143】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【112.30.252.240】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.1.195】 - Host:【ocsp.pki.goog】 - DestinationIP:【120.253.253.226】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
9. SourceIP:【100.79.77.158】 - Host:【Empty】 - DestinationIP:【180.103.181.71】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.195】 - Host:【whois.pconline.com.cn】 - DestinationIP:【112.28.235.47】 - Network:【tcp】 - RulePayload:【com.cn】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【42.236.37.153】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.1.195】 - Host:【api.onedrive.com】 - DestinationIP:【13.107.42.12】 - Network:【tcp】 - RulePayload:【onedrive.com】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【50.19.104.221】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
14. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【112.28.237.61】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.1.195】 - Host:【myip.ipip.net】 - DestinationIP:【117.23.61.188】 - Network:【tcp】 - RulePayload:【ipip.net】 - Lastchain:【DIRECT】
16. SourceIP:【192.168.1.195】 - Host:【gblobscdn.gitbook.com】 - DestinationIP:【104.18.8.111】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
17. SourceIP:【192.168.1.195】 - Host:【api.skk.moe】 - DestinationIP:【104.17.12.99】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
18. SourceIP:【192.168.1.195】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.13.31】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
19. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【50.19.104.221】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
20. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【50.19.104.221】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
21. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【36.156.209.229】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.1.153】 - Host:【Empty】 - DestinationIP:【58.83.177.195】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.1.195】 - Host:【www.baidu.com】 - DestinationIP:【36.152.44.95】 - Network:【tcp】 - RulePayload:【baidu.com】 - Lastchain:【DIRECT】
24. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【112.124.32.90】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.1.195】 - Host:【myip.ipip.net】 - DestinationIP:【117.23.61.188】 - Network:【tcp】 - RulePayload:【ipip.net】 - Lastchain:【DIRECT】
26. SourceIP:【192.168.1.195】 - Host:【api.skk.moe】 - DestinationIP:【104.16.241.99】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
27. SourceIP:【192.168.1.129】 - Host:【configserver.hicloud.com】 - DestinationIP:【117.78.15.173】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
28. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【36.155.208.26】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【58.251.121.55】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
30. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【111.63.63.149】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
31. SourceIP:【192.168.1.195】 - Host:【api.mousegesturesapi.com】 - DestinationIP:【3.229.141.11】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
32. SourceIP:【192.168.1.195】 - Host:【www.baidu.com】 - DestinationIP:【36.152.44.95】 - Network:【tcp】 - RulePayload:【baidu.com】 - Lastchain:【DIRECT】
33. SourceIP:【192.168.1.195】 - Host:【www.youtube.com】 - DestinationIP:【174.36.228.136】 - Network:【tcp】 - RulePayload:【youtube】 - Lastchain:【GLaDOS-N2-05】
34. SourceIP:【192.168.1.195】 - Host:【ocsp.pki.goog】 - DestinationIP:【120.253.253.226】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
35. SourceIP:【192.168.1.195】 - Host:【mtalk.google.com】 - DestinationIP:【64.233.189.188】 - Network:【tcp】 - RulePayload:【google.com】 - Lastchain:【GLaDOS-N2-05】
36. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【36.150.45.88】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
37. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【121.36.116.16】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
38. SourceIP:【192.168.1.195】 - Host:【alive.github.com】 - DestinationIP:【140.82.112.26】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-N2-05】
39. SourceIP:【192.168.1.129】 - Host:【Empty】 - DestinationIP:【120.209.100.177】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
40. SourceIP:【192.168.1.195】 - Host:【self.events.data.microsoft.com】 - DestinationIP:【20.189.173.5】 - Network:【tcp】 - RulePayload:【microsoft.com】 - Lastchain:【DIRECT】
41. SourceIP:【192.168.1.195】 - Host:【github.com】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-N2-05】
42. SourceIP:【192.168.1.195】 - Host:【epns.eset.com】 - DestinationIP:【91.228.167.188】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【GLaDOS-N2-05】
43. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【117.184.250.252】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
44. SourceIP:【192.168.1.195】 - Host:【api.onedrive.com】 - DestinationIP:【13.107.42.12】 - Network:【tcp】 - RulePayload:【onedrive.com】 - Lastchain:【DIRECT】
45. SourceIP:【192.168.1.195】 - Host:【raw.githubusercontent.com】 - DestinationIP:【185.199.111.133】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【GLaDOS-N2-05】

