Closed ghost closed 2 years ago
一样的错误,直接还原了快照
应该是今天commit的问题,昨天晚上还编译过都是正常的。
54版在做Firewall4适配了,Base system换成Firewall4
54版在做Firewall4适配了,Base system换成Firewall4
适配FW4是彻底放弃iptables?
54版在做Firewall4适配了,Base system换成Firewall4
适配FW4是彻底放弃iptables?
这个就不清楚了。你自己编译要看作者更新的内容,换成fw4是可以启动的,已正常使用一天。
同样的问题 用的是dev commit f8cf5afd4369ee53009847fb49d843853a7a12b4 看了一下可能是nft的问题
OpenClash 调试日志
生成时间: 2022-09-01 07:02:50 插件版本: v0.45.54-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: QEMU Standard PC (i440FX + PIIX, 1996)
固件版本: OpenWrt SNAPSHOT r20439-a96382c1bb
LuCI版本: git-20.191.33648-4ddcb36
内核版本: 5.10.138
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#6054
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci-19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装
#===================== 内核检查 =====================#
运行状态: 未运行
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.07.07-15-g4104b53
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.11.4-13-g6e058f8
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g42e489e
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
DNS远程解析: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 启用
#===================== 自定义规则 一 =====================#
script:
## shortcuts:
## Notice: The core timezone is UTC
## CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
## 内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
## 北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
## quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
## time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
## time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21
## code: |
## def main(ctx, metadata):
## directkeywordlist = ["baidu"]
## for directkeyword in directkeywordlist:
## if directkeyword in metadata["host"]:
## ctx.log('[Script] matched keyword %s use direct' % directkeyword)
## return "DIRECT"
rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule
##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)
##排序在上的规则优先生效,如添加(去除规则前的#号):
##IP段:192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT
##IP段:192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT
##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理
##因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除
##仅设置路由器自身直连:
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT
##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT
##在线IP段转CIDR地址:http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
## shortcuts:
## common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
## code: |
## def main(ctx, metadata):
## directkeywordlist = ["baidu"]
## for directkeyword in directkeywordlist:
## if directkeyword in metadata["host"]:
## ctx.log('[Script] matched keyword %s use direct' % directkeyword)
## return "DIRECT"
rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)
#===================== 配置文件 =====================#
proxy-groups:
- name: Auto - UrlTest
type: url-test
proxies:
- sg
- sg_http
- us
- us_http
- ru
- ru_http
url: https://cp.cloudflare.com/generate_204
interval: '600'
tolerance: '250'
- name: Proxy
type: select
proxies:
- Auto - UrlTest
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Domestic
type: select
proxies:
- DIRECT
- Proxy
- name: Others
type: select
proxies:
- Proxy
- DIRECT
- Domestic
- name: Microsoft
type: select
proxies:
- DIRECT
- Proxy
- name: Apple
type: select
proxies:
- DIRECT
- Proxy
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Google FCM
type: select
proxies:
- DIRECT
- Proxy
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Scholar
type: select
proxies:
- DIRECT
- Proxy
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Bilibili
type: select
proxies:
- Asian TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Douyin
type: select
proxies:
- DIRECT
- Asian TV
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Bahamut
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: HBO Max
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: HBO Go
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Pornhub
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Netflix
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Disney
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Youtube
type: select
disable-udp: true
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Discovery Plus
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: DAZN
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Spotify
type: select
proxies:
- Global TV
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Steam
type: select
proxies:
- DIRECT
- Proxy
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: AdBlock
type: select
proxies:
- REJECT
- DIRECT
- Proxy
- name: Asian TV
type: select
proxies:
- DIRECT
- Proxy
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Global TV
type: select
proxies:
- Proxy
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Speedtest
type: select
proxies:
- Proxy
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Telegram
type: select
proxies:
- Proxy
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: Crypto
type: select
proxies:
- Proxy
- DIRECT
- sg
- sg_http
- us
- us_http
- ru
- ru_http
- name: PayPal
type: select
proxies:
- DIRECT
- Proxy
- sg
- sg_http
- us
- us_http
- ru
- ru_http
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
log-level: silent
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
