[Bug] 无法让路由器本机绕过代理，即使关闭*路由本机代理，或将路由器ip/mac加入不走代理的局域网设备 IP

[ztc1997]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

0.45.78-227

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

关闭*路由本机代理 将路由器ip加入不走代理的局域网设备 IP

Describe the Bug

进行了上述操作，在路由器shell执行curl ifconfig.me，结果仍然为代理ip

OpenClash Log

#===================== 系统信息 =====================#

主机型号: Acer Aspire ES1-531
固件版本: OpenWrt 22.03.3 r20028-43d71ad93e
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.10.161
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 未安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
kmod-nft-tproxy: 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 17672
运行权限: 17672: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 
Tun内核文件: 不存在
Tun内核运行权限: 否

Dev内核版本: 
Dev内核文件: 不存在
Dev内核运行权限: 否

Meta内核版本: alpha-g7a64c432
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/xx.yaml
启动配置文件: /etc/openclash/xx.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 启用
仅允许常用端口流量: 启用
绕过中国大陆IP: 启用
DNS远程解析: 停用
路由本机代理: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

mode: rule
mixed-port: 7890
ipv6: true
dns:
  enable: true
  listen: 0.0.0.0:7874
  ipv6: true
  enhanced-mode: redir-host
  nameserver:
  - 114.114.114.114
  - 223.5.5.5
  - 119.29.29.29
  - dhcp://"pppoe-wan"
  - 100.64.0.1
  proxy-server-nameserver:
  - 114.114.114.114
  fallback:
  - "tcp://8.8.8.8#\U0001F680 代理"
  fallback-filter:
    geoip: false
    geosite:
    - gfw
    - greatfire
hosts:
  injections.adguard.org: 0.0.0.0
  local.adguard.org: 0.0.0.0
clash-for-android:
  append-system-dns: true
profile:
  store-fake-ip: true
  store-selected: true
geodata-mode: true
geodata-loader: standard
proxy-groups:
- name: "\U0001F680 代理"
  proxies:
  - "\U0001F4F6 自动选择"
  - "\U0001F1ED\U0001F1F0 香港wikihost 外部"
  - "\U0001F1EF\U0001F1F5 大阪vmiss 外部"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工 外部"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工cf"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工v6 Hysteria"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工v6 Hysteria wechat-video"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工v6 faketcp"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工v6"
  type: select
  disable-udp: true
- name: "❔ 缺省值"
  proxies:
  - "\U0001F680 代理"
  - DIRECT
  type: select
- name: "\U0001F6E1️ 广告和隐私跟踪"
  proxies:
  - PASS
  - REJECT
  type: select
  disable-udp: true
- name: "\U0001F4FA 哔哩哔哩"
  proxies:
  - DIRECT
  - "\U0001F1ED\U0001F1F0 香港wikihost 外部"
  type: select
  disable-udp: true
- name: "\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
  proxies:
  - "\U0001F1ED\U0001F1F0 香港wikihost 外部"
  - "\U0001F1EF\U0001F1F5 大阪vmiss 外部"
  type: select
  disable-udp: true
- name: 酷安
  proxies:
  - DIRECT
  - "\U0001F680 代理"
  type: select
  disable-udp: true
- name: "\U0001F232 常用代理列表"
  proxies:
  - "\U0001F680 代理"
  - PASS
  - DIRECT
  type: select
  disable-udp: true
- name: "\U0001F1E8\U0001F1F3 大陆域名收集"
  proxies:
  - DIRECT
  - PASS
  - "\U0001F680 代理"
  type: select
  disable-udp: true
- name: "\U0001F1E8\U0001F1F3 大陆 IP 段"
  proxies:
  - DIRECT
  - PASS
  - "\U0001F680 代理"
  type: select
  disable-udp: true
- name: "\U0001F4F6 自动选择"
  proxies:
  - "\U0001F1EF\U0001F1F5 大阪vmiss 外部"
  - "\U0001F1ED\U0001F1F0 香港wikihost 外部"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工v6 faketcp"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工v6 Hysteria"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工 外部"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工cf"
  - "\U0001F1FA\U0001F1F8 洛杉矶搬瓦工v6"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: '60'
  disable-udp: true
  lazy: true
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- SRC-IP-CIDR,192.168.1.2/32,DIRECT
- SRC-IP-CIDR,198.18.0.1/32,DIRECT
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- "DOMAIN-SUFFIX,netflix.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,netflix.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,nflxext.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,nflximg.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,nflxso.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,nflxvideo.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,api.viu.now.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,d1k2us671qcoau.cloudfront.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,d2anahhhmp1ffz.cloudfront.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,dfp6rglgjqszk.cloudfront.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,cloudfront.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,nowe.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,viu.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,viu.now.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,viu.tv,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,gamer-cds.cdn.hinet.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,gamer2-cds.cdn.hinet.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,gamer.com.tw,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,mytvsuper.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,tvb.com,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,d3c7rimkq79yfu.cloudfront.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,d3c7rimkq79yfu.cloudfront.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV
  4GTV"
- "DOMAIN-SUFFIX,linetv.tw,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN,4gtvfreepc-cds.cdn.hinet.net,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,4gtv.tv,\U0001F39E️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
- "DOMAIN-SUFFIX,biliapi.net,\U0001F4FA 哔哩哔哩"
- "DOMAIN,api.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN,api.bilibili.tv,\U0001F4FA 哔哩哔哩"
- "DOMAIN,app.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN-SUFFIX,biliapi.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN,api.live.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN,api.vc.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN,passport.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN,live-trace.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN,message.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN,cm.bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN-SUFFIX,bilibili.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN-SUFFIX,im9.com,\U0001F4FA 哔哩哔哩"
