search

vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
17.51k stars 3.18k forks source link

面板显示守护程序未运行,后台有很多个watchdog进程 #2069

Closed fraelyfan closed 2 years ago

fraelyfan commented 2 years ago

每次开启clash都会多出一个 watchdog,这种情况正常吗? 关闭clash后dns不会恢复到开启之前的样子,并且不去后台杀掉所有watchdog进程就没法改DNS。 是我哪里设置有问题吗?虽然正常使用不影响但小毛病挺烦人的

OpenClash 调试日志

生成时间: 2022-02-18 01:59:22
插件版本: v0.44.26-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Micro-Star International Co., Ltd. MS-7B89
固件版本: OpenWrt 21.02.1 r16325-88151b8303
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.154
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 11241
运行权限: 11241: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.01.27
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.9.0-7-gb1a639f
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: fake-ip-mix
默认代理模式: script
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 启用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 10810
socks-port: 10809
allow-lan: true
mode: script
log-level: info
external-controller: 192.168.0.1:9090
proxy-groups:
- name: Currency
  type: select
  disable-udp: false
  proxies:
  - Vmess
  - SSR
  - Unclassified
- name: Vmess
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - AIA+IPLC|香港01|3x
  - AIA+IPLC|香港02|3x
  - AIA+IPLC|香港03|3x
  - AIA+IPLC|香港04|3x
  - AIA+IPLC|香港05|3x
  - AIA+IPLC|香港01(原生)|3x
  - AIA+IPLC|香港02(原生)|3x
  - AIA+IPLC|香港03(原生)|3x
  - AIA+IPLC|香港04(原生)|3x
  - AIA+IPLC|香港05(原生)|3x
  - AIA+IPLC|新加坡01(原生)|3x
  - AIA+IPLC|新加坡02(原生)|3x
  - AIA+IPLC|新加坡03(原生)|3x
  - AIA+IPLC|台湾01(原生)|3x
  - AIA+IPLC|台湾02(原生)|3x
  - AIA+IPLC|台湾03(原生)|3x
  - AIA+IPLC|台湾04(原生)|3x
  - AIA+IPLC|台湾05(原生)|3x
  - AIA+IPLC|台湾06(原生)|3x
  - AIA+IPLC|台湾07(原生)|3x
  - AIA+IPLC|台湾08(原生)|3x
  - AIA+IPLC|台湾09(原生)|3x
  - AIA+IPLC|台湾10(原生)|3x
  - AIA+IPLC|日本01(原生)|3x
  - AIA+IPLC|日本02(原生)|3x
  - AIA+IPLC|日本03(原生)|3x
  - AIA+IPLC|日本04(原生)|3x
  - AIA+IPLC|日本05(原生)|3x
  - AIA+IPLC|美国01(原生)|3x
  - AIA+IPLC|美国02(原生)|3x
  - AIA+IPLC|美国03(原生)|3x
  - AIA+IPLC|美国04(原生)|3x
  - AIA+IPLC|美国05(原生)|3x
  - iplc|广港01|1.5x
  - iplc|广港02|1.5x
  - iplc|广港03|1.5x
  - iplc|广港04|1.5x
  - iplc|广港05|1.5x
  - iplc|广港-原生01|1.5x
  - iplc|广港-原生02|1.5x
  - iplc|广港-原生03|1.5x
  - iplc|广港-原生04|1.5x
  - iplc|广港-原生05|1.5x
  - iplc|广新01|1.5x
  - iplc|广新02|1.5x
  - iplc|广新-原生01|1.5x
  - iplc|广新-原生02|1.5x
  - iplc|广新-原生03|1.5x
  - iplc|广台-原生01|1.5x
  - iplc|广台-原生02|1.5x
  - iplc|广台-原生03|1.5x
  - iplc|广台-原生04|1.5x
  - iplc|广台-原生05|1.5x
  - iplc|广台-原生06|1.5x
  - iplc|广台-原生07|1.5x
  - iplc|广台-原生08|1.5x
  - iplc|广台-原生09|1.5x
  - iplc|广台-原生10|1.5x
  - iplc|广日01|1.5x
  - iplc|广日02|1.5x
  - iplc|广日-原生01|1.5x
  - iplc|广日-原生02|1.5x
  - iplc|广日-原生03|1.5x
  - iplc|广日-原生04|1.5x
  - iplc|广日-原生05|1.5x
  - iplc|广美-原生01|1.5x
  - iplc|广美-原生02|1.5x
  - iplc|广美-原生03|1.5x
  - iplc|广美-原生04|1.5x
  - iplc|广美-原生05|1.5x
  - 中转|香港01
  - 中转|香港02
  - 中转|香港03
  - 中转|香港04
  - 中转|香港05
  - 中转|香港-原生01
  - 中转|香港-原生02
  - 中转|香港-原生03
  - 中转|香港-原生04
  - 中转|香港-原生05
  - 中转|台湾-原生01
  - 中转|台湾-原生02
  - 中转|台湾-原生03
  - 中转|台湾-原生04
  - 中转|台湾-原生05
  - 中转|台湾-原生06
  - 中转|台湾-原生07
  - 中转|台湾-原生08
  - 中转|台湾-原生09
  - 中转|台湾-原生10
  - 中转|新加坡01
  - 中转|新加坡02
  - 中转|新加坡03
  - 中转|日本01
  - 中转|日本02
  - 中转|日本03
  - 中转|日本04
  - 中转|日本05
  - 中转|韩国01
  - 中转|韩国02
  - 中转|韩国03
  - 中转|美国01
  - 中转|美国02
  - 中转|美国03
  - 中转|美国04
  - 中转|美国05
  - 中转|加拿大01
  - Anycast|香港
  - Anycast|新加坡
  - Anycast|日本
  - Anycast|台湾
  - Anycast|泰国
  - Anycast|美国
  - Anycast|英国
  - Anycast|德国
