[Bug] Fake-ip模式,先开暴雪战网客户端,然后UU加速守望先锋无法进入服务器

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
[X] Meaningful 我提交的不是无意义的催促更新或修复请求
OpenClash Version

v0.45.78-beta
Bug on Environment

Other
Bug on Platform

Linux-amd64(x86-64)
To Reproduce

大前提:
使用的是Fake-IP 增强模式, 开启DNS转发
以下UU加速器都必须选择路由模式 (进程模式无法使用,不管怎么样都进不去游戏)
第一种操作
先开UU加速器并加速守望先锋(同时会加速暴雪战网平台客户端)
启动暴雪战网平台客户端 --出现图一情况, 实际是无法连接上的(右上角提示正在尝试连接)
第二种操作
先启动暴雪战网平台客户端
再开UU加速器并加速守望先锋(同时会加速暴雪战网平台客户端)
开启游戏 --出现图二情况, 游戏里进不去
Describe the Bug

以上两种步骤都无法正确进入游戏唯一可以进入游戏的方式是
先启动暴雪战网平台客户端
再开UU加速器并开始加速守望先锋(同时会加速暴雪战网平台客户端)
马上再切换一个加速节点
再启动游戏
OpenClash Log

OpenClash 调试日志
生成时间: 2023-01-19 16:58:47 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: BROUNION R86S
固件版本: OpenWrt 22.03.2 11.10.2022
LuCI版本: 
内核版本: 5.15.77
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 未安装
coreutils: 未安装
coreutils-nohup: 未安装
bash: 未安装
curl: 未安装
ca-certificates: 未安装
ipset: 未安装
ip-full: 未安装
libcap: 未安装
libcap-bin: 未安装
ruby: 未安装
ruby-yaml: 未安装
ruby-psych: 未安装
ruby-pstore: 未安装
kmod-tun(TUN模式): 未安装
luci-compat(Luci >= 19.07): 未安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 未安装
iptables-mod-tproxy: 未安装
kmod-ipt-tproxy: 未安装
iptables-mod-extra: 未安装
kmod-ipt-extra: 未安装
kmod-ipt-nat: 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 16999
运行权限: 16999: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.11.25-8-g25028e7
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.12.0-8-ga5d5488
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g7a64c432
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/OP.yaml
启动配置文件: /etc/openclash/OP.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
DNS远程解析: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 启用

#启动异常时建议关闭此项后重试
第三方规则: 启用

#===================== 自定义规则 一 =====================#
script:
##  shortcuts:
##    Notice: The core timezone is UTC
##    CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
##    北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
##    time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
##    time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule

##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
- DST-PORT,993,Self
- DST-PORT,465,Self
- DST-PORT,587,Self
- SRC-PORT,993,Self
- SRC-PORT,465,Self
- SRC-PORT,587,Self
- DOMAIN-SUFFIX,open.cd,Proxy
- DOMAIN-SUFFIX,ocbcwhhk.com,Self
- DOMAIN-SUFFIX,xsus.buzz,Auto - UrlTest

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT

##在线IP段转CIDR地址：http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
##  shortcuts:
##    common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
（省略）
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  - 218.85.157.99:53
  - tcp://218.85.152.99
  fallback:
  - https://dns.google/dns-query
  - https://dns.cloudflare.com/dns-query
  - https://dns.quad9.net/dns-query
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time-ios.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - msftconnecttest.com
  - msftncsi.com
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.srv.nintendo.net"
  - "*.n.n.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  - shark007.net
  - Mijia Cloud
  - "+.cmbchina.com"
  - "+.cmbimg.com"
  - "*.pandahe.com"
  - api1.origin.com
  - "*.battle.net"
  - "*.blizzard.com"
  - "*.rangeplayground.com"
  - "*.steamstatic.com"
  - "*.steamcommunity.com"
  - "*.steampowered.com"
  - "*.steamserver.net"
  - steam-chat.com
  use-hosts: true
experimental:
  sniff-tls-sni: true
profile:
  store-selected: true
  store-fake-ip: true
hosts:
  epdg.epc.mnc260.mcc310.pub.3gppnetwork.org: 208.54.49.131
  ss.epdg.epc.mnc260.mcc310.pub.3gppnetwork.org: 208.54.36.3
authentication:
- Clash:OWM44mCg
rule-providers:
（此处省略， 用的是Openclash的lhie1规则）
  。。。

        port = int(metadata["dst_port"])

        if metadata["network"] == "UDP" and port == 443:
            ctx.log('[Script] matched QUIC traffic use reject')
            return "REJECT"

        port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 3389, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
        if port not in port_list:
            ctx.log('[Script] not common port use direct')
            return "DIRECT"

        if metadata["dst_ip"] == "":
            metadata["dst_ip"] = ctx.resolve_ip(metadata["host"])

        for ruleset in ruleset_action:
            if ctx.rule_providers[ruleset].match(metadata):
                return ruleset_action[ruleset]

        if metadata["dst_ip"] != "":
            code = ctx.geoip(metadata["dst_ip"])
            if code == "CN":
                ctx.log('[Script] Geoip CN')
                return "Domestic"