listen: 0.0.0.0:7874
nameserver:
- 127.0.0.1:6054
fake-ip-filter:
- "+.*"
experimental:
sniff-tls-sni: true
profile:
store-selected: true
store-fake-ip: true
authentication:
- Clash:e3LgYc9x
rule-providers:
Reject:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Reject.yaml
path: "./rule_provider/Reject"
interval: 86400
Special:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Special.yaml
path: "./rule_provider/Special"
interval: 86400
Netflix:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Netflix.yaml
path: "./rule_provider/Netflix"
interval: 86400
Spotify:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Spotify.yaml
path: "./rule_provider/Spotify"
interval: 86400
YouTube:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/YouTube.yaml
path: "./rule_provider/YouTube"
interval: 86400
Bilibili:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Bilibili.yaml
path: "./rule_provider/Bilibili"
interval: 86400
IQ:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/IQ.yaml
path: "./rule_provider/IQI"
interval: 86400
IQIYI:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/IQIYI.yaml
path: "./rule_provider/IQYI"
interval: 86400
Letv:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Letv.yaml
path: "./rule_provider/Letv"
interval: 86400
Netease Music:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Netease%20Music.yaml
path: "./rule_provider/Netease_Music"
interval: 86400
Tencent Video:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Tencent%20Video.yaml
path: "./rule_provider/Tencent_Video"
interval: 86400
Youku:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Youku.yaml
path: "./rule_provider/Youku"
interval: 86400
WeTV:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/WeTV.yaml
path: "./rule_provider/WeTV"
interval: 86400
ABC:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/ABC.yaml
path: "./rule_provider/ABC"
interval: 86400
Abema TV:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Abema%20TV.yaml
path: "./rule_provider/Abema_TV"
interval: 86400
Amazon:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Amazon.yaml
path: "./rule_provider/Amazon"
interval: 86400
Apple News:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20News.yaml
path: "./rule_provider/Apple_News"
interval: 86400
Apple TV:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20TV.yaml
path: "./rule_provider/Apple_TV"
interval: 86400
Bahamut:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Bahamut.yaml
path: "./rule_provider/Bahamut"
interval: 86400
BBC iPlayer:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/BBC%20iPlayer.yaml
path: "./rule_provider/BBC_iPlayer"
interval: 86400
DAZN:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/DAZN.yaml
path: "./rule_provider/DAZN"
interval: 86400
Discovery Plus:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Discovery%20Plus.yaml
path: "./rule_provider/Discovery_Plus"
interval: 86400
Disney Plus:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Disney%20Plus.yaml
path: "./rule_provider/Disney_Plus"
interval: 86400
encoreTVB:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/encoreTVB.yaml
path: "./rule_provider/encoreTVB"
interval: 86400
F1 TV:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/F1%20TV.yaml
path: "./rule_provider/F1_TV"
interval: 86400
Fox Now:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Fox%20Now.yaml
path: "./rule_provider/Fox_Now"
interval: 86400
Fox+:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Fox%2B.yaml
path: "./rule_provider/Fox+"
interval: 86400
HBO Go:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/HBO%20Go.yaml
path: "./rule_provider/HBO_Go"
interval: 86400
HBO Max:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/HBO%20Max.yaml
path: "./rule_provider/HBO_Max"
interval: 86400
Hulu Japan:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Hulu%20Japan.yaml
path: "./rule_provider/Hulu_Japan"
interval: 86400
Hulu:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Hulu.yaml
path: "./rule_provider/Hulu"
interval: 86400
Japonx:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Japonx.yaml
path: "./rule_provider/Japonx"
interval: 86400
JOOX:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/JOOX.yaml
path: "./rule_provider/JOOX"
interval: 86400
KKBOX:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/KKBOX.yaml
path: "./rule_provider/KKBOX"
interval: 86400
KKTV:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/KKTV.yaml
path: "./rule_provider/KKTV"
interval: 86400
Line TV:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Line%20TV.yaml
path: "./rule_provider/Line_TV"
interval: 86400
myTV SUPER:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/myTV%20SUPER.yaml
path: "./rule_provider/myTV_SUPER"
interval: 86400
Pandora:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Pandora.yaml
path: "./rule_provider/Pandora"
interval: 86400
PBS:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/PBS.yaml
path: "./rule_provider/PBS"
interval: 86400
Pornhub:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Pornhub.yaml
path: "./rule_provider/Pornhub"
interval: 86400
Soundcloud:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Soundcloud.yaml
path: "./rule_provider/Soundcloud"
interval: 86400
ViuTV:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/ViuTV.yaml
path: "./rule_provider/ViuTV"
interval: 86400
