[Bug] openclash影响luci网页连接

[fraelyfan]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.71-beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

打开openclash静置一段时间后出现问题

Describe the Bug

luci网页空白无法打开，只能去ssh里关闭openclash才能访问 大概是63或者之前的几个版本出现的这个问题

OpenClash Log

OpenClash 调试日志

生成时间: 2022-11-13 10:23:51 插件版本: v0.45.71-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Micro-Star International Co., Ltd. MS-7B89
固件版本: OpenWrt 21.02.1 r16325-88151b8303
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.154
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 114.114.114.114

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 未运行
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.08.26-16-gb4d832d
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.11.12-1-gde264c4
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: 
Meta内核文件: 不存在
Meta内核运行权限: 否

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host-mix
默认代理模式: script
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
DNS远程解析: 停用
路由本机代理: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 启用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 10810
socks-port: 10809
allow-lan: true
mode: script
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: Currency
  type: select
  disable-udp: false
  proxies:
  - Vmess
  - Trojan
  - SSR
  - Unclassified
- name: Vmess
  type: select
  disable-udp: false
  proxies:
  - DIRECT
- name: Trojan
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - F01 香港*
  - F02 香港*
  - F03 香港*
  - F04 香港*
  - F05 香港 HKT*
  - F31 新加坡*
  - F32 新加坡*
  - F33 新加坡*
  - F41 美国*
  - F42 美国*
  - F43 美国*
  - F51 马来西亚[0.6]
  - F52 马来西亚[0.6]
  - F53 马来西亚[0.6]
  - K01 俄罗斯
  - K02 俄罗斯 [0.1]
  - K11 台湾*
  - K12 台湾*
  - K13 台湾*
  - K14 台湾*
  - K20 台湾 [0.6]
  - K21 台湾 [0.6]
  - K21 日本*
  - K22 新加坡 [0.6]
  - K22 日本 dmit
  - K22 日本*
  - K23 台湾 [0.6]
  - K23 日本*
  - K24 台湾 [0.6]
  - K24 日本 [0.6]
  - K30 美国 [0.6]
  - K31 日本 [0.6]
  - K38 韩国
  - K39 韩国
  - K6 卢森堡BT [0.1]
  - SP*乌克兰
  - SP*以色列
  - SP*印尼
  - SP*土耳其 [3]
  - SP*巴西 [3]
  - SP*德国
  - SP*意大利
  - SP*挪威
  - SP*法国
  - SP*泰国
  - SP*澳大利亚
  - SP*爱尔兰
  - SP*瑞典
  - SP*瑞士
  - SP*英国
  - SP*荷兰
  - SP*菲律宾
  - SP*阿根廷 [3]
  - SP*阿联酋
  - Z*台湾
- name: SSR
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - B00 香港*
  - B01 香港*
  - B02 香港*
  - B03 香港*
  - B04 香港S* [1.2]
  - B05 台湾*
  - B10 日本*
  - B11 日本*
  - B20 新加坡*
  - B21 新加坡*
  - B30 美国*
  - B40 韩国
  - D11 香港*
  - D12 香港*
  - D13 香港*
  - D14 香港*
  - D15 香港S* [1.2]
  - D22 台湾
  - D23 台湾
  - D24 台湾
  - D25 台湾
  - D31 日本*
  - D32 日本*
  - D33 日本*
  - D34 日本*
  - D35 日本
  - D36 日本
  - D37 日本S [2]
  - D38 韩国
  - D39 韩国
  - D40 美国*
  - D41 美国*
  - D42 美国*
  - D43 美国*
  - D50 马来西亚
  - D51 马来西亚
  - D52 新加坡*
  - D53 新加坡*
  - D54 新加坡*
  - D55 新加坡*
  - D56 印尼
  - D6 俄罗斯 [0.5]
  - D6 卢森堡BT [0.5]
  - D6 印度
  - D6 越南
  - D61 英国
  - D62 英国
- name: Media-香港
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - B00 香港*
  - B01 香港*
  - B02 香港*
  - B03 香港*
  - B04 香港S* [1.2]
- name: Media-台湾
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - B05 台湾*
- name: Media-日本
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - B10 日本*
  - B11 日本*
- name: Media-新加坡
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - B20 新加坡*
  - B21 新加坡*
- name: Unclassified