        ctx.log('[Script] FINAL')
        return "Others"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DST-PORT,993,Self
- DST-PORT,465,Self
- DST-PORT,587,Self
- SRC-PORT,993,Self
- SRC-PORT,465,Self
- SRC-PORT,587,Self
- DOMAIN-SUFFIX,open.cd,Proxy
- DOMAIN-SUFFIX,ocbcwhhk.com,Self
- DOMAIN-SUFFIX,xsus.buzz,Auto - UrlTest
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- RULE-SET,Reject,AdBlock
- RULE-SET,Special,DIRECT
- RULE-SET,Netflix,Netflix
- RULE-SET,Spotify,Spotify
- RULE-SET,YouTube,Youtube
- RULE-SET,Disney Plus,Disney
- RULE-SET,Bilibili,Bilibili
- RULE-SET,IQ,Asian TV
- RULE-SET,IQIYI,Asian TV
- RULE-SET,Letv,Asian TV
- RULE-SET,Netease Music,Asian TV
- RULE-SET,Tencent Video,Asian TV
- RULE-SET,Youku,Asian TV
- RULE-SET,WeTV,Asian TV
- RULE-SET,ABC,Global TV
- RULE-SET,Abema TV,Global TV
- RULE-SET,Amazon,Global TV
- RULE-SET,Apple Music,Global TV
- RULE-SET,Apple News,Global TV
- RULE-SET,Apple TV,Global TV
- RULE-SET,Bahamut,Bahamut
- RULE-SET,BBC iPlayer,Global TV
- RULE-SET,DAZN,DAZN
- RULE-SET,Discovery Plus,Discovery Plus
- RULE-SET,encoreTVB,Global TV
- RULE-SET,F1 TV,Global TV
- RULE-SET,Fox Now,Global TV
- RULE-SET,Fox+,Global TV
- RULE-SET,HBO Go,HBO Go
- RULE-SET,HBO Max,HBO Max
- RULE-SET,Hulu Japan,Global TV
- RULE-SET,Hulu,Global TV
- RULE-SET,Japonx,Global TV
- RULE-SET,JOOX,Global TV
- RULE-SET,KKBOX,Global TV
- RULE-SET,KKTV,Global TV
- RULE-SET,Line TV,Global TV
- RULE-SET,myTV SUPER,Global TV
- RULE-SET,Niconico,Global TV
- RULE-SET,Pandora,Global TV
- RULE-SET,PBS,Global TV
- RULE-SET,Pornhub,Pornhub
- RULE-SET,Soundcloud,Global TV
- RULE-SET,ViuTV,Global TV
- RULE-SET,Telegram,Telegram
- RULE-SET,Crypto,Crypto
- RULE-SET,Discord,Discord
- RULE-SET,Steam,Steam
- RULE-SET,Speedtest,Speedtest
- RULE-SET,PayPal,PayPal
- RULE-SET,Microsoft,Microsoft
- RULE-SET,Apple,Apple
- RULE-SET,Google FCM,Google FCM
- RULE-SET,Scholar,Scholar
- RULE-SET,PROXY,Proxy
- RULE-SET,Domestic,Domestic
- RULE-SET,Domestic IPs,Domestic
- RULE-SET,LAN,DIRECT
- GEOIP,CN,Domestic
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- DST-PORT,80,Others
- DST-PORT,443,Others
- DST-PORT,22,Others
- MATCH,DIRECT

