旁路由环境下电脑科学上网不成功,手机正常连接成功

不知道问题出在哪里

OpenClash 调试日志
生成时间: 2022-03-18 08:45:38
插件版本: v0.44.29-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#

主机型号: Phicomm N1
固件版本: OpenWrt SNAPSHOT r4165-a5d8e2ab2
LuCI版本: git-21.335.48743-5f363d9-1
内核版本: 5.4.179-flippy-69+o
处理器架构: aarch64_cortex-a53

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 13996
运行权限: 13996: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.01.27
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.9.0-11-gb52d0c1
Dev内核文件: 存在
Dev内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/灵魂云.yaml
启动配置文件: /etc/openclash/灵魂云.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 启用

#===================== 配置文件 =====================#

mixed-port: 7893
allow-lan: true
bind-address: "*"
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
dns:
  enable: true
  ipv6: false
  default-nameserver:
  - 223.5.5.5
  - 119.29.29.29
  - 10.2.8.10
  - 221.6.4.66
  - 114.114.114.114
  - "[2001:da8::666]:53"
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  use-hosts: true
  fallback-filter:
    geoip: true
    ipcidr:
    - 240.0.0.0/4
    - 0.0.0.0/32
  nameserver:
  - 10.2.8.10
  - 221.6.4.66
  - 114.114.114.114
  fallback:
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  - https://cloudflare-dns.com/dns-query
  - "[2001:da8::666]:53"
  listen: 0.0.0.0:7874
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "*.msftconnecttest.com"
  - "*.msftncsi.com"
  - msftconnecttest.com
  - msftncsi.com
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - "+.nflxvideo.net"
proxy-groups:
- name: 灵魂云
  type: select
  proxies:
  - 自动选择
  - 故障转移
  - G 香港1*
  - C 香港1*
  - CN2 香港1* 2X
  - G 香港2 HKT*
  - C 香港2 HKT*
  - CN2 香港2 HKT* 2X
  - G 香港3 HKT* |解锁
  - C 香港3 HKT* |解锁
  - CN2 香港3 HKT*|解锁
  - G 台湾1*
  - C 台湾1*
  - G  台湾2* |解锁
  - C 台湾2* |解锁
  - G 美国1*
  - C 美国1*
  - CN2 美国1*
  - G 日本1*
  - C 日本1*
  - CN2 日本1* 2X
  - G 新加坡1*
  - C 新加坡1*
  - G 香港1
  - C 香港1
  - CN2 香港1 2X
  - G 香港2 HKT
  - C 香港2 HKT
  - CN2  香港2 HKT 2X
  - G 台湾1
  - C 台湾1
  - G 台湾2|解锁
  - C 台湾2|解锁
  - G 美国1
  - C 美国1
  - G 日本1
  - C 日本1
  - CN2 日本1 2X
  - G 新加坡1
  - C 新加坡1
  - G 荷兰1
  - C 荷兰1
  - G 印度1
  - C 印度1
  - G 英国1
  - C 英国1
  - G 加拿大1
  - C 加拿大1
  - G 德国1
  - C 德国1
  - G 土耳其1
  - C 土耳其1
- name: 自动选择
  type: url-test
  proxies:
  - G 香港1*
  - C 香港1*
  - CN2 香港1* 2X
  - G 香港2 HKT*
  - C 香港2 HKT*
  - CN2 香港2 HKT* 2X
  - G 香港3 HKT* |解锁
  - C 香港3 HKT* |解锁
  - CN2 香港3 HKT*|解锁
  - G 台湾1*
  - C 台湾1*
  - G  台湾2* |解锁
  - C 台湾2* |解锁
  - G 美国1*
  - C 美国1*
  - CN2 美国1*
  - G 日本1*
  - C 日本1*
  - CN2 日本1* 2X
  - G 新加坡1*
  - C 新加坡1*
  - G 香港1
  - C 香港1
  - CN2 香港1 2X
  - G 香港2 HKT
  - C 香港2 HKT
  - CN2  香港2 HKT 2X
  - G 台湾1
  - C 台湾1
  - G 台湾2|解锁
  - C 台湾2|解锁
  - G 美国1
  - C 美国1
  - G 日本1
  - C 日本1
  - CN2 日本1 2X
  - G 新加坡1
  - C 新加坡1
  - G 荷兰1
  - C 荷兰1
  - G 印度1
  - C 印度1
  - G 英国1
  - C 英国1
  - G 加拿大1
  - C 加拿大1
  - G 德国1
  - C 德国1
  - G 土耳其1
  - C 土耳其1
  url: http://www.gstatic.com/generate_204
  interval: 86400
- name: 故障转移
  type: fallback
  proxies:
  - G 香港1*
  - C 香港1*
  - CN2 香港1* 2X
  - G 香港2 HKT*
  - C 香港2 HKT*
  - CN2 香港2 HKT* 2X
  - G 香港3 HKT* |解锁
  - C 香港3 HKT* |解锁
  - CN2 香港3 HKT*|解锁
  - G 台湾1*
  - C 台湾1*
  - G  台湾2* |解锁
  - C 台湾2* |解锁
  - G 美国1*
  - C 美国1*
  - CN2 美国1*
  - G 日本1*
  - C 日本1*
  - CN2 日本1* 2X
  - G 新加坡1*
  - C 新加坡1*
  - G 香港1
  - C 香港1
  - CN2 香港1 2X
  - G 香港2 HKT
  - C 香港2 HKT
  - CN2  香港2 HKT 2X
  - G 台湾1
  - C 台湾1
  - G 台湾2|解锁
  - C 台湾2|解锁
  - G 美国1
  - C 美国1
  - G 日本1
  - C 日本1
  - CN2 日本1 2X
  - G 新加坡1
  - C 新加坡1
  - G 荷兰1
  - C 荷兰1
  - G 印度1
  - C 印度1
  - G 英国1
  - C 英国1
  - G 加拿大1
  - C 加拿大1
  - G 德国1
  - C 德国1
  - G 土耳其1
  - C 土耳其1
  url: http://www.gstatic.com/generate_204
  interval: 7200
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
tun:
  enable: true
  stack: system
  dns-hijack:
  - tcp://8.8.8.8:53
  - tcp://8.8.4.4:53
profile:
  store-selected: true
  store-fake-ip: false
rule-providers:
  Reject:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Reject.yaml
    path: "./rule_provider/Reject"
    interval: 86400
  Special:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Special.yaml
    path: "./rule_provider/Special"
    interval: 86400
  Netflix:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Netflix.yaml