  - Anycast|加拿大
  - Anycast|韩国
  - Anycast|俄罗斯
  - Anycast|荷兰
  - Anycast|印度
  - Anycast|法国
  - Anycast|阿根廷
  - Anycast|巴西
  - Anycast|土耳其
  - Anycast|澳大利亚
  - 福利|新加坡|0.1x|限速10Mbps
  - 福利|香港01|0.1x|限速10Mbps
  - 福利|日本|0.1x|限速10Mbps
  - 福利|美国|0.1x|限速10Mbps
  - 下载专用|0.8x|支持大流量
- name: SSR
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - BGP*台湾台南
  - BGP*日本东京
  - BGP*日本大阪
  - BGP*狮城DC*
  - BGP*狮城EQ*
  - BGP*美国
  - BGP*韩国
  - BGP*香港上环
  - BGP*香港中环
  - BGP*香港九龙
  - DRL*台湾 00  [0.8]
  - DRL*台湾 01 [0.8]
  - DRL*台湾 02 [0.8]
  - DRL*台湾 03 [0.8]
  - DRL*台湾 04 [0.8]
  - DRL*台湾 05 [0.8]
  - DRL*台湾 06 [0.8]
  - DRL*德国
  - DRL*日本东京 00
  - DRL*日本东京 01
  - DRL*日本东京 02
  - DRL*日本东京 03
  - DRL*日本东京 04
  - DRL*日本横滨 [1.5]
  - DRL*日本石狩 [0.8]
  - DRL*日本福岛P*
  - DRL*澳门 01 [1.5]
  - DRL*澳门 02 [1.5]
  - DRL*狮城 00
  - DRL*狮城 01
  - DRL*狮城 02
  - DRL*狮城 03* [1.2]
  - DRL*狮城 04* [1.2]
  - DRL*美国 00
  - DRL*美国 01
  - DRL*美国 02*
  - DRL*美国 03*
  - DRL*美国 04*
  - DRL*越南
  - DRL*韩国 00
  - DRL*韩国 01
  - DRL*香港中环 00
  - DRL*香港中环 01
  - DRL*香港中环 02
  - DRL*香港中环 03
  - DRL*香港九龙 00
  - DRL*香港九龙 02
  - DRL*香港九龙 03
  - DRL*香港御坂P*
  - DRL*香港柴湾 [1.5]
  - DRL*马来西亚01
  - DRL*马来西亚02
  - SP*以色列
  - SP*俄罗斯 [0.5]
  - SP*冰岛
  - SP*加拿大
  - SP*印尼
  - SP*印度
  - SP*土耳其 [3]
  - SP*巴基斯坦V4 [10]
  - SP*巴西 [3]
  - SP*挪威
  - SP*沙特阿拉伯
  - SP*法国
  - SP*泰国
  - SP*澳大利亚
  - SP*瑞士
  - SP*英国伦敦
  - SP*英国伯劳
  - SP*荷兰
  - SP*菲律宾
  - SP*西班牙
  - SP*阿根廷 [3]
- name: Unclassified
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - DRL*韩国5G [0.6]
- name: Socks5
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - SSR
  - Unclassified
- name: Http
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - SSR
  - Unclassified
- name: 微软服务
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - SSR
  - Unclassified
- name: Steam
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - SSR
  - Unclassified
- name: Other
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - SSR
  - Unclassified
  - BGP*台湾台南
  - BGP*日本东京
  - BGP*日本大阪
  - BGP*狮城DC*
  - BGP*狮城EQ*
  - BGP*美国
  - BGP*韩国
  - BGP*香港上环
  - BGP*香港中环
  - BGP*香港九龙
- name: Netflix
  type: select
  disable-udp: false
  proxies:
  - Netflix-香港
  - Netflix-台湾
  - Netflix-日本
  - Netflix-新加坡
  - Vmess
  - SSR
  - Unclassified
- name: Netflix-香港
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - BGP*香港上环
  - BGP*香港中环
  - BGP*香港九龙
  - DRL*香港中环 00
  - DRL*香港中环 01
  - DRL*香港中环 02
  - DRL*香港中环 03
  - DRL*香港九龙 00
  - DRL*香港九龙 02
  - DRL*香港九龙 03
  - DRL*香港御坂P*
  - DRL*香港柴湾 [1.5]
- name: Netflix-台湾
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - BGP*台湾台南
  - DRL*台湾 00  [0.8]
  - DRL*台湾 01 [0.8]
  - DRL*台湾 02 [0.8]
  - DRL*台湾 03 [0.8]
  - DRL*台湾 04 [0.8]
  - DRL*台湾 05 [0.8]
  - DRL*台湾 06 [0.8]
- name: Netflix-日本
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - BGP*日本东京
  - BGP*日本大阪
  - DRL*日本东京 00
  - DRL*日本东京 01
  - DRL*日本东京 02
  - DRL*日本东京 03
  - DRL*日本东京 04
  - DRL*日本横滨 [1.5]
  - DRL*日本石狩 [0.8]
  - DRL*日本福岛P*
- name: Netflix-新加坡
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - BGP*狮城DC*
  - BGP*狮城EQ*
  - DRL*狮城 00
  - DRL*狮城 01
  - DRL*狮城 02
  - DRL*狮城 03* [1.2]
  - DRL*狮城 04* [1.2]
rules:
- IP-CIDR,192.168.0.82/32,DIRECT
script:
  code: |-
    def main(ctx, metadata):
      if metadata["type"] == "Socks5":
        return "Socks5"
      if metadata["type"] == "HTTP Connect":
        return "Http"
      if ctx.rule_providers["Other"].match(metadata):
        return "Other"
      if ctx.rule_providers["微软服务"].match(metadata):