#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Jan 19 16:58:48 2023
*nat
:PREROUTING ACCEPT [256:15643]
:INPUT ACCEPT [158:10052]
:OUTPUT ACCEPT [168:15346]
:POSTROUTING ACCEPT [255:21160]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -d 23.67.33.199/32 -i br-lan -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.1:40951
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A MINIUPNPD -p udp -m udp --dport 56333 -j DNAT --to-destination 192.168.2.139:56333
-A MINIUPNPD -p tcp -m tcp --dport 8096 -j DNAT --to-destination 192.168.2.182:8096
-A MINIUPNPD -p tcp -m tcp --dport 8920 -j DNAT --to-destination 192.168.2.182:8920
-A MINIUPNPD -p tcp -m tcp --dport 41977 -j DNAT --to-destination 192.168.2.235:41977
-A MINIUPNPD -p udp -m udp --dport 54891 -j DNAT --to-destination 192.168.2.235:54891
-A MINIUPNPD -p tcp -m tcp --dport 13730 -j DNAT --to-destination 192.168.2.217:1080
-A MINIUPNPD -p tcp -m tcp --dport 35419 -j DNAT --to-destination 192.168.2.235:35419
-A MINIUPNPD -p udp -m udp --dport 47287 -j DNAT --to-destination 192.168.2.235:47287
-A MINIUPNPD -p tcp -m tcp --dport 13935 -j DNAT --to-destination 192.168.2.217:1080
-A MINIUPNPD -p udp -m udp --dport 13935 -j DNAT --to-destination 192.168.2.217:3027
-A MINIUPNPD -p tcp -m tcp --dport 57819 -j DNAT --to-destination 192.168.2.148:5000
-A MINIUPNPD -p tcp -m tcp --dport 53196 -j DNAT --to-destination 192.168.2.148:5005
-A MINIUPNPD -p tcp -m tcp --dport 59220 -j DNAT --to-destination 192.168.2.148:6690
-A MINIUPNPD -p tcp -m tcp --dport 64261 -j DNAT --to-destination 192.168.2.148:10000
-A MINIUPNPD -p udp -m udp --dport 42154 -j DNAT --to-destination 192.168.2.217:42154
-A MINIUPNPD -p udp -m udp --dport 41429 -j DNAT --to-destination 192.168.2.203:41429
-A MINIUPNPD -p tcp -m tcp --dport 44286 -j DNAT --to-destination 192.168.2.182:44286
-A MINIUPNPD -p udp -m udp --dport 44286 -j DNAT --to-destination 192.168.2.182:44286
-A MINIUPNPD -p tcp -m tcp --dport 8085 -j DNAT --to-destination 192.168.2.182:8085
-A MINIUPNPD-POSTROUTING -s 192.168.2.217/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13730
-A MINIUPNPD-POSTROUTING -s 192.168.2.217/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13935
-A MINIUPNPD-POSTROUTING -s 192.168.2.217/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13935
-A MINIUPNPD-POSTROUTING -s 192.168.2.148/32 -p tcp -m tcp --sport 5000 -j MASQUERADE --to-ports 57819
-A MINIUPNPD-POSTROUTING -s 192.168.2.148/32 -p tcp -m tcp --sport 5005 -j MASQUERADE --to-ports 53196
-A MINIUPNPD-POSTROUTING -s 192.168.2.148/32 -p tcp -m tcp --sport 6690 -j MASQUERADE --to-ports 59220
-A MINIUPNPD-POSTROUTING -s 192.168.2.148/32 -p tcp -m tcp --sport 10000 -j MASQUERADE --to-ports 64261
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --dport 2501 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --sport 2501 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --dport 2500 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --sport 2500 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --dport 10000 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --sport 10000 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --dport 5199 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --sport 5199 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --dport 9999 -j RETURN
-A openclash_output -s 192.168.2.148/32 -p tcp -m tcp --sport 5000 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --dport 6690 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --sport 6690 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --dport 8086 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --sport 8086 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --dport 4567 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --sport 8920 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --dport 5001 -j RETURN
-A openclash_output -s 192.168.2.182/32 -p tcp -m tcp --sport 5001 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p tcp -m tcp --dport 5001 -m comment --comment "!fw3: DSM-门户 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p udp -m udp --dport 5001 -m comment --comment "!fw3: DSM-门户 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p tcp -m tcp --dport 8920 -m comment --comment "!fw3: DSM-EMBY (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p udp -m udp --dport 8920 -m comment --comment "!fw3: DSM-EMBY (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p tcp -m tcp --dport 8086 -m comment --comment "!fw3: DSM-QT (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p udp -m udp --dport 8086 -m comment --comment "!fw3: DSM-QT (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p tcp -m tcp --dport 6690 -m comment --comment "!fw3: DSM-6690 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.182/32 -p udp -m udp --dport 6690 -m comment --comment "!fw3: DSM-6690 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p tcp -m tcp --dport 5000 -m comment --comment "!fw3: 918-5000 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p udp -m udp --dport 5000 -m comment --comment "!fw3: 918-5000 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p tcp -m tcp --dport 5199 -m comment --comment "!fw3: 918-5199 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p udp -m udp --dport 5199 -m comment --comment "!fw3: 918-5199 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p tcp -m tcp --dport 10000 -m comment --comment "!fw3: 918-10000 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p udp -m udp --dport 10000 -m comment --comment "!fw3: 918-10000 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p tcp -m tcp --dport 2500 -m comment --comment "!fw3: 918-2500 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p udp -m udp --dport 2500 -m comment --comment "!fw3: 918-2500 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p tcp -m tcp --dport 2501 -m comment --comment "!fw3: 918-2501 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_postrouting -s 192.168.2.0/24 -d 192.168.2.148/32 -p udp -m udp --dport 2501 -m comment --comment "!fw3: 918-2501 (reflection)" -j SNAT --to-source 192.168.2.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 5001 -m comment --comment "!fw3: DSM-门户 (reflection)" -j DNAT --to-destination 192.168.2.182:5001
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 5001 -m comment --comment "!fw3: DSM-门户 (reflection)" -j DNAT --to-destination 192.168.2.182:5001
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 4567 -m comment --comment "!fw3: DSM-EMBY (reflection)" -j DNAT --to-destination 192.168.2.182:8920
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 4567 -m comment --comment "!fw3: DSM-EMBY (reflection)" -j DNAT --to-destination 192.168.2.182:8920
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 8086 -m comment --comment "!fw3: DSM-QT (reflection)" -j DNAT --to-destination 192.168.2.182:8086
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 8086 -m comment --comment "!fw3: DSM-QT (reflection)" -j DNAT --to-destination 192.168.2.182:8086
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 6690 -m comment --comment "!fw3: DSM-6690 (reflection)" -j DNAT --to-destination 192.168.2.182:6690
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 6690 -m comment --comment "!fw3: DSM-6690 (reflection)" -j DNAT --to-destination 192.168.2.182:6690
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 9999 -m comment --comment "!fw3: 918-5000 (reflection)" -j DNAT --to-destination 192.168.2.148:5000
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 9999 -m comment --comment "!fw3: 918-5000 (reflection)" -j DNAT --to-destination 192.168.2.148:5000
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 5199 -m comment --comment "!fw3: 918-5199 (reflection)" -j DNAT --to-destination 192.168.2.148:5199
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 5199 -m comment --comment "!fw3: 918-5199 (reflection)" -j DNAT --to-destination 192.168.2.148:5199