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - E00 日本实验性 [0.5]
  - B10 台湾*
  - B20 日本*
  - B21 日本*
  - B30 韩国
  - B40 美国*
  - B50 新加坡*
  - B51 新加坡*
  - D01 香港*
  - D02 香港*
  - D03 香港*
  - D04 香港*
  - D05 香港S* [1.2]
  - D11 台湾
  - D12 台湾
  - D13 台湾
  - D14 台湾
  - D21 日本*
  - D22 日本*
  - D23 日本*
  - D24 日本*
  - D25 日本
  - D31 韩国
  - D32 韩国
  - F11 台湾
  - F12 台湾
  - F13 台湾
  - F14 台湾
  - F21 日本
  - F23 日本
  - F32 韩国
  - F51 新加坡
  - F52 新加坡
  - F53 新加坡
  - F61 马来西亚[0.6]
  - F62 马来西亚[0.6]
  - F63 马来西亚[0.6]
  - B04 香港*
  - B22 日本*
  - D00 香港*
  - E0 香港实验性
  - B52 新加坡*
  - E2 日本实验性
  - K10 台湾 [0.2]
  - K11 台湾 [0.2]
  - K13 台湾 [0.2]
  - K14 台湾 [0.2]
  - K23 日本 [0.2]
  - K24 日本 [0.2]
  - K52 新加坡 [0.2]
  - D27 日本 [2]
  - D28 日本P [2]
  - H60 乌克兰
  - H60 以色列
  - H60 俄罗斯 [0.8]
  - H60 加拿大
  - H60 卢森堡BT [0.8]
  - H60 印度
  - H60 土耳其1 [3]
  - H60 土耳其2 [3]
  - H60 巴西 [3]
  - H60 德国
  - H60 挪威
  - H60 摩尔多瓦
  - H60 法国
  - H60 泰国
  - H60 澳大利亚
  - H60 爱尔兰
  - H60 瑞典
  - H60 瑞士
  - H60 英国1
  - H60 英国2
  - H60 荷兰
  - H60 菲律宾
  - H60 越南
  - H60 阿根廷 [3]
  - H60 阿联酋
- name: Socks5
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - Trojan
  - SSR
  - Unclassified
  - Media-香港
  - Media-台湾
  - Media-日本
  - Media-新加坡
- name: Http
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - Trojan
  - SSR
  - Unclassified
  - Media-香港
  - Media-台湾
  - Media-日本
  - Media-新加坡
- name: 微软服务
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - Trojan
  - SSR
  - Unclassified
  - Media-香港
  - Media-台湾
  - Media-日本
  - Media-新加坡
- name: Steam
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - Trojan
  - SSR
  - Unclassified
  - Media-香港
  - Media-台湾
  - Media-日本
  - Media-新加坡
- name: Other
  type: select
  disable-udp: false
  proxies:
  - DIRECT
  - Vmess
  - Trojan
  - SSR
  - Unclassified
  - Media-香港
  - Media-台湾
  - Media-日本
  - Media-新加坡
  - B30 美国*
- name: YouTube
  type: select
  disable-udp: false
  proxies:
  - Media-香港
  - Media-台湾
  - Media-日本
  - Media-新加坡
  - Vmess
  - Trojan
  - SSR
  - Unclassified
- name: Netflix
  type: select
  disable-udp: false
  proxies:
  - Media-香港
  - Media-台湾
  - Media-日本
  - Media-新加坡
  - Vmess
  - Trojan
  - SSR
  - Unclassified
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- IP-CIDR,192.168.0.82/32,DIRECT
script:
  code: |-
    def main(ctx, metadata):
      if metadata["type"] == "Socks5":
        return "Socks5"
      if metadata["type"] == "HTTP Connect":
        return "Http"
      if ctx.rule_providers["YouTube"].match(metadata) or ctx.rule_providers["YouTubeMusic"].match(metadata):
        return "YouTube"
      if ctx.rule_providers["Other"].match(metadata):
        return "Other"
      if ctx.rule_providers["微软服务"].match(metadata):
        return "微软服务"
      if ctx.rule_providers["Steam"].match(metadata):
        return "Steam"
      if ctx.rule_providers["Netflix"].match(metadata) or ctx.rule_providers["Netflix(By lhie1)"].match(metadata):
        return "Netflix"
      list = ['AppStore','AppStoreConnect','Apple','国内域名','国内IP','放行规则-ConnersHua','放行规则-ACL4SSR','放行规则-ConnersHua','custom']
      for name in list:
        if ctx.rule_providers[name].match(metadata):
          return "DIRECT"
      return "Currency"
rule-providers:
  AppStore:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/AppStore.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Extra/Apple/AppStore.yaml
