[Bug] 开启Openclash后，打开云闪付App部分页面加载特别慢，个人能力有限找不出问题所在

[XinSSS]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.70-beta

Bug on Environment

Lean

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

打开云闪付App， 进入我的 > 会员中心， 会打开小程序页面， 这个地方加载特别的慢， 但是一关闭OpenClash， 再进入这里就是秒开了，我也试了别的比如ssrp之类的插件， 没有出现这样的情况。 我也尝试过把openclash的所有设置都删除重置了， 情况依然如此。

Describe the Bug

打开云闪付App， 进入我的 > 会员中心， 会打开小程序页面， 这里加载特别慢

OpenClash Log

OpenClash 调试日志

生成时间: 2022-11-24 23:38:11 插件版本: v0.45.70-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Default string Default string/Default string - Intel(R) Celeron(R) CPU 3865U @ 1.80GHz : 2 Core 2 Thread
固件版本: OpenWrt SNAPSHOT r0-2c52782f
LuCI版本: git-22.316.26068-65f106a-1
内核版本: 5.15.78
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 未安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 19093
运行权限: 19093: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 
Tun内核文件: 不存在
Tun内核运行权限: 否

Dev内核版本: v1.11.12-1-gde264c4
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: 
Meta内核文件: 不存在
Meta内核运行权限: 否