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 10000 -m comment --comment "!fw3: 918-10000 (reflection)" -j DNAT --to-destination 192.168.2.148:10000
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 10000 -m comment --comment "!fw3: 918-10000 (reflection)" -j DNAT --to-destination 192.168.2.148:10000
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 2500 -m comment --comment "!fw3: 918-2500 (reflection)" -j DNAT --to-destination 192.168.2.148:2500
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 2500 -m comment --comment "!fw3: 918-2500 (reflection)" -j DNAT --to-destination 192.168.2.148:2500
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p tcp -m tcp --dport 2501 -m comment --comment "!fw3: 918-2501 (reflection)" -j DNAT --to-destination 192.168.2.148:2501
-A zone_lan_prerouting -s 192.168.2.0/24 -d *WAN IP*.86/32 -p udp -m udp --dport 2501 -m comment --comment "!fw3: 918-2501 (reflection)" -j DNAT --to-destination 192.168.2.148:2501
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 5001 -m comment --comment "!fw3: DSM-门户" -j DNAT --to-destination 192.168.2.182:5001
-A zone_wan_prerouting -p udp -m udp --dport 5001 -m comment --comment "!fw3: DSM-门户" -j DNAT --to-destination 192.168.2.182:5001
-A zone_wan_prerouting -p tcp -m tcp --dport 4567 -m comment --comment "!fw3: DSM-EMBY" -j DNAT --to-destination 192.168.2.182:8920
-A zone_wan_prerouting -p udp -m udp --dport 4567 -m comment --comment "!fw3: DSM-EMBY" -j DNAT --to-destination 192.168.2.182:8920
-A zone_wan_prerouting -p tcp -m tcp --dport 8086 -m comment --comment "!fw3: DSM-QT" -j DNAT --to-destination 192.168.2.182:8086
-A zone_wan_prerouting -p udp -m udp --dport 8086 -m comment --comment "!fw3: DSM-QT" -j DNAT --to-destination 192.168.2.182:8086
-A zone_wan_prerouting -p tcp -m tcp --dport 6690 -m comment --comment "!fw3: DSM-6690" -j DNAT --to-destination 192.168.2.182:6690
-A zone_wan_prerouting -p udp -m udp --dport 6690 -m comment --comment "!fw3: DSM-6690" -j DNAT --to-destination 192.168.2.182:6690
-A zone_wan_prerouting -p tcp -m tcp --dport 9999 -m comment --comment "!fw3: 918-5000" -j DNAT --to-destination 192.168.2.148:5000
-A zone_wan_prerouting -p udp -m udp --dport 9999 -m comment --comment "!fw3: 918-5000" -j DNAT --to-destination 192.168.2.148:5000
-A zone_wan_prerouting -p tcp -m tcp --dport 5199 -m comment --comment "!fw3: 918-5199" -j DNAT --to-destination 192.168.2.148:5199
-A zone_wan_prerouting -p udp -m udp --dport 5199 -m comment --comment "!fw3: 918-5199" -j DNAT --to-destination 192.168.2.148:5199
-A zone_wan_prerouting -p tcp -m tcp --dport 10000 -m comment --comment "!fw3: 918-10000" -j DNAT --to-destination 192.168.2.148:10000
-A zone_wan_prerouting -p udp -m udp --dport 10000 -m comment --comment "!fw3: 918-10000" -j DNAT --to-destination 192.168.2.148:10000
-A zone_wan_prerouting -p tcp -m tcp --dport 2500 -m comment --comment "!fw3: 918-2500" -j DNAT --to-destination 192.168.2.148:2500
-A zone_wan_prerouting -p udp -m udp --dport 2500 -m comment --comment "!fw3: 918-2500" -j DNAT --to-destination 192.168.2.148:2500
-A zone_wan_prerouting -p tcp -m tcp --dport 2501 -m comment --comment "!fw3: 918-2501" -j DNAT --to-destination 192.168.2.148:2501
-A zone_wan_prerouting -p udp -m udp --dport 2501 -m comment --comment "!fw3: 918-2501" -j DNAT --to-destination 192.168.2.148:2501
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Jan 19 16:58:48 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Jan 19 16:58:48 2023
*mangle
:PREROUTING ACCEPT [18577403:19082109730]
:INPUT ACCEPT [17132858:18987771588]
:FORWARD ACCEPT [1500055:113766665]
:OUTPUT ACCEPT [12672490:19223200492]
:POSTROUTING ACCEPT [14169035:19336615136]
:openclash - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --sport 2501 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --dport 2501 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --sport 2500 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --dport 2500 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --sport 10000 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --dport 10000 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --sport 5199 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --dport 5199 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --sport 5000 -j RETURN
-A openclash -s 192.168.2.148/32 -p udp -m udp --dport 9999 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --sport 6690 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --dport 6690 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --sport 8086 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --dport 8086 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --sport 8920 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --dport 4567 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --sport 5001 -j RETURN
-A openclash -s 192.168.2.182/32 -p udp -m udp --dport 5001 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Thu Jan 19 16:58:48 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Thu Jan 19 16:58:48 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:openclash_wan_input - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i pppoe-wan -m set ! --match-set localnetwork src -j openclash_wan_input
-A INPUT -d 192.168.2.1/32 -i br-lan -p tcp -m tcp --dport 40951 -j ACCEPT
-A INPUT -i br-lan -p udp -m udp --dport 60452 -j ACCEPT
-A INPUT -i br-lan -p udp -m udp --dport 57730 -j ACCEPT
-A INPUT -i br-lan -p udp -m udp --dport 57037 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -i lo -p tcp -m tcp --dport 50121 -j DROP
-A INPUT -i br-lan -p tcp -m tcp --dport 16363 -j ACCEPT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A MINIUPNPD -d 192.168.2.139/32 -p udp -m udp --dport 56333 -j ACCEPT
-A MINIUPNPD -d 192.168.2.182/32 -p tcp -m tcp --dport 8096 -j ACCEPT
-A MINIUPNPD -d 192.168.2.182/32 -p tcp -m tcp --dport 8920 -j ACCEPT
-A MINIUPNPD -d 192.168.2.235/32 -p tcp -m tcp --dport 41977 -j ACCEPT
-A MINIUPNPD -d 192.168.2.235/32 -p udp -m udp --dport 54891 -j ACCEPT
-A MINIUPNPD -d 192.168.2.217/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.2.235/32 -p tcp -m tcp --dport 35419 -j ACCEPT
-A MINIUPNPD -d 192.168.2.235/32 -p udp -m udp --dport 47287 -j ACCEPT
-A MINIUPNPD -d 192.168.2.217/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.2.217/32 -p udp -m udp --dport 3027 -j ACCEPT
-A MINIUPNPD -d 192.168.2.148/32 -p tcp -m tcp --dport 5000 -j ACCEPT
-A MINIUPNPD -d 192.168.2.148/32 -p tcp -m tcp --dport 5005 -j ACCEPT
-A MINIUPNPD -d 192.168.2.148/32 -p tcp -m tcp --dport 6690 -j ACCEPT
-A MINIUPNPD -d 192.168.2.148/32 -p tcp -m tcp --dport 10000 -j ACCEPT
-A MINIUPNPD -d 192.168.2.217/32 -p udp -m udp --dport 42154 -j ACCEPT
-A MINIUPNPD -d 192.168.2.203/32 -p udp -m udp --dport 41429 -j ACCEPT
-A MINIUPNPD -d 192.168.2.182/32 -p tcp -m tcp --dport 44286 -j ACCEPT
-A MINIUPNPD -d 192.168.2.182/32 -p udp -m udp --dport 44286 -j ACCEPT
-A MINIUPNPD -d 192.168.2.182/32 -p tcp -m tcp --dport 8085 -j ACCEPT
-A openclash_wan_input -p udp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A openclash_wan_input -p tcp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Jan 19 16:58:48 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Thu Jan 19 16:58:48 2023
*nat
:PREROUTING ACCEPT [18709:4765366]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [94:7664]
:POSTROUTING ACCEPT [94:7664]
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Thu Jan 19 16:58:48 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Thu Jan 19 16:58:48 2023
*mangle
:PREROUTING ACCEPT [215465:52918675]
:INPUT ACCEPT [3822:681888]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4601:726273]
:POSTROUTING ACCEPT [4601:726273]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Thu Jan 19 16:58:48 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Thu Jan 19 16:58:48 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Jan 19 16:58:48 2023