    interval: 86400
  AppStoreConnect:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/AppStoreConnect.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Extra/Apple/AppStoreConnect.yaml
    interval: 86400
  Apple:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Apple-lhie1.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Apple.yaml
    interval: 86400
  国内域名:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/China.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/China.yaml
    interval: 86400
  国内IP:
    type: http
    behavior: ipcidr
    path: "/etc/openclash/rule_provider/ChinaIP.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Extra/ChinaIP.yaml
    interval: 86400
  微软服务:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Microsoft.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Microsoft.yaml
    interval: 86400
  Netflix(By lhie1):
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Netflix-lhie1.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Media/Netflix.yaml
    interval: 86400
  Netflix:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Netflix.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/StreamingMedia/Video/Netflix.yaml
    interval: 86400
  YouTube:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/YouTube-lhie1.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Media/YouTube.yaml
    interval: 86400
  YouTubeMusic:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/YouTubeMusic-lhie1.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Media/YouTube%20Music.yaml
    interval: 86400
  放行规则-lhie1:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Special.yaml"
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@master/Clash/Provider/Special.yaml
    interval: 86400
  放行规则-ACL4SSR:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/UnBan.yaml"
    url: https://cdn.jsdelivr.net/gh/ACL4SSR/ACL4SSR@master/Clash/Providers/UnBan.yaml
    interval: 86400
  放行规则-ConnersHua:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Unbreak.yaml"
    url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Unbreak.yaml
    interval: 86400
  Steam:
    type: http
    behavior: classical
    path: "/etc/openclash/rule_provider/Steam.yaml"
    url: https://raw.githubusercontent.com/dler-io/Rules/master/Clash/Provider/Steam.yaml
    interval: 86400
  custom:
    type: file
    behavior: classical
    path: "/etc/openclash/rule_provider/custom.yaml"
  Other:
    type: file
    behavior: classical
    path: "/etc/openclash/rule_provider/Other.yaml"
redir-port: 7892
tproxy-port: 7895
mixed-port: 10808
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
interface-name: pppoe-wan
dns:
  enable: true
  ipv6: true
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 223.5.5.5
  - https://doh.pub/dns-query
  - https://223.5.5.5/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://public.dns.iij.jp/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
  nameserver-policy:
    "*.baidu.com": 114.114.114.114
  use-hosts: true
experimental:
  sniff-tls-sni: true
tun:
  enable: true
  stack: system
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
  store-fake-ip: false
hosts:
  tiebapic.baidu.com: 111.177.8.35