        return "微软服务"
      if ctx.rule_providers["Steam"].match(metadata):
        return "Steam"
      if ctx.rule_providers["Netflix"].match(metadata) or ctx.rule_providers["Netflix(By lhie1)"].match(metadata):
        return "Netflix"
      list = ['AppStore','AppStoreConnect','Apple','国内域名','国内IP','放行规则-ConnersHua','放行规则-ACL4SSR','放行规则-ConnersHua','custom']
      for name in list:
        if ctx.rule_providers[name].match(metadata):
          return "DIRECT"
      return "Currency"
rule-providers:
  AppStore:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/AppStore.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Extra/Apple/AppStore.yaml
    interval: 86400
  AppStoreConnect:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/AppStoreConnect.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Extra/Apple/AppStoreConnect.yaml
    interval: 86400
  Apple:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Apple-lhie1.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Apple.yaml
    interval: 86400
  国内域名:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/China.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/China.yaml
    interval: 86400
  国内IP:
    type: http
    behavior: ipcidr
    path: "/etc/openclash/rule_provider/ChinaIP.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Extra/ChinaIP.yaml
    interval: 86400
  微软服务:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Microsoft.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Microsoft.yaml
    interval: 86400
  Netflix(By lhie1):
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Netflix-lhie1.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Media/Netflix.yaml
    interval: 86400
  Netflix:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Netflix.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/StreamingMedia/Video/Netflix.yaml
    interval: 86400
  放行规则-lhie1:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Special.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Special.yaml
    interval: 86400
  放行规则-ACL4SSR:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/UnBan.yaml"
    url: https://cdn.jsdelivr.net/gh/ACL4SSR/ACL4SSR@master/Clash/Providers/UnBan.yaml
    interval: 86400
  放行规则-ConnersHua:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Unbreak.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Unbreak.yaml
    interval: 86400
  Steam:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Steam-ACL4SSR.yaml"
    url: https://cdn.jsdelivr.net/gh/ACL4SSR/ACL4SSR@master/Clash/Providers/Ruleset/Steam.yaml
    interval: 86400
  custom:
    type: file
    behavior: classical
    path: "/etc/openclash/rule_provider/custom.yaml"
  Other:
    type: file
    behavior: classical
    path: "/etc/openclash/rule_provider/Other.yaml"
dns:
  nameserver:
  - 119.29.29.29
  - 223.5.5.5
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 127.0.0.1:7874
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - msftconnecttest.com
  - msftncsi.com
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  default-nameserver:
  - 119.29.29.29
  - 223.5.5.5
redir-port: 7892
tproxy-port: 7895
mixed-port: 10808
bind-address: 192.168.0.1
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
tun:
  enable: true
  stack: system
  dns-hijack:
  - tcp://8.8.8.8:53
  - tcp://8.8.4.4:53
profile:
  store-selected: true
  store-fake-ip: false
interface-name: pppoe-wan
fraelyfan commented 2 years ago