#===================== IPSET状态 =====================#

Name: china_ip_route
Name: china_ip_route_pass
Name: localnetwork

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         125.77.88.1     0.0.0.0         UG    0      0        0 pppoe-wan
125.77.88.1     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via 125.77.88.1 dev pppoe-wan proto static 
125.77.88.1 dev pppoe-wan proto kernel scope link src *WAN IP*.86 
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      16999/clash
tcp        0      0 :::7891                 :::*                    LISTEN      16999/clash
tcp        0      0 :::7892                 :::*                    LISTEN      16999/clash
tcp        0      0 :::7893                 :::*                    LISTEN      16999/clash
tcp        0      0 :::7895                 :::*                    LISTEN      16999/clash
tcp        0      0 :::9090                 :::*                    LISTEN      16999/clash
udp        0      0 :::45675                :::*                                16999/clash
udp        0      0 :::7874                 :::*                                16999/clash
udp        0      0 :::7891                 :::*                                16999/clash
udp        0      0 :::7892                 :::*                                16999/clash
udp        0      0 :::7893                 :::*                                16999/clash
udp        0      0 :::7895                 :::*                                16999/clash
udp        0      0 :::43545                :::*                                16999/clash
udp        0      0 :::60550                :::*                                16999/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 14.215.177.38
Name:   www.a.shifen.com
Address: 14.215.177.39

#===================== resolv.conf.d =====================#

# Interface lan
nameserver 223.5.5.5
# Interface wan
nameserver 218.85.157.99
nameserver 218.85.152.99
# Interface wan_6
nameserver 240e:14:6000::1
nameserver 240e:14:e000::1

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 19 Jan 2023 08:58:48 GMT
Etag: "575e1f65-115"
Last-Modified: Mon, 13 Jun 2016 02:50:13 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "99593e4235822e9fb3fd0060c09aa3aa61d3844bbd6a1fe4bf92b0469522b25f"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 43EA:6701:1A6ABF:1FC227:63C8C1EE
accept-ranges: bytes
date: Thu, 19 Jan 2023 08:58:49 GMT
via: 1.1 varnish
x-served-by: cache-itm18820-ITM
x-cache: HIT
x-cache-hits: 1
x-timer: S1674118729.167580,VS0,VE258
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 69b1527c5156bb78ea6cdfbfb8ab059734c4427b
expires: Thu, 19 Jan 2023 09:03:49 GMT
source-age: 0
content-length: 80