#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sun Nov 13 10:23:52 2022
*nat
:PREROUTING ACCEPT [966:58453]
:INPUT ACCEPT [254:18469]
:OUTPUT ACCEPT [360:25265]
:POSTROUTING ACCEPT [182:22992]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: nas-arch ssh (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.1/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: openwrt ssh (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p tcp -m tcp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p udp -m udp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.100/32 -p udp -m udp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.82/32 -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 8764:8767 -m comment --comment "!fw3: nas-arch PZ Server (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 40995 -m comment --comment "!fw3: nas-arch 163 pop3s (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p tcp -m tcp --dport 8123 -m comment --comment "!fw3: nas-arch home-assistant (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_postrouting -s 192.168.0.0/24 -d 192.168.0.81/32 -p udp -m udp --dport 8123 -m comment --comment "!fw3: nas-arch home-assistant (reflection)" -j SNAT --to-source 192.168.0.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk (reflection)" -j DNAT --to-destination 192.168.0.100:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 48648 -m comment --comment "!fw3: nas-arch ssh (reflection)" -j DNAT --to-destination 192.168.0.81:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 48648 -m comment --comment "!fw3: nas-arch ssh (reflection)" -j DNAT --to-destination 192.168.0.81:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25570
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25570
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25570
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server (reflection)" -j DNAT --to-destination 192.168.0.81:25565-25570
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j DNAT --to-destination 192.168.0.81:1234
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx (reflection)" -j DNAT --to-destination 192.168.0.81:1234
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 48647 -m comment --comment "!fw3: openwrt ssh (reflection)" -j DNAT --to-destination 192.168.0.1:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 48647 -m comment --comment "!fw3: openwrt ssh (reflection)" -j DNAT --to-destination 192.168.0.1:22
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble (reflection)" -j DNAT --to-destination 192.168.0.81:64738
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT (reflection)" -j DNAT --to-destination 192.168.0.81:6881
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn (reflection)" -j DNAT --to-destination 192.168.0.81:3478
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk (reflection)" -j DNAT --to-destination 192.168.0.82:7272
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339-63340
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339-63340
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339-63340
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt (reflection)" -j DNAT --to-destination 192.168.0.82:63339-63340
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp (reflection)" -j DNAT --to-destination 192.168.0.82:1935
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47984
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47984
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47989
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47989
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48010
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47998-47999
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:47998-47999
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48000
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48000
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48000
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48000
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48002
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight (reflection)" -j DNAT --to-destination 192.168.0.100:48002
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk (reflection)" -j DNAT --to-destination 192.168.0.81:7070
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc (reflection)" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 8081 -m comment --comment "!fw3: http (reflection)" -j DNAT --to-destination 192.168.0.100:8081
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid (reflection)" -j DNAT --to-destination 192.168.0.82:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid (reflection)" -j DNAT --to-destination 192.168.0.82:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid (reflection)" -j DNAT --to-destination 192.168.0.82:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid (reflection)" -j DNAT --to-destination 192.168.0.82:30502
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 8764:8767 -m comment --comment "!fw3: nas-arch PZ Server (reflection)" -j DNAT --to-destination 192.168.0.81:8764-8767
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 8764:8767 -m comment --comment "!fw3: nas-arch PZ Server (reflection)" -j DNAT --to-destination 192.168.0.81:8764-8767
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 995 -m comment --comment "!fw3: nas-arch 163 pop3s (reflection)" -j DNAT --to-destination 192.168.0.81:40995
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 995 -m comment --comment "!fw3: nas-arch 163 pop3s (reflection)" -j DNAT --to-destination 192.168.0.81:40995
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 12345 -m comment --comment "!fw3: nas-arch home-assistant (reflection)" -j DNAT --to-destination 192.168.0.81:8123
-A zone_lan_prerouting -s 192.168.0.0/24 -d *WAN IP*/32 -p udp -m udp --dport 12345 -m comment --comment "!fw3: nas-arch home-assistant (reflection)" -j DNAT --to-destination 192.168.0.81:8123