    path: "./rule_provider/Netflix"
    interval: 86400
  Spotify:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Spotify.yaml
    path: "./rule_provider/Spotify"
    interval: 86400
  YouTube:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/YouTube.yaml
    path: "./rule_provider/YouTube"
    interval: 86400
  Bilibili:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Bilibili.yaml
    path: "./rule_provider/Bilibili"
    interval: 86400
  IQ:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/IQ.yaml
    path: "./rule_provider/IQI"
    interval: 86400
  IQIYI:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/IQIYI.yaml
    path: "./rule_provider/IQYI"
    interval: 86400
  Letv:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Letv.yaml
    path: "./rule_provider/Letv"
    interval: 86400
  Netease Music:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Netease%20Music.yaml
    path: "./rule_provider/Netease_Music"
    interval: 86400
  Tencent Video:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Tencent%20Video.yaml
    path: "./rule_provider/Tencent_Video"
    interval: 86400
  Youku:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Youku.yaml
    path: "./rule_provider/Youku"
    interval: 86400
  WeTV:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/WeTV.yaml
    path: "./rule_provider/WeTV"
    interval: 86400
  ABC:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/ABC.yaml
    path: "./rule_provider/ABC"
    interval: 86400
  Abema TV:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Abema%20TV.yaml
    path: "./rule_provider/Abema_TV"
    interval: 86400
  Amazon:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Amazon.yaml
    path: "./rule_provider/Amazon"
    interval: 86400
  Apple News:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Apple%20News.yaml
    path: "./rule_provider/Apple_News"
    interval: 86400
  Apple TV:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Apple%20TV.yaml
    path: "./rule_provider/Apple_TV"
    interval: 86400
  Bahamut:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Bahamut.yaml
    path: "./rule_provider/Bahamut"
    interval: 86400
  BBC iPlayer:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/BBC%20iPlayer.yaml
    path: "./rule_provider/BBC_iPlayer"
    interval: 86400
  DAZN:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/DAZN.yaml
    path: "./rule_provider/DAZN"
    interval: 86400
  Discovery Plus:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Discovery%20Plus.yaml
    path: "./rule_provider/Discovery_Plus"
    interval: 86400
  Disney Plus:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Disney%20Plus.yaml
    path: "./rule_provider/Disney_Plus"
    interval: 86400
  encoreTVB:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/encoreTVB.yaml
    path: "./rule_provider/encoreTVB"
    interval: 86400
  Fox Now:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Fox%20Now.yaml
    path: "./rule_provider/Fox_Now"
    interval: 86400
  Fox+:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Fox%2B.yaml
    path: "./rule_provider/Fox+"
    interval: 86400
  HBO Go:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/HBO%20Go.yaml
    path: "./rule_provider/HBO_Go"
    interval: 86400
  HBO Max:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/HBO%20Max.yaml
    path: "./rule_provider/HBO_Max"
    interval: 86400
  Hulu Japan:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Hulu%20Japan.yaml
    path: "./rule_provider/Hulu_Japan"
    interval: 86400
  Hulu:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Hulu.yaml
    path: "./rule_provider/Hulu"
    interval: 86400
  Japonx:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Japonx.yaml
    path: "./rule_provider/Japonx"
    interval: 86400
  JOOX:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/JOOX.yaml
    path: "./rule_provider/JOOX"
    interval: 86400
  KKBOX:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/KKBOX.yaml
    path: "./rule_provider/KKBOX"
    interval: 86400
  KKTV:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/KKTV.yaml
    path: "./rule_provider/KKTV"
    interval: 86400
  Line TV:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Line%20TV.yaml
