vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
17.92k stars 3.23k forks source link

[Bug] 内网服务器DNS配置不生效 #2493

Closed zhfg closed 2 years ago

zhfg commented 2 years ago

Verify Steps

OpenClash Version

0.45.16-beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-armv8

To Reproduce

在 Global Settings页面的Set Custom Hosts (Does Not Override Config Settings)框中输入我家内网的一台服务DNS配置 '*.familyzhang.com': 192.168.1.251

重启openclash后用 ping minio-api.familyzhang.com不能解析到我指定的IP

mls@DESKTOP-B9EJ23P MINGW64 ~
$ ping minio-api.familyzhang.com
Ping 请求找不到主机 minio-api.familyzhang.com。请检查该名称,然后重试。

检查openclash配置文件内有相关的配置

root@OpenWrt:/etc/openclash# ps -w | grep clash
 4171 nobody    699m S    /etc/openclash/clash -d /etc/openclash -f /etc/openclash/缈诲鏈哄満.com.yaml
 4748 root      1280 S    /bin/sh /usr/share/openclash/openclash_watchdog.sh
26501 root      1220 S    sh -c /etc/openclash/core/clash_tun -v 2>/dev/null |awk -F ' ' '{print $2}'
26502 root     18756 R    /etc/openclash/core/clash_tun -v
26505 root      1228 S    grep clash

root@OpenWrt:/etc/openclash# cat 缈诲鏈哄満.com.yaml | grep '^hosts' -C 5
  - 119.29.29.29
  - 127.0.0.1:6053
profile:
  store-selected: true
  store-fake-ip: true
hosts:
  "*.familyzhang.com": 192.168.1.251
root@OpenWrt:/etc/openclash#

Describe the Bug

Set Custom Hosts 不生效

OpenClash Log

OpenClash 调试日志

生成时间: 2022-06-18 11:04:57 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息


#===================== 系统信息 =====================#

主机型号: FriendlyElec NanoPi R2S
固件版本: OpenWrt 21.02.3 r16554-1d4dea6d4f
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.188
处理器架构: aarch64_generic

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
ruby-dbm: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 30739 4171
运行权限: 30739: =ep
4171: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-armv8

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.04.17
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.10.6
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g7136d14
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/翻墙机场.com.yaml
启动配置文件: /etc/openclash/翻墙机场.com.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F680 节点选择"
  type: select
  proxies:
  - "♻️ 自动选择"
  - "\U0001F1ED\U0001F1F0 香港节点"
  - "\U0001F1E8\U0001F1F3 台湾节点"
  - "\U0001F1F8\U0001F1EC 狮城节点"
  - "\U0001F1EF\U0001F1F5 日本节点"
  - "\U0001F1FA\U0001F1F2 美国节点"
  - "\U0001F1F0\U0001F1F7 韩国节点"
  - "\U0001F680 手动切换"
  - DIRECT
我删除了一些
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
我删除了一些规则,太长了

redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/dashboard"
ipv6: false
interface-name: pppoe-wan6
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 127.0.0.1:6053
  use-hosts: true
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  我删除了一些
  default-nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 127.0.0.1:6053
profile:
  store-selected: true
  store-fake-ip: true
hosts:
  "*.familyzhang.com": 192.168.1.251

#===================== 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sat Jun 18 11:05:02 2022
*nat
:PREROUTING ACCEPT [1421:561381]
:INPUT ACCEPT [1607:109215]
:OUTPUT ACCEPT [3857:273270]
:POSTROUTING ACCEPT [1426:95706]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sat Jun 18 11:05:02 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sat Jun 18 11:05:02 2022
*mangle
:PREROUTING ACCEPT [153148:95340364]
:INPUT ACCEPT [106615:67029359]
:FORWARD ACCEPT [47491:28653372]
:OUTPUT ACCEPT [105034:82301850]
:POSTROUTING ACCEPT [152467:110967122]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan6 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan6 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -p udp -j TPROXY --on-port 7892 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Sat Jun 18 11:05:02 2022

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sat Jun 18 11:05:02 2022
*filter
:INPUT ACCEPT [2:478]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:openclash_wan_input - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i pppoe-wan6 -j openclash_wan_input
-A INPUT -i pppoe-wan -j openclash_wan_input
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_output
-A openclash_wan_input -p udp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A openclash_wan_input -p tcp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan6 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan6 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan6 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan6 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Jun 18 11:05:02 2022

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sat Jun 18 11:05:02 2022
*nat
:PREROUTING ACCEPT [633320:123627178]
:INPUT ACCEPT [395:63530]
:OUTPUT ACCEPT [3618:343117]
:POSTROUTING ACCEPT [3618:343117]
COMMIT
# Completed on Sat Jun 18 11:05:02 2022