- "DOMAIN-SUFFIX,acg.tv,\U0001F4FA 哔哩哔哩"
- "DOMAIN-SUFFIX,biligame.com,\U0001F4FA 哔哩哔哩"
- DOMAIN,api.coolapk.com,酷安
- "DOMAIN-SUFFIX,battlebreakers.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,eac-cdn.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,easy.ac,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,easyanticheat.net,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,epicgames.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,fortnite.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,paragon.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,playparagon.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,roborecall.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,shadowcomplex.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,spyjinx.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,unrealengine.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,unrealtournament.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,epicbrowser.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,ubi.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-KEYWORD,ubisoft,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-KEYWORD,ubiservice,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-KEYWORD,ubistatic,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,microsoft.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,azureedge.net,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,s-microsoft.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,xboxlive.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,officeapps.live.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,office.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,office.net,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,microsoftonline.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,office365.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,sharepoint.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,msocdn.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,windows.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,windows.net,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,msedge.net,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,bing.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,msn.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,svc.ms,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,sharepoint.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,akamaized.net,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,uploadhaven.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,download.nvidia.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,hamibot.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,storage.live.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,itzmx.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,idc.wiki,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,vmware.com,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN-SUFFIX,ipapi.co,\U0001F1E8\U0001F1F3 大陆域名收集"
- "DOMAIN,gist.github.com,\U0001F232 常用代理列表"
- "DOMAIN-SUFFIX,v2fly.org,\U0001F232 常用代理列表"
- "DOMAIN-SUFFIX,googleapis.cn,\U0001F232 常用代理列表"
- "DOMAIN,fonts.googleapis.com,\U0001F232 常用代理列表"
- "DOMAIN,clientservices.googleapis.com,\U0001F232 常用代理列表"
- "DOMAIN,update.googleapis.com,\U0001F232 常用代理列表"
- "DOMAIN,safebrowsing.googleapis.com,\U0001F232 常用代理列表"
- "DOMAIN,connectivitycheck.gstatic.com,\U0001F232 常用代理列表"
- "DOMAIN,www.gstatic.com,\U0001F232 常用代理列表"
- "DOMAIN,ssl.gstatic.com,\U0001F232 常用代理列表"
- "DOMAIN,fonts.gstatic.com,\U0001F232 常用代理列表"
- "DOMAIN,cdn.ampproject.org,\U0001F232 常用代理列表"
- "DOMAIN-SUFFIX,binance.com,\U0001F232 常用代理列表"
- "DOMAIN-SUFFIX,nanopool.org,\U0001F232 常用代理列表"
- "DOMAIN-SUFFIX,haitu.tv,\U0001F232 常用代理列表"
- "GEOSITE,category-ads-all,\U0001F6E1️ 广告和隐私跟踪"
- "GEOSITE,cn,\U0001F1E8\U0001F1F3 大陆域名收集"
- "IP-CIDR,109.239.140.0/24,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR,139.220.243.27/32,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR,172.16.102.56/32,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR,185.188.32.1/28,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR,221.226.128.146/32,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR6,2a0b:b580::/48,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR6,2a0b:b581::/48,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR6,2a0b:b582::/48,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "IP-CIDR6,2a0b:b583::/48,\U0001F1E8\U0001F1F3 大陆域名收集,no-resolve"
- "GEOSITE,gfw,\U0001F232 常用代理列表"
- "GEOSITE,greatfire,\U0001F232 常用代理列表"
- "GEOIP,telegram,\U0001F232 常用代理列表,no-resolve"
- "GEOIP,google,\U0001F232 常用代理列表,no-resolve"
- "GEOIP,facebook,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,34.224.0.0/12,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,54.242.0.0/15,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,50.22.198.204/30,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,208.43.122.128/27,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,108.168.174.0/16,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,173.192.231.32/27,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,158.85.5.192/27,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,174.37.243.0/16,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,158.85.46.128/27,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,173.192.222.160/27,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,184.173.128.0/17,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,158.85.224.160/27,\U0001F232 常用代理列表,no-resolve"
- "IP-CIDR,75.126.150.0/16,\U0001F232 常用代理列表,no-resolve"
- "GEOIP,CN,\U0001F1E8\U0001F1F3 大陆 IP 段"
- DOMAIN-SUFFIX,ip6-localhost,DIRECT
- DOMAIN-SUFFIX,ip6-loopback,DIRECT
- DOMAIN-SUFFIX,local,DIRECT
- DOMAIN-SUFFIX,localhost,DIRECT
- GEOIP,LAN,DIRECT
- PROCESS-NAME,naive,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- DST-PORT,80,❔ 缺省值
- DST-PORT,443,❔ 缺省值
- DST-PORT,22,❔ 缺省值
- MATCH,DIRECT
redir-port: 7892
tproxy-port: 7895
port: 7893
socks-port: 7891
log-level: warning
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
interface-name: pppoe-wan
tcp-concurrent: false
sniffer:
  enable: true
  sniffing:
  - tls
  - http
  ForceDnsMapping: true
  ParsePureIp: true
authentication:
- Clash:LxumgIy1