因为字数限制,调试日记下半:


#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Fri Feb 18 01:59:23 2022
*nat
:PREROUTING ACCEPT [156:13824]
:INPUT ACCEPT [315:20881]
:OUTPUT ACCEPT [3419:290368]
:POSTROUTING ACCEPT [2146:183356]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 34109 -j DNAT --to-destination 192.168.0.118:34109
-A MINIUPNPD -p udp -m udp --dport 34109 -j DNAT --to-destination 192.168.0.118:34109
-A MINIUPNPD -p udp -m udp --dport 6930 -j DNAT --to-destination 192.168.0.118:6930
-A MINIUPNPD -p tcp -m tcp --dport 6930 -j DNAT --to-destination 192.168.0.118:6930
-A MINIUPNPD -p udp -m udp --dport 63070 -j DNAT --to-destination 192.168.0.100:63070
-A MINIUPNPD-POSTROUTING -s 192.168.0.118/32 -p tcp -m tcp --sport 34109 -j MASQUERADE --to-ports 34109
-A MINIUPNPD-POSTROUTING -s 192.168.0.118/32 -p udp -m udp --sport 34109 -j MASQUERADE --to-ports 34109
-A MINIUPNPD-POSTROUTING -s 192.168.0.118/32 -p udp -m udp --sport 6930 -j MASQUERADE --to-ports 6930
-A MINIUPNPD-POSTROUTING -s 192.168.0.118/32 -p tcp -m tcp --sport 6930 -j MASQUERADE --to-ports 6930
-A MINIUPNPD-POSTROUTING -s 192.168.0.100/32 -p udp -m udp --sport 63070 -j MASQUERADE --to-ports 63070
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set wan_ac_black_ips dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 64973 -j RETURN
-A openclash_output -p tcp -m tcp --sport 30502 -j RETURN
-A openclash_output -p tcp -m tcp --sport 8081 -j RETURN
-A openclash_output -p tcp -m tcp --sport 7171 -j RETURN
-A openclash_output -p tcp -m tcp --sport 48002 -j RETURN
-A openclash_output -p tcp -m tcp --sport 48000 -j RETURN
-A openclash_output -p tcp -m tcp --sport 48010 -j RETURN
-A openclash_output -p tcp -m tcp --sport 47989 -j RETURN
-A openclash_output -p tcp -m tcp --sport 47984 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1935 -j RETURN
-A openclash_output -p tcp -m tcp --sport 63339 -j RETURN
-A openclash_output -p tcp -m tcp --sport 7272 -j RETURN
-A openclash_output -p tcp -m tcp --sport 3478 -j RETURN
-A openclash_output -p tcp -m tcp --sport 6881 -j RETURN
-A openclash_output -p tcp -m tcp --sport 64738 -j RETURN
-A openclash_output -p tcp -m tcp --sport 48647 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1234 -j RETURN
-A openclash_output -p tcp -m tcp --sport 48648 -j RETURN
-A openclash_output -p tcp -m tcp --sport 7070 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j DNAT --to-destination 192.168.0.1:7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j DNAT --to-destination 192.168.0.1:7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: nas-arch ssh (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.1/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: openwrt ssh (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p tcp -m tcp --dport 63339 -m comment --comment "!fw3: nas-win bt (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p udp -m udp --dport 63339 -m comment --comment "!fw3: nas-win bt (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 64973 -m comment --comment "!fw3: Rimworld LAN (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 64973 -m comment --comment "!fw3: Rimworld LAN (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 48648 -m comment --comment "!fw3: nas-arch ssh (reflection)" -j DNAT --to-destination 192.168.0.81:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 48648 -m comment --comment "!fw3: nas-arch ssh (reflection)" -j DNAT --to-destination 192.168.0.81:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25567
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25567
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25567
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25567
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j DNAT --to-destination 192.168.0.81:1234
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j DNAT --to-destination 192.168.0.81:1234
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j DNAT --to-destination 192.168.0.81:1234
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j DNAT --to-destination 192.168.0.81:1234
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 48647 -m comment --comment "!fw3: openwrt ssh (reflection)" -j DNAT --to-destination 192.168.0.1:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 48647 -m comment --comment "!fw3: openwrt ssh (reflection)" -j DNAT --to-destination 192.168.0.1:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 63339 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 63339 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 63339 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 63339 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47984
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47984
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47989
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47989
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47998-47999
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47998-47999
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48000
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48000
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48002
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48002
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld (reflection)" -j DNAT --to-destination 192.168.0.100:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld (reflection)" -j DNAT --to-destination 192.168.0.100:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld (reflection)" -j DNAT --to-destination 192.168.0.100:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld (reflection)" -j DNAT --to-destination 192.168.0.100:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p tcp -m tcp --dport 64973 -m comment --comment "!fw3: Rimworld LAN (reflection)" -j DNAT --to-destination 192.168.0.100:64973
-A zone_lan_prerouting -s 192.168.0.0/24 -d 61.52.57.35/32 -p udp -m udp --dport 64973 -m comment --comment "!fw3: Rimworld LAN (reflection)" -j DNAT --to-destination 192.168.0.100:64973
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p tcp -m tcp --dport 64973 -m comment --comment "!fw3: Rimworld LAN (reflection)" -j DNAT --to-destination 192.168.0.100:64973
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.182/32 -p udp -m udp --dport 64973 -m comment --comment "!fw3: Rimworld LAN (reflection)" -j DNAT --to-destination 192.168.0.100:64973
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk" -j DNAT --to-destination 192.168.0.100:7070
-A zone_wan_prerouting -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk" -j DNAT --to-destination 192.168.0.100:7070
-A zone_wan_prerouting -p tcp -m tcp --dport 48648 -m comment --comment "!fw3: nas-arch ssh" -j DNAT --to-destination 192.168.0.81:22