#===================== 最近运行日志 =====================#

08:58:34 INF [TCP] connected lAddr=192.168.2.182:35589 rAddr=65.21.32.238:55531 mode=rule rule=Match() proxy=DIRECT
08:58:35 WRN [TCP] dial failed error=dial tcp4 60.54.167.112:21301: i/o timeout proxy=DIRECT lAddr=192.168.2.182:59611 rAddr=60.54.167.112:21301 rule=Match rulePayload=
08:58:35 WRN [TCP] dial failed error=dial tcp4 219.92.42.223:46347: i/o timeout proxy=DIRECT lAddr=192.168.2.182:40581 rAddr=219.92.42.223:46347 rule=Match rulePayload=
08:58:35 INF [TCP] connected lAddr=192.168.2.182:37447 rAddr=115.41.166.188:50555 mode=rule rule=Match() proxy=DIRECT
08:58:35 WRN [TCP] dial failed error=dial tcp4 192.210.213.218:55555: connect: no route to host proxy=DIRECT lAddr=192.168.2.182:37561 rAddr=192.210.213.218:55555 rule=Match rulePayload=
08:58:36 INF [TCP] connected lAddr=192.168.2.182:34048 rAddr=129.154.58.225:60883 mode=rule rule=Match() proxy=DIRECT
08:58:36 WRN [TCP] dial failed error=dial tcp4 98.37.128.203:51416: connect: connection refused proxy=DIRECT lAddr=192.168.2.182:39407 rAddr=98.37.128.203:51416 rule=Match rulePayload=
08:58:36 INF [TCP] connected lAddr=192.168.2.182:39377 rAddr=38.102.84.75:27652 mode=rule rule=Match() proxy=DIRECT
08:58:36 INF [TCP] connected lAddr=192.168.2.182:42367 rAddr=65.21.32.238:55531 mode=rule rule=Match() proxy=DIRECT
08:58:37 WRN [TCP] dial failed error=dial tcp4 169.150.232.230:21471: i/o timeout proxy=DIRECT lAddr=192.168.2.182:36418 rAddr=169.150.232.230:21471 rule=Match rulePayload=
08:58:37 INF [TCP] connected lAddr=192.168.2.138:65251 rAddr=events.gfe.nvidia.com:443 mode=rule rule=DstPort(443) proxy=Others[BWGJP]
08:58:37 INF [TCP] connected lAddr=192.168.2.182:60392 rAddr=129.154.58.225:60883 mode=rule rule=Match() proxy=DIRECT
08:58:38 INF [TCP] connected lAddr=192.168.2.182:38613 rAddr=115.41.166.188:50555 mode=rule rule=Match() proxy=DIRECT
08:58:39 INF [TCP] connected lAddr=192.168.2.182:41279 rAddr=129.154.58.225:60883 mode=rule rule=Match() proxy=DIRECT
08:58:39 INF [TCP] connected lAddr=192.168.2.182:60154 rAddr=129.154.58.225:60883 mode=rule rule=Match() proxy=DIRECT
08:58:39 WRN [TCP] dial failed error=dial tcp4 103.184.113.50:28811: connect: connection refused proxy=DIRECT lAddr=192.168.2.182:48294 rAddr=103.184.113.50:28811 rule=Match rulePayload=
08:58:40 INF [TCP] connected lAddr=192.168.2.138:65277 rAddr=ls.dtrace.nvidia.com:443 mode=rule rule=DstPort(443) proxy=Others[BWGJP]
08:58:41 WRN [TCP] dial failed error=dial tcp4 71.234.148.236:63769: i/o timeout proxy=DIRECT lAddr=192.168.2.182:54726 rAddr=71.234.148.236:63769 rule=Match rulePayload=
08:58:41 WRN [TCP] dial failed error=dial tcp4 115.66.18.102:51413: i/o timeout proxy=DIRECT lAddr=192.168.2.182:56050 rAddr=115.66.18.102:51413 rule=Match rulePayload=
08:58:41 WRN [TCP] dial failed error=dial tcp4 74.80.53.128:53816: i/o timeout proxy=DIRECT lAddr=192.168.2.182:43317 rAddr=74.80.53.128:53816 rule=Match rulePayload=
08:58:41 WRN [TCP] dial failed error=dial tcp4 110.93.86.166:41524: i/o timeout proxy=DIRECT lAddr=192.168.2.182:45124 rAddr=110.93.86.166:41524 rule=Match rulePayload=
08:58:41 WRN [TCP] dial failed error=dial tcp4 107.182.23.195:16881: connect: connection refused proxy=DIRECT lAddr=192.168.2.182:36291 rAddr=107.182.23.195:16881 rule=Match rulePayload=
08:58:41 INF [TCP] connected lAddr=192.168.2.182:42225 rAddr=65.21.32.238:55531 mode=rule rule=Match() proxy=DIRECT
08:58:42 INF [TCP] connected lAddr=192.168.2.182:40073 rAddr=115.41.166.188:50555 mode=rule rule=Match() proxy=DIRECT
08:58:43 INF [TCP] connected lAddr=192.168.2.182:39229 rAddr=129.154.58.225:60883 mode=rule rule=Match() proxy=DIRECT
08:58:43 INF [TCP] connected lAddr=192.168.2.182:55822 rAddr=129.154.58.225:60883 mode=rule rule=Match() proxy=DIRECT
08:58:44 WRN [TCP] dial failed error=dial tcp4 142.188.68.253:18975: i/o timeout proxy=DIRECT lAddr=192.168.2.182:56352 rAddr=142.188.68.253:18975 rule=Match rulePayload=
08:58:44 INF [TCP] connected lAddr=192.168.2.182:39345 rAddr=220.135.213.141:26881 mode=rule rule=Match() proxy=DIRECT
08:58:44 INF [TCP] connected lAddr=192.168.2.182:54915 rAddr=115.41.166.188:50555 mode=rule rule=Match() proxy=DIRECT
08:58:45 INF [TCP] connected lAddr=192.168.2.182:47680 rAddr=115.41.166.188:50555 mode=rule rule=Match() proxy=DIRECT
08:58:45 INF [TCP] connected lAddr=192.168.2.182:45215 rAddr=195.154.227.167:45697 mode=rule rule=Match() proxy=DIRECT
08:58:45 INF [TCP] connected lAddr=192.168.2.182:47248 rAddr=www.shooter.cn:443 mode=rule rule=RuleSet(Domestic) proxy=Domestic[DIRECT]
08:58:45 INF [TCP] connected lAddr=192.168.2.182:51980 rAddr=www.imdb.com:443 mode=rule rule=DstPort(443) proxy=Others[BWGJP]
08:58:46 WRN [TCP] dial failed error=dial tcp4 177.228.168.43:57126: i/o timeout proxy=DIRECT lAddr=192.168.2.182:32885 rAddr=177.228.168.43:57126 rule=Match rulePayload=
08:58:46 INF [TCP] connected lAddr=192.168.2.182:38521 rAddr=199.19.224.168:42541 mode=rule rule=Match() proxy=DIRECT
08:58:46 INF [TCP] connected lAddr=192.168.2.182:54658 rAddr=115.41.166.188:50555 mode=rule rule=Match() proxy=DIRECT
08:58:46 INF [TCP] connected lAddr=192.168.2.182:39114 rAddr=88.10.65.189:51413 mode=rule rule=Match() proxy=DIRECT
08:58:46 INF [TCP] connected lAddr=192.168.2.182:34631 rAddr=46.232.211.241:58113 mode=rule rule=Match() proxy=DIRECT
08:58:46 INF [TCP] connected lAddr=192.168.2.182:52026 rAddr=www.imdb.com:443 mode=rule rule=DstPort(443) proxy=Others[BWGJP]
08:58:46 INF [TCP] connected lAddr=192.168.2.182:49654 rAddr=39.109.210.224:10413 mode=rule rule=Match() proxy=DIRECT
08:58:46 INF [TCP] connected lAddr=192.168.2.182:52072 rAddr=www.imdb.com:443 mode=rule rule=DstPort(443) proxy=Others[BWGJP]
08:58:47 WRN [TCP] dial failed error=dial tcp4 212.154.4.61:62086: i/o timeout proxy=DIRECT lAddr=192.168.2.182:44253 rAddr=212.154.4.61:62086 rule=Match rulePayload=
08:58:47 INF [TCP] connected lAddr=192.168.2.182:36935 rAddr=46.232.211.241:58113 mode=rule rule=Match() proxy=DIRECT
08:58:48 WRN [TCP] dial failed error=dial tcp4 89.64.100.70:55278: i/o timeout proxy=DIRECT lAddr=192.168.2.182:56719 rAddr=89.64.100.70:55278 rule=Match rulePayload=
08:58:48 INF [TCP] connected lAddr=192.168.2.182:57480 rAddr=115.41.166.188:50555 mode=rule rule=Match() proxy=DIRECT
08:58:48 INF [TCP] connected lAddr=192.168.2.138:65353 rAddr=azscus1-client-s.gateway.messenger.live.com:443 mode=rule rule=RuleSet(Microsoft) proxy=Microsoft[DIRECT]
08:58:49 WRN [TCP] dial failed error=dial tcp4 71.234.148.236:63769: i/o timeout proxy=DIRECT lAddr=192.168.2.182:44033 rAddr=71.234.148.236:63769 rule=Match rulePayload=
08:58:49 INF [TCP] connected lAddr=*WAN IP*.86:58436 rAddr=raw.githubusercontent.com:443 mode=rule rule=RuleSet(PROXY) proxy=Proxy[BWGJP]
08:58:49 INF [TCP] connected lAddr=192.168.2.182:49252 rAddr=129.154.58.225:60883 mode=rule rule=Match() proxy=DIRECT
08:58:49 INF [TCP] connected lAddr=192.168.2.182:41725 rAddr=50.47.99.128:60578 mode=rule rule=Match() proxy=DIRECT