#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Tue Jan 10 08:49:30 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue Jan 10 08:49:30 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Tue Jan 10 08:49:30 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue Jan 10 08:49:30 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Tue Jan 10 08:49:30 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Tue Jan 10 08:49:30 2023

#IPv6 NAT chain

#IPv6 Mangle chain

#IPv6 Filter chain

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        iifname "pppoe-wan" ip6 saddr != @localnetwork6 counter packets 75 bytes 12081 jump openclash_wan6_input
        udp dport 443 ip6 daddr != @china_ip6_route counter packets 0 bytes 0 reject with icmpv6 port-unreachable comment "OpenClash QUIC REJECT"
        udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
        iifname "pppoe-wan" ip saddr != @localnetwork counter packets 3364 bytes 1751829 jump openclash_wan_input
        iifname "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state established,related accept comment "!fw4: Allow inbound established and related flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname "eth0.1" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname "pppoe-wan" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy drop;
        meta l4proto { tcp, udp } flow add @ft
        ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
        iifname "eth0.1" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname "pppoe-wan" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        jump handle_reject
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
        ip daddr { 8.8.4.4, 8.8.8.8 } tcp dport 53 counter packets 0 bytes 0 redirect to :7892 comment "OpenClash Google DNS Hijack"
        udp dport 53 counter packets 50 bytes 3253 redirect to :53 comment "OpenClash DNS Hijack"
        tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        ip protocol tcp counter packets 262 bytes 15579 jump openclash
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname "pppoe-wan" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
        ip protocol tcp counter packets 268 bytes 16080 jump openclash_output
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
        meta nfproto ipv6 jump openclash_mangle_v6
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
        meta nfproto ipv6 counter packets 297 bytes 34800 jump openclash_mangle_output_v6
    }
}
table inet fw4 {
    chain openclash {
        ip daddr @localnetwork counter packets 7 bytes 364 return
        ip daddr @wan_ac_black_ips counter packets 0 bytes 0 return
        tcp dport != @common_ports counter packets 1 bytes 60 return
        ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 27 bytes 1631 return
        ip protocol tcp counter packets 227 bytes 13524 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_output {
        ip daddr @localnetwork counter packets 261 bytes 15660 return
        tcp dport != @common_ports meta skuid != 65534 counter packets 0 bytes 0 return
        ip daddr @wan_ac_black_ips counter packets 0 bytes 0 return
        meta skuid != 65534 ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 4 bytes 240 return
        ip protocol tcp meta skuid != 65534 counter packets 1 bytes 60 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_wan_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
    }
}
table inet fw4 {
    chain openclash_mangle_v6 {
        meta nfproto ipv6 udp sport 3389 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 3389 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 8443 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 445 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 1 bytes 137 return
        ip6 daddr @localnetwork6 counter packets 206 bytes 30095 return
        meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
        ip6 daddr @wan_ac_black_ipv6s counter packets 0 bytes 0 return
        meta nfproto ipv6 th dport != @common_ports counter packets 0 bytes 0 return
        ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 32 bytes 3306 accept comment "OpenClash TCP Tproxy"
    }
}
table inet fw4 {
    chain openclash_mangle_output_v6 {
        meta nfproto ipv6 udp sport 3389 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 3389 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 8443 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp sport 445 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 1 bytes 171 return
        ip6 daddr @localnetwork6 counter packets 135 bytes 17575 return
        ip6 daddr @wan_ac_black_ipv6s counter packets 0 bytes 0 return
        meta nfproto ipv6 th dport != @common_ports meta skuid != 65534 counter packets 0 bytes 0 return
        meta skuid != 65534 ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 0 bytes 0 return
        meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 meta mark set 0x00000162
    }
}
table inet fw4 {
    chain openclash_wan6_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
    }
}