-A zone_wan_prerouting -p tcp -m tcp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server" -j DNAT --to-destination 192.168.0.81:25565-25567
-A zone_wan_prerouting -p udp -m udp --dport 25565:25567 -m comment --comment "!fw3: nas-arch minecraft-server" -j DNAT --to-destination 192.168.0.81:25565-25567
-A zone_wan_prerouting -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx" -j DNAT --to-destination 192.168.0.81:1234
-A zone_wan_prerouting -p udp -m udp --dport 1234 -m comment --comment "!fw3: nas-arch nginx" -j DNAT --to-destination 192.168.0.81:1234
-A zone_wan_prerouting -p tcp -m tcp --dport 48647 -m comment --comment "!fw3: openwrt ssh" -j DNAT --to-destination 192.168.0.1:22
-A zone_wan_prerouting -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble" -j DNAT --to-destination 192.168.0.81:64738
-A zone_wan_prerouting -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble" -j DNAT --to-destination 192.168.0.81:64738
-A zone_wan_prerouting -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT" -j DNAT --to-destination 192.168.0.81:6881
-A zone_wan_prerouting -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT" -j DNAT --to-destination 192.168.0.81:6881
-A zone_wan_prerouting -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn" -j DNAT --to-destination 192.168.0.81:3478
-A zone_wan_prerouting -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn" -j DNAT --to-destination 192.168.0.81:3478
-A zone_wan_prerouting -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk" -j DNAT --to-destination 192.168.0.82:7272
-A zone_wan_prerouting -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk" -j DNAT --to-destination 192.168.0.82:7272
-A zone_wan_prerouting -p tcp -m tcp --dport 63339 -m comment --comment "!fw3: nas-win bt" -j DNAT --to-destination 192.168.0.82:63339
-A zone_wan_prerouting -p udp -m udp --dport 63339 -m comment --comment "!fw3: nas-win bt" -j DNAT --to-destination 192.168.0.82:63339
-A zone_wan_prerouting -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp" -j DNAT --to-destination 192.168.0.82:1935
-A zone_wan_prerouting -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp" -j DNAT --to-destination 192.168.0.82:1935
-A zone_wan_prerouting -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:47984
-A zone_wan_prerouting -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:47989
-A zone_wan_prerouting -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48010
-A zone_wan_prerouting -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48010
-A zone_wan_prerouting -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:47998-47999
-A zone_wan_prerouting -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48000
-A zone_wan_prerouting -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48002
-A zone_wan_prerouting -p tcp -m tcp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk" -j DNAT --to-destination 192.168.0.81:7070
-A zone_wan_prerouting -p udp -m udp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk" -j DNAT --to-destination 192.168.0.81:7070
-A zone_wan_prerouting -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_wan_prerouting -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_wan_prerouting -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http" -j DNAT --to-destination 192.168.0.100:8081
-A zone_wan_prerouting -p udp -m udp --dport 8081 -m comment --comment "!fw3: http" -j DNAT --to-destination 192.168.0.100:8081
-A zone_wan_prerouting -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld" -j DNAT --to-destination 192.168.0.100:30502
-A zone_wan_prerouting -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld" -j DNAT --to-destination 192.168.0.100:30502
-A zone_wan_prerouting -p tcp -m tcp --dport 64973 -m comment --comment "!fw3: Rimworld LAN" -j DNAT --to-destination 192.168.0.100:64973
-A zone_wan_prerouting -p udp -m udp --dport 64973 -m comment --comment "!fw3: Rimworld LAN" -j DNAT --to-destination 192.168.0.100:64973
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Fri Feb 18 01:59:23 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Fri Feb 18 01:59:23 2022
*mangle
:PREROUTING ACCEPT [137529:218491654]
:INPUT ACCEPT [19076:5670343]
:FORWARD ACCEPT [118411:212819531]
:OUTPUT ACCEPT [19258:9911925]
:POSTROUTING ACCEPT [137676:222731680]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -p udp -m udp --dport 64973 -j RETURN
-A openclash -p udp -m udp --dport 30502 -j RETURN
-A openclash -p udp -m udp --dport 8081 -j RETURN
-A openclash -p udp -m udp --dport 7171 -j RETURN
-A openclash -p udp -m udp --dport 48002 -j RETURN
-A openclash -p udp -m udp --dport 48000 -j RETURN
-A openclash -p udp -m udp --dport 48010 -j RETURN
-A openclash -p udp -m udp --dport 47989 -j RETURN
-A openclash -p udp -m udp --dport 47984 -j RETURN
-A openclash -p udp -m udp --dport 1935 -j RETURN
-A openclash -p udp -m udp --dport 63339 -j RETURN
-A openclash -p udp -m udp --dport 7272 -j RETURN
-A openclash -p udp -m udp --dport 3478 -j RETURN
-A openclash -p udp -m udp --dport 6881 -j RETURN
-A openclash -p udp -m udp --dport 64738 -j RETURN
-A openclash -p udp -m udp --dport 48647 -j RETURN
-A openclash -p udp -m udp --dport 1234 -j RETURN
-A openclash -p udp -m udp --dport 48648 -j RETURN
-A openclash -p udp -m udp --dport 7070 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set wan_ac_black_ips dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.8.8/32 -m comment --comment "OpenClash Google DNS Hijack" -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.4.4/32 -m comment --comment "OpenClash Google DNS Hijack" -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -p udp -m udp --sport 64973 -j RETURN
-A openclash_output -p udp -m udp --sport 30502 -j RETURN
-A openclash_output -p udp -m udp --sport 8081 -j RETURN
-A openclash_output -p udp -m udp --sport 7171 -j RETURN
-A openclash_output -p udp -m udp --sport 48002 -j RETURN
-A openclash_output -p udp -m udp --sport 48000 -j RETURN
-A openclash_output -p udp -m udp --sport 48010 -j RETURN
-A openclash_output -p udp -m udp --sport 47989 -j RETURN
-A openclash_output -p udp -m udp --sport 47984 -j RETURN
-A openclash_output -p udp -m udp --sport 1935 -j RETURN
-A openclash_output -p udp -m udp --sport 63339 -j RETURN
-A openclash_output -p udp -m udp --sport 7272 -j RETURN
-A openclash_output -p udp -m udp --sport 3478 -j RETURN
-A openclash_output -p udp -m udp --sport 6881 -j RETURN
-A openclash_output -p udp -m udp --sport 64738 -j RETURN
-A openclash_output -p udp -m udp --sport 48647 -j RETURN
-A openclash_output -p udp -m udp --sport 1234 -j RETURN
-A openclash_output -p udp -m udp --sport 48648 -j RETURN
-A openclash_output -p udp -m udp --sport 7070 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Fri Feb 18 01:59:23 2022