Telegram:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Telegram.yaml
path: "./rule_provider/Telegram"
interval: 86400
Crypto:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Crypto.yaml
path: "./rule_provider/Crypto"
interval: 86400
Douyin:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Douyin.yaml
path: "./rule_provider/Douyin"
interval: 86400
Steam:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Steam.yaml
path: "./rule_provider/Steam"
interval: 86400
Speedtest:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Speedtest.yaml
path: "./rule_provider/Speedtest"
interval: 86400
PayPal:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/PayPal.yaml
path: "./rule_provider/PayPal"
interval: 86400
Microsoft:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Microsoft.yaml
path: "./rule_provider/Microsoft"
interval: 86400
PROXY:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Proxy.yaml
path: "./rule_provider/Proxy"
interval: 86400
Domestic:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Domestic.yaml
path: "./rule_provider/Domestic"
interval: 86400
Apple:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Apple.yaml
path: "./rule_provider/Apple"
interval: 86400
Google FCM:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Google%20FCM.yaml
path: "./rule_provider/Google FCM"
interval: 86400
Scholar:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Scholar.yaml
path: "./rule_provider/Scholar"
interval: 86400
Domestic IPs:
type: http
behavior: ipcidr
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Domestic%20IPs.yaml
path: "./rule_provider/Domestic_IPs"
interval: 86400
LAN:
type: http
behavior: classical
url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/LAN.yaml
path: "./rule_provider/LAN"
interval: 86400
国内域名白名单:
type: http
behavior: classical
path: "/etc/openclash/rule_provider/China.yaml"
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/China.yaml
interval: 86400
script:
code: |
def main(ctx, metadata):
ruleset_action = {"Reject": "AdBlock",
"Special": "DIRECT",
"Netflix": "Netflix",
"Spotify": "Spotify",
"YouTube": "Youtube",
"Disney Plus": "Disney",
"Bilibili": "Bilibili",
"IQ": "Asian TV",
"IQIYI": "Asian TV",
"Letv": "Asian TV",
"Netease Music": "Asian TV",
"Tencent Video": "Asian TV",
"Youku": "Asian TV",
"WeTV": "Asian TV",
"ABC": "Global TV",
"Abema TV": "Global TV",
"Amazon": "Global TV",
"Apple News": "Global TV",
"Apple TV": "Global TV",
"Bahamut": "Bahamut",
"BBC iPlayer": "Global TV",
"DAZN": "DAZN",
"Discovery Plus": "Discovery Plus",
"encoreTVB": "Global TV",
"F1 TV": "Global TV",
"Fox Now": "Global TV",
"Fox+": "Global TV",
"HBO Go": "HBO Go",
"HBO Max": "HBO Max",
"Hulu Japan": "Global TV",
"Hulu": "Global TV",
"Japonx": "Global TV",
"JOOX": "Global TV",
"KKBOX": "Global TV",
"KKTV": "Global TV",
"Line TV": "Global TV",
"myTV SUPER": "Global TV",
"Pandora": "Global TV",
"PBS": "Global TV",
"Pornhub": "Pornhub",
"Soundcloud": "Global TV",
"ViuTV": "Global TV",
"Telegram": "Telegram",
"Crypto": "Crypto",
"Douyin": "Douyin",
"Steam": "Steam",
"Speedtest": "Speedtest",
"PayPal": "PayPal",
"Microsoft": "Microsoft",
"Apple": "Apple",
"Google FCM": "Google FCM",
"Scholar": "Scholar",
"PROXY": "Proxy",
"Domestic": "Domestic",
"Domestic IPs": "Domestic",
"LAN": "DIRECT"
}
port = int(metadata["dst_port"])
if metadata["network"] == "UDP":
if port == 443:
ctx.log('[Script] matched QUIC traffic use reject')
return "REJECT"
port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
if port not in port_list:
ctx.log('[Script] not common port use direct')
return "DIRECT"
if metadata["dst_ip"] == "":
metadata["dst_ip"] = ctx.resolve_ip(metadata["host"])
for ruleset in ruleset_action:
if ctx.rule_providers[ruleset].match(metadata):
return ruleset_action[ruleset]
if metadata["dst_ip"] == "":
return "DIRECT"
code = ctx.geoip(metadata["dst_ip"])
if code == "CN":
ctx.log('[Script] Geoip CN')
return "Domestic"
ctx.log('[Script] FINAL')
return "Others"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,openbsd.cyou,DIRECT
- DOMAIN-SUFFIX,api.cloudflare.com,DIRECT
- DOMAIN-SUFFIX,aweray.com,DIRECT
- DOMAIN-SUFFIX,icloud.com,DIRECT
- RULE-SET,国内域名白名单,DIRECT
- RULE-SET,Reject,AdBlock
- RULE-SET,Special,DIRECT
- RULE-SET,Netflix,Netflix
- RULE-SET,Spotify,Spotify
- RULE-SET,YouTube,Youtube
- RULE-SET,Disney Plus,Disney
- RULE-SET,Bilibili,Bilibili
- RULE-SET,IQ,Asian TV
- RULE-SET,IQIYI,Asian TV
- RULE-SET,Letv,Asian TV
- RULE-SET,Netease Music,Asian TV
- RULE-SET,Tencent Video,Asian TV
- RULE-SET,Youku,Asian TV
- RULE-SET,WeTV,Asian TV
- RULE-SET,ABC,Global TV
- RULE-SET,Abema TV,Global TV
- RULE-SET,Amazon,Global TV
- RULE-SET,Apple News,Global TV
- RULE-SET,Apple TV,Global TV
- RULE-SET,Bahamut,Bahamut
- RULE-SET,BBC iPlayer,Global TV
- RULE-SET,DAZN,DAZN
- RULE-SET,Discovery Plus,Discovery Plus
- RULE-SET,encoreTVB,Global TV
- RULE-SET,F1 TV,Global TV
- RULE-SET,Fox Now,Global TV
- RULE-SET,Fox+,Global TV
- RULE-SET,HBO Go,HBO Go
- RULE-SET,HBO Max,HBO Max
- RULE-SET,Hulu Japan,Global TV
- RULE-SET,Hulu,Global TV
- RULE-SET,Japonx,Global TV
- RULE-SET,JOOX,Global TV
- RULE-SET,KKBOX,Global TV
- RULE-SET,KKTV,Global TV
- RULE-SET,Line TV,Global TV
- RULE-SET,myTV SUPER,Global TV
- RULE-SET,Pandora,Global TV
- RULE-SET,PBS,Global TV
- RULE-SET,Pornhub,Pornhub
- RULE-SET,Soundcloud,Global TV
- RULE-SET,ViuTV,Global TV
- RULE-SET,Telegram,Telegram
- RULE-SET,Crypto,Crypto