    path: "./rule_provider/Line_TV"
    interval: 86400
  myTV SUPER:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/myTV%20SUPER.yaml
    path: "./rule_provider/myTV_SUPER"
    interval: 86400
  Pandora:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Pandora.yaml
    path: "./rule_provider/Pandora"
    interval: 86400
  PBS:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/PBS.yaml
    path: "./rule_provider/PBS"
    interval: 86400
  Pornhub:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Pornhub.yaml
    path: "./rule_provider/Pornhub"
    interval: 86400
  Soundcloud:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/Soundcloud.yaml
    path: "./rule_provider/Soundcloud"
    interval: 86400
  ViuTV:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Media/ViuTV.yaml
    path: "./rule_provider/ViuTV"
    interval: 86400
  Telegram:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Telegram.yaml
    path: "./rule_provider/Telegram"
    interval: 86400
  Steam:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Steam.yaml
    path: "./rule_provider/Steam"
    interval: 86400
  Speedtest:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Speedtest.yaml
    path: "./rule_provider/Speedtest"
    interval: 86400
  PayPal:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/PayPal.yaml
    path: "./rule_provider/PayPal"
    interval: 86400
  Microsoft:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Microsoft.yaml
    path: "./rule_provider/Microsoft"
    interval: 86400
  PROXY:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Proxy.yaml
    path: "./rule_provider/Proxy"
    interval: 86400
  Domestic:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Domestic.yaml
    path: "./rule_provider/Domestic"
    interval: 86400
  Apple:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Apple.yaml
    path: "./rule_provider/Apple"
    interval: 86400
  Google FCM:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Google%20FCM.yaml
    path: "./rule_provider/Google FCM"
    interval: 86400
  Scholar:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/Scholar.yaml
    path: "./rule_provider/Scholar"
    interval: 86400
  Domestic IPs:
    type: http
    behavior: ipcidr
    url: https://dler.cloud/Rules/Clash/Provider/Domestic%20IPs.yaml
    path: "./rule_provider/Domestic_IPs"
    interval: 86400
  LAN:
    type: http
    behavior: classical
    url: https://dler.cloud/Rules/Clash/Provider/LAN.yaml
    path: "./rule_provider/LAN"
    interval: 86400
script:
  code: |
    def main(ctx, metadata):
        ruleset_action = {"Reject": "REJECT",
            "Special": "DIRECT",
            "Netflix": "灵魂云",
            "Spotify": "灵魂云",
            "YouTube": "灵魂云",
            "Disney Plus": "灵魂云",
            "Bilibili": "DIRECT",
            "IQ": "DIRECT",
            "IQIYI": "DIRECT",
            "Letv": "DIRECT",
            "Netease Music": "DIRECT",
            "Tencent Video": "DIRECT",
            "Youku": "DIRECT",
            "WeTV": "DIRECT",
            "ABC": "灵魂云",
            "Abema TV": "灵魂云",
            "Amazon": "灵魂云",
            "Apple News": "灵魂云",
            "Apple TV": "灵魂云",
            "Bahamut": "灵魂云",
            "BBC iPlayer": "灵魂云",
            "DAZN": "灵魂云",
            "Discovery Plus": "灵魂云",
            "encoreTVB": "灵魂云",
            "Fox Now": "灵魂云",
            "Fox+": "灵魂云",
            "HBO Go": "灵魂云",
            "HBO Max": "灵魂云",
            "Hulu Japan": "灵魂云",
            "Hulu": "灵魂云",
            "Japonx": "灵魂云",
            "JOOX": "灵魂云",
            "KKBOX": "灵魂云",
            "KKTV": "灵魂云",
            "Line TV": "灵魂云",
            "myTV SUPER": "灵魂云",
            "Pandora": "灵魂云",
            "PBS": "灵魂云",
            "Pornhub": "灵魂云",
            "Soundcloud": "灵魂云",
            "ViuTV": "灵魂云",
            "Telegram": "灵魂云",
            "Steam": "DIRECT",
            "Speedtest": "DIRECT",
            "PayPal": "灵魂云",
            "Microsoft": "灵魂云",
            "Apple": "灵魂云",
            "Google FCM": "灵魂云",
            "Scholar": "灵魂云",
            "PROXY": "灵魂云",
            "Domestic": "DIRECT",
            "Domestic IPs": "DIRECT",
            "LAN": "DIRECT"
          }