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sat Jun 18 11:05:02 2022
*mangle
:PREROUTING ACCEPT [695719:129226505]
:INPUT ACCEPT [19602:2320511]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11781:1470008]
:POSTROUTING ACCEPT [11781:1470008]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-wan6 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan6 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat Jun 18 11:05:02 2022

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sat Jun 18 11:05:02 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [20:1520]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-wan6 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan6 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan6 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-wan6 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-wan6 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Jun 18 11:05:02 2022

#===================== IPSET状态 =====================#

Name: china_ip_route
Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         100.65.0.1      0.0.0.0         UG    0      0        0 pppoe-wan6
100.65.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
100.65.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan6
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via 100.65.0.1 dev pppoe-wan6 proto static 
100.65.0.1 dev pppoe-wan proto kernel scope link src 100.65.9.193 
100.65.0.1 dev pppoe-wan6 proto kernel scope link src 100.65.13.219 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.2 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7895                 :::*                    LISTEN      4171/clash
tcp        0      0 :::9090                 :::*                    LISTEN      4171/clash
tcp        0      0 :::7890                 :::*                    LISTEN      4171/clash
tcp        0      0 :::7891                 :::*                    LISTEN      4171/clash
tcp        0      0 :::7892                 :::*                    LISTEN      4171/clash
tcp        0      0 :::7893                 :::*                    LISTEN      4171/clash
udp        0      0 :::45828                :::*                                4171/clash
udp        0      0 :::49960                :::*                                4171/clash
udp        0      0 :::52603                :::*                                4171/clash
udp        0      0 :::35713                :::*                                4171/clash
udp        0      0 :::59307                :::*                                4171/clash
udp        0      0 :::40483                :::*                                4171/clash
udp        0      0 :::60559                :::*                                4171/clash
udp        0      0 :::7874                 :::*                                4171/clash
udp        0      0 :::35526                :::*                                4171/clash
udp        0      0 :::7891                 :::*                                4171/clash
udp        0      0 :::7892                 :::*                                4171/clash
udp        0      0 :::7893                 :::*                                4171/clash
udp        0      0 :::7895                 :::*                                4171/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1#53

Name:      www.baidu.com
Address 1: 198.18.0.5
*** Can't find www.baidu.com: No answer

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 221.131.143.69
nameserver 112.4.0.55
# Interface wan6
nameserver 221.131.143.69
nameserver 112.4.0.55
# Interface wan6_6
nameserver 2409:8020:2000::8
nameserver 2409:8020:2000::88
# Interface wan_6
nameserver 2409:8020:2000::88
nameserver 2409:8020:2000::8

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 18 Jun 2022 03:05:03 GMT
Etag: "575e1f74-115"
Last-Modified: Mon, 13 Jun 2016 02:50:28 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "0a1a940c5b6ad7220e077ddc5a62c27f2e18baacb23315326d48c397e34bd228"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: E17E:2E5E:3820:15F8D:62A11924
accept-ranges: bytes
date: Sat, 18 Jun 2022 03:05:03 GMT
via: 1.1 varnish
x-served-by: cache-hkg17931-HKG
x-cache: HIT
x-cache-hits: 1
x-timer: S1655521503.409332,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 17a16144fa2aeb8e7bf61215ba5eede93a551480
expires: Sat, 18 Jun 2022 03:10:03 GMT
source-age: 93
content-length: 80

