[Bug] 依赖安装情况检查结果不正确，无法正确收发包

[nautiluschan]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.78-beta

Bug on Environment

Other

Bug on Platform

Linux-arm64

To Reproduce

1）生成调试文件 2）访问谷歌 之前安装的openwrt官方固件，但是考虑到曾经安装过ss、chinadns之类插件，后重新安装friendlyarm R4S固件，问题依旧。

Describe the Bug

1）调试日志中，依赖检查内发现大量未安装，实际上已经安装;

root@FriendlyWrt:~# opkg list |grep dnsmasq-full
dnsmasq-full - 2.86-15 - It is intended to provide coupled DNS and DHCP service to a LAN.  This is a fully configurable variant with DHCPv4, DHCPv6, DNSSEC, Authoritative DNS and IPset, Conntrack support & NO_ID enabled by default.
root@FriendlyWrt:~# opkg list |grep coreutils-nohup
coreutils-nohup - 9.0-2 - Full version of standard GNU nohup utility.

2）无法访问 谷歌、Facebook、YouTube等，提示，dual stack dial failed:context deadline exceeded；运行状态页面检测IP.SB 国外、IPIFY 国外均显示国内IP，但是ping 谷歌、YouTube等返回IP正确，包无法发送。

nautilus@nautilus-PC:~$ ping google.com
PING google.com (142.251.46.206) 56(84) bytes of data.
^C
--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 41ms

nautilus@nautilus-PC:~$ ping youtube.com
PING youtube.com (142.250.189.238) 56(84) bytes of data.
^C
--- youtube.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 12ms

nautilus@nautilus-PC:~$ ping facebook.com
PING facebook.com (157.240.22.35) 56(84) bytes of data.
^C
--- facebook.com ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 31ms

OpenClash Log

OpenClash 调试日志

生成时间: 2023-01-28 20:00:53 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: FriendlyElec NanoPi R4S
固件版本: OpenWrt 22.03.2 r19803-9a599fee93
LuCI版本: 
内核版本: 5.15.78
处理器架构: 

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 未安装
coreutils: 未安装
coreutils-nohup: 未安装
bash: 未安装
curl: 未安装
ca-certificates: 未安装
ipset: 未安装
ip-full: 未安装
libcap: 未安装
libcap-bin: 未安装
ruby: 未安装
ruby-yaml: 未安装
ruby-psych: 未安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
kmod-nft-tproxy: 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
进程pid: 23624
运行权限: 23624: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-arm64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.11.25-8-g25028e7
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.12.0-8-ga5d5488
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g7a64c432
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 启用
仅允许常用端口流量: 启用
绕过中国大陆IP: 停用
DNS远程解析: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