        port = int(metadata["dst_port"])

        if metadata["network"] == "UDP":
            if port == 443:
                ctx.log('[Script] matched QUIC traffic use reject')
                return "REJECT"

        port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
        if port not in port_list:
            ctx.log('[Script] not common port use direct')
            return "DIRECT"

        if metadata["dst_ip"] == "":
            metadata["dst_ip"] = ctx.resolve_ip(metadata["host"])

        for ruleset in ruleset_action:
            if ctx.rule_providers[ruleset].match(metadata):
                return ruleset_action[ruleset]

        if metadata["dst_ip"] == "":
            return "DIRECT"

        code = ctx.geoip(metadata["dst_ip"])
        if code == "CN":
            ctx.log('[Script] Geoip CN')
            return "DIRECT"

        ctx.log('[Script] FINAL')
        return "DIRECT"
rules:
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,Reject,REJECT
- RULE-SET,Special,DIRECT
- RULE-SET,Netflix,灵魂云
- RULE-SET,Spotify,灵魂云
- RULE-SET,YouTube,灵魂云
- RULE-SET,Disney Plus,灵魂云
- RULE-SET,Bilibili,DIRECT
- RULE-SET,IQ,DIRECT
- RULE-SET,IQIYI,DIRECT
- RULE-SET,Letv,DIRECT
- RULE-SET,Netease Music,DIRECT
- RULE-SET,Tencent Video,DIRECT
- RULE-SET,Youku,DIRECT
- RULE-SET,WeTV,DIRECT
- RULE-SET,ABC,灵魂云
- RULE-SET,Abema TV,灵魂云
- RULE-SET,Amazon,灵魂云
- RULE-SET,Apple News,灵魂云
- RULE-SET,Apple TV,灵魂云
- RULE-SET,Bahamut,灵魂云
- RULE-SET,BBC iPlayer,灵魂云
- RULE-SET,DAZN,灵魂云
- RULE-SET,Discovery Plus,灵魂云
- RULE-SET,encoreTVB,灵魂云
- RULE-SET,Fox Now,灵魂云
- RULE-SET,Fox+,灵魂云
- RULE-SET,HBO Go,灵魂云
- RULE-SET,HBO Max,灵魂云
- RULE-SET,Hulu Japan,灵魂云
- RULE-SET,Hulu,灵魂云
- RULE-SET,Japonx,灵魂云
- RULE-SET,JOOX,灵魂云
- RULE-SET,KKBOX,灵魂云
- RULE-SET,KKTV,灵魂云
- RULE-SET,Line TV,灵魂云
- RULE-SET,myTV SUPER,灵魂云
- RULE-SET,Pandora,灵魂云
- RULE-SET,PBS,灵魂云
- RULE-SET,Pornhub,灵魂云
- RULE-SET,Soundcloud,灵魂云
- RULE-SET,ViuTV,灵魂云
- RULE-SET,Telegram,灵魂云
- RULE-SET,Steam,DIRECT
- RULE-SET,Speedtest,DIRECT
- RULE-SET,PayPal,灵魂云
- RULE-SET,Microsoft,灵魂云
- RULE-SET,Apple,灵魂云
- RULE-SET,Google FCM,灵魂云
- RULE-SET,Scholar,灵魂云
- RULE-SET,PROXY,灵魂云
- RULE-SET,Domestic,DIRECT
- RULE-SET,Domestic IPs,DIRECT
- RULE-SET,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,DIRECT