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p tcp -m tcp --dport 12345 -m comment --comment "!fw3: nas-arch home-assistant (reflection)" -j DNAT --to-destination 192.168.0.81:8123
-A zone_lan_prerouting -s 192.168.0.0/24 -d 10.217.141.101/32 -p udp -m udp --dport 12345 -m comment --comment "!fw3: nas-arch home-assistant (reflection)" -j DNAT --to-destination 192.168.0.81:8123
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 7070 -m comment --comment "!fw3: anydesk" -j DNAT --to-destination 192.168.0.100:7070
-A zone_wan_prerouting -p udp -m udp --dport 7070 -m comment --comment "!fw3: anydesk" -j DNAT --to-destination 192.168.0.100:7070
-A zone_wan_prerouting -p tcp -m tcp --dport 48648 -m comment --comment "!fw3: nas-arch ssh" -j DNAT --to-destination 192.168.0.81:22
-A zone_wan_prerouting -p tcp -m tcp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server" -j DNAT --to-destination 192.168.0.81:25565-25570
-A zone_wan_prerouting -p udp -m udp --dport 25565:25570 -m comment --comment "!fw3: nas-arch minecraft/Terraria/PZ-server" -j DNAT --to-destination 192.168.0.81:25565-25570
-A zone_wan_prerouting -p tcp -m tcp --dport 1234 -m comment --comment "!fw3: nas-arch nginx" -j DNAT --to-destination 192.168.0.81:1234
-A zone_wan_prerouting -p tcp -m tcp --dport 48647 -m comment --comment "!fw3: openwrt ssh" -j DNAT --to-destination 192.168.0.1:22
-A zone_wan_prerouting -p tcp -m tcp --dport 64738 -m comment --comment "!fw3: mumble" -j DNAT --to-destination 192.168.0.81:64738
-A zone_wan_prerouting -p udp -m udp --dport 64738 -m comment --comment "!fw3: mumble" -j DNAT --to-destination 192.168.0.81:64738
-A zone_wan_prerouting -p tcp -m tcp --dport 6881 -m comment --comment "!fw3: aria2 BT" -j DNAT --to-destination 192.168.0.81:6881
-A zone_wan_prerouting -p udp -m udp --dport 6881 -m comment --comment "!fw3: aria2 BT" -j DNAT --to-destination 192.168.0.81:6881
-A zone_wan_prerouting -p tcp -m tcp --dport 3478 -m comment --comment "!fw3: coturn" -j DNAT --to-destination 192.168.0.81:3478
-A zone_wan_prerouting -p udp -m udp --dport 3478 -m comment --comment "!fw3: coturn" -j DNAT --to-destination 192.168.0.81:3478
-A zone_wan_prerouting -p tcp -m tcp --dport 7272 -m comment --comment "!fw3: nas-win anydesk" -j DNAT --to-destination 192.168.0.82:7272
-A zone_wan_prerouting -p udp -m udp --dport 7272 -m comment --comment "!fw3: nas-win anydesk" -j DNAT --to-destination 192.168.0.82:7272
-A zone_wan_prerouting -p tcp -m tcp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt" -j DNAT --to-destination 192.168.0.82:63339-63340
-A zone_wan_prerouting -p udp -m udp --dport 63339:63340 -m comment --comment "!fw3: nas-win bt" -j DNAT --to-destination 192.168.0.82:63339-63340
-A zone_wan_prerouting -p tcp -m tcp --dport 1935 -m comment --comment "!fw3: nas-win rtmp" -j DNAT --to-destination 192.168.0.82:1935
-A zone_wan_prerouting -p udp -m udp --dport 1935 -m comment --comment "!fw3: nas-win rtmp" -j DNAT --to-destination 192.168.0.82:1935
-A zone_wan_prerouting -p tcp -m tcp --dport 47984 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:47984
-A zone_wan_prerouting -p tcp -m tcp --dport 47989 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:47989
-A zone_wan_prerouting -p tcp -m tcp --dport 48010 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48010
-A zone_wan_prerouting -p udp -m udp --dport 48010 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48010
-A zone_wan_prerouting -p udp -m udp --dport 47998:47999 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:47998-47999
-A zone_wan_prerouting -p tcp -m tcp --dport 48000 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48000
-A zone_wan_prerouting -p udp -m udp --dport 48000 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48000
-A zone_wan_prerouting -p udp -m udp --dport 48002 -m comment --comment "!fw3: moonlight" -j DNAT --to-destination 192.168.0.100:48002
-A zone_wan_prerouting -p tcp -m tcp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk" -j DNAT --to-destination 192.168.0.81:7070
-A zone_wan_prerouting -p udp -m udp --dport 7171 -m comment --comment "!fw3: nas-arch anydesk" -j DNAT --to-destination 192.168.0.81:7070
-A zone_wan_prerouting -p tcp -m tcp --dport 43000:43010 -m comment --comment "!fw3: misc" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_wan_prerouting -p udp -m udp --dport 43000:43010 -m comment --comment "!fw3: misc" -j DNAT --to-destination 192.168.0.81:43000-43010
-A zone_wan_prerouting -p tcp -m tcp --dport 8081 -m comment --comment "!fw3: http" -j DNAT --to-destination 192.168.0.100:8081
-A zone_wan_prerouting -p udp -m udp --dport 8081 -m comment --comment "!fw3: http" -j DNAT --to-destination 192.168.0.100:8081
-A zone_wan_prerouting -p tcp -m tcp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid" -j DNAT --to-destination 192.168.0.82:30502
-A zone_wan_prerouting -p udp -m udp --dport 30502 -m comment --comment "!fw3: Rimworld/Risk of Rain/Project Zomboid" -j DNAT --to-destination 192.168.0.82:30502
-A zone_wan_prerouting -p udp -m udp --dport 8764:8767 -m comment --comment "!fw3: nas-arch PZ Server" -j DNAT --to-destination 192.168.0.81:8764-8767
-A zone_wan_prerouting -p tcp -m tcp --dport 995 -m comment --comment "!fw3: nas-arch 163 pop3s" -j DNAT --to-destination 192.168.0.81:40995
-A zone_wan_prerouting -p tcp -m tcp --dport 12345 -m comment --comment "!fw3: nas-arch home-assistant" -j DNAT --to-destination 192.168.0.81:8123
-A zone_wan_prerouting -p udp -m udp --dport 12345 -m comment --comment "!fw3: nas-arch home-assistant" -j DNAT --to-destination 192.168.0.81:8123
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Sun Nov 13 10:23:52 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sun Nov 13 10:23:52 2022
*mangle
:PREROUTING ACCEPT [595212:550413469]
:INPUT ACCEPT [4971:588918]
:FORWARD ACCEPT [590224:549823334]
:OUTPUT ACCEPT [5725:6328782]
:POSTROUTING ACCEPT [595861:556148246]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun Nov 13 10:23:52 2022