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Fri Feb 18 01:59:23 2022
*nat
:PREROUTING ACCEPT [152263:18821377]
:INPUT ACCEPT [73005:6336043]
:OUTPUT ACCEPT [9070:754326]
:POSTROUTING ACCEPT [9070:754326]
COMMIT
# Completed on Fri Feb 18 01:59:23 2022

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Fri Feb 18 01:59:23 2022
*mangle
:PREROUTING ACCEPT [1731:176511]
:INPUT ACCEPT [1602:158397]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [14217:6580673]
:POSTROUTING ACCEPT [14235:6582041]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri Feb 18 01:59:23 2022

#===================== IPSET状态 =====================#

Name: china_ip_route
Name: wan_ac_black_ips
Name: wan_ac_black_ipv6s
Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         61.52.48.1      0.0.0.0         UG    0      0        0 pppoe-wan
0.0.0.0         10.217.140.1    0.0.0.0         UG    20     0        0 eth1
10.217.140.0    0.0.0.0         255.255.252.0   U     20     0        0 eth1
61.52.48.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun
#ip route list
default via 61.52.48.1 dev pppoe-wan proto static 
default via 10.217.140.1 dev eth1 proto static metric 20 linkdown 
10.217.140.0/22 dev eth1 proto static scope link metric 20 linkdown 
61.52.48.1 dev pppoe-wan proto kernel scope link src 61.52.57.35 
192.168.0.0/24 dev br-lan proto kernel scope link src 192.168.0.1 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

vnet0: tap vnet_hdr
vnet1: tap vnet_hdr
utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 192.168.0.1:7895        0.0.0.0:*               LISTEN      11241/clash
tcp        0      0 192.168.0.1:10808       0.0.0.0:*               LISTEN      11241/clash
tcp        0      0 192.168.0.1:10809       0.0.0.0:*               LISTEN      11241/clash
tcp        0      0 192.168.0.1:10810       0.0.0.0:*               LISTEN      11241/clash
tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      11241/clash
tcp        0      0 192.168.0.1:9090        0.0.0.0:*               LISTEN      11241/clash
tcp        0      0 192.168.0.1:7892        0.0.0.0:*               LISTEN      11241/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           11241/clash
udp        0      0 127.0.0.1:7874          0.0.0.0:*                           11241/clash
udp        0      0 192.168.0.1:7892        0.0.0.0:*                           11241/clash
udp        0      0 192.168.0.1:7895        0.0.0.0:*                           11241/clash
udp        0      0 192.168.0.1:10808       0.0.0.0:*                           11241/clash
udp        0      0 192.168.0.1:10809       0.0.0.0:*                           11241/clash
udp        0      0 :::34168                :::*                                11241/clash
udp        0      0 :::35166                :::*                                11241/clash
udp        0      0 :::39492                :::*                                11241/clash
udp        0      0 :::46753                :::*                                11241/clash
udp        0      0 :::47584                :::*                                11241/clash
udp        0      0 :::51453                :::*                                11241/clash
udp        0      0 :::52271                :::*                                11241/clash
udp        0      0 :::53207                :::*                                11241/clash
udp        0      0 :::54197                :::*                                11241/clash
udp        0      0 :::54865                :::*                                11241/clash
udp        0      0 :::56544                :::*                                11241/clash
udp        0      0 :::57479                :::*                                11241/clash
udp        0      0 :::57792                :::*                                11241/clash
udp        0      0 :::59041                :::*                                11241/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1#53

Name:   www.baidu.com
Address: 198.18.0.35

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 202.102.224.68
nameserver 202.102.227.68

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 17 Feb 2022 17:59:24 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "3328243d8f1fb3169128dad81c6d1fd2a760927ffe06628758cff1449a1028fd"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: E8DC:196C:111A:8EA5:620D95C1
accept-ranges: bytes
date: Thu, 17 Feb 2022 17:59:25 GMT
via: 1.1 varnish
x-served-by: cache-nrt18340-NRT
x-cache: HIT
x-cache-hits: 1
x-timer: S1645120765.166232,VS0,VE147
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: af6adcf1c151a849a83eb06dc36c1a65f4174ce2
expires: Thu, 17 Feb 2022 18:04:25 GMT
source-age: 0
content-length: 80