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/SSP.Flower.Clash.yaml
启动配置文件: /etc/openclash/SSP.Flower.Clash.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
bind-address: "*"
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
dns:
  enable: true
  listen: 0.0.0.0:7874
  ipv6: false
  default-nameserver:
  - 223.5.5.5
  - 119.29.29.29
  - 8.8.8.8
  - 114.114.114.114
  - 1.1.1.1
  nameserver:
  - 223.5.5.5
  - 114.114.114.114
  - 1.1.1.1
  - 119.29.29.29
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - msftconnecttest.com
  - msftncsi.com
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.srv.nintendo.net"
  - "*.n.n.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  - "+.shark007.net"
  - "+.termux.org"
  - "+.codest.me"
  - "+.haoduopan.cn"
  - "+.*"
proxy-groups:
- name: Steam
  type: select
  proxies:
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - DIRECT
- name: Xbox
  type: select
  proxies:
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - DIRECT
- name: OneDrive
  type: select
  proxies:
  - Proxies
  - China
  - HK
  - SG
  - JP
  - TW
  - DIRECT
- name: Microsoft
  type: select
  proxies:
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - DIRECT
- name: GameDirect
  type: select
  proxies:
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - DIRECT
- name: CustomDirect
  type: select
  proxies:
  - DIRECT
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
- name: CustomProxy
  type: select
  proxies:
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - China
  - DIRECT
- name: PayPal
  type: select
  proxies:
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - DIRECT
- name: Apple
  type: select
  proxies:
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - DIRECT
- name: StreamingSE
  type: select
  proxies:
  - China
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - US
  - DIRECT
- name: Streaming
  type: select
  proxies:
  - SG
  - HK
  - Proxies
  - JP
  - TW
  - US
  - DIRECT
- name: Telegram
  type: select
  proxies:
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - US
- name: GMail
  type: select
  proxies:
  - Proxies
  - HK
  - SG
  - JP
  - TW
  - US
  - DIRECT
- name: Proxies
  type: select
  proxies:
  - HK
  - SG
  - JP
  - TW
  - US
  - DIRECT
- name: China
  type: select
  proxies:
  - DIRECT
  - Proxies
- name: Final
  type: select
  proxies:
  - Proxies
  - China
  - DIRECT
- name: HK
  type: select
  proxies:
  - "\U0001F1ED\U0001F1F0 香港1"
- name: SG
  type: select
  proxies:
  - "\U0001F1F8\U0001F1EC 新加坡1"
- name: TW
  type: select
  proxies:
  - "\U0001F1E8\U0001F1F3 台湾1"
- name: JP
  type: select
  proxies:
  - "\U0001F1EF\U0001F1F5 日本1"
- name: US
  type: select
  proxies:
  - "\U0001F1FA\U0001F1F8 美国1"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,damitan.com,CustomDirect
- DOMAIN-SUFFIX,lsjxs.cc,CustomDirect
- DOMAIN-SUFFIX,longtenghuaxia.com,CustomDirect
- DOMAIN-SUFFIX,kanhshu.com,CustomDirect
- DOMAIN-SUFFIX,diyibanzhu99.com,CustomDirect
- DOMAIN-SUFFIX,tz659.com,CustomDirect
- DOMAIN-SUFFIX,maizixueyuan.com,CustomDirect
- DOMAIN-SUFFIX,dybz1.me,CustomDirect
- DOMAIN-SUFFIX,yulinzhanye.tw,CustomDirect
- DOMAIN-SUFFIX,jmshuwu.net,CustomDirect
- DOMAIN-SUFFIX,hongjiuwx.com,CustomDirect
- DOMAIN-SUFFIX,hongrenxs.net,CustomDirect
- DOMAIN-SUFFIX,bz2021.com,CustomDirect
- DOMAIN-SUFFIX,danshenxs.com,CustomDirect
- DOMAIN-KEYWORD,tzkxs,CustomDirect
- PROCESS-NAME,HD-Player.exe,CustomProxy
- DOMAIN-SUFFIX,zxcs.me,China
- DOMAIN-KEYWORD,tracker,China
- DOMAIN-KEYWORD,announce.php?passkey=,China
- DOMAIN-KEYWORD,peer_id=,China
- DOMAIN-KEYWORD,info_hash,China
- DOMAIN-KEYWORD,get_peers,China
- DOMAIN-KEYWORD,find_node,China
- DOMAIN-KEYWORD,announce_peer,China
- DOMAIN-SUFFIX,downloadtorrentfile.com,China
- DOMAIN-SUFFIX,torrentgalaxy.to,China
- DOMAIN-SUFFIX,torrentdownloads.pro,China
- DOMAIN-SUFFIX,torrent911.org,China
- DOMAIN-SUFFIX,ajax.cloudflare.com,China
- DOMAIN-SUFFIX,cdnjs.cloudflare.com,China
- DOMAIN-SUFFIX,aliyuncs.com,China
- DOMAIN-SUFFIX,n1.com,China
- DOMAIN-SUFFIX,atpanel.com,China
- DOMAIN-SUFFIX,plex.tv,China
- DOMAIN-SUFFIX,me.plexapp.com,China
- DOMAIN-SUFFIX,plex.direct,China
- DOMAIN-SUFFIX,1password.com,China
- DOMAIN-SUFFIX,goodsync.com,China
- DOMAIN-SUFFIX,safelinks.protection.outlook.com,China
- DOMAIN-SUFFIX,imap.gmail.com,GMail
- DOMAIN-SUFFIX,smtp.gmail.com,GMail
- DOMAIN-SUFFIX,steam-chat.com,Steam
- DOMAIN-SUFFIX,steamcontent.com,Steam
- DOMAIN-SUFFIX,steamgames.com,Steam
- DOMAIN-SUFFIX,steampowered.com,Steam
- DOMAIN-SUFFIX,steamstat.us,Steam
- DOMAIN-SUFFIX,steamstatic.com,Steam
- DOMAIN-SUFFIX,steamusercontent.com,Steam
- DOMAIN-SUFFIX,clientconfig.akamai.steamtransparent.com,Steam
- DOMAIN-SUFFIX,steampipe.akamaized.net,Steam
- DOMAIN-SUFFIX,steampowered.com.edgesuite.net,Steam
- DOMAIN,steambroadcast.akamaized.net,Steam
- DOMAIN,steamcdn-a.akamaihd.net,Steam
- DOMAIN,steamcommunity-a.akamaihd.net,Steam
- DOMAIN,steamstore-a.akamaihd.net,Steam
- DOMAIN,steamusercontent-a.akamaihd.net,Steam
- DOMAIN,steamusercontent-a.akamaihd.net,Steam
- DOMAIN,steamuserimages-a.akamaihd.net,Steam
- DOMAIN-SUFFIX,xboxlive.com,Xbox
- DOMAIN-SUFFIX,xboxservices.com,Xbox
- DOMAIN-SUFFIX,gamepass.com,Xbox
- DOMAIN,store-images.s-microsoft.com,Xbox
- DOMAIN,img-prod-cms-rt-microsoft-com.akamaized.net,Xbox
- DOMAIN,login.live.com,Xbox
- DOMAIN,logincdn.msauth.net,Xbox
- PROCESS-NAME,OneDrive,OneDrive
- DOMAIN-SUFFIX,1drv.com,OneDrive
- DOMAIN-SUFFIX,onedrive.com,OneDrive
- DOMAIN-SUFFIX,storage.live.com,OneDrive
- DOMAIN,oneclient.sfx.ms,OneDrive
- DOMAIN-SUFFIX,microsoft.com,Microsoft
- DOMAIN-SUFFIX,msecnd.net,Microsoft
- DOMAIN-SUFFIX,msedge.net,Microsoft
- DOMAIN-SUFFIX,appcenter.ms,Microsoft
- DOMAIN-SUFFIX,azureedge.net,Microsoft
- DOMAIN-SUFFIX,azurefd.net,Microsoft
- DOMAIN-SUFFIX,onestore.ms,Microsoft
- DOMAIN-SUFFIX,officeapps.live.com,Microsoft
- DOMAIN-SUFFIX,office.net,Microsoft
- DOMAIN-SUFFIX,msn.com,Microsoft
- DOMAIN-SUFFIX,office.com,Microsoft
- DOMAIN-SUFFIX,office365.com,Microsoft
- DOMAIN-SUFFIX,windows.com,Microsoft
- DOMAIN-SUFFIX,xboxlive.cn,Microsoft
- DOMAIN-SUFFIX,visualstudio.com,Microsoft
- DOMAIN,software-download.microsoft.com,Microsoft
- DOMAIN-KEYWORD,-microsoft-com.akamaized.net,Microsoft
- DOMAIN-KEYWORD,-msn-com.akamaized.net,Microsoft
- DOMAIN-KEYWORD,icloud.com.akadns.net,Apple
- DOMAIN,api.biliapi.com,StreamingSE
- DOMAIN,api.biliapi.net,StreamingSE