- RULE-SET,Douyin,Douyin
- RULE-SET,Steam,Steam
- RULE-SET,Speedtest,Speedtest
- RULE-SET,PayPal,PayPal
- RULE-SET,Microsoft,Microsoft
- RULE-SET,Apple,Apple
- RULE-SET,Google FCM,Google FCM
- RULE-SET,Scholar,Scholar
- RULE-SET,PROXY,Proxy
- RULE-SET,Domestic,Domestic
- RULE-SET,Domestic IPs,Domestic
- RULE-SET,LAN,DIRECT
- GEOIP,CN,Domestic
- MATCH,Others
#===================== 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.8 on Thu Sep 1 07:02:51 2022
*nat
:PREROUTING ACCEPT [11011:2750617]
:INPUT ACCEPT [1263:89535]
:OUTPUT ACCEPT [10190:633323]
:POSTROUTING ACCEPT [1354:93928]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p udp -m udp --dport 123 -j REDIRECT --to-ports 123
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i wg0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth3 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o wg0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth3 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Router-WEB (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: Router-WEB (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.3/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.3/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.100/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.100/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.20/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.20/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.10/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.25/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.25/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.252/32 -p tcp -m tcp --dport 8006 -m comment --comment "!fw3: 252web (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.252/32 -p tcp -m tcp --dport 8006 -m comment --comment "!fw3: 252web (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.6/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.6/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.5/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: NAS_WEB (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.5/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: NAS_WEB (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.45/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: TEST_WEB (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.45/32 -p tcp -m tcp --dport 80 -m comment --comment "!fw3: TEST_WEB (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.26/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.26/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.36/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: IMG_SSH (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.36/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: IMG_SSH (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 10.0.0.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j SNAT --to-source 10.0.0.1
-A zone_lan_postrouting -m comment --comment "!fw3: fullclon" -j MASQUERADE
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB (reflection)" -j DNAT --to-destination 192.168.1.1:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB (reflection)" -j DNAT --to-destination 192.168.1.3:90
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote (reflection)" -j DNAT --to-destination 192.168.1.100:5555
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn (reflection)" -j DNAT --to-destination 192.168.1.20:1194
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql (reflection)" -j DNAT --to-destination 192.168.1.10:3306
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn (reflection)" -j DNAT --to-destination 192.168.1.25:3690
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web (reflection)" -j DNAT --to-destination 192.168.1.252:8006
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT (reflection)" -j DNAT --to-destination 192.168.1.6:9091
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB (reflection)" -j DNAT --to-destination 192.168.1.5:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB (reflection)" -j DNAT --to-destination 192.168.1.45:80
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad (reflection)" -j DNAT --to-destination 192.168.1.26:2736
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH (reflection)" -j DNAT --to-destination 192.168.1.36:22
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.100.2/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.100.2/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 192.168.1.0/24 -d 182.116.72.135/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 10.0.0.0/24 -d 182.116.72.135/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.150.2/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.150.2/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 192.168.1.0/24 -d 10.16.161.146/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 10.0.0.0/24 -d 10.16.161.146/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 192.168.1.0/24 -d 192.168.200.2/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_lan_prerouting -s 10.0.0.0/24 -d 192.168.200.2/32 -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD (reflection)" -j DNAT --to-destination 192.168.1.1:1111
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 88 -m comment --comment "!fw3: Router-WEB" -j DNAT --to-destination 192.168.1.1:80