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.2.138】 - Host:【imap.gmail.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
2. SourceIP:【192.168.2.138】 - Host:【steamcommunity.com】 - DestinationIP:【104.82.45.217】 - Network:【tcp】 - RulePayload:【Steam】 - Lastchain:【ALIHK64】
3. SourceIP:【192.168.2.138】 - Host:【graph.oculus.com】 - DestinationIP:【157.240.22.49】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
4. SourceIP:【192.168.2.138】 - Host:【streamer.finance.yahoo.com】 - DestinationIP:【54.187.49.0】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【ALIHK64】
5. SourceIP:【192.168.2.138】 - Host:【graph.oculus.com】 - DestinationIP:【157.240.22.49】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
6. SourceIP:【192.168.2.138】 - Host:【edge-mqtt.facebook.com】 - DestinationIP:【157.240.22.12】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
7. SourceIP:【192.168.2.194】 - Host:【mtalk.google.com】 - DestinationIP:【142.251.2.188】 - Network:【tcp】 - RulePayload:【Google FCM】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.2.145】 - Host:【connectivitycheck.gstatic.com】 - DestinationIP:【203.208.43.66】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
9. SourceIP:【192.168.2.138】 - Host:【azscus1-client-s.gateway.messenger.live.com】 - DestinationIP:【40.74.219.49】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.2.138】 - Host:【imap-mail.outlook.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
11. SourceIP:【192.168.2.138】 - Host:【client.wns.windows.com】 - DestinationIP:【13.64.180.106】 - Network:【tcp】 - RulePayload:【Special】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.2.138】 - Host:【imap.gmail.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
13. SourceIP:【192.168.2.138】 - Host:【kr.actual.battle.net】 - DestinationIP:【59.153.40.58】 - Network:【tcp】 - RulePayload:【Domestic】 - Lastchain:【DIRECT】
14. SourceIP:【192.168.2.182】 - Host:【Empty】 - DestinationIP:【220.135.213.141】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.2.138】 - Host:【firestore.googleapis.com】 - DestinationIP:【142.250.189.234】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
16. SourceIP:【192.168.2.145】 - Host:【www.youtube.com】 - DestinationIP:【142.250.191.46】 - Network:【tcp】 - RulePayload:【YouTube】 - Lastchain:【🇭🇰 香港家宽 02丨1x HK】
17. SourceIP:【192.168.2.145】 - Host:【push.prod.netflix.com】 - DestinationIP:【35.81.92.226】 - Network:【tcp】 - RulePayload:【Netflix】 - Lastchain:【🇭🇰 香港 11丨1x HK】
18. SourceIP:【192.168.2.138】 - Host:【imap.gmail.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
19. SourceIP:【192.168.2.138】 - Host:【edge-mqtt.facebook.com】 - DestinationIP:【157.240.22.12】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
20. SourceIP:【192.168.2.139】 - Host:【edge-mqtt.facebook.com】 - DestinationIP:【157.240.22.12】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
21. SourceIP:【192.168.2.138】 - Host:【imap.gmail.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
22. SourceIP:【192.168.2.138】 - Host:【trouter-azsc-uswe-0-a.trouter.skype.com】 - DestinationIP:【13.88.31.235】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.2.138】 - Host:【www.google.com】 - DestinationIP:【142.250.189.196】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
24. SourceIP:【*WAN IP*.86】 - Host:【Empty】 - DestinationIP:【173.82.239.189】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.2.145】 - Host:【dl.google.com】 - DestinationIP:【220.181.174.33】 - Network:【tcp】 - RulePayload:【Special】 - Lastchain:【DIRECT】
26. SourceIP:【192.168.2.138】 - Host:【ext1-hkg1.steamserver.net】 - DestinationIP:【103.28.54.165】 - Network:【tcp】 - RulePayload:【Special】 - Lastchain:【DIRECT】
27. SourceIP:【192.168.2.139】 - Host:【gateway.facebook.com】 - DestinationIP:【157.240.22.11】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
28. SourceIP:【192.168.2.182】 - Host:【Empty】 - DestinationIP:【46.232.211.241】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.2.138】 - Host:【imap.gmail.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
30. SourceIP:【192.168.2.139】 - Host:【mqtt-mini.facebook.com】 - DestinationIP:【157.240.22.32】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
31. SourceIP:【192.168.2.138】 - Host:【telemetry-in.battle.net】 - DestinationIP:【24.105.29.76】 - Network:【tcp】 - RulePayload:【Domestic】 - Lastchain:【DIRECT】
32. SourceIP:【192.168.2.138】 - Host:【alive.github.com】 - DestinationIP:【140.82.113.26】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
33. SourceIP:【192.168.2.139】 - Host:【gateway.facebook.com】 - DestinationIP:【157.240.22.11】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
34. SourceIP:【192.168.2.182】 - Host:【Empty】 - DestinationIP:【50.47.99.128】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
35. SourceIP:【192.168.2.138】 - Host:【steambroadcast.akamaized.net】 - DestinationIP:【23.67.33.74】 - Network:【tcp】 - RulePayload:【Special】 - Lastchain:【DIRECT】
36. SourceIP:【192.168.2.138】 - Host:【imap-mail.outlook.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
37. SourceIP:【192.168.2.138】 - Host:【graph.oculus.com】 - DestinationIP:【157.240.22.49】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
38. SourceIP:【192.168.2.138】 - Host:【imap-mail.outlook.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
39. SourceIP:【192.168.2.138】 - Host:【imap-mail.outlook.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
40. SourceIP:【192.168.2.138】 - Host:【azscus1-client-s.gateway.messenger.live.com】 - DestinationIP:【40.74.219.49】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【DIRECT】
41. SourceIP:【192.168.2.139】 - Host:【gateway.facebook.com】 - DestinationIP:【157.240.22.11】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
42. SourceIP:【192.168.2.139】 - Host:【gateway.facebook.com】 - DestinationIP:【157.240.22.11】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
43. SourceIP:【192.168.2.138】 - Host:【firestore.googleapis.com】 - DestinationIP:【142.250.191.42】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
44. SourceIP:【192.168.2.138】 - Host:【play.google.com】 - DestinationIP:【142.250.191.78】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
45. SourceIP:【192.168.2.153】 - Host:【eas.outlook.com】 - DestinationIP:【52.96.31.178】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【DIRECT】
46. SourceIP:【192.168.2.138】 - Host:【steambroadcast.akamaized.net】 - DestinationIP:【23.67.33.74】 - Network:【tcp】 - RulePayload:【Special】 - Lastchain:【DIRECT】
47. SourceIP:【192.168.2.145】 - Host:【Empty】 - DestinationIP:【142.250.141.188】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
48. SourceIP:【192.168.2.126】 - Host:【app-b02.lp1.npns.srv.nintendo.net】 - DestinationIP:【54.227.201.120】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
49. SourceIP:【192.168.2.184】 - Host:【cn2.ibabyp2p.com】 - DestinationIP:【47.96.131.246】 - Network:【udp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
50. SourceIP:【192.168.2.138】 - Host:【imap.gmail.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【993】 - Lastchain:【BWGJP】
51. SourceIP:【192.168.2.145】 - Host:【nrdp-ipv6.prod.ftl.netflix.com】 - DestinationIP:【52.12.110.108】 - Network:【tcp】 - RulePayload:【Netflix】 - Lastchain:【🇭🇰 香港 11丨1x HK】
52. SourceIP:【192.168.2.138】 - Host:【Empty】 - DestinationIP:【91.108.56.162】 - Network:【tcp】 - RulePayload:【Telegram】 - Lastchain:【BWGJP】
53. SourceIP:【192.168.2.138】 - Host:【e15.whatsapp.net】 - DestinationIP:【15.197.210.208】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
54. SourceIP:【192.168.2.138】 - Host:【graph.oculus.com】 - DestinationIP:【157.240.22.49】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
55. SourceIP:【192.168.2.139】 - Host:【graph.oculus.com】 - DestinationIP:【157.240.22.49】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【BWGJP】
56. SourceIP:【192.168.2.138】 - Host:【ic3.events.data.microsoft.com】 - DestinationIP:【20.50.80.209】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【DIRECT】
57. SourceIP:【192.168.2.153】 - Host:【36-courier.push.apple.com】 - DestinationIP:【17.57.144.120】 - Network:【tcp】 - RulePayload:【Apple】 - Lastchain:【DIRECT】
58. SourceIP:【192.168.2.218】 - Host:【Empty】 - DestinationIP:【17.57.145.172】 - Network:【tcp】 - RulePayload:【Apple】 - Lastchain:【DIRECT】
OpenClash Config