- DOMAIN,api.bilibili.com,StreamingSE
- DOMAIN,app.biliapi.com,StreamingSE
- DOMAIN,app.biliapi.net,StreamingSE
- DOMAIN,app.bilibili.com,StreamingSE
- DOMAIN,grpc.biliapi.net,StreamingSE
- DOMAIN,m.bilibili.com,StreamingSE
- DOMAIN,upos-hz-mirrorakam.akamaized.net,StreamingSE
- DOMAIN,www.bilibili.com,StreamingSE
- DOMAIN-KEYWORD,cn-hk-eq-bcache-,StreamingSE
- DOMAIN,cache.video.iqiyi.com,StreamingSE
- IP-CIDR,116.211.202.206/32,StreamingSE,no-resolve
- IP-CIDR,116.211.202.216/32,StreamingSE,no-resolve
- DOMAIN-SUFFIX,api.mgtv.com,StreamingSE
- DOMAIN,mobileso.bz.mgtv.com,StreamingSE
- DOMAIN-SUFFIX,ext-twitch.tv,Streaming
- DOMAIN-SUFFIX,jtvnw.net,Streaming
- DOMAIN-SUFFIX,ttvnw.net,Streaming
- DOMAIN-SUFFIX,twitch.tv,Streaming
- DOMAIN-SUFFIX,twitchcdn.net,Streaming
- DOMAIN-SUFFIX,twitch-ext.rootonline.de,Streaming
- DOMAIN-SUFFIX,deezer.com,Streaming
- DOMAIN-SUFFIX,dzcdn.net,Streaming
- DOMAIN-SUFFIX,joox.com,Streaming
- DOMAIN-KEYWORD,jooxweb-api,Streaming
- DOMAIN-SUFFIX,kkbox.com,Streaming
- DOMAIN-SUFFIX,kkbox.com.tw,Streaming
- DOMAIN-SUFFIX,kfs.io,Streaming
- DOMAIN-SUFFIX,pandora.com,Streaming
- DOMAIN-SUFFIX,p-cdn.us,Streaming
- DOMAIN-SUFFIX,sndcdn.com,Streaming
- DOMAIN-SUFFIX,soundcloud.com,Streaming
- DOMAIN-SUFFIX,pscdn.co,Streaming
- DOMAIN-SUFFIX,scdn.co,Streaming
- DOMAIN-SUFFIX,spotify.com,Streaming
- DOMAIN-SUFFIX,spoti.fi,Streaming
- DOMAIN-KEYWORD,spotify.com,Streaming
- DOMAIN-KEYWORD,-spotify-com,Streaming
- DOMAIN-SUFFIX,tidal.com,Streaming
- DOMAIN-SUFFIX,himalaya.com,Streaming
- DOMAIN-SUFFIX,overcast.fm,Streaming
- DOMAIN-SUFFIX,abema.io,Streaming
- DOMAIN-SUFFIX,abema.tv,Streaming
- DOMAIN-SUFFIX,abema-tv.com,Streaming
- DOMAIN-SUFFIX,ameba.jp,Streaming
- DOMAIN-SUFFIX,hayabusa.io,Streaming
- DOMAIN-SUFFIX,hayabusa.media,Streaming
- DOMAIN,api-abematv.bucketeer.jp,Streaming
- DOMAIN-KEYWORD,abematv.akamaized.net,Streaming
- DOMAIN-SUFFIX,c4assets.com,Streaming
- DOMAIN-SUFFIX,channel4.com,Streaming
- DOMAIN-SUFFIX,aiv-cdn.net,Streaming
- DOMAIN-SUFFIX,aiv-delivery.net,Streaming
- DOMAIN-SUFFIX,amazonvideo.com,Streaming
- DOMAIN-SUFFIX,media-amazon.com,Streaming
- DOMAIN-SUFFIX,primevideo.com,Streaming
- DOMAIN-SUFFIX,pv-cdn.net,Streaming
- DOMAIN,atv-ps.amazon.com,Streaming
- DOMAIN,fls-na.amazon.com,Streaming
- DOMAIN,avodmp4s3ww-a.akamaihd.net,Streaming
- DOMAIN,d25xi40x97liuc.cloudfront.net,Streaming
- DOMAIN,dmqdd6hw24ucf.cloudfront.net,Streaming
- DOMAIN,dmqdd6hw24ucf.cloudfront.net,Streaming
- DOMAIN,d22qjgkvxw22r6.cloudfront.net,Streaming
- DOMAIN,d1v5ir2lpwr8os.cloudfront.net,Streaming
- DOMAIN,d27xxe7juh1us6.cloudfront.net,Streaming
- DOMAIN-KEYWORD,avoddashs,Streaming
- DOMAIN,tv.applemusic.com,Streaming
- DOMAIN,linear.tv.apple.com,Streaming
- DOMAIN,play-edge.itunes.apple.com,Streaming
- DOMAIN,uts-api.itunes.apple.com,Streaming
- DOMAIN-SUFFIX,bahamut.com.tw,Streaming
- DOMAIN-SUFFIX,gamer.com.tw,Streaming
- DOMAIN,bahamut.akamaized.net,Streaming
- DOMAIN,gamer-cds.cdn.hinet.net,Streaming
- DOMAIN,gamer2-cds.cdn.hinet.net,Streaming
- DOMAIN-SUFFIX,bbc.co.uk,Streaming
- DOMAIN-SUFFIX,bbci.co.uk,Streaming
- DOMAIN-KEYWORD,bbcfmt,Streaming
- DOMAIN-KEYWORD,uk-live,Streaming
- DOMAIN-SUFFIX,biliintl.com,Streaming
- DOMAIN,apm-misaka.biliapi.net,Streaming
- DOMAIN,p.bstarstatic.com,Streaming
- DOMAIN,p-bstarstatic.akamaized.net,Streaming
- DOMAIN,upos-bstar-mirrorakam.akamaized.net,Streaming
- DOMAIN,upos-bstar1-mirrorakam.akamaized.net,Streaming
- DOMAIN-SUFFIX,dazn.com,Streaming
- DOMAIN-SUFFIX,dazn-api.com,Streaming
- DOMAIN-SUFFIX,dazndn.com,Streaming
- DOMAIN-SUFFIX,indazn.com,Streaming
- DOMAIN,d151l6v8er5bdm.cloudfront.net,Streaming
- DOMAIN-KEYWORD,voddazn,Streaming
- DOMAIN-SUFFIX,disco-api.com,Streaming
- DOMAIN-SUFFIX,discoveryplus.co.uk,Streaming
- DOMAIN-SUFFIX,discoveryplus.com,Streaming
- DOMAIN-SUFFIX,discoveryplus.in,Streaming
- DOMAIN-SUFFIX,dnitv.com,Streaming
- DOMAIN,x-default-stgec.uplynk.com,Streaming
- DOMAIN-KEYWORD,discovery.uplynk.com,Streaming
- DOMAIN-SUFFIX,bamgrid.com,Streaming
- DOMAIN-SUFFIX,disneyplus.com,Streaming
- DOMAIN-SUFFIX,disney-plus.net,Streaming
- DOMAIN-SUFFIX,disneystreaming.com,Streaming
- DOMAIN-SUFFIX,dssott.com,Streaming
- DOMAIN,cdn.registerdisney.go.com,Streaming
- DOMAIN-SUFFIX,dmm.co.jp,Streaming
- DOMAIN-SUFFIX,dmm.com,Streaming
- DOMAIN-SUFFIX,dmm-extension.com,Streaming
- DOMAIN-SUFFIX,encoretvb.com,Streaming
- DOMAIN,edge.api.brightcove.com,Streaming
- DOMAIN,bcbolt446c5271-a.akamaihd.net,Streaming
- DOMAIN-SUFFIX,ott.hinet.net,Streaming
- DOMAIN-SUFFIX,hamivideo.hinet.net,Streaming
- DOMAIN,hls-hichannel.cdn.hinet.net,Streaming
- DOMAIN-KEYWORD,hamivideo.cdn.hinet.net,Streaming
- DOMAIN-SUFFIX,hbo.com,Streaming
- DOMAIN-SUFFIX,hbogo.com,Streaming
- DOMAIN-SUFFIX,hbonow.com,Streaming
- DOMAIN-SUFFIX,hbomax.com,Streaming
- DOMAIN-SUFFIX,hbomaxcdn.com,Streaming
- DOMAIN-SUFFIX,hbogoasia.com,Streaming
- DOMAIN-SUFFIX,hbogoasia.hk,Streaming
- DOMAIN-KEYWORD,.hbogoasia.,Streaming
- DOMAIN,44wilhpljf.execute-api.ap-southeast-1.amazonaws.com,Streaming
- DOMAIN,bcbolthboa-a.akamaihd.net,Streaming
- DOMAIN,cf-images.ap-southeast-1.prod.boltdns.net,Streaming
- DOMAIN,dai3fd1oh325y.cloudfront.net,Streaming
- DOMAIN,hboasia1-i.akamaihd.net,Streaming
- DOMAIN,hboasia2-i.akamaihd.net,Streaming
- DOMAIN,hboasia3-i.akamaihd.net,Streaming
- DOMAIN,hboasia4-i.akamaihd.net,Streaming
- DOMAIN,hboasia5-i.akamaihd.net,Streaming
- DOMAIN,hboasialive.akamaized.net,Streaming
- DOMAIN,hbogoprod-vod.akamaized.net,Streaming
- DOMAIN,hbolb.onwardsmg.com,Streaming
- DOMAIN,hbounify-prod.evergent.com,Streaming
- DOMAIN,players.brightcove.net,Streaming
- DOMAIN,s3-ap-southeast-1.amazonaws.com,Streaming
- DOMAIN-SUFFIX,5itv.tv,Streaming
- DOMAIN-SUFFIX,ocnttv.com,Streaming
- DOMAIN-SUFFIX,hulu.com,Streaming
- DOMAIN-SUFFIX,huluim.com,Streaming
- DOMAIN-SUFFIX,hulustream.com,Streaming
- DOMAIN-SUFFIX,happyon.jp,Streaming
- DOMAIN-SUFFIX,hjholdings.jp,Streaming
- DOMAIN-SUFFIX,hulu.jp,Streaming
- DOMAIN-SUFFIX,itv.com,Streaming
- DOMAIN-SUFFIX,itvstatic.com,Streaming
- DOMAIN,itvpnpmobile-a.akamaihd.net,Streaming
- DOMAIN-SUFFIX,iq.com,Streaming
- DOMAIN,intl.iqiyi.com,Streaming
- DOMAIN,intl-rcd.iqiyi.com,Streaming
- DOMAIN,intl-subscription.iqiyi.com,Streaming
- IP-CIDR,23.53.32.88/32,Streaming,no-resolve
- IP-CIDR,23.211.15.99/32,Streaming,no-resolve
- IP-CIDR,103.5.34.153/32,Streaming,no-resolve