#===================== 最近运行日志 =====================#

time="2022-06-18T03:03:57Z" level=info msg="[TCP] 192.168.1.219:44772 --> 111.30.164.230:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:03:57Z" level=info msg="[TCP] 192.168.1.182:59572 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, Tj - B Group]"
time="2022-06-18T03:03:58Z" level=info msg="[TCP] 192.168.1.219:52014 --> www.googleapis.com:443 match DomainKeyword(google) using 🚀 节点选择[🇭🇰 Hongkong, Tj - B Group]"
time="2022-06-18T03:03:59Z" level=info msg="[TCP] 192.168.1.219:52016 --> www.googleapis.com:443 match DomainKeyword(google) using 🚀 节点选择[🇭🇰 Hongkong, Tj - B Group]"
time="2022-06-18T03:04:00Z" level=info msg="[UDP] 192.168.1.197:27158 --> tplinkac.tplogin.cn:5246 match DomainSuffix(cn) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:01Z" level=info msg="[TCP] 192.168.1.206:42628 --> vas.daliapp.net:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:01Z" level=info msg="[TCP] 192.168.1.206:47120 --> tos.snssdk.com:443 match DomainSuffix(snssdk.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:03Z" level=info msg="[TCP] 192.168.1.182:59573 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, Tj - B Group]"
time="2022-06-18T03:04:04Z" level=info msg="[TCP] 192.168.1.237:47860 --> class.seewo.com:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:05Z" level=info msg="[TCP] 192.168.1.118:57063 --> weather-data.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[DIRECT]"
time="2022-06-18T03:04:08Z" level=info msg="[UDP] 192.168.1.173:24484 --> tplinkac.tplogin.cn:5246 match DomainSuffix(cn) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:09Z" level=info msg="[TCP] 192.168.1.182:59574 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:10Z" level=info msg="[TCP] 192.168.1.159:48068 --> monitor.daliapp.net:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:11Z" level=info msg="[TCP] 192.168.1.182:59575 --> api.im.qcloud.com:443 match DomainSuffix(qcloud.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:12Z" level=info msg="[TCP] 192.168.1.159:51564 --> api.daliapp.cn:443 match DomainSuffix(cn) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:13Z" level=info msg="[TCP] 192.168.1.159:43136 --> log.snssdk.com:443 match DomainSuffix(log.snssdk.com) using 🍃 应用净化[REJECT]"
time="2022-06-18T03:04:13Z" level=info msg="[TCP] 192.168.1.219:41594 --> 120.241.190.15:80 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:15Z" level=info msg="[TCP] 192.168.1.182:59576 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:18Z" level=info msg="[TCP] 192.168.1.182:59577 --> h-adashx.ut.taobao.com:443 match DomainSuffix(taobao.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:20Z" level=info msg="[TCP] 192.168.1.182:59578 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:23Z" level=info msg="[TCP] 192.168.1.206:58644 --> 223.109.32.229:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:24Z" level=info msg="[TCP] 192.168.1.159:44158 --> 223.109.32.230:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:26Z" level=info msg="[TCP] 192.168.1.159:45874 --> vas.daliapp.net:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:26Z" level=info msg="[TCP] 192.168.1.159:46574 --> tos-lf-x.snssdk.com:443 match DomainSuffix(snssdk.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:27Z" level=info msg="[UDP] 192.168.1.182:53937 --> 111.230.189.174:123 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:27Z" level=info msg="[TCP] 192.168.1.182:59579 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:31Z" level=info msg="[TCP] 192.168.1.206:42634 --> vas.daliapp.net:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:31Z" level=info msg="[TCP] 192.168.1.206:37036 --> tos-d-x-lf.snssdk.com:443 match DomainSuffix(snssdk.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:33Z" level=info msg="[TCP] 192.168.1.182:59580 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:39Z" level=info msg="[TCP] 192.168.1.182:59581 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:40Z" level=info msg="[UDP] 192.168.1.158:15110 --> tplinkac.tplogin.cn:5246 match DomainSuffix(cn) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:44Z" level=info msg="[TCP] 192.168.1.182:59582 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:50Z" level=info msg="[TCP] 192.168.1.182:59583 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:51Z" level=info msg="[TCP] 192.168.1.237:48136 --> study.seewo.com:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:53Z" level=info msg="[TCP] 192.168.1.206:41694 --> 36.156.23.201:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:54Z" level=info msg="[TCP] 192.168.1.159:44164 --> 223.109.32.230:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:54Z" level=info msg="[TCP] 192.168.1.131:50517 --> www.google.com:443 match DomainKeyword(google) using 🚀 节点选择[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:56Z" level=info msg="[TCP] 192.168.1.159:45880 --> vas.daliapp.net:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:56Z" level=info msg="[TCP] 192.168.1.159:34774 --> tos-d-lfcm-lq.snssdk.com:443 match DomainSuffix(snssdk.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:04:56Z" level=info msg="[TCP] 192.168.1.182:59584 --> slackb.com:443 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:57Z" level=info msg="[TCP] 100.65.13.219:33600 --> 3.233.54.64:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:57Z" level=info msg="[TCP] 100.65.13.219:37822 --> 54.235.48.238:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:57Z" level=info msg="[TCP] 100.65.13.219:56124 --> 52.204.91.203:80 match IPCIDR(52.200.0.0/13) using 🚀 节点选择[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:57Z" level=info msg="[TCP] 100.65.13.219:58558 --> 54.163.175.227:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:04:57Z" level=info msg="[TCP] 100.65.13.219:33202 --> 35.174.225.168:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:05:01Z" level=info msg="[TCP] 192.168.1.206:42640 --> vas.daliapp.net:443 match GeoIP(CN) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:05:01Z" level=info msg="[TCP] 192.168.1.206:33614 --> tos-d-x-hl.snssdk.com:443 match DomainSuffix(snssdk.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:05:01Z" level=info msg="[TCP] 192.168.1.182:59585 --> shlxsccm.asycn.loc:80 match Match() using 🐟 漏网之鱼[🇭🇰 Hongkong, SS - B Group]"
time="2022-06-18T03:05:03Z" level=info msg="[TCP] 100.65.13.219:59080 --> www.baidu.com:80 match DomainSuffix(baidu.com) using 🎯 全球直连[DIRECT]"
time="2022-06-18T03:05:03Z" level=info msg="[TCP] 100.65.13.219:51346 --> raw.githubusercontent.com:443 match DomainKeyword(github) using 🚀 节点选择[🇭🇰 Hongkong, SS - B Group]"