No response
Expected Behavior

希望能解决这个问题另外,在Fake-IP模式下(UDP勾选转发),使用Oculus Quest 2 游戏头显，无论是否用使用UU加速，均不可以正确连网和其他玩家一起游玩，只能切换到Redir-Host模式下才可以正常，也希望得到解决方法，感谢
Screenshots

第一种操作结果 ff829e02a70bfffc82f2ff50855f94b 第二种操作结果 a1881a687a588434598bf4a20bd16f6
vernesong / OpenClash

[Bug] Fake-ip模式,先开暴雪战网客户端,然后UU加速守望先锋无法进入服务器 #2945

Verify Steps

OpenClash Version

Bug on Environment

Bug on Platform

To Reproduce

Describe the Bug

OpenClash Log

OpenClash Config

Expected Behavior

Screenshots

vernesong / OpenClash

[Bug] Fake-ip模式,先开暴雪战网客户端,然后UU加速 守望先锋无法进入服务器 #2945

Verify Steps

OpenClash Version

Bug on Environment

Bug on Platform

To Reproduce

Describe the Bug

OpenClash Log

OpenClash Config

Expected Behavior

Screenshots

[Bug] Fake-ip模式,先开暴雪战网客户端,然后UU加速守望先锋无法进入服务器 #2945