- IP-CIDR,104.109.129.153/32,Streaming,no-resolve
- IP-CIDR,110.238.107.47/32,Streaming,no-resolve
- IP-CIDR,118.26.32.178/32,Streaming,no-resolve
- IP-CIDR,203.74.95.131/32,Streaming,no-resolve
- IP-CIDR,203.74.95.139/32,Streaming,no-resolve
- IP-CIDR,203.74.95.153/32,Streaming,no-resolve
- IP-CIDR,203.211.4.169/32,Streaming,no-resolve
- IP-CIDR,203.211.4.193/32,Streaming,no-resolve
- IP-CIDR,210.71.227.200/32,Streaming,no-resolve
- IP-CIDR,210.71.227.202/32,Streaming,no-resolve
- IP-CIDR,210.201.32.8/32,Streaming,no-resolve
- IP-CIDR,210.201.32.11/32,Streaming,no-resolve
- DOMAIN-SUFFIX,kktv.com.tw,Streaming
- DOMAIN-SUFFIX,kktv.me,Streaming
- DOMAIN,kktv-theater.kk.stream,Streaming
- DOMAIN,theater-kktv.cdn.hinet.net,Streaming
- DOMAIN-SUFFIX,linetv.tw,Streaming
- DOMAIN,d3c7rimkq79yfu.cloudfront.net,Streaming
- DOMAIN-SUFFIX,litv.tv,Streaming
- DOMAIN,litvfreemobile-hichannel.cdn.hinet.net,Streaming
- DOMAIN-SUFFIX,channel5.com,Streaming
- DOMAIN-SUFFIX,my5.tv,Streaming
- DOMAIN,d349g9zuie06uo.cloudfront.net,Streaming
- DOMAIN-SUFFIX,mytvsuper.com,Streaming
- DOMAIN-SUFFIX,tvb.com,Streaming
- DOMAIN-SUFFIX,naver.com,Streaming
- DOMAIN-SUFFIX,smartmediarep.com,Streaming
- DOMAIN-SUFFIX,netflix.com,Streaming
- DOMAIN-SUFFIX,netflix.net,Streaming
- DOMAIN-SUFFIX,nflxext.com,Streaming
- DOMAIN-SUFFIX,nflximg.com,Streaming
- DOMAIN-SUFFIX,nflximg.net,Streaming
- DOMAIN-SUFFIX,nflxso.net,Streaming
- DOMAIN-SUFFIX,nflxvideo.net,Streaming
- DOMAIN-KEYWORD,netflixdnstest,Streaming
- DOMAIN-KEYWORD,apiproxy-device-prod-nlb-,Streaming
- DOMAIN-KEYWORD,dualstack.apiproxy-,Streaming
- DOMAIN-SUFFIX,dmc.nico,Streaming
- DOMAIN-SUFFIX,nicovideo.jp,Streaming
- DOMAIN-SUFFIX,nimg.jp,Streaming
- DOMAIN-SUFFIX,nowe.com,Streaming
- DOMAIN-SUFFIX,nowestatic.com,Streaming
- DOMAIN-SUFFIX,cbsi.com,Streaming
- DOMAIN-SUFFIX,cbsaavideo.com,Streaming
- DOMAIN-SUFFIX,cbsivideo.com,Streaming
- DOMAIN-SUFFIX,paramountplus.com,Streaming
- DOMAIN-SUFFIX,pplusstatic.com,Streaming
- DOMAIN,cbsi.live.ott.irdeto.com,Streaming
- DOMAIN,cbsplaylistserver.aws.syncbak.com,Streaming
- DOMAIN,cbsservice.aws.syncbak.com,Streaming
- DOMAIN,link.theplatform.com,Streaming
- DOMAIN-SUFFIX,pbs.org,Streaming
- DOMAIN-SUFFIX,peacocktv.com,Streaming
- DOMAIN-SUFFIX,phncdn.com,Streaming
- DOMAIN-SUFFIX,phprcdn.com,Streaming
- DOMAIN-SUFFIX,pornhub.com,Streaming
- DOMAIN-SUFFIX,pornhubpremium.com,Streaming
- DOMAIN-SUFFIX,skyking.com.tw,Streaming
- DOMAIN,hamifans.emome.net,Streaming
- DOMAIN-SUFFIX,byteoversea.com,Streaming
- DOMAIN-SUFFIX,ibytedtos.com,Streaming
- DOMAIN-SUFFIX,muscdn.com,Streaming
- DOMAIN-SUFFIX,musical.ly,Streaming
- DOMAIN-SUFFIX,tiktok.com,Streaming
- DOMAIN-SUFFIX,tik-tokapi.com,Streaming
- DOMAIN-SUFFIX,tiktokcdn.com,Streaming
- DOMAIN-SUFFIX,tiktokv.com,Streaming
- DOMAIN-KEYWORD,tiktokcdn-,Streaming
- DOMAIN-SUFFIX,tver.jp,Streaming
- DOMAIN,edge.api.brightcove.com,Streaming
- DOMAIN-SUFFIX,viu.com,Streaming
- DOMAIN-SUFFIX,viu.tv,Streaming
- DOMAIN,api.viu.now.com,Streaming
- DOMAIN,d1k2us671qcoau.cloudfront.net,Streaming
- DOMAIN,d2anahhhmp1ffz.cloudfront.net,Streaming
- DOMAIN,dfp6rglgjqszk.cloudfront.net,Streaming
- DOMAIN-SUFFIX,wetv.vip,Streaming
- DOMAIN-SUFFIX,wetvinfo.com,Streaming
- IP-CIDR,150.109.28.51/32,Streaming,no-resolve
- DOMAIN-SUFFIX,googlevideo.com,Streaming
- DOMAIN-SUFFIX,withyoutube.com,Streaming
- DOMAIN-SUFFIX,youtu.be,Streaming
- DOMAIN-SUFFIX,youtube.com,Streaming
- DOMAIN-SUFFIX,youtubeeducation.com,Streaming
- DOMAIN-SUFFIX,youtubegaming.com,Streaming
- DOMAIN-SUFFIX,youtubekids.com,Streaming
- DOMAIN-SUFFIX,youtube-nocookie.com,Streaming
- DOMAIN-SUFFIX,yt.be,Streaming
- DOMAIN-SUFFIX,ytimg.com,Streaming
- DOMAIN,youtubei.googleapis.com,Streaming
- DOMAIN,yt3.ggpht.com,Streaming
- DOMAIN-SUFFIX,t.me,Telegram
- DOMAIN-SUFFIX,tdesktop.com,Telegram
- DOMAIN-SUFFIX,telesco.pe,Telegram
- DOMAIN-SUFFIX,telegram.dog,Telegram
- DOMAIN-SUFFIX,telegram.me,Telegram
- DOMAIN-SUFFIX,telegram.org,Telegram
- DOMAIN-SUFFIX,telegra.ph,Telegram
- IP-CIDR,91.108.56.0/22,Telegram,no-resolve
- IP-CIDR,91.108.4.0/22,Telegram,no-resolve
- IP-CIDR,91.108.8.0/22,Telegram,no-resolve
- IP-CIDR,91.108.16.0/22,Telegram,no-resolve
- IP-CIDR,91.108.12.0/22,Telegram,no-resolve
- IP-CIDR,149.154.160.0/20,Telegram,no-resolve
- IP-CIDR,91.105.192.0/23,Telegram,no-resolve
- IP-CIDR,91.108.20.0/22,Telegram,no-resolve
- IP-CIDR,185.76.151.0/24,Telegram,no-resolve
- IP-CIDR6,2001:b28:f23d::/48,Telegram,no-resolve
- IP-CIDR6,2001:b28:f23f::/48,Telegram,no-resolve
- IP-CIDR6,2001:67c:4e8::/48,Telegram,no-resolve
- IP-CIDR6,2001:b28:f23c::/48,Telegram,no-resolve
- IP-CIDR6,2a0a:f280::/32,Telegram,no-resolve
- DOMAIN-SUFFIX,naver.jp,Proxies
- IP-CIDR,103.2.30.0/23,Proxies,no-resolve
- IP-CIDR,125.209.208.0/20,Proxies,no-resolve
- IP-CIDR,147.92.128.0/17,Proxies,no-resolve
- IP-CIDR,203.104.144.0/21,Proxies,no-resolve
- DOMAIN-SUFFIX,accountkit.com,Proxies
- DOMAIN-SUFFIX,cdninstagram.com,Proxies
- DOMAIN-SUFFIX,f8.com,Proxies
- DOMAIN-SUFFIX,facebookmail.com,Proxies
- DOMAIN-SUFFIX,fb.com,Proxies
- DOMAIN-SUFFIX,fb.me,Proxies
- DOMAIN-SUFFIX,fb.watch,Proxies
- DOMAIN-SUFFIX,fbaddins.com,Proxies
- DOMAIN-SUFFIX,fbcdn.net,Proxies
- DOMAIN-SUFFIX,fbsbx.com,Proxies
- DOMAIN-SUFFIX,fbworkmail.com,Proxies
- DOMAIN-SUFFIX,instagram.com,Proxies
- DOMAIN-SUFFIX,m.me,Proxies
- DOMAIN-SUFFIX,messenger.com,Proxies
- DOMAIN-SUFFIX,oculus.com,Proxies
- DOMAIN-SUFFIX,oculuscdn.com,Proxies
- DOMAIN-SUFFIX,readyatdawn.com,Proxies
- DOMAIN-SUFFIX,rocksdb.org,Proxies
- DOMAIN-SUFFIX,whatsapp.com,Proxies
- DOMAIN-SUFFIX,whatsapp.net,Proxies
- DOMAIN-KEYWORD,.facebook.,Proxies
- DOMAIN-SUFFIX,aka.ms,Proxies
- DOMAIN-SUFFIX,github.blog,Proxies
- DOMAIN-SUFFIX,github.com,Proxies
- DOMAIN-SUFFIX,github.io,Proxies
- DOMAIN-SUFFIX,githubassets.com,Proxies
- DOMAIN-SUFFIX,githubusercontent.com,Proxies
- DOMAIN-SUFFIX,onedrive.live.com,Proxies
- DOMAIN-SUFFIX,streaming.mediaservices.windows.net,Proxies
- DOMAIN,assets1.xboxlive.com,Proxies
- DOMAIN,assets2.xboxlive.com,Proxies
- DOMAIN,az416426.vo.msecnd.net,Proxies
- DOMAIN,az668014.vo.msecnd.net,Proxies
- DOMAIN-SUFFIX,pinimg.com,Proxies
- DOMAIN-KEYWORD,.pinterest.,Proxies
- DOMAIN-SUFFIX,pixiv.net,Proxies
- DOMAIN-SUFFIX,pixiv.org,Proxies
- DOMAIN-SUFFIX,pximg.net,Proxies
- DOMAIN-SUFFIX,redd.it,Proxies
- DOMAIN-SUFFIX,reddit.com,Proxies
- DOMAIN-SUFFIX,redditmedia.com,Proxies
- DOMAIN-SUFFIX,redditstatic.com,Proxies