-A zone_wan_prerouting -p tcp -m tcp --dport 90 -m comment --comment "!fw3: AP-3_WEB" -j DNAT --to-destination 192.168.1.3:90
-A zone_wan_prerouting -p tcp -m tcp --dport 5555 -m comment --comment "!fw3: PC-Remote" -j DNAT --to-destination 192.168.1.100:5555
-A zone_wan_prerouting -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j DNAT --to-destination 192.168.1.20:1194
-A zone_wan_prerouting -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: mysql" -j DNAT --to-destination 192.168.1.10:3306
-A zone_wan_prerouting -p tcp -m tcp --dport 3690 -m comment --comment "!fw3: svn" -j DNAT --to-destination 192.168.1.25:3690
-A zone_wan_prerouting -p tcp -m tcp --dport 62 -m comment --comment "!fw3: 252web" -j DNAT --to-destination 192.168.1.252:8006
-A zone_wan_prerouting -p tcp -m tcp --dport 9091 -m comment --comment "!fw3: PT" -j DNAT --to-destination 192.168.1.6:9091
-A zone_wan_prerouting -p tcp -m tcp --dport 40 -m comment --comment "!fw3: NAS_WEB" -j DNAT --to-destination 192.168.1.5:80
-A zone_wan_prerouting -p tcp -m tcp --dport 9090 -m comment --comment "!fw3: TEST_WEB" -j DNAT --to-destination 192.168.1.45:80
-A zone_wan_prerouting -p udp -m udp --dport 2736 -m comment --comment "!fw3: wireguad" -j DNAT --to-destination 192.168.1.26:2736
-A zone_wan_prerouting -p tcp -m tcp --dport 103 -m comment --comment "!fw3: IMG_SSH" -j DNAT --to-destination 192.168.1.36:22
-A zone_wan_prerouting -p udp -m udp --dport 1111 -m comment --comment "!fw3: WIREGUARD" -j DNAT --to-destination 192.168.1.1:1111
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Thu Sep 1 07:02:51 2022
#IPv4 Mangle chain
# Generated by iptables-save v1.8.8 on Thu Sep 1 07:02:51 2022
*mangle
:PREROUTING ACCEPT [264330:227614185]
:INPUT ACCEPT [48067:15496759]
:FORWARD ACCEPT [208675:209560822]
:OUTPUT ACCEPT [66012:21503954]
:POSTROUTING ACCEPT [273818:231027108]
:mwan3_connected_ipv4 - [0:0]
:mwan3_custom_ipv4 - [0:0]
:mwan3_dynamic_ipv4 - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_cmcc_wan - [0:0]
:mwan3_iface_in_ct_wan - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_balanced - [0:0]
:mwan3_policy_ct_only - [0:0]
:mwan3_policy_cu_only - [0:0]
:mwan3_rule_web - [0:0]
:mwan3_rules - [0:0]
-A PREROUTING -j mwan3_hook
-A FORWARD -o eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-cmcc_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-cmcc_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-ct_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-ct_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j mwan3_hook
-A mwan3_connected_ipv4 -m set --match-set mwan3_connected_ipv4 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_custom_ipv4 -m set --match-set mwan3_custom_ipv4 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_dynamic_ipv4 -m set --match-set mwan3_dynamic_ipv4 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_custom_ipv4
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected_ipv4
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_dynamic_ipv4
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_custom_ipv4
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected_ipv4
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_dynamic_ipv4
-A mwan3_iface_in_cmcc_wan -i pppoe-cmcc_wan -m set --match-set mwan3_custom_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_cmcc_wan -i pppoe-cmcc_wan -m set --match-set mwan3_connected_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_cmcc_wan -i pppoe-cmcc_wan -m set --match-set mwan3_dynamic_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_cmcc_wan -i pppoe-cmcc_wan -m mark --mark 0x0/0x3f00 -m comment --comment cmcc_wan -j MARK --set-xmark 0x200/0x3f00
-A mwan3_iface_in_ct_wan -i pppoe-ct_wan -m set --match-set mwan3_custom_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_ct_wan -i pppoe-ct_wan -m set --match-set mwan3_connected_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_ct_wan -i pppoe-ct_wan -m set --match-set mwan3_dynamic_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_ct_wan -i pppoe-ct_wan -m mark --mark 0x0/0x3f00 -m comment --comment ct_wan -j MARK --set-xmark 0x100/0x3f00
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_cmcc_wan
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_ct_wan
-A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment "cmcc_wan 3 3" -j MARK --set-xmark 0x200/0x3f00
-A mwan3_policy_ct_only -m mark --mark 0x0/0x3f00 -m comment --comment "ct_wan 5 5" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_policy_cu_only -m mark --mark 0x0/0x3f00 -m comment --comment "cmcc_wan 3 3" -j MARK --set-xmark 0x200/0x3f00
-A mwan3_rule_web -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
-A mwan3_rule_web -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_rule_ipv4_web src,src
-A mwan3_rule_web -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_rule_ipv4_web src,src
-A mwan3_rules -d 60.208.23.0/24 -m mark --mark 0x0/0x3f00 -j mwan3_policy_cu_only
-A mwan3_rules -s 192.168.1.80/32 -m mark --mark 0x0/0x3f00 -j mwan3_policy_ct_only
-A mwan3_rules -s 192.168.1.42/32 -m mark --mark 0x0/0x3f00 -j mwan3_policy_ct_only
-A mwan3_rules -s 192.168.1.43/32 -m mark --mark 0x0/0x3f00 -j mwan3_policy_cu_only
-A mwan3_rules -m set --match-set unicom dst -m mark --mark 0x0/0x3f00 -j mwan3_policy_cu_only
-A mwan3_rules -m set --match-set chinanet dst -m mark --mark 0x0/0x3f00 -j mwan3_policy_ct_only