#===================== 最近运行日志 =====================#

time="2022-02-18T01:59:03+08:00" level=info msg="[TCP] 192.168.0.100:1031 --> dc.services.visualstudio.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:03+08:00" level=info msg="[TCP] 192.168.0.100:1035 --> www.schemastore.org:443 using Currency by Script"
time="2022-02-18T01:59:03+08:00" level=info msg="[TCP] 192.168.0.100:11923 --> marketplace.visualstudio.com:443 using 微软服务 by Script"
2022-02-18 01:59:03 Tip: Start Auto Select Proxy For Netflix Unlock...
time="2022-02-18T01:59:03+08:00" level=info msg="[TCP] 198.18.0.1:33396 --> www.netflix.com:443 using Netflix by Script"
time="2022-02-18T01:59:03+08:00" level=info msg="[TCP] 192.168.0.100:11927 --> default.exp-tas.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:04+08:00" level=warning msg="[TCP] dial DIRECT to 39.128.16.236:7680 error: dial tcp4 39.128.16.236:7680: i/o timeout"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.100:11928 --> default.exp-tas.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.100:11929 --> default.exp-tas.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.100:11924 --> dc.services.visualstudio.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.100:11925 --> dc.services.visualstudio.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.100:11926 --> dc.services.visualstudio.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.100:31608 --> vscodeexperiments.azureedge.net:443 using 微软服务 by Script"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.100:2285 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:04+08:00" level=info msg="[TCP] 192.168.0.82:63126 --> login.microsoftonline.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:05+08:00" level=info msg="[TCP] 198.18.0.1:33424 --> www.netflix.com:443 using Netflix by Script"
time="2022-02-18T01:59:05+08:00" level=info msg="[TCP] 192.168.0.82:63127 --> login.microsoftonline.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:05+08:00" level=info msg="[TCP] 192.168.0.82:63130 --> graph.microsoft.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:05+08:00" level=warning msg="[TCP] dial DIRECT to httpring.qq.com:443 error: dial tcp4 0.0.0.1:443: i/o timeout"
2022-02-18 01:59:07 Netflix Group:【Netflix ➟ Netflix-日本 ➟ BGP*日本东京】full support, area:【JP】
2022-02-18 01:59:07 Tip: Start Prefetch Netflix Domains...
time="2022-02-18T01:59:08+08:00" level=info msg="[TCP] 192.168.0.100:1030 --> 91.108.56.134:443 using Currency by Script"
time="2022-02-18T01:59:08+08:00" level=info msg="[TCP] 192.168.0.100:10424 --> 91.108.56.134:80 using Currency by Script"
time="2022-02-18T01:59:10+08:00" level=warning msg="[TCP] dial DIRECT to httpring.qq.com:443 error: dial tcp4 0.0.0.1:443: i/o timeout"
time="2022-02-18T01:59:11+08:00" level=warning msg="[TCP] dial DIRECT to upload_data.qq.com:443 error: dial tcp4 113.96.231.155:443: i/o timeout"
time="2022-02-18T01:59:11+08:00" level=info msg="[TCP] 192.168.0.100:1041 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:11+08:00" level=info msg="[TCP] 192.168.0.100:1038 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:11+08:00" level=info msg="[TCP] 192.168.0.100:1037 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:11+08:00" level=info msg="[TCP] 192.168.0.100:1040 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:11+08:00" level=info msg="[TCP] 192.168.0.100:1043 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:11+08:00" level=info msg="[TCP] 192.168.0.100:1039 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:11+08:00" level=info msg="[TCP] 192.168.0.100:1042 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:13+08:00" level=info msg="[TCP] 192.168.0.100:1045 --> api.segment.io:443 using Currency by Script"
time="2022-02-18T01:59:13+08:00" level=warning msg="[TCP] dial DIRECT to upload_data.qq.com:443 error: dial tcp4 113.96.231.155:443: i/o timeout"
time="2022-02-18T01:59:15+08:00" level=info msg="[UDP] 192.168.0.100:5000 --> rs1.qq.com:8000 using DIRECT by Script"
time="2022-02-18T01:59:15+08:00" level=info msg="[TCP] 192.168.0.100:1046 --> 220.194.118.221:443 using DIRECT by Script"
time="2022-02-18T01:59:15+08:00" level=warning msg="[TCP] dial DIRECT to httpring.qq.com:443 error: dial tcp4 0.0.0.1:443: i/o timeout"
time="2022-02-18T01:59:16+08:00" level=warning msg="[TCP] dial DIRECT to upload_data.qq.com:443 error: dial tcp4 113.96.231.155:443: i/o timeout"
time="2022-02-18T01:59:16+08:00" level=info msg="[TCP] 192.168.0.100:1050 --> cgi.find.qq.com:443 using DIRECT by Script"
time="2022-02-18T01:59:16+08:00" level=info msg="[TCP] 192.168.0.100:1049 --> cgi.qqweb.qq.com:443 using DIRECT by Script"
time="2022-02-18T01:59:17+08:00" level=info msg="[TCP] 192.168.0.100:1051 --> qqmail.tencent.com:12000 using DIRECT by Script"
time="2022-02-18T01:59:17+08:00" level=info msg="[TCP] 192.168.0.100:1055 --> mobile.events.data.microsoft.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:18+08:00" level=warning msg="[TCP] dial DIRECT to upload_data.qq.com:443 error: dial tcp4 113.96.231.155:443: i/o timeout"
time="2022-02-18T01:59:18+08:00" level=info msg="[TCP] 192.168.0.100:1059 --> vortex.data.microsoft.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:19+08:00" level=info msg="[TCP] 192.168.0.100:1061 --> oth.eve.mdt.qq.com:8081 using DIRECT by Script"
time="2022-02-18T01:59:20+08:00" level=warning msg="[TCP] dial DIRECT to httpring.qq.com:443 error: dial tcp4 0.0.0.1:443: i/o timeout"
time="2022-02-18T01:59:21+08:00" level=info msg="[TCP] 192.168.0.82:63142 --> v10.events.data.microsoft.com:443 using 微软服务 by Script"
time="2022-02-18T01:59:24+08:00" level=info msg="[TCP] 198.18.0.1:37160 --> www.baidu.com:80 using DIRECT by Script"
time="2022-02-18T01:59:24+08:00" level=info msg="[TCP] 198.18.0.1:40754 --> raw.githubusercontent.com:443 using Currency by Script"
time="2022-02-18T01:59:24+08:00" level=info msg="[UDP] 192.168.0.100:53906 --> qqshow2-ufs.qq.com:8000 using DIRECT by Script"