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sun Nov 13 10:23:52 2022
*filter
:INPUT ACCEPT [1:52]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -s 192.168.0.11/32 -p tcp -m mac --mac-source ec:4d:3e:89:c5:63 -m comment --comment "!fw3: YeeLight" -j zone_wan_dest_REJECT
-A zone_lan_forward -s 192.168.0.11/32 -p udp -m mac --mac-source ec:4d:3e:89:c5:63 -m comment --comment "!fw3: YeeLight" -j zone_wan_dest_REJECT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -d 224.0.0.0/4 -p udp -m comment --comment "!fw3: ubus:omcproxy[instance1] rule 2" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p igmp -m comment --comment "!fw3: ubus:omcproxy[instance1] rule 0" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -d 224.0.0.0/4 -p udp -m comment --comment "!fw3: Allow-Multicast" -j ACCEPT
-A zone_wan_input -d 225.0.0.0/8 -p tcp -m comment --comment "!fw3: udpxy" -j ACCEPT
-A zone_wan_input -d 225.0.0.0/8 -p udp -m comment --comment "!fw3: udpxy" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Nov 13 10:23:52 2022

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sun Nov 13 10:23:52 2022
*nat
:PREROUTING ACCEPT [48:6821]
:INPUT ACCEPT [1:134]
:OUTPUT ACCEPT [72:6989]
:POSTROUTING ACCEPT [109:12139]
COMMIT
# Completed on Sun Nov 13 10:23:52 2022