[philly1021]

tun模式 重连wan口后的日志

系统日志

Thu Sep 23 15:29:49 2021 daemon.info pppd[15811]: Terminating on signal 15
Thu Sep 23 15:29:49 2021 daemon.info pppd[15811]: Connect time 9.5 minutes.
Thu Sep 23 15:29:49 2021 daemon.info pppd[15811]: Sent 2884986 bytes, received 28970292 bytes.
Thu Sep 23 15:29:49 2021 daemon.notice netifd: Network device 'pppoe-WAN' link is down
Thu Sep 23 15:29:49 2021 daemon.notice ttyd[2512]: rops_handle_POLLIN_netlink: DELADDR
Thu Sep 23 15:29:49 2021 daemon.notice pppd[15811]: Connection terminated.
Thu Sep 23 15:29:49 2021 daemon.info pppd[15811]: Sent PADT
Thu Sep 23 15:29:49 2021 daemon.info pppd[15811]: Exit.
Thu Sep 23 15:29:49 2021 daemon.notice netifd: Interface 'WAN' is now down
Thu Sep 23 15:29:49 2021 kern.info kernel: [ 1384.923973] bcmgenet fd580000.ethernet eth0: Link is Down
Thu Sep 23 15:29:49 2021 daemon.notice netifd: Interface 'WAN' is disabled
Thu Sep 23 15:29:49 2021 kern.warn kernel: [ 1384.933133] bcmgenet: Skipping UMAC reset
Thu Sep 23 15:29:49 2021 kern.info kernel: [ 1384.938503] bcmgenet fd580000.ethernet: configuring instance for external RGMII
Thu Sep 23 15:29:49 2021 daemon.notice netifd: Interface 'WAN' is enabled
Thu Sep 23 15:29:49 2021 daemon.notice netifd: Interface 'WAN' is setting up now
Thu Sep 23 15:29:49 2021 kern.info kernel: [ 1384.946182] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
Thu Sep 23 15:29:49 2021 daemon.err insmod: module is already loaded - slhc
Thu Sep 23 15:29:49 2021 daemon.err insmod: module is already loaded - ppp_generic
Thu Sep 23 15:29:49 2021 daemon.err insmod: module is already loaded - pppox
Thu Sep 23 15:29:49 2021 daemon.err insmod: module is already loaded - pppoe
Thu Sep 23 15:29:49 2021 daemon.notice netifd: WAN (5164): uci: Entry not found
Thu Sep 23 15:29:49 2021 daemon.notice netifd: WAN (5164): sh: out of range
Thu Sep 23 15:29:49 2021 daemon.info pppd[5174]: Plugin rp-pppoe.so loaded.
Thu Sep 23 15:29:49 2021 daemon.info pppd[5174]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8
Thu Sep 23 15:29:49 2021 daemon.notice pppd[5174]: pppd 2.4.8 started by root, uid 0
Thu Sep 23 15:29:49 2021 daemon.info pppd[5174]: PPP session is 38015
Thu Sep 23 15:29:49 2021 daemon.warn pppd[5174]: Connected to 00:00:5e:00:01:83 via interface eth0
Thu Sep 23 15:29:49 2021 kern.info kernel: [ 1385.209862] pppoe-WAN: renamed from ppp0
Thu Sep 23 15:29:49 2021 daemon.info pppd[5174]: Renamed interface ppp0 to pppoe-WAN
Thu Sep 23 15:29:49 2021 daemon.info pppd[5174]: Using interface pppoe-WAN
Thu Sep 23 15:29:49 2021 daemon.notice pppd[5174]: Connect: pppoe-WAN <--> eth0
Thu Sep 23 15:29:52 2021 daemon.notice ttyd[2512]: rops_handle_POLLIN_netlink: DELADDR
Thu Sep 23 15:29:52 2021 daemon.info pppd[5174]: syncppp not active
Thu Sep 23 15:29:52 2021 daemon.info pppd[5174]: Remote message: Authentication success,Welcome!
Thu Sep 23 15:29:52 2021 daemon.notice pppd[5174]: PAP authentication succeeded
Thu Sep 23 15:29:52 2021 daemon.notice pppd[5174]: peer from calling number 00:00:5E:00:01:83 authorized
Thu Sep 23 15:29:52 2021 daemon.notice ttyd[2512]: rops_handle_POLLIN_netlink: DELADDR
Thu Sep 23 15:29:52 2021 daemon.notice netifd: Network device 'pppoe-WAN' link is up
Thu Sep 23 15:29:52 2021 daemon.notice netifd: Interface 'WAN' is now up
Thu Sep 23 15:30:01 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Thu Sep 23 15:30:01 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Thu Sep 23 15:30:04 2021 daemon.info dnsmasq[5832]: Connected to system UBus
Thu Sep 23 15:30:04 2021 user.notice firewall: Reloading firewall due to ifup of WAN (pppoe-WAN)
Thu Sep 23 15:30:14 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Thu Sep 23 15:30:14 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Thu Sep 23 15:30:16 2021 daemon.info dnsmasq[6503]: Connected to system UBus