- DOMAIN-SUFFIX,reuters.com,Proxies
- DOMAIN-SUFFIX,reutersmedia.net,Proxies
- DOMAIN-SUFFIX,steamcommunity.com,Proxies
- DOMAIN-SUFFIX,legra.ph,Proxies
- DOMAIN-SUFFIX,t.me,Proxies
- DOMAIN-SUFFIX,tdesktop.com,Proxies
- DOMAIN-SUFFIX,telegra.ph,Proxies
- DOMAIN-SUFFIX,telegram.me,Proxies
- DOMAIN-SUFFIX,telegram.org,Proxies
- DOMAIN-SUFFIX,telesco.pe,Proxies
- IP-CIDR,91.108.4.0/22,Proxies,no-resolve
- IP-CIDR,91.108.8.0/22,Proxies,no-resolve
- IP-CIDR,91.108.12.0/22,Proxies,no-resolve
- IP-CIDR,91.108.16.0/22,Proxies,no-resolve
- IP-CIDR,91.108.20.0/22,Proxies,no-resolve
- IP-CIDR,91.108.56.0/22,Proxies,no-resolve
- IP-CIDR,91.105.192.0/23,Proxies,no-resolve
- IP-CIDR,149.154.160.0/20,Proxies,no-resolve
- IP-CIDR,185.76.151.0/24,Proxies,no-resolve
- IP-CIDR6,2001:b28:f23d::/48,Proxies,no-resolve
- IP-CIDR6,2001:b28:f23f::/48,Proxies,no-resolve
- IP-CIDR6,2001:67c:4e8::/48,Proxies,no-resolve
- IP-CIDR6,2001:b28:f23c::/48,Proxies,no-resolve
- IP-CIDR6,2a0a:f280::/32,Proxies,no-resolve
- DOMAIN-SUFFIX,economist.com,Proxies
- DOMAIN-SUFFIX,static-economist.com,Proxies
- DOMAIN-SUFFIX,newyorktimes.com,Proxies
- DOMAIN-SUFFIX,nyt.com,Proxies
- DOMAIN-SUFFIX,nytco.com,Proxies
- DOMAIN-SUFFIX,nytimes.com,Proxies
- DOMAIN-SUFFIX,nytimg.com,Proxies
- DOMAIN-SUFFIX,nytlog.com,Proxies
- DOMAIN-SUFFIX,nytstyle.com,Proxies
- DOMAIN-SUFFIX,tmagazine.com,Proxies
- DOMAIN-SUFFIX,periscope.tv,Proxies
- DOMAIN-SUFFIX,pscp.tv,Proxies
- DOMAIN-SUFFIX,t.co,Proxies
- DOMAIN-SUFFIX,tweetdeck.com,Proxies
- DOMAIN-SUFFIX,twimg.co,Proxies
- DOMAIN-SUFFIX,twimg.com,Proxies
- DOMAIN-SUFFIX,twitpic.com,Proxies
- DOMAIN-SUFFIX,twitter.com,Proxies
- DOMAIN-SUFFIX,twitter.jp,Proxies
- DOMAIN-SUFFIX,vine.co,Proxies
- DOMAIN-SUFFIX,mediawiki.org,Proxies
- DOMAIN-SUFFIX,wikibooks.org,Proxies
- DOMAIN-SUFFIX,wikidata.org,Proxies
- DOMAIN-SUFFIX,wikileaks.org,Proxies
- DOMAIN-SUFFIX,wikimedia.org,Proxies
- DOMAIN-SUFFIX,wikimediafoundation.org,Proxies
- DOMAIN-SUFFIX,wikinews.org,Proxies
- DOMAIN-SUFFIX,wikipedia.org,Proxies
- DOMAIN-SUFFIX,wikiquote.org,Proxies
- DOMAIN-SUFFIX,wikisource.org,Proxies
- DOMAIN-SUFFIX,wikiversity.org,Proxies
- DOMAIN-SUFFIX,wikivoyage.org,Proxies
- DOMAIN-SUFFIX,wiktionary.org,Proxies
- DOMAIN-SUFFIX,yahoo.com,Proxies
- DOMAIN,search.yahoo.co.jp,Proxies
- DOMAIN-SUFFIX,yadi.sk,Proxies
- DOMAIN,disk.yandex.com,Proxies
- DOMAIN-SUFFIX,aicoin.com,Proxies
- DOMAIN-SUFFIX,aimoon.com,Proxies
- DOMAIN-SUFFIX,engadget.com,Proxies
- DOMAIN-SUFFIX,ifixit.com,Proxies
- DOMAIN-SUFFIX,terabox.com,Proxies
- DOMAIN-SUFFIX,zaobao.com.sg,Proxies
- DOMAIN,addons.mozilla.org,Proxies
- DOMAIN,wego.here.com,Proxies
- DOMAIN-SUFFIX,go.dev,Proxies
- DOMAIN-SUFFIX,golang.org,Proxies
- DOMAIN-SUFFIX,appsto.re,Proxies
- DOMAIN-SUFFIX,smoot.apple.com,Proxies
- DOMAIN,amp-api.podcasts.apple.com,Proxies
- DOMAIN,beta.music.apple.com,Proxies
- DOMAIN,books.itunes.apple.com,Proxies
- DOMAIN,lookup-api.apple.com,Proxies
- DOMAIN,radio.itunes.apple.com,Proxies
- DOMAIN,apps.apple.com,Proxies
- DOMAIN,books.apple.com,Proxies
- DOMAIN,itunes.apple.com,Proxies
- DOMAIN,tv.apple.com,Proxies
- DOMAIN,gateway.icloud.com,Proxies
- DOMAIN-SUFFIX,apple.news,Proxies
- DOMAIN,news-assets.apple.com,Proxies
- DOMAIN,news-client.apple.com,Proxies
- DOMAIN,news-client-search.apple.com,Proxies
- DOMAIN,news-edge.apple.com,Proxies
- DOMAIN,news-events.apple.com,Proxies
- DOMAIN,apple.comscoreresearch.com,Proxies
- DOMAIN-SUFFIX,bing.com,Proxies
- DOMAIN-SUFFIX,linkedin.com,Proxies
- DOMAIN-SUFFIX,licdn.com,Proxies
- DOMAIN-SUFFIX,msn.com,Proxies
- DOMAIN-SUFFIX,skype.com,Proxies
- DOMAIN-SUFFIX,flyert.com,China
- DOMAIN-SUFFIX,gandi.net,China
- DOMAIN-SUFFIX,snapdrop.net,China
- DOMAIN,download.jetbrains.com,China
- DOMAIN,origin-a.akamaihd.net,China
- DOMAIN,outlook.office365.com,China
- DOMAIN,smtp-mail.outlook.com,China
- DOMAIN,smtp.office365.com,China
- DOMAIN-SUFFIX,dl.delivery.mp.microsoft.com,China
- DOMAIN-SUFFIX,update.microsoft.com,China
- DOMAIN-SUFFIX,windowsupdate.com,China
- DOMAIN-SUFFIX,windowsupdate.microsoft.com,China
- DOMAIN,download.microsoft.com,China
- DOMAIN,wustat.windows.com,China
- DOMAIN,ntservicepack.microsoft.com,China
- DOMAIN-SUFFIX,paypal.com,China
- DOMAIN-SUFFIX,paypal.me,China
- DOMAIN-SUFFIX,paypal-mktg.com,China
- DOMAIN-SUFFIX,paypalobjects.com,China
- DOMAIN-SUFFIX,cm.steampowered.com,China
- DOMAIN-SUFFIX,steamserver.net,China
- IP-CIDR,182.254.116.0/24,China,no-resolve
- IP-CIDR,203.205.238.0/23,China,no-resolve
- IP-CIDR,203.205.254.0/23,China,no-resolve
- DOMAIN,ip.istatmenus.app,China
- DOMAIN,sms.imagetasks.com,China
- DOMAIN-SUFFIX,netspeedtestmaster.com,China
- DOMAIN,speedtest.macpaw.com,China
- DOMAIN-SUFFIX,acg.rip,China
- DOMAIN-SUFFIX,animebytes.tv,China
- DOMAIN-SUFFIX,awesome-hd.me,China
- DOMAIN-SUFFIX,broadcasthe.net,China
- DOMAIN-SUFFIX,chdbits.co,China
- DOMAIN-SUFFIX,classix-unlimited.co.uk,China
- DOMAIN-SUFFIX,comicat.org,China
- DOMAIN-SUFFIX,empornium.me,China
- DOMAIN-SUFFIX,gazellegames.net,China
- DOMAIN-SUFFIX,hdbits.org,China
- DOMAIN-SUFFIX,hdchina.org,China
- DOMAIN-SUFFIX,hddolby.com,China
- DOMAIN-SUFFIX,hdhome.org,China
- DOMAIN-SUFFIX,hdsky.me,China
- DOMAIN-SUFFIX,icetorrent.org,China
- DOMAIN-SUFFIX,jpopsuki.eu,China
- DOMAIN-SUFFIX,keepfrds.com,China
- DOMAIN-SUFFIX,madsrevolution.net,China
- DOMAIN-SUFFIX,morethan.tv,China
- DOMAIN-SUFFIX,m-team.cc,China
- DOMAIN-SUFFIX,myanonamouse.net,China
- DOMAIN-SUFFIX,nanyangpt.com,China
- DOMAIN-SUFFIX,ncore.cc,China
- DOMAIN-SUFFIX,open.cd,China
- DOMAIN-SUFFIX,ourbits.club,China
- DOMAIN-SUFFIX,passthepopcorn.me,China
- DOMAIN-SUFFIX,privatehd.to,China
- DOMAIN-SUFFIX,pterclub.com,China
- DOMAIN-SUFFIX,redacted.ch,China
- DOMAIN-SUFFIX,springsunday.net,China
- DOMAIN-SUFFIX,tjupt.org,China
- DOMAIN-SUFFIX,totheglory.im,China
- GEOIP,CN,China,no-resolve
- DOMAIN-SUFFIX,local,DIRECT
- IP-CIDR,192.168.0.0/16,DIRECT,no-resolve
- IP-CIDR,10.0.0.0/8,DIRECT,no-resolve
- IP-CIDR,172.16.0.0/12,DIRECT,no-resolve
- IP-CIDR,127.0.0.0/8,DIRECT,no-resolve
- IP-CIDR,100.64.0.0/10,DIRECT,no-resolve
- IP-CIDR6,::1/128,DIRECT,no-resolve
- IP-CIDR6,fc00::/7,DIRECT,no-resolve
- IP-CIDR6,fe80::/10,DIRECT,no-resolve
- IP-CIDR6,fd00::/8,DIRECT,no-resolve
- GEOIP,CN,China
- MATCH,Final
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
external-ui: "/usr/share/openclash/ui"
ipv6: false
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:gSMw5iC3