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.1.131】 - Host:【chat.google.com】 - DestinationIP:【142.251.43.14】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
2. SourceIP:【192.168.1.159】 - Host:【monitor.daliapp.net】 - DestinationIP:【183.213.21.221】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.1.131】 - Host:【people-pa.clients6.google.com】 - DestinationIP:【142.251.43.10】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
4. SourceIP:【192.168.1.182】 - Host:【Empty】 - DestinationIP:【40.73.76.10】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.1.219】 - Host:【www.google.cn】 - DestinationIP:【120.253.253.98】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
6. SourceIP:【192.168.1.182】 - Host:【pubsub02.oray.net】 - DestinationIP:【112.124.6.10】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.1.182】 - Host:【uci.cdn.office.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【office.net】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.1.131】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.111.154】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
9. SourceIP:【192.168.1.131】 - Host:【ssl.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【ssl.gstatic.com】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.237】 - Host:【class.seewo.com】 - DestinationIP:【121.40.170.129】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.1.145】 - Host:【Empty】 - DestinationIP:【114.67.214.13】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.1.182】 - Host:【safebrowsing.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【safebrowsing.googleapis.com】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.1.131】 - Host:【ssl.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【ssl.gstatic.com】 - Lastchain:【DIRECT】
14. SourceIP:【100.65.13.219】 - Host:【Empty】 - DestinationIP:【58.211.101.70】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.1.182】 - Host:【Empty】 - DestinationIP:【140.82.113.25】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
16. SourceIP:【192.168.1.131】 - Host:【firestore.googleapis.com】 - DestinationIP:【142.251.43.10】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
17. SourceIP:【192.168.1.206】 - Host:【Empty】 - DestinationIP:【36.156.5.229】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
18. SourceIP:【192.168.1.131】 - Host:【user-images.githubusercontent.com】 - DestinationIP:【185.199.111.133】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
19. SourceIP:【192.168.1.131】 - Host:【0.client-channel.google.com】 - DestinationIP:【64.233.189.189】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
20. SourceIP:【192.168.1.206】 - Host:【dig.bdurl.net】 - DestinationIP:【47.119.215.143】 - Network:【tcp】 - RulePayload:【bdurl.net】 - Lastchain:【DIRECT】
21. SourceIP:【192.168.1.182】 - Host:【management.chinacloudapi.cn】 - DestinationIP:【40.73.171.224】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.1.159】 - Host:【Empty】 - DestinationIP:【223.109.32.230】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.1.131】 - Host:【clients6.google.com】 - DestinationIP:【172.217.160.110】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
24. SourceIP:【192.168.1.219】 - Host:【beacons3.gvt2.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【gvt2.com】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
25. SourceIP:【192.168.1.131】 - Host:【api.github.com】 - DestinationIP:【20.205.243.168】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
26. SourceIP:【192.168.1.182】 - Host:【Empty】 - DestinationIP:【120.26.79.41】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
27. SourceIP:【192.168.1.219】 - Host:【www.google.com】 - DestinationIP:【69.63.184.30】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
28. SourceIP:【192.168.1.131】 - Host:【chat-pa.clients6.google.com】 - DestinationIP:【172.217.160.106】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
29. SourceIP:【192.168.1.182】 - Host:【ws-std01.sunlogin.oray.com】 - DestinationIP:【47.96.234.151】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
30. SourceIP:【192.168.1.182】 - Host:【confluence.lianwei.com.cn】 - DestinationIP:【47.100.44.87】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
31. SourceIP:【192.168.1.131】 - Host:【signaler-pa.clients6.google.com】 - DestinationIP:【172.217.163.42】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
32. SourceIP:【192.168.1.131】 - Host:【Empty】 - DestinationIP:【47.98.140.171】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
33. SourceIP:【192.168.1.219】 - Host:【www.googleapis.com】 - DestinationIP:【172.217.160.106】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