连接测试

找不到任何连接日志！

1. 可能是插件未在运行

2. 可能是缓存导致浏览直接使用IP地址进行访问

3. 可能是DNS未劫持成功，导致Clash无法正确反推出域名连接

4. 可能是所填地址无法进行解析和连接

OpenClash 调试日志

生成时间: 2021-09-23 15:33:00 插件版本: v0.43.05-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Raspberry Pi 4 Model B Rev 1.4
固件版本: ImmortalWrt 18.06-SNAPSHOT r0-0a719bb
LuCI版本: git-21.262.22722-2fe3b29-1
内核版本: 5.4.145
处理器架构: aarch64_cortex-a72

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 27782
运行权限: 27782: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2021.09.15
Tun内核文件: 存在
Tun内核运行权限: 正常

Game内核版本: 20210310-121-gbd4ed20
Game内核文件: 存在
Game内核运行权限: 正常

Dev内核版本: v1.7.1
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/glados.yaml
启动配置文件: /etc/openclash/glados.yaml
运行模式: redir-host-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:33:02 2021
*nat
:PREROUTING ACCEPT [242:23105]
:INPUT ACCEPT [223:13875]
:OUTPUT ACCEPT [490:30562]
:POSTROUTING ACCEPT [98:6051]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p tcp -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-WAN -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-WAN -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Sep 23 15:33:02 2021

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Sep 23 15:33:02 2021
*mangle
:PREROUTING ACCEPT [4260:536785]
:INPUT ACCEPT [2898:329689]
:FORWARD ACCEPT [1349:192788]
:OUTPUT ACCEPT [3561:2608128]
:POSTROUTING ACCEPT [4872:2798732]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -j openclash
-A FORWARD -o pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-WAN -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --dport 500 -j RETURN
-A openclash -p udp -m udp --dport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Thu Sep 23 15:33:02 2021

#IPv6 NAT chain

#IPv6 Mangle chain

#===================== IPSET状态 =====================#

Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         *      0.0.0.0         UG    0      0        0 pppoe-WAN
*      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-WAN
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via 100.79.0.1 dev pppoe-WAN proto static 
100.79.0.1 dev pppoe-WAN proto kernel scope link src 100.79.78.25 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      27782/clash
tcp        0      0 :::7890                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7891                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7892                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7893                 :::*                    LISTEN      27782/clash
tcp        0      0 :::7895                 :::*                    LISTEN      27782/clash
tcp        0      0 :::9090                 :::*                    LISTEN      27782/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           27782/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           27782/clash
udp        0      0 :::7891                 :::*                                27782/clash
udp        0      0 :::7892                 :::*                                27782/clash
udp        0      0 :::7893                 :::*                                27782/clash
udp        0      0 :::7895                 :::*                                27782/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 36.152.44.95
Name:   www.a.shifen.com
Address: 36.152.44.96

#===================== resolv.conf.auto =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== resolv.conf.d =====================#

# Interface WAN
nameserver 211.138.180.2
nameserver 211.138.180.3

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 23 Sep 2021 07:33:02 GMT
Etag: "575e1f7c-115"
Last-Modified: Mon, 13 Jun 2016 02:50:36 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