proxy-groups:
- name: Proxy
  type: select
  proxies:
  - DIRECT
  - TK
  - NC
- name: Domestic
  type: select
  proxies:
  - DIRECT
  - Proxy
- name: Special
  type: select
  proxies:
  - Proxy
  - DIRECT
- name: Others
  type: select
  proxies:
  - Proxy
  - DIRECT
  - Domestic
- name: AdBlock
  type: select
  proxies:
  - REJECT
  - DIRECT
  - Proxy
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
log-level: info
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: false
geodata-loader: standard
tcp-concurrent: false
dns:
  enable: true
  ipv6: false
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 192.168.1.1
  - 114.114.114.114
  - 223.5.5.5
  - https://doh.pub/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - tls://8.8.8.8:853
  default-nameserver:
  - 192.168.1.1
  - 114.114.114.114
  - 223.5.5.5
  - tls://8.8.8.8:853
profile:
  store-selected: true
  store-fake-ip: true
rule-providers:
  Reject:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Reject.yaml
    path: "./rule_provider/Reject"
    interval: 86400
  Special:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Special.yaml
    path: "./rule_provider/Special"
    interval: 86400
  Netflix:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Netflix.yaml
    path: "./rule_provider/Netflix"
    interval: 86400
  Spotify:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Spotify.yaml
    path: "./rule_provider/Spotify"
    interval: 86400
  YouTube:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/YouTube.yaml
    path: "./rule_provider/YouTube"
    interval: 86400
  Bilibili:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Bilibili.yaml
    path: "./rule_provider/Bilibili"
    interval: 86400
  IQ:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/IQ.yaml
    path: "./rule_provider/IQI"
    interval: 86400
  IQIYI:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/IQIYI.yaml
    path: "./rule_provider/IQYI"
    interval: 86400
  Letv:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Letv.yaml
    path: "./rule_provider/Letv"
    interval: 86400
  Netease Music:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Netease%20Music.yaml
    path: "./rule_provider/Netease_Music"
    interval: 86400
  Tencent Video:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Tencent%20Video.yaml
    path: "./rule_provider/Tencent_Video"
    interval: 86400
  Youku:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Youku.yaml
    path: "./rule_provider/Youku"
    interval: 86400
  WeTV:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/WeTV.yaml
    path: "./rule_provider/WeTV"
    interval: 86400
  ABC:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/ABC.yaml
    path: "./rule_provider/ABC"
    interval: 86400
  Abema TV:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Abema%20TV.yaml
    path: "./rule_provider/Abema_TV"
    interval: 86400
  Amazon:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Amazon.yaml
    path: "./rule_provider/Amazon"
    interval: 86400
  Apple Music:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20Music.yaml
    path: "./rule_provider/Apple_Music"
    interval: 86400
  Apple News:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20News.yaml
    path: "./rule_provider/Apple_News"
    interval: 86400
  Apple TV:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20TV.yaml
    path: "./rule_provider/Apple_TV"
    interval: 86400
  Bahamut:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Bahamut.yaml
    path: "./rule_provider/Bahamut"
    interval: 86400
  BBC iPlayer:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/BBC%20iPlayer.yaml
    path: "./rule_provider/BBC_iPlayer"
    interval: 86400
  DAZN:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/DAZN.yaml
    path: "./rule_provider/DAZN"
    interval: 86400
  Discovery Plus:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Discovery%20Plus.yaml
    path: "./rule_provider/Discovery_Plus"
    interval: 86400
  Disney Plus:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Disney%20Plus.yaml
    path: "./rule_provider/Disney_Plus"
    interval: 86400
  encoreTVB:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/encoreTVB.yaml
    path: "./rule_provider/encoreTVB"
    interval: 86400
  F1 TV:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/F1%20TV.yaml
    path: "./rule_provider/F1_TV"
    interval: 86400
  Fox Now:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Fox%20Now.yaml
    path: "./rule_provider/Fox_Now"
    interval: 86400
  Fox+:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Fox%2B.yaml
    path: "./rule_provider/Fox+"
    interval: 86400
  HBO Go:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/HBO%20Go.yaml
    path: "./rule_provider/HBO_Go"
    interval: 86400
  HBO Max:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/HBO%20Max.yaml
    path: "./rule_provider/HBO_Max"
    interval: 86400
  Hulu Japan:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Hulu%20Japan.yaml
    path: "./rule_provider/Hulu_Japan"
    interval: 86400
  Hulu:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Hulu.yaml
    path: "./rule_provider/Hulu"
    interval: 86400
  Japonx:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Japonx.yaml
    path: "./rule_provider/Japonx"
    interval: 86400
  JOOX:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/JOOX.yaml
    path: "./rule_provider/JOOX"
    interval: 86400
  KKBOX:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/KKBOX.yaml
    path: "./rule_provider/KKBOX"
    interval: 86400
  KKTV:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/KKTV.yaml
    path: "./rule_provider/KKTV"
    interval: 86400
  Line TV:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Line%20TV.yaml
    path: "./rule_provider/Line_TV"
    interval: 86400
  myTV SUPER:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/myTV%20SUPER.yaml
    path: "./rule_provider/myTV_SUPER"
    interval: 86400
  Pandora:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Pandora.yaml
    path: "./rule_provider/Pandora"
    interval: 86400
  PBS:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/PBS.yaml
    path: "./rule_provider/PBS"
    interval: 86400
  Pornhub:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Pornhub.yaml
    path: "./rule_provider/Pornhub"
    interval: 86400
  Soundcloud:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Soundcloud.yaml
    path: "./rule_provider/Soundcloud"
    interval: 86400
  ViuTV:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/ViuTV.yaml
    path: "./rule_provider/ViuTV"
    interval: 86400
  Telegram:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Telegram.yaml
    path: "./rule_provider/Telegram"
    interval: 86400
  Crypto:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Crypto.yaml
    path: "./rule_provider/Crypto"
    interval: 86400
  Discord:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Discord.yaml
    path: "./rule_provider/Discord"
    interval: 86400
  Steam:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Steam.yaml
    path: "./rule_provider/Steam"
    interval: 86400
  Speedtest:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Speedtest.yaml
    path: "./rule_provider/Speedtest"
    interval: 86400
  PayPal:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/PayPal.yaml
    path: "./rule_provider/PayPal"
    interval: 86400
  Microsoft:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Microsoft.yaml
    path: "./rule_provider/Microsoft"
    interval: 86400
  PROXY:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Proxy.yaml
    path: "./rule_provider/Proxy"
    interval: 86400
  Domestic:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Domestic.yaml
    path: "./rule_provider/Domestic"
    interval: 86400
  Apple:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Apple.yaml
    path: "./rule_provider/Apple"
    interval: 86400
  Google FCM:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Google%20FCM.yaml
    path: "./rule_provider/Google FCM"
    interval: 86400
  Scholar:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Scholar.yaml
    path: "./rule_provider/Scholar"
    interval: 86400
  Domestic IPs:
    type: http
    behavior: ipcidr
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Domestic%20IPs.yaml
    path: "./rule_provider/Domestic_IPs"
    interval: 86400
  LAN:
    type: http
    behavior: classical
    url: https://fastly.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/LAN.yaml
    path: "./rule_provider/LAN"
    interval: 86400
script:
  code: |
    def main(ctx, metadata):
        ruleset_action = {"Reject": "AdBlock",
            "Special": "Special",
            "PROXY": "Proxy",
            "Domestic": "Domestic",
            "Domestic IPs": "Domestic",
            "LAN": "DIRECT"
          }