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Fri Mar 18 08:45:41 2022
*nat
:PREROUTING ACCEPT [221:140734]
:INPUT ACCEPT [2040:134432]
:OUTPUT ACCEPT [2937:192830]
:POSTROUTING ACCEPT [2958:194391]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_VPN_rule - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_VPN_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_VPN_postrouting - [0:0]
:zone_VPN_prerouting - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -p tcp -m tcp --sport 10240 -j RETURN
-A openclash -p tcp -m tcp --sport 1194 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -p tcp -m tcp --sport 10240 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1194 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule
-A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 7681 -m comment --comment "!fw3: Forward7681" -j REDIRECT --to-ports 7681
-A zone_wan_prerouting -p udp -m udp --dport 7681 -m comment --comment "!fw3: Forward7681" -j REDIRECT --to-ports 7681
COMMIT
# Completed on Fri Mar 18 08:45:41 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Fri Mar 18 08:45:41 2022
*mangle
:PREROUTING ACCEPT [67669:59293303]
:INPUT ACCEPT [66995:59112456]
:FORWARD ACCEPT [674:180847]
:OUTPUT ACCEPT [61362:74111338]
:POSTROUTING ACCEPT [61881:74158977]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --sport 1194 -j RETURN
-A openclash -p udp -m udp --sport 4500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.8.8/32 -m comment --comment "OpenClash Google DNS Hijack" -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -d 8.8.4.4/32 -m comment --comment "OpenClash Google DNS Hijack" -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 1194 -j RETURN
-A openclash_output -p udp -m udp --sport 4500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Fri Mar 18 08:45:41 2022

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Fri Mar 18 08:45:41 2022
*nat
:PREROUTING ACCEPT [348:51756]
:INPUT ACCEPT [348:51756]
:OUTPUT ACCEPT [19:3355]
:POSTROUTING ACCEPT [19:3355]
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Fri Mar 18 08:45:41 2022

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Fri Mar 18 08:45:41 2022
*mangle
:PREROUTING ACCEPT [1492:233555]
:INPUT ACCEPT [1492:233555]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [122:25358]
:POSTROUTING ACCEPT [142:31952]
COMMIT
# Completed on Fri Mar 18 08:45:41 2022

#===================== IPSET状态 =====================#

Name: cn
Name: ct
Name: cnc
Name: cmcc
Name: crtc
Name: cernet
Name: gwbn
Name: othernet
Name: music
Name: mwan3_connected_v4
Name: mwan3_connected_v6
Name: mwan3_source_v6
Name: mwan3_dynamic_v4
Name: mwan3_dynamic_v6
Name: mwan3_custom_v4
Name: mwan3_custom_v6
Name: china
Name: china_ip_route
Name: shuntlist
Name: gfwlist
Name: chnroute
Name: localnetwork
Name: shuntlist6
Name: gfwlist6
Name: chnroute6
Name: blacklist6
Name: mwan3_connected

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.31.1    0.0.0.0         UG    0      0        0 eth0
172.31.0.0      0.0.0.0         255.255.255.0   U     0      0        0 docker0
192.168.31.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun
#ip route list
default via 192.168.31.1 dev eth0 proto static 
172.31.0.0/24 dev docker0 proto kernel scope link src 172.31.0.1 linkdown 
192.168.31.0/24 dev eth0 proto kernel scope link src 192.168.31.88 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      13996/clash
tcp        0      0 :::7890                 :::*                    LISTEN      13996/clash
tcp        0      0 :::7891                 :::*                    LISTEN      13996/clash
tcp        0      0 :::7892                 :::*                    LISTEN      13996/clash
tcp        0      0 :::7893                 :::*                    LISTEN      13996/clash
tcp        0      0 :::7895                 :::*                    LISTEN      13996/clash
tcp        0      0 :::9090                 :::*                    LISTEN      13996/clash
udp        0      0 198.18.0.1:7777         0.0.0.0:*                           13996/clash
udp        0      0 :::7874                 :::*                                13996/clash
udp        0      0 :::7891                 :::*                                13996/clash
udp        0      0 :::7892                 :::*                                13996/clash
udp        0      0 :::7893                 :::*                                13996/clash
udp        0      0 :::7895                 :::*                                13996/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Name:   www.baidu.com
Address: 198.18.0.206

#===================== resolv.conf.d =====================#

# Interface lan
nameserver 114.114.114.114
nameserver 8.8.8.8

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Fri, 18 Mar 2022 00:45:42 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "2f13c47e3f25fa1ebfd11a41a7a93d483ecb6985062adb81c7c8845d48ae732c"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: DD48:58BA:2EAD5B:3F470F:6233A701
Accept-Ranges: bytes
Date: Fri, 18 Mar 2022 00:45:43 GMT
Via: 1.1 varnish
X-Served-By: cache-sjc10061-SJC
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1647564344.509771,VS0,VE146
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: 37811babed1d0eb45e9c99a689c72dbc0ec4b684
Expires: Fri, 18 Mar 2022 00:50:43 GMT
Source-Age: 0`
vernesong / OpenClash

旁路由环境下电脑科学上网不成功,手机正常连接成功 #2156