#===================== 最近运行日志 =====================#

time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Auto"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:18:37Z" level=info msg="Start initial compatible provider Proxy"
2021-09-23 15:18:40 Step 6: Wait For The File Downloading...
2021-09-23 15:18:40 Step 7: Set Control Panel...
2021-09-23 15:18:40 Step 8: Set Firewall Rules...
2021-09-23 15:18:40 Step 9: Restart Dnsmasq...
2021-09-23 15:18:43 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:18:43 OpenClash Start Successful!
2021-09-23 15:19:43 Watchdog: Reset Firewall For Enabling Redirect...
2021-09-23 15:20:26 Reload OpenClash Firewall Rules...
2021-09-23 15:20:30 Reload OpenClash Firewall Rules...
2021-09-23 15:20:34 Reload OpenClash Firewall Rules...
2021-09-23 15:20:43 Watchdog: Reset Firewall For Enabling Redirect...
2021-09-23 15:25:32 OpenClash Stoping...
2021-09-23 15:25:32 Step 1: Backup The Current Groups State...
2021-09-23 15:25:32 Step 2: Delete OpenClash Firewall Rules...
2021-09-23 15:25:33 Step 3: Close The OpenClash Daemons...
2021-09-23 15:25:33 Step 4: Close The Clash Core Process...
2021-09-23 15:25:33 Step 5: Restart Dnsmasq...
2021-09-23 15:25:36 Step 6: Delete OpenClash Residue File...
2021-09-23 15:25:36 OpenClash Start Running...
2021-09-23 15:25:36 Step 1: Get The Configuration...
2021-09-23 15:25:36 Step 2: Check The Components...
2021-09-23 15:25:37 Step 3: Modify The Config File...
2021-09-23 15:25:40 Step 4: Start Running The Clash Core...
2021-09-23 15:25:40 Detected The Exclusive Function of The TUN Core, Use TUN Core to Start...
2021-09-23 15:25:43 Step 5: Check The Core Status...
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Express"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Geo"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider NETFLIX"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Video"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Economic"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Auto-Edge"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Auto-Fast"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Auto"
time="2021-09-23T07:25:43Z" level=info msg="Start initial compatible provider Proxy"
time="2021-09-23T07:25:43Z" level=info msg="DNS server listening at: 127.0.0.1:7874"
2021-09-23 15:25:46 Step 6: Wait For The File Downloading...
2021-09-23 15:25:46 Step 7: Set Control Panel...
2021-09-23 15:25:46 Step 8: Set Firewall Rules...
2021-09-23 15:25:46 Step 9: Restart Dnsmasq...
2021-09-23 15:25:49 Step 10: Add Cron Rules, Start Daemons...
2021-09-23 15:25:49 OpenClash Start Successful!
2021-09-23 15:30:04 Reload OpenClash Firewall Rules...
2021-09-23 15:30:16 Reload OpenClash Firewall Rules...
2021-09-23 15:30:29 Reload OpenClash Firewall Rules...

#===================== 活动连接信息 =====================#

[philly1021]

你现在的情况是你自己的某个边缘结局未曾添加，还是先找什么推荐在重启防火墙

日志太长了，依次是兼容模式正常使用时的日志、兼容模式重新拨号后的日志、tun模式正常使用时的日志、tun模式重新拨号后的日志，为了防止看不到总结，我还是重新发一遍吧

先做一下总结吧，我重新用纯净版无插件系统安装openclash，进行了兼容模式（Redir）和tun模式两种测试

看了系统日志，系统重启防火墙应该是pppoe重新拨号触发的，之后触发了openclash重置防火墙

兼容模式： 正常启动openclash后所有连接正常 重新进行pppoe拨号后，进行了两次重置防火墙规则之后不再重置，等待几分钟后，国内网站似乎可以正常访问（似乎的意思是时快时慢，整体的延迟变高了），国外网站概率访问 手动重启openclash，所有访问恢复正常

tun模式： 正常启动openclash后所有连接正常 重新进行pppoe拨号后，进行多次重置防火墙规则（多次测试发现有时三次有时两次）之后不再重置，等待几分钟后，国内网站概率访问（多次测试有时可以访问，有时不可以），国外网站无法访问 手动重启openclash，所有访问恢复正常

可以看出兼容模式情况好得多，tun模式就很糟糕了，但只要重启openclash，就可以恢复正常

[philly1021]

回退到0.43.01，pppoe重新拨号同样也会重置防火墙规则，但是重置后网络访问正常，暂时先用回0.43.01了

[vernesong]

源码已经给防火墙重置命令加锁防止冲突，并且重写了规则清除的代码，建议尝试

[philly1021]

源码已经给防火墙重置命令加锁防止冲突，并且重写了规则清除的代码，建议尝试

兼容模式重置防火墙两次后，就是上图这样的情况，虽然右边显示连接正常，但是实际上访问国外网站网页是打不开的，等了几分钟之后还是一样，然后我发现国内网站是可以正常访问的，就先干别的去了，过了十几分钟回来，一切正常了，国外网站也能正常访问了，就很神奇

[philly1021]

tun模式问题依旧，重置防火墙之后 主要特征就是可以访问国内网站不能访问国外网站，活动连接为0 然后我发现路由表状态里面少了这一条 198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun，和这个有没有关系我也不知道

[philly1021]

又连续测试了几次，兼容模式下重置防火墙大多是这种情况，这种情况等多久都没用

[haohaoget]

我mate内核也出现了这个问题，重启防火墙后openclash就无法正常使用了，必须手动重启openclash