        port = int(metadata["dst_port"])

        if metadata["network"] == "UDP":
            if port == 443:
                ctx.log('[Script] matched QUIC traffic use reject')
                return "REJECT"

        port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
        if port not in port_list:
            ctx.log('[Script] not common port use direct')
            return "DIRECT"

        if metadata["dst_ip"] == "":
            metadata["dst_ip"] = ctx.resolve_ip(metadata["host"])

        for ruleset in ruleset_action:
            if ctx.rule_providers[ruleset].match(metadata):
                return ruleset_action[ruleset]

        if metadata["dst_ip"] == "":
            return "DIRECT"

        code = ctx.geoip(metadata["dst_ip"])
        if code == "CN":
            ctx.log('[Script] Geoip CN')
            return "Domestic"

        ctx.log('[Script] FINAL')
        return "Others"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- SRC-IP-CIDR,192.168.2.1/32,DIRECT
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- SRC-IP-CIDR,192.168.2.2/32,DIRECT
- SRC-PORT,51413/51414,DIRECT
- RULE-SET,Reject,AdBlock
- RULE-SET,Special,Special
- RULE-SET,PROXY,Proxy
- RULE-SET,Domestic,Domestic
- RULE-SET,Domestic IPs,Domestic
- RULE-SET,LAN,DIRECT
- GEOIP,CN,Domestic
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- DST-PORT,80,Others
- DST-PORT,443,Others
- DST-PORT,22,Others
- MATCH,DIRECT
interface-name: eth0
authentication:
- Clash:QOUv36Rv

#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sat Jan 28 20:00:56 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Sat Jan 28 20:00:56 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sat Jan 28 20:00:56 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Jan 28 20:00:56 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sat Jan 28 20:00:56 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-MAN - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-MAN -i br-lan -o docker0 -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate INVALID,NEW -j DROP
-A DOCKER-MAN -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
-A DOCKER-MAN -j RETURN
-A DOCKER-USER -j DOCKER-MAN
-A DOCKER-USER -i eth0 -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Sat Jan 28 20:00:56 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sat Jan 28 20:00:56 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Jan 28 20:00:56 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sat Jan 28 20:00:56 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Jan 28 20:00:56 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sat Jan 28 20:00:56 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sat Jan 28 20:00:56 2023

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
        iifname "eth0" ip saddr != @localnetwork counter packets 10641 bytes 6954609 jump openclash_wan_input
        iifname "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state established,related accept comment "!fw4: Allow inbound established and related flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname "eth0" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
        iifname "docker0" jump input_docker comment "!fw4: Handle docker IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy accept;
        ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
        iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname "eth0" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        iifname "docker0" jump forward_docker comment "!fw4: Handle docker IPv4/IPv6 forward traffic"
        jump upnp_forward comment "Hook into miniupnpd forwarding chain"
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        ip daddr { 8.8.4.4, 8.8.8.8 } tcp dport 53 counter packets 0 bytes 0 redirect to :7892 comment "OpenClash Google DNS Hijack"
        udp dport 53 counter packets 161 bytes 10893 redirect to :53 comment "OpenClash DNS Hijack"
        tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
        ip protocol tcp counter packets 6854 bytes 399315 jump openclash
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname "eth0" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
        jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
        ip protocol tcp counter packets 839 bytes 50340 jump openclash_output
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
    }
}
table inet fw4 {
    chain openclash {
        ip daddr @localnetwork counter packets 2649 bytes 146221 return
        ip saddr @localnetwork tcp sport @lan_ac_black_ports counter packets 0 bytes 0 return
        tcp dport != @common_ports counter packets 3821 bytes 229260 return
        ip protocol tcp counter packets 390 bytes 24170 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_output {
        ip daddr @localnetwork counter packets 45 bytes 2700 return
        ip saddr @localnetwork tcp sport @lan_ac_black_ports counter packets 0 bytes 0 return
        tcp dport != @common_ports meta skuid != 65534 counter packets 207 bytes 12420 return
        ip protocol tcp meta skuid != 65534 counter packets 9 bytes 540 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_wan_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
    }
}