#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Nov 24 23:38:11 2022
*nat
:PREROUTING ACCEPT [36975:4102744]
:INPUT ACCEPT [3156:716321]
:OUTPUT ACCEPT [2312:146570]
:POSTROUTING ACCEPT [8493:576296]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 32411 -j DNAT --to-destination 192.168.1.154:8097
-A MINIUPNPD -p tcp -m tcp --dport 32412 -j DNAT --to-destination 192.168.1.154:8921
-A MINIUPNPD -p tcp -m tcp --dport 34277 -j DNAT --to-destination 192.168.1.116:9010
-A MINIUPNPD -p tcp -m tcp --dport 34492 -j DNAT --to-destination 192.168.1.116:9020
-A MINIUPNPD -p udp -m udp --dport 36628 -j DNAT --to-destination 192.168.1.116:9030
-A MINIUPNPD -p udp -m udp --dport 35447 -j DNAT --to-destination 192.168.1.116:9031
-A MINIUPNPD -p udp -m udp --dport 32889 -j DNAT --to-destination 192.168.1.116:9032
-A MINIUPNPD -p udp -m udp --dport 31975 -j DNAT --to-destination 192.168.1.116:9033
-A MINIUPNPD -p tcp -m tcp --dport 35330 -j DNAT --to-destination 192.168.1.116:9010
-A MINIUPNPD -p tcp -m tcp --dport 36393 -j DNAT --to-destination 192.168.1.116:9020
-A MINIUPNPD -p udp -m udp --dport 33417 -j DNAT --to-destination 192.168.1.116:9030
-A MINIUPNPD -p udp -m udp --dport 31837 -j DNAT --to-destination 192.168.1.116:9031
-A MINIUPNPD -p udp -m udp --dport 31345 -j DNAT --to-destination 192.168.1.116:9032
-A MINIUPNPD -p udp -m udp --dport 39365 -j DNAT --to-destination 192.168.1.116:9033
-A MINIUPNPD -p tcp -m tcp --dport 15350 -j DNAT --to-destination 192.168.1.154:22000
-A MINIUPNPD -p tcp -m tcp --dport 49956 -j DNAT --to-destination 192.168.1.154:49956
-A MINIUPNPD -p udp -m udp --dport 49956 -j DNAT --to-destination 192.168.1.154:49956
-A MINIUPNPD -p tcp -m tcp --dport 21901 -j DNAT --to-destination 192.168.1.154:22000
-A MINIUPNPD-POSTROUTING -s 192.168.1.154/32 -p tcp -m tcp --sport 8097 -j MASQUERADE --to-ports 32411
-A MINIUPNPD-POSTROUTING -s 192.168.1.154/32 -p tcp -m tcp --sport 8921 -j MASQUERADE --to-ports 32412
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p tcp -m tcp --sport 9010 -j MASQUERADE --to-ports 34277
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p tcp -m tcp --sport 9020 -j MASQUERADE --to-ports 34492
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9030 -j MASQUERADE --to-ports 36628
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9031 -j MASQUERADE --to-ports 35447
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9032 -j MASQUERADE --to-ports 32889
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9033 -j MASQUERADE --to-ports 31975
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p tcp -m tcp --sport 9010 -j MASQUERADE --to-ports 35330
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p tcp -m tcp --sport 9020 -j MASQUERADE --to-ports 36393
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9030 -j MASQUERADE --to-ports 33417
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9031 -j MASQUERADE --to-ports 31837
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9032 -j MASQUERADE --to-ports 31345
-A MINIUPNPD-POSTROUTING -s 192.168.1.116/32 -p udp -m udp --sport 9033 -j MASQUERADE --to-ports 39365
-A MINIUPNPD-POSTROUTING -s 192.168.1.154/32 -p tcp -m tcp --sport 22000 -j MASQUERADE --to-ports 15350
-A MINIUPNPD-POSTROUTING -s 192.168.1.154/32 -p tcp -m tcp --sport 22000 -j MASQUERADE --to-ports 21901
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set lan_ac_black_ips src -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -s 192.168.1.154/32 -p tcp -m tcp --dport 32410 -j RETURN
-A openclash_output -s 192.168.1.154/32 -p tcp -m tcp --sport 32400 -j RETURN
-A openclash_output -s 192.168.1.154/32 -p tcp -m tcp --dport 47199 -j RETURN
-A openclash_output -s 192.168.1.154/32 -p tcp -m tcp --sport 25500 -j RETURN
-A openclash_output -s 192.168.1.1/32 -p tcp -m tcp --dport 47198 -j RETURN
-A openclash_output -s 192.168.1.1/32 -p tcp -m tcp --sport 47198 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p tcp -m tcp --dport 47198 -m comment --comment "!fw3: SSR (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.1/32 -p udp -m udp --dport 47198 -m comment --comment "!fw3: SSR (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.154/32 -p tcp -m tcp --dport 25500 -m comment --comment "!fw3: Subconverter (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.154/32 -p tcp -m tcp --dport 32400 -m comment --comment "!fw3: Plex (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_postrouting -s 192.168.1.0/24 -d 192.168.1.154/32 -p udp -m udp --dport 32400 -m comment --comment "!fw3: Plex (reflection)" -j SNAT --to-source 192.168.1.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 47198 -m comment --comment "!fw3: SSR (reflection)" -j DNAT --to-destination 192.168.1.1:47198
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p udp -m udp --dport 47198 -m comment --comment "!fw3: SSR (reflection)" -j DNAT --to-destination 192.168.1.1:47198
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 47199 -m comment --comment "!fw3: Subconverter (reflection)" -j DNAT --to-destination 192.168.1.154:25500
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p tcp -m tcp --dport 32410 -m comment --comment "!fw3: Plex (reflection)" -j DNAT --to-destination 192.168.1.154:32400
-A zone_lan_prerouting -s 192.168.1.0/24 -d *WAN IP*/32 -p udp -m udp --dport 32410 -m comment --comment "!fw3: Plex (reflection)" -j DNAT --to-destination 192.168.1.154:32400
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 47198 -m comment --comment "!fw3: SSR" -j DNAT --to-destination 192.168.1.1:47198
-A zone_wan_prerouting -p udp -m udp --dport 47198 -m comment --comment "!fw3: SSR" -j DNAT --to-destination 192.168.1.1:47198
-A zone_wan_prerouting -p tcp -m tcp --dport 47199 -m comment --comment "!fw3: Subconverter" -j DNAT --to-destination 192.168.1.154:25500
-A zone_wan_prerouting -p tcp -m tcp --dport 32410 -m comment --comment "!fw3: Plex" -j DNAT --to-destination 192.168.1.154:32400
-A zone_wan_prerouting -p udp -m udp --dport 32410 -m comment --comment "!fw3: Plex" -j DNAT --to-destination 192.168.1.154:32400
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Nov 24 23:38:11 2022

