[Bug] 旁路由Openwrt关闭OpenClash后，所有以Openwrt为网关的设备都无法上网，可以ping通内网

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
[X] Meaningful 我提交的不是无意义的催促更新或修复请求
OpenClash Version

v0.45.78-beta
Bug on Environment

Lean
Bug on Platform

Linux-amd64(x86-64)
To Reproduce

网络环境：iKuai主路由 + Openwrt旁路由
Describe the Bug

在已启用OpenClash的状态下，关闭OpenClash后，所有以Openwrt为网关的设备（包含有线和无线设备）都无法上网，仅可以可以ping通内网。
OpenClash Log

OpenClash 调试日志
生成时间: 2023-02-05 22:05:03 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: To be filled by O.E.M. To be filled by O.E.M./MAHOBAY - Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz : 2 Core 4 Thread
固件版本: OpenWrt GDQ AUTUMN[2022]
LuCI版本: 
内核版本: 5.15.78
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

#此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 未安装
coreutils: 未安装
coreutils-nohup: 未安装
bash: 未安装
curl: 未安装
ca-certificates: 未安装
ipset: 未安装
ip-full: 未安装
libcap: 未安装
libcap-bin: 未安装
ruby: 未安装
ruby-yaml: 未安装
ruby-psych: 未安装
ruby-pstore: 未安装
kmod-tun(TUN模式): 未安装
luci-compat(Luci >= 19.07): 未安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 未安装
iptables-mod-tproxy: 未安装
kmod-ipt-tproxy: 未安装