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sun Nov 13 10:23:52 2022
*mangle
:PREROUTING ACCEPT [253:66510]
:INPUT ACCEPT [150:40927]
:FORWARD ACCEPT [93:24046]
:OUTPUT ACCEPT [418:143716]
:POSTROUTING ACCEPT [511:167762]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sun Nov 13 10:23:52 2022

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sun Nov 13 10:23:52 2022
*filter
:INPUT ACCEPT [1:72]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A MINIUPNPD -d 2408:8221:13b:cf60::82/128 -p tcp -m tcp --dport 24768 -j ACCEPT
-A MINIUPNPD -d 2408:8221:13b:cf60::82/128 -p udp -m udp --dport 24768 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -d ff00::/8 -p udp -m comment --comment "!fw3: ubus:omcproxy[instance1] rule 3" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: ubus:omcproxy[instance1] rule 1" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: ubus:omcproxy[instance1] rule 1" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: ubus:omcproxy[instance1] rule 1" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: ubus:omcproxy[instance1] rule 1" -j ACCEPT
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: IGMP" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sun Nov 13 10:23:52 2022

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         ****     0.0.0.0         UG    0      0        0 pppoe-wan
10.217.141.101  0.0.0.0         255.255.255.255 UH    1      0        0 eth1
****     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via **** dev pppoe-wan proto static 
10.217.141.101 dev eth1 proto static scope link metric 1 
**** dev pppoe-wan proto kernel scope link src *WAN IP* 
192.168.0.0/24 dev br-lan proto kernel scope link src 192.168.0.1 
#ip rule show
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

vnet0: tap vnet_hdr
vnet1: tap vnet_hdr

#===================== 端口占用状态 =====================#

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 110.242.68.3
Name:   www.a.shifen.com
Address: 110.242.68.4

#===================== resolv.conf.d =====================#

# Interface lan
nameserver 223.6.6.6
nameserver 114.114.114.114
nameserver 8.8.4.4
# Interface wan
nameserver 202.102.224.68
nameserver 202.102.227.68
# Interface wan_6
nameserver 2408:8888::8
nameserver 2408:8000::8

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sun, 13 Nov 2022 02:23:52 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

#===================== 最近运行日志 =====================#

2022-11-13 10:23:12【/tmp/openclash_last_version】Download Failed:【curl: (60) SSL certificate problem: self signed certificate】
2022-11-13 10:23:12【/tmp/openclash_last_version】Download Failed:【More details here: https://curl.se/docs/sslcerts.html】
2022-11-13 10:23:12【/tmp/openclash_last_version】Download Failed:【】
2022-11-13 10:23:12【/tmp/openclash_last_version】Download Failed:【curl failed to verify the legitimacy of the server and therefore could not】
2022-11-13 10:23:12【/tmp/openclash_last_version】Download Failed:【establish a secure connection to it. To learn more about this situation and】
2022-11-13 10:23:12【/tmp/openclash_last_version】Download Failed:【how to fix it, please visit the web page mentioned above.】
2022-11-13 10:23:15【/tmp/clash_last_version】Download Failed:【curl: (60) SSL certificate problem: self signed certificate】
2022-11-13 10:23:15【/tmp/clash_last_version】Download Failed:【More details here: https://curl.se/docs/sslcerts.html】
2022-11-13 10:23:15【/tmp/clash_last_version】Download Failed:【】
2022-11-13 10:23:15【/tmp/clash_last_version】Download Failed:【curl failed to verify the legitimacy of the server and therefore could not】
2022-11-13 10:23:15【/tmp/clash_last_version】Download Failed:【establish a secure connection to it. To learn more about this situation and】
2022-11-13 10:23:15【/tmp/clash_last_version】Download Failed:【how to fix it, please visit the web page mentioned above.】

#===================== 活动连接信息 =====================#

OpenClash Config

No response

Expected Behavior

``

Screenshots

No response

[fraelyfan]

[cxzlw]

我也出现这个情况，我发现与配置文件有关，应该是文件大小或节点数，没有仔细测试到底是哪个 反正config的节点多了（节点多了配置大小也会变大）以后就会这样

[machine-doll]

我最近也发现了这个问题，应该就是这几个星期的版本开始的
我是openclash运行一段时间之后luci就再也打不开了，访问任何页面都提示
/usr/lib/lua/luci/dispatcher.lua:427: /etc/config/luci seems to be corrupt, unable to find section 'main'

[machine-doll]

不知道什么原因，最近又遇到了这个问题
ssh连到路由器里，手动重启rpcd和uhttpd就好了
原因未知，但是猜测是引起了rpcd崩溃

[machine-doll]

今天在电脑上开启了bt客户端，过了一会儿luci又打不开了。这次可以确定是rpcd崩溃导致的了。ssh连接到路由器，执行/etc/init.d/rpcd restart，就好了
不知道是不是和clash打开的文件过多又关系，不知道为什么，bt客户端有时候会创建上万个连接

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[cxzlw]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

not stale yet.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[cxzlw]

not stale yet.

not stale yet.