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Nov 24 23:38:11 2022
*mangle
:PREROUTING ACCEPT [136112:25652750]
:INPUT ACCEPT [45873:9182792]
:FORWARD ACCEPT [90116:16372530]
:OUTPUT ACCEPT [31317:13237695]
:POSTROUTING ACCEPT [121183:29606608]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -s 192.168.1.154/32 -p udp -m udp --sport 32400 -j RETURN
-A openclash -s 192.168.1.154/32 -p udp -m udp --dport 32410 -j RETURN
-A openclash -s 192.168.1.1/32 -p udp -m udp --sport 47198 -j RETURN
-A openclash -s 192.168.1.1/32 -p udp -m udp --dport 47198 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -m set --match-set lan_ac_black_ips src -j RETURN
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Thu Nov 24 23:38:11 2022

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Thu Nov 24 23:38:11 2022
*filter
:INPUT ACCEPT [97:3880]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:SSR-SERVER-RULE - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:openclash_wan_input - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth0 -m set ! --match-set localnetwork src -j openclash_wan_input
-A INPUT -i pppoe-wan -m set ! --match-set localnetwork src -j openclash_wan_input
-A INPUT -j SSR-SERVER-RULE
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_wan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_wan_output
-A MINIUPNPD -d 192.168.1.154/32 -p tcp -m tcp --dport 8097 -j ACCEPT
-A MINIUPNPD -d 192.168.1.154/32 -p tcp -m tcp --dport 8921 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p tcp -m tcp --dport 9010 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p tcp -m tcp --dport 9020 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9030 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9031 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9032 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9033 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p tcp -m tcp --dport 9010 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p tcp -m tcp --dport 9020 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9030 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9031 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9032 -j ACCEPT
-A MINIUPNPD -d 192.168.1.116/32 -p udp -m udp --dport 9033 -j ACCEPT
-A MINIUPNPD -d 192.168.1.154/32 -p tcp -m tcp --dport 22000 -j ACCEPT
-A MINIUPNPD -d 192.168.1.154/32 -p tcp -m tcp --dport 49956 -j ACCEPT
-A MINIUPNPD -d 192.168.1.154/32 -p udp -m udp --dport 49956 -j ACCEPT
-A MINIUPNPD -d 192.168.1.154/32 -p tcp -m tcp --dport 22000 -j ACCEPT
-A SSR-SERVER-RULE -p tcp -m tcp --dport 47198 -j ACCEPT
-A SSR-SERVER-RULE -p udp -m udp --dport 47198 -j ACCEPT
-A openclash_wan_input -p udp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A openclash_wan_input -p tcp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth0 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j DROP
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth0 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Nov 24 23:38:11 2022