-A mwan3_rules -p tcp -m multiport --dports 80,443 -m mark --mark 0x0/0x3f00 -j mwan3_rule_web
-A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
-A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced
-A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_cu_only
COMMIT
# Completed on Thu Sep 1 07:02:51 2022
#IPv4 Filter chain
# Generated by iptables-save v1.8.8 on Thu Sep 1 07:02:51 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i wg0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth3 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth2 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth3 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth3 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth2 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i wg0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth3 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth3 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-cmcc_wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-cmcc_wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-ct_wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-ct_wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth3 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-cmcc_wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth2 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-ct_wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth3 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-cmcc_wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth2 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-ct_wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Sep 1 07:02:51 2022
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.8 on Thu Sep 1 07:02:51 2022
*nat
:PREROUTING ACCEPT [185:59292]
:INPUT ACCEPT [1:211]
:OUTPUT ACCEPT [2:230]
:POSTROUTING ACCEPT [2:230]
COMMIT
# Completed on Thu Sep 1 07:02:51 2022
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.8 on Thu Sep 1 07:02:51 2022
*mangle
:PREROUTING ACCEPT [214:61483]
:INPUT ACCEPT [3:344]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4:308]
:POSTROUTING ACCEPT [4:308]
:mwan3_connected_ipv6 - [0:0]
:mwan3_custom_ipv6 - [0:0]
:mwan3_dynamic_ipv6 - [0:0]
:mwan3_hook - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_balanced - [0:0]
:mwan3_policy_ct_only - [0:0]
:mwan3_policy_cu_only - [0:0]
:mwan3_rules - [0:0]
-A PREROUTING -j mwan3_hook
-A FORWARD -o eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-cmcc_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-cmcc_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o pppoe-ct_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-ct_wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j mwan3_hook
-A mwan3_connected_ipv6 -m set --match-set mwan3_connected_ipv6 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_custom_ipv6 -m set --match-set mwan3_custom_ipv6 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_dynamic_ipv6 -m set --match-set mwan3_dynamic_ipv6 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 137 -j RETURN
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_custom_ipv6
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected_ipv6
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_dynamic_ipv6
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_custom_ipv6
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected_ipv6
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_dynamic_ipv6
-A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
-A mwan3_policy_ct_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
-A mwan3_policy_cu_only -m mark --mark 0x0/0x3f00 -m comment --comment unreachable -j MARK --set-xmark 0x3e00/0x3f00
COMMIT
# Completed on Thu Sep 1 07:02:51 2022
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.8 on Thu Sep 1 07:02:51 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i wg0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth3 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth2 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i wg0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth3 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o wg0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth3 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-cmcc_wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth2 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o pppoe-ct_wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o wg0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i wg0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth3 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth3 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-cmcc_wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-cmcc_wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-ct_wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-ct_wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth3 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-cmcc_wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth2 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o pppoe-ct_wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth3 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-cmcc_wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth2 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i pppoe-ct_wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Sep 1 07:02:51 2022