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【180.136.80.88】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【103.195.103.66】 - Network:【udp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
3. SourceIP:【192.168.0.100】 - Host:【groupclient.qq.com】 - DestinationIP:【0.0.0.1】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.0.113】 - Host:【clients3.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
5. SourceIP:【192.168.0.100】 - Host:【beacons.gcp.gvt2.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
6. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【111.206.99.79】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.0.100】 - Host:【marketplace.visualstudio.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.0.100】 - Host:【update.code.visualstudio.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.0.100】 - Host:【k-ring.msedge.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.0.100】 - Host:【default.exp-tas.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【171.8.243.130】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.0.100】 - Host:【b-ring.msedge.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.0.82】 - Host:【login.microsoftonline.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
14. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【220.194.118.221】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【202.89.233.101】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
16. SourceIP:【192.168.0.113】 - Host:【Empty】 - DestinationIP:【216.239.36.55】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
17. SourceIP:【192.168.0.100】 - Host:【qring-tms.qq.com】 - DestinationIP:【0.0.0.1】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
18. SourceIP:【61.52.57.35】 - Host:【Empty】 - DestinationIP:【157.255.13.233】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.0.100】 - Host:【cgi.find.qq.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
20. SourceIP:【192.168.0.82】 - Host:【graph.microsoft.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
21. SourceIP:【192.168.0.100】 - Host:【qbwup.imtt.qq.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.0.82】 - Host:【Empty】 - DestinationIP:【182.137.104.65】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.0.100】 - Host:【qqshow2-ufs.qq.com】 - DestinationIP:【0.0.0.1】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
24. SourceIP:【192.168.0.100】 - Host:【rs1.qq.com】 - DestinationIP:【58.251.121.55】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.0.100】 - Host:【cgi.qqweb.qq.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
26. SourceIP:【192.168.0.100】 - Host:【vscodeexperiments.azureedge.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
27. SourceIP:【192.168.0.113】 - Host:【clients3.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
28. SourceIP:【192.168.0.100】 - Host:【v6.htdata.qq.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.0.100】 - Host:【www.youtube.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
30. SourceIP:【192.168.0.100】 - Host:【q.i.gdt.qq.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
31. SourceIP:【192.168.0.100】 - Host:【groupclient.qq.com】 - DestinationIP:【0.0.0.1】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
32. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【91.108.56.134】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
33. SourceIP:【192.168.0.100】 - Host:【Empty】 - DestinationIP:【91.108.56.134】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
34. SourceIP:【61.52.57.35】 - Host:【Empty】 - DestinationIP:【34.132.144.186】 - Network:【udp】 - RulePayload:【】 - Lastchain:【BGP*日本东京】
35. SourceIP:【61.52.57.35】 - Host:【Empty】 - DestinationIP:【112.2.138.32】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
36. SourceIP:【192.168.0.100】 - Host:【groupclient.qq.com】 - DestinationIP:【0.0.0.1】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
37. SourceIP:【192.168.0.100】 - Host:【sz.tencent.com】 - DestinationIP:【111.161.107.179】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
38. SourceIP:【192.168.0.187】 - Host:【time-ios.apple.com】 - DestinationIP:【17.253.116.125】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
vernesong commented 2 years ago

https://github.com/vernesong/OpenClash/blob/3cea882cdb601b7f2796ba2148809c9e94cc1875/luci-app-openclash/root/etc/init.d/openclash#L2322

这是关闭进程的代码,你测试以下是哪里的问题

fraelyfan commented 2 years ago

谢谢,找到原因了。 是我自己编译的busybox里的 ps 不知为何没有 -w 选项

fraelyfan commented 2 years ago

但还有一个问题,关闭clash后DNS没回复为之前设置的值,DNS变成了空值。 有配置文件储存启动时保存当前值吗?还是?

vernesong commented 2 years ago

不会储存,启动后会清空

fraelyfan commented 2 years ago

好吧谢谢,如果可以希望加入DNS保存的功能

vernesong commented 2 years ago

dev加了