#IPv6 NAT chain

#IPv6 Mangle chain

#IPv6 Filter chain

#===================== IPSET状态 =====================#

Name: china
Name: china_ip_route
Name: gfwlist
Name: china_ip_route_pass
Name: lan_ac_black_ips
Name: lan_ac_black_ipv6s
Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         125.120.112.1   0.0.0.0         UG    0      0        0 pppoe-wan
125.120.112.1   0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via 125.120.112.1 dev pppoe-wan proto static 
125.120.112.1 dev pppoe-wan proto kernel scope link src *WAN IP* 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7895                 :::*                    LISTEN      19093/clash
tcp        0      0 :::7893                 :::*                    LISTEN      19093/clash
tcp        0      0 :::7892                 :::*                    LISTEN      19093/clash
tcp        0      0 :::7891                 :::*                    LISTEN      19093/clash
tcp        0      0 :::7890                 :::*                    LISTEN      19093/clash
tcp        0      0 :::9090                 :::*                    LISTEN      19093/clash
udp        0      0 :::7874                 :::*                                19093/clash
udp        0      0 :::7891                 :::*                                19093/clash
udp        0      0 :::7892                 :::*                                19093/clash
udp        0      0 :::7893                 :::*                                19093/clash
udp        0      0 :::7895                 :::*                                19093/clash
udp        0      0 :::60299                :::*                                19093/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 180.101.49.14
Name:   www.a.shifen.com
Address: 180.101.49.13

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 223.5.5.5
nameserver 119.29.29.29

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 24 Nov 2022 15:38:12 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 80
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "f9b464e93b2bdfda94b649d5d067b155764d97951465058cb1643f9ffc3c6e51"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: AF68:0440:6D965:9395E:6372F021
Accept-Ranges: bytes
Date: Thu, 24 Nov 2022 15:38:12 GMT
Via: 1.1 varnish
X-Served-By: cache-qpg1267-QPG
X-Cache: HIT
X-Cache-Hits: 5
X-Timer: S1669304293.664530,VS0,VE0
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
X-Fastly-Request-ID: 7baabeb84f6b8b57f47b75074b642eeef0511d69
Expires: Thu, 24 Nov 2022 15:43:12 GMT
Source-Age: 234

#===================== 最近运行日志 =====================#

time="2022-11-24T15:30:32Z" level=info msg="Start initial compatible provider PayPal"
time="2022-11-24T15:30:32Z" level=info msg="Authentication of local server updated"
2022-11-24 23:30:35 Step 6: Wait For The File Downloading...
2022-11-24 23:30:35 Step 7: Set Firewall Rules...
2022-11-24 23:30:35 Step 8: Restart Dnsmasq...
2022-11-24 23:30:38 Step 9: Add Cron Rules, Start Daemons...
2022-11-24 23:30:38 OpenClash Start Successful!
2022-11-24 23:32:12 OpenClash Stoping...
2022-11-24 23:32:12 Step 1: Backup The Current Groups State...
2022-11-24 23:32:12 Step 2: Delete OpenClash Firewall Rules...
2022-11-24 23:32:13 Step 3: Close The OpenClash Daemons...
2022-11-24 23:32:13 Step 4: Close The Clash Core Process...
2022-11-24 23:32:13 Step 5: Restart Dnsmasq...
2022-11-24 23:32:16 Step 6: Delete OpenClash Residue File...
2022-11-24 23:32:16 OpenClash Start Running...
2022-11-24 23:32:16 Step 1: Get The Configuration...
2022-11-24 23:32:16 Step 2: Check The Components...
2022-11-24 23:32:17 Tip: Because of the file【 /etc/openclash/config/SSP.Flower.Clash.yaml 】modificated, Pause quick start...
2022-11-24 23:32:17 Step 3: Modify The Config File...
2022-11-24 23:32:17 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:gSMw5iC3】
2022-11-24 23:32:18 Step 4: Start Running The Clash Core...
2022-11-24 23:32:18 Tip: No Special Configuration Detected, Use Dev Core to Start...
2022-11-24 23:32:19 Step 5: Check The Core Status...
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider PayPal"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Steam"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider CustomProxy"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Telegram"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider TW"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider China"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Apple"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider StreamingSE"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider SG"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider JP"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Proxies"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Streaming"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider GameDirect"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Xbox"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Final"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider OneDrive"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider US"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider GMail"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider CustomDirect"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider Microsoft"
time="2022-11-24T15:32:19Z" level=info msg="Start initial compatible provider HK"
time="2022-11-24T15:32:19Z" level=info msg="Authentication of local server updated"
2022-11-24 23:32:22 Step 6: Wait For The File Downloading...
2022-11-24 23:32:22 Step 7: Set Firewall Rules...
2022-11-24 23:32:22 Step 8: Restart Dnsmasq...
2022-11-24 23:32:25 Step 9: Add Cron Rules, Start Daemons...
2022-11-24 23:32:25 OpenClash Start Successful!

OpenClash Config

Expected Behavior

打开云闪付会员中心小程序时候的截图， 规则貌似都是没问题的，都是走的Direct

[vernesong]

留几个国内的dns就行了

[XinSSS]

留几个国内的dns就行了

之前自己的配置是

  nameserver:
    - 223.5.5.5
    - 114.114.114.114
    - 1.1.1.1

这里提交的log是我重置之后的默认情况 之前自己的配置按道理来说连接用的是解析最快的那个, 1.1.1.1的这个应该影响不大才是

[vernesong]

你先观察下控制面板日志吧

[XinSSS]

好的， 继续研究看看吧

[wclmgcd]

有没有可能是解析成ipv6优先了，我以前的QQ群的图片加载过慢，反复调整规则无效，后来才发现是这个问题

[XinSSS]

有没有可能是解析成ipv6优先了，我以前的QQ群的图片加载过慢，反复调整规则无效，后来才发现是这个问题

允许 IPv6 类型 DNS 解析 这个吗？ 我这里一直没勾选的

[wclmgcd]

不是，我的这个也没有勾选，是直接禁用WAN6和DHCP 服务器中ipv6设置才有效

[nevertoday]

domain keyword 设置屏蔽 plex 不过实测走代理后，本地PLEX与PLEX服务器连接存在问题，我在openclash上设置了DOMAIN-KEYWORD,PLEX,DIRECT，避免向PLEX服务器错误汇报代理的IP。设置好后连接正常，影片及剧的信息都识别很准，即便不观影，光看看海报墙也是舒服的。

[XinSSS]

@nevertoday

DOMAIN-SUFFIX,provider.plex.tv
DOMAIN-SUFFIX,pubsub.plex.tv
DOMAIN-SUFFIX,images.plex.tv
DOMAIN-SUFFIX,metadata-static.plex.tv

上面这些走的代理, 下面的走了直连用了很久倒也没出过什么问题

DOMAIN-SUFFIX,plex.tv
DOMAIN-SUFFIX,me.plexapp.com
DOMAIN-SUFFIX,plex.direct

[nevertoday]

@nevertoday

DOMAIN-SUFFIX,provider.plex.tv
DOMAIN-SUFFIX,pubsub.plex.tv
DOMAIN-SUFFIX,images.plex.tv
DOMAIN-SUFFIX,metadata-static.plex.tv

上面这些走的代理, 下面的走了直连用了很久倒也没出过什么问题

DOMAIN-SUFFIX,plex.tv
DOMAIN-SUFFIX,me.plexapp.com
DOMAIN-SUFFIX,plex.direct

弱弱的我还想请教，这两个部分，分别填写到openclash的什么位置？