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         100.64.0.1      0.0.0.0         UG    0      0        0 pppoe-wan
100.64.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0.1
#ip route list
default via 100.64.0.1 dev pppoe-wan proto static 
100.64.0.1 dev pppoe-wan proto kernel scope link src *WAN IP*.168 
192.168.1.0/24 dev eth0.1 proto kernel scope link src 192.168.1.2 
#ip rule show
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      17672/clash
tcp        0      0 :::7891                 :::*                    LISTEN      17672/clash
tcp        0      0 :::7892                 :::*                    LISTEN      17672/clash
tcp        0      0 :::7893                 :::*                    LISTEN      17672/clash
tcp        0      0 :::7895                 :::*                    LISTEN      17672/clash
tcp        0      0 :::9090                 :::*                    LISTEN      17672/clash
udp        0      0 :::7874                 :::*                                17672/clash
udp        0      0 :::7890                 :::*                                17672/clash
udp        0      0 :::7891                 :::*                                17672/clash
udp        0      0 :::7892                 :::*                                17672/clash
udp        0      0 :::7895                 :::*                                17672/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 14.215.177.39
Name:   www.a.shifen.com
Address: 14.215.177.38

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 202.103.224.68
nameserver 202.103.225.68
# Interface wan_6
nameserver 240e:9:0:100:202:103:224:68
nameserver 240e:9:2000:100:202:103:225:68
search private-ds
search PRIVATE-DS

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 10 Jan 2023 00:49:32 GMT
Etag: "575e1f6d-115"
Last-Modified: Mon, 13 Jun 2016 02:50:21 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "99593e4235822e9fb3fd0060c09aa3aa61d3844bbd6a1fe4bf92b0469522b25f"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 8596:5B66:C0F58:1005E0:63B5D829
accept-ranges: bytes
date: Tue, 10 Jan 2023 00:49:32 GMT
via: 1.1 varnish
x-served-by: cache-hkg17925-HKG
x-cache: HIT
x-cache-hits: 1
x-timer: S1673311773.852263,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 2a4691fce2f34c6a7ad94e4386b38b98a295d788
expires: Tue, 10 Jan 2023 00:54:32 GMT
source-age: 96
content-length: 80