#===================== IPSET状态 =====================#
Name: chinanet
Name: cmcc
Name: unicom
Name: mwan3_dynamic_ipv6
Name: mwan3_connected_ipv4
Name: mwan3_connected_ipv6
Name: mwan3_custom_ipv4
Name: mwan3_custom_ipv6
Name: mwan3_rule_ipv4_web
Name: mwan3_rule_ipv6_web
Name: mwan3_dynamic_ipv4
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 182.16.72.1 0.0.0.0 UG 5 0 0 pppoe-cmcc_wan
0.0.0.0 10.16.0.1 0.0.0.0 UG 20 0 0 pppoe-ct_wan
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wg0
10.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 wg0
10.0.0.3 0.0.0.0 255.255.255.255 UH 0 0 0 wg0
10.0.0.5 0.0.0.0 255.255.255.255 UH 0 0 0 wg0
10.16.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-ct_wan
182.16.72.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-cmcc_wan
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
192.168.150.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
#ip route list
default via 182.116.72.1 dev pppoe-cmcc_wan proto static metric 5
default via 10.16.0.1 dev pppoe-ct_wan proto static metric 20
10.0.0.0/24 dev wg0 proto kernel scope link src 10.0.0.1
10.0.0.2 dev wg0 proto static scope link
10.0.0.3 dev wg0 proto static scope link
10.0.0.5 dev wg0 proto static scope link
10.16.0.1 dev pppoe-ct_wan proto kernel scope link src 10.16.161.146
182.16.72.1 dev pppoe-cmcc_wan proto kernel scope link src 182.16.72.135
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.100.0/24 dev eth3 proto kernel scope link src 192.168.100.2
192.168.150.0/24 dev eth2 proto kernel scope link src 192.168.150.2
192.168.200.0/24 dev eth1 proto kernel scope link src 192.168.200.2
#ip rule show
0: from all lookup local
1001: from all iif pppoe-ct_wan lookup 1
1002: from all iif pppoe-cmcc_wan lookup 2
2001: from all fwmark 0x100/0x3f00 lookup 1
2002: from all fwmark 0x200/0x3f00 lookup 2
2061: from all fwmark 0x3d00/0x3f00 blackhole
2062: from all fwmark 0x3e00/0x3f00 unreachable
3001: from all fwmark 0x100/0x3f00 unreachable
3002: from all fwmark 0x200/0x3f00 unreachable
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
#===================== 测试本机DNS查询 =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 220.181.38.150
Non-authoritative answer:
#===================== resolv.conf.d =====================#
# Interface cmcc_wan_6
# Interface cmcc_wan
# Interface ct_wan
#===================== 测试本机网络连接 =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Wed, 31 Aug 2022 23:02:52 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载 =====================#
HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "7b18c764d6c4574c6040f0dc7b80bc6a8df5289c8cdd0b3dd1df70ea589c5314"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 7A3E:37DB:88230:A5A80:630E6406
Accept-Ranges: bytes
Date: Wed, 31 Aug 2022 23:02:57 GMT
Via: 1.1 varnish
X-Served-By: cache-tyo11951-TYO
X-Cache: HIT
X-Cache-Hits: 1
X-Timer: S1661986977.332147,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: d559546660ed729c1757950528a0fe6e9e1ec987
Expires: Wed, 31 Aug 2022 23:07:57 GMT
Source-Age: 232
#===================== 最近运行日志 =====================#
2022-09-01 06:59:06 Config File【config.yaml】Read Successful!
2022-09-01 06:59:09 Config File【config.yaml】Write Successful!
2022-09-01 06:59:12 OpenClash Stoping...
2022-09-01 06:59:12 Step 1: Backup The Current Groups State...
2022-09-01 06:59:12 Step 2: Delete OpenClash Firewall Rules...
2022-09-01 06:59:13 Step 3: Close The OpenClash Daemons...
2022-09-01 06:59:13 Step 4: Close The Clash Core Process...
2022-09-01 06:59:13 Step 5: Restart Dnsmasq...
2022-09-01 06:59:15 Step 6: Delete OpenClash Residue File...
2022-09-01 06:59:15 OpenClash Start Running...
2022-09-01 06:59:15 Step 1: Get The Configuration...
2022-09-01 06:59:15 Step 2: Check The Components...
2022-09-01 06:59:15 Tip: Detected that the Chnroute Cidr List Format is wrong, Ready to Reformat...
2022-09-01 06:59:15 Start Downloading The Chnroute Cidr List...
2022-09-01 06:59:16 Chnroute Cidr List Download Success, Check Updated...
2022-09-01 06:59:16 Updated Chnroute Cidr List No Change, Do Nothing...
2022-09-01 06:59:19 Start Downloading The Chnroute6 Cidr List...
2022-09-01 06:59:19 Chnroute6 Cidr List Download Success, Check Updated...
2022-09-01 06:59:19 Updated Chnroute6 Cidr List No Change, Do Nothing...
2022-09-01 06:59:23 OpenClash Stoping...
2022-09-01 06:59:23 Step 1: Backup The Current Groups State...
2022-09-01 06:59:23 Step 2: Delete OpenClash Firewall Rules...
2022-09-01 06:59:24 Step 3: Close The OpenClash Daemons...
2022-09-01 06:59:24 Step 4: Close The Clash Core Process...
2022-09-01 06:59:24 Step 5: Restart Dnsmasq...
2022-09-01 06:59:26 Step 6: Delete OpenClash Residue File...
2022-09-01 07:01:34 OpenClash Stoping...
2022-09-01 07:01:34 Step 1: Backup The Current Groups State...
2022-09-01 07:01:34 Step 2: Delete OpenClash Firewall Rules...
2022-09-01 07:01:35 Step 3: Close The OpenClash Daemons...
2022-09-01 07:01:35 Step 4: Close The Clash Core Process...
2022-09-01 07:01:35 Step 5: Restart Dnsmasq...
2022-09-01 07:01:37 Step 6: Delete OpenClash Residue File...
2022-09-01 07:01:37 OpenClash Start Running...
2022-09-01 07:01:37 Step 1: Get The Configuration...
2022-09-01 07:01:37 Step 2: Check The Components...
2022-09-01 07:01:37 Tip: Detected that the Chnroute Cidr List Format is wrong, Ready to Reformat...