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     0      0        0 br-lan
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
#ip route list
default via 192.168.1.1 dev eth0 proto static 
10.0.0.0/24 dev br-lan proto kernel scope link src 10.0.0.1 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.6 
#ip rule show
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

tcp        0      0 :::7892                 :::*                    LISTEN      23624/clash
tcp        0      0 :::7893                 :::*                    LISTEN      23624/clash
tcp        0      0 :::7895                 :::*                    LISTEN      23624/clash
tcp        0      0 :::7890                 :::*                    LISTEN      23624/clash
tcp        0      0 :::7891                 :::*                    LISTEN      23624/clash
tcp        0      0 :::9090                 :::*                    LISTEN      23624/clash
udp        0      0 :::7874                 :::*                                23624/clash
udp        0      0 :::7891                 :::*                                23624/clash
udp        0      0 :::7892                 :::*                                23624/clash
udp        0      0 :::7893                 :::*                                23624/clash
udp        0      0 :::7895                 :::*                                23624/clash

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 180.101.50.172
Name:   www.a.shifen.com
Address: 180.101.50.231

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 28 Jan 2023 12:00:58 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "99593e4235822e9fb3fd0060c09aa3aa61d3844bbd6a1fe4bf92b0469522b25f"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 58E2:6591:1F04B1:274D88:63CF008C
accept-ranges: bytes
date: Sat, 28 Jan 2023 12:00:58 GMT
via: 1.1 varnish
x-served-by: cache-nrt-rjtf7700069-NRT
x-cache: HIT
x-cache-hits: 1
x-timer: S1674907259.737212,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 48fd391d0aa2273d0b7a9fffde247d88f7bafa66
expires: Sat, 28 Jan 2023 12:05:58 GMT
source-age: 60
content-length: 80

#===================== 最近运行日志 =====================#

time="2023-01-28T12:00:07Z" level=info msg="[TCP] 10.0.0.12:52431 --> ad-c2s.fengmanginfo.com:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-01-28T12:00:10Z" level=info msg="[TCP] 10.0.0.8:51864 --> www.gstatic.com:443 match RuleSet(PROXY) using Proxy[DIRECT]"
time="2023-01-28T12:00:10Z" level=info msg="[TCP] 10.0.0.8:49272 --> github.githubassets.com:443 match RuleSet(PROXY) using Proxy[DIRECT]"
time="2023-01-28T12:00:10Z" level=info msg="[TCP] 10.0.0.8:49274 --> github.githubassets.com:443 match RuleSet(PROXY) using Proxy[DIRECT]"
time="2023-01-28T12:00:11Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45336 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:12Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45350 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:12Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45352 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:13Z" level=info msg="[TCP] 192.168.1.6:38348 --> tracker.m-team.cc:443 match DomainSuffix(m-team.cc) using DIRECT"
time="2023-01-28T12:00:15Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45356 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:16Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45372 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:16Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45388 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:17Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45396 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:17Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:45408 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:20Z" level=info msg="[TCP] 10.0.0.8:38466 --> packages.deepin.com:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-01-28T12:00:20Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41288 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:21Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41298 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:21Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41304 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:21Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41308 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:22Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41310 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:23Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41318 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:24Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41332 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:26Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41344 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:26Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41358 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:26Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41370 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:27Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41376 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:28Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41390 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:29Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:41406 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:30Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:38202 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:31Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:38216 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:31Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:38228 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:32Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:38244 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:35Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:38246 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:36Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:38260 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:36Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:38268 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:40Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:58476 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:41Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:58492 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:45Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:58502 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:46Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:58516 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:50Z" level=info msg="[TCP] 10.0.0.8:55530 --> packages.deepin.com:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-01-28T12:00:50Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:53942 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:51Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:53952 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:52Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:53958 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:55Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:53970 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:55Z" level=info msg="[TCP] 192.168.1.6:51924 --> raw.githubusercontent.com:443 match RuleSet(PROXY) using Proxy[DIRECT]"
time="2023-01-28T12:00:55Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:53986 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:56Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:53996 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:57Z" level=info msg="[TCP] 192.168.1.6:43942 --> on.springsunday.net:80 match DomainSuffix(springsunday.net) using DIRECT"
time="2023-01-28T12:00:57Z" level=warning msg="[TCP] dial Proxy (match RuleSet/PROXY) 10.0.0.8:54012 --> content-autofill.googleapis.com:443 error: dual stack dial failed:context deadline exceeded"
time="2023-01-28T12:00:58Z" level=info msg="[TCP] 192.168.1.6:11546 --> www.baidu.com:80 match RuleSet(Domestic) using Domestic[DIRECT]"
time="2023-01-28T12:00:58Z" level=info msg="[TCP] 192.168.1.6:51938 --> raw.githubusercontent.com:443 match RuleSet(PROXY) using Proxy[DIRECT]"