34. SourceIP:【192.168.1.131】 - Host:【Empty】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
35. SourceIP:【192.168.1.219】 - Host:【www.googleapis.com】 - DestinationIP:【172.217.160.106】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
36. SourceIP:【192.168.1.182】 - Host:【Empty】 - DestinationIP:【111.230.189.174】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
37. SourceIP:【192.168.1.131】 - Host:【signaler-pa.clients6.google.com】 - DestinationIP:【172.217.163.42】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
38. SourceIP:【192.168.1.131】 - Host:【clientservices.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【clientservices.googleapis.com】 - Lastchain:【DIRECT】
39. SourceIP:【192.168.1.182】 - Host:【slackb.com】 - DestinationIP:【54.235.48.238】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
40. SourceIP:【192.168.1.131】 - Host:【play.google.com】 - DestinationIP:【142.251.42.238】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
41. SourceIP:【192.168.1.206】 - Host:【monitor.daliapp.net】 - DestinationIP:【36.156.179.243】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
42. SourceIP:【192.168.1.237】 - Host:【Empty】 - DestinationIP:【120.204.207.95】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
43. SourceIP:【192.168.1.131】 - Host:【content-autofill.googleapis.com】 - DestinationIP:【172.217.160.106】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
44. SourceIP:【192.168.1.131】 - Host:【chat-dl.google.com】 - DestinationIP:【172.217.163.46】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
45. SourceIP:【192.168.1.219】 - Host:【Empty】 - DestinationIP:【59.82.84.189】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
46. SourceIP:【192.168.1.182】 - Host:【portal.azure.cn】 - DestinationIP:【40.73.108.25】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
47. SourceIP:【192.168.1.131】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.109.154】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
48. SourceIP:【192.168.1.131】 - Host:【google.com】 - DestinationIP:【142.251.43.14】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
49. SourceIP:【192.168.1.131】 - Host:【hangouts.google.com】 - DestinationIP:【172.217.160.110】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
50. SourceIP:【192.168.1.182】 - Host:【mozilla.cloudflare-dns.com】 - DestinationIP:【104.16.248.249】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
51. SourceIP:【192.168.1.131】 - Host:【www.google.com】 - DestinationIP:【185.45.7.165】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
52. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【17.188.181.135】 - Network:【udp】 - RulePayload:【17.0.0.0/8】 - Lastchain:【DIRECT】
53. SourceIP:【192.168.1.131】 - Host:【alive.github.com】 - DestinationIP:【140.82.114.26】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🇭🇰 Hongkong, SS - B Group】
54. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【17.57.145.168】 - Network:【tcp】 - RulePayload:【17.0.0.0/8】 - Lastchain:【DIRECT】
55. SourceIP:【192.168.1.237】 - Host:【study.seewo.com】 - DestinationIP:【223.4.221.197】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
56. SourceIP:【192.168.1.173】 - Host:【tplinkac.tplogin.cn】 - DestinationIP:【】 - Network:【udp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
57. SourceIP:【192.168.1.158】 - Host:【tplinkac.tplogin.cn】 - DestinationIP:【】 - Network:【udp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
58. SourceIP:【192.168.1.131】 - Host:【chat-pa.clients6.google.com】 - DestinationIP:【172.217.160.106】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
59. SourceIP:【192.168.1.131】 - Host:【camo.githubusercontent.com】 - DestinationIP:【185.199.108.133】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🇭🇰 Hongkong, Tj - B Group】
60. SourceIP:【192.168.1.159】 - Host:【api.daliapp.cn】 - DestinationIP:【36.156.179.241】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
61. SourceIP:【192.168.1.237】 - Host:【Empty】 - DestinationIP:【112.60.0.157】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
62. SourceIP:【192.168.1.182】 - Host:【Empty】 - DestinationIP:【183.192.169.15】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
63. SourceIP:【192.168.1.182】 - Host:【api.im.qcloud.com】 - DestinationIP:【36.155.224.83】 - Network:【tcp】 - RulePayload:【qcloud.com】 - Lastchain:【DIRECT】
64. SourceIP:【192.168.1.206】 - Host:【Empty】 - DestinationIP:【36.156.23.201】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】

OpenClash Config

zzzzzzzzz

Expected Behavior

使Set Custom Hosts配置生效

Screenshots

zzzzzzzzzzz

vernesong commented 2 years ago

dnsmasq 取消重绑定保护

zhfg commented 2 years ago

问题解决。关闭

dnsmasq 取消重绑定保护