2022-09-01 07:01:37 Start Downloading The Chnroute Cidr List...
2022-09-01 07:01:38 Chnroute Cidr List Download Success, Check Updated...
2022-09-01 07:01:38 Updated Chnroute Cidr List No Change, Do Nothing...
2022-09-01 07:01:41 Start Downloading The Chnroute6 Cidr List...
2022-09-01 07:01:41 Chnroute6 Cidr List Download Success, Check Updated...
2022-09-01 07:01:41 Updated Chnroute6 Cidr List No Change, Do Nothing...
2022-09-01 07:01:45 OpenClash Stoping...
2022-09-01 07:01:45 Step 1: Backup The Current Groups State...
2022-09-01 07:01:45 Step 2: Delete OpenClash Firewall Rules...
2022-09-01 07:01:46 Step 3: Close The OpenClash Daemons...
2022-09-01 07:01:46 Step 4: Close The Clash Core Process...
2022-09-01 07:01:46 Step 5: Restart Dnsmasq...
2022-09-01 07:01:49 Step 6: Delete OpenClash Residue File...
#===================== 活动连接信息 =====================#
最新的.55版本这个bug依然存在,还是卡在删除openclash残余文件
一样,同样的bug
一个个commit试过来,确认就是这个commit导致的启动失败,把/etc/init.d/openclash里增加的这两句屏蔽掉是可以正常启动的。但是还没来得及看到底这两句哪里不对。
修好了啊,把大陆白名单重新更新一下
修好了啊,把大陆白名单重新更新一下
2022-09-01 14:39:04 第六步:删除 OpenClash 残留文件... 2022-09-01 14:39:01 第五步: 重启 Dnsmasq 程序... 2022-09-01 14:39:01 第四步: 关闭 Clash 主程序... 2022-09-01 14:39:01 第三步: 关闭 OpenClash 守护程序... 2022-09-01 14:39:01 第二步: 删除 OpenClash 防火墙规则... 2022-09-01 14:39:01 第一步: 备份当前策略组状态... 2022-09-01 14:39:01 OpenClash 开始关闭... 2022-09-01 14:38:56 大陆 IPv6 白名单没有更新,停止继续操作... 2022-09-01 14:38:56 大陆 IPv6 白名单下载成功,检查版本是否更新... 2022-09-01 14:38:56 开始下载大陆 IPv6 白名单... 2022-09-01 14:38:53 大陆 IP 白名单没有更新,停止继续操作... 2022-09-01 14:38:52 大陆 IP 白名单下载成功,检查版本是否更新... 2022-09-01 14:38:51 开始下载大陆 IP 白名单... 2022-09-01 14:38:51 提示: 检测到大陆白名单列表格式错误,准备重新格式化... 2022-09-01 14:38:51 第二步: 组件运行前检查... 2022-09-01 14:38:51 第一步: 获取配置... 2022-09-01 14:38:51 OpenClash 开始启动... 2022-09-01 14:38:51 第六步:删除 OpenClash 残留文件... 2022-09-01 14:38:48 第五步: 重启 Dnsmasq 程序... 2022-09-01 14:38:48 第四步: 关闭 Clash 主程序... 2022-09-01 14:38:48 第三步: 关闭 OpenClash 守护程序... 2022-09-01 14:38:47 第二步: 删除 OpenClash 防火墙规则... 2022-09-01 14:38:47 第一步: 备份当前策略组状态... 2022-09-01 14:38:47 OpenClash 开始关闭... 2022-09-01 14:38:26 第六步:删除 OpenClash 残留文件... 2022-09-01 14:38:23 第五步: 重启 Dnsmasq 程序... 2022-09-01 14:38:23 第四步: 关闭 Clash 主程序... 2022-09-01 14:38:23 第三步: 关闭 OpenClash 守护程序... 2022-09-01 14:38:22 第二步: 删除 OpenClash 防火墙规则... 2022-09-01 14:38:22 第一步: 备份当前策略组状态... 2022-09-01 14:38:22 OpenClash 开始关闭...
没修好,我试了几次了还是这样,.55的
是的,最新版本已经修好了。
没修好,我试了几次了还是这样,.55的
要自己编译最新的commit,.55还没包含这个修复。
Verify Steps
OpenClash Version
v0.45.54-beta
Bug on Environment
Lean
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
同样的配置在0.45.53版本下正常启动,升级到0.45.54之后启动过程走到一半就停了,没有错误信息。
Describe the Bug
运行日志显示到这步就停了:
2022-08-31 23:04:13 第六步:删除 OpenClash 残留文件... 2022-08-31 23:04:11 第五步: 重启 Dnsmasq 程序...
OpenClash Log
OpenClash 调试日志
生成时间: 2022-08-31 23:01:27 插件版本: v0.45.54-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
OpenClash Config
No response
Expected Behavior
正常启动完成
Screenshots
No response