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.1.6】 - Host:【raw.githubusercontent.com】 - DestinationIP:【185.199.108.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.1.6】 - Host:【on.springsunday.net】 - DestinationIP:【198.98.48.123】 - Network:【tcp】 - RulePayload:【springsunday.net】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.1.6】 - Host:【tracker.hdchina.org】 - DestinationIP:【104.24.58.213】 - Network:【tcp】 - RulePayload:【hdchina.org】 - Lastchain:【DIRECT】
4. SourceIP:【10.0.0.8】 - Host:【avatars1.githubusercontent.com】 - DestinationIP:【185.199.109.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
5. SourceIP:【10.0.0.12】 - Host:【Empty】 - DestinationIP:【47.106.240.74】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
6. SourceIP:【10.0.0.8】 - Host:【qqwry.api.skk.moe】 - DestinationIP:【172.67.148.227】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【DIRECT】
7. SourceIP:【10.0.0.8】 - Host:【www.gstatic.com】 - DestinationIP:【203.208.40.34】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
8. SourceIP:【10.0.0.8】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
9. SourceIP:【10.0.0.8】 - Host:【api.github.com】 - DestinationIP:【192.30.255.117】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.6】 - Host:【tracker.m-team.cc】 - DestinationIP:【172.67.73.8】 - Network:【tcp】 - RulePayload:【m-team.cc】 - Lastchain:【DIRECT】
11. SourceIP:【10.0.0.8】 - Host:【a.nel.cloudflare.com】 - DestinationIP:【35.190.80.1】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
12. SourceIP:【10.0.0.8】 - Host:【ssl.gstatic.com】 - DestinationIP:【203.208.40.98】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
13. SourceIP:【10.0.0.8】 - Host:【avatars1.githubusercontent.com】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
14. SourceIP:【10.0.0.8】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.109.154】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
15. SourceIP:【10.0.0.8】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.13.31】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
16. SourceIP:【10.0.0.19】 - Host:【jmq-ngiot-cn.area.cn.ecouser.net】 - DestinationIP:【101.37.136.59】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
17. SourceIP:【10.0.0.8】 - Host:【avatars0.githubusercontent.com】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
18. SourceIP:【10.0.0.8】 - Host:【collector.github.com】 - DestinationIP:【140.82.112.22】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
19. SourceIP:【10.0.0.8】 - Host:【mtalk.google.com】 - DestinationIP:【142.250.141.188】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
20. SourceIP:【10.0.0.8】 - Host:【github.com】 - DestinationIP:【192.30.255.112】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
21. SourceIP:【10.0.0.8】 - Host:【safebrowsing.googleapis.com】 - DestinationIP:【180.163.151.161】 - Network:【tcp】 - RulePayload:【Special】 - Lastchain:【DIRECT】
22. SourceIP:【10.0.0.8】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.109.154】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
23. SourceIP:【10.0.0.8】 - Host:【avatars0.githubusercontent.com】 - DestinationIP:【185.199.110.133】 - Network:【tcp】 - RulePayload:【PROXY】 - Lastchain:【DIRECT】
24. SourceIP:【10.0.0.8】 - Host:【whois.pconline.com.cn】 - DestinationIP:【47.112.160.50】 - Network:【tcp】 - RulePayload:【Domestic】 - Lastchain:【DIRECT】

OpenClash Config

No response

Expected Behavior

找到原因并修复

Screenshots

No response

[vernesong]

你代理选的直连

[nautiluschan]

你代理选的直连

谢谢！

在策略组Proxy中，删除 包含其他策略组 DIRECT ，恢复正常了。

奇怪的是，依赖检查也变正常了，这两个不相关吧。

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
kmod-nft-tproxy: 未安装