#===================== 最近运行日志 =====================#

2023-01-10 08:46:52 Step 1: Get The Configuration...
2023-01-10 08:46:52 Step 2: Check The Components...
2023-01-10 08:46:54 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2023-01-10 08:46:54 Step 3: Modify The Config File...
2023-01-10 08:46:55 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:LxumgIy1】
2023-01-10 08:46:56 Step 4: Start Running The Clash Core...
2023-01-10 08:46:56 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2023-01-10 08:46:57 Step 5: Check The Core Status...
time="2023-01-10T00:46:59Z" level=info msg="Start initial configuration in progress"
time="2023-01-10T00:46:59Z" level=info msg="Geodata Loader mode: standard"
time="2023-01-10T00:47:00Z" level=info msg="Start initial GeoSite rule category-ads-all => 🛡️ 广告和隐私跟踪, records: 55675"
time="2023-01-10T00:47:00Z" level=info msg="Start initial GeoSite rule cn => 🇨🇳 大陆域名收集, records: 66234"
2023-01-10 08:47:01 Step 6: Wait For The File Downloading...
2023-01-10 08:47:01 Step 7: Set Firewall Rules...
2023-01-10 08:47:01 Warning: Dnsmasq not Support nftset, Use ipset...
2023-01-10 08:47:01 Tip: Firewall4 was Detected, Use NFTABLE Rules...
time="2023-01-10T00:47:01Z" level=info msg="Start initial GeoSite rule gfw => 🈲 常用代理列表, records: 6037"
time="2023-01-10T00:47:01Z" level=info msg="Start initial GeoSite rule greatfire => 🈲 常用代理列表, records: 23989"
time="2023-01-10T00:47:02Z" level=info msg="Start initial GeoIP rule telegram => 🈲 常用代理列表, records: 12"
time="2023-01-10T00:47:02Z" level=info msg="Start initial GeoIP rule google => 🈲 常用代理列表, records: 457"
time="2023-01-10T00:47:03Z" level=info msg="Start initial GeoIP rule facebook => 🈲 常用代理列表, records: 86"
time="2023-01-10T00:47:03Z" level=info msg="Start initial GeoIP rule CN => 🇨🇳 大陆 IP 段, records: 11780"
time="2023-01-10T00:47:03Z" level=info msg="Start initial GeoSite dns fallback filter from rule `gfw`"
time="2023-01-10T00:47:03Z" level=info msg="Start initial GeoSite dns fallback filter from rule `greatfire`"
time="2023-01-10T00:47:03Z" level=info msg="Initial configuration complete, total time: 4764ms"
time="2023-01-10T00:47:03Z" level=info msg="Authentication of local server updated"
time="2023-01-10T00:47:03Z" level=info msg="Sniffer is loaded and working"
time="2023-01-10T00:47:03Z" level=info msg="DNS server listening at: [::]:7874"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 🎞️ Netflix Viu 動畫瘋 TVB LineTV 4GTV"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 🇨🇳 大陆 IP 段"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 酷安"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider default"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 🈲 常用代理列表"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 📶 自动选择"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 🚀 代理"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider ❔ 缺省值"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 🇨🇳 大陆域名收集"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 🛡️ 广告和隐私跟踪"
time="2023-01-10T00:47:03Z" level=info msg="RESTful API listening at: [::]:9090"
time="2023-01-10T00:47:03Z" level=info msg="Start initial compatible provider 📺 哔哩哔哩"
time="2023-01-10T00:47:03Z" level=info msg="Use IPv6"
time="2023-01-10T00:47:03Z" level=info msg="Use interface name: pppoe-wan"
time="2023-01-10T00:47:03Z" level=info msg="HTTP proxy listening at: [::]:7893"
time="2023-01-10T00:47:03Z" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-01-10T00:47:03Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-01-10T00:47:03Z" level=info msg="TProxy server listening at: [::]:7895"
time="2023-01-10T00:47:03Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7890"
2023-01-10 08:47:25 Step 8: Restart Dnsmasq...
2023-01-10 08:47:26 Step 9: Add Cron Rules, Start Daemons...
2023-01-10 08:47:26 OpenClash Start Successful!

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.1.81】 - Host:【clients4.google.com】 - DestinationIP:【142.250.4.101】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
2. SourceIP:【192.168.1.81】 - Host:【www.googleapis.com】 - DestinationIP:【142.250.4.95】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
3. SourceIP:【192.168.1.81】 - Host:【github.com】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
4. SourceIP:【192.168.1.81】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.111.154】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
5. SourceIP:【192.168.1.81】 - Host:【alive.github.com】 - DestinationIP:【140.82.114.25】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
6. SourceIP:【192.168.1.81】 - Host:【clientservices.googleapis.com】 - DestinationIP:【142.250.4.94】 - Network:【tcp】 - RulePayload:【clientservices.googleapis.com】 - Lastchain:【🇭🇰 香港wikihost 外部】
7. SourceIP:【192.168.1.81】 - Host:【raw.githubusercontent.com】 - DestinationIP:【185.199.108.133】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
8. SourceIP:【192.168.1.81】 - Host:【clients4.google.com】 - DestinationIP:【142.250.4.113】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
9. SourceIP:【192.168.1.54】 - Host:【Empty】 - DestinationIP:【64.233.189.188】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🇭🇰 香港wikihost 外部】
10. SourceIP:【192.168.1.81】 - Host:【www.youtube.com】 - DestinationIP:【142.251.10.190】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】
11. SourceIP:【192.168.1.81】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.111.133】 - Network:【tcp】 - RulePayload:【gfw】 - Lastchain:【🇭🇰 香港wikihost 外部】

OpenClash Config

No response

Expected Behavior

不代理路由器本机流量

Screenshots

No response

[ztc1997]

补充说明一下，我现在用的是navie，然后clash分流，fake-ip模式下，naive到服务器的流量会经过clash核心，导致性能损耗。将服务器ip输入"不走代理的 WAN IP"也没用用，目前解决方案是将服务器ip加入大陆ip白名单。

[vernesong]

更新49，更改DNS劫持

[ztc1997]

更新49，更改DNS劫持

关闭路由本机代理后，用curl测试ip依然是服务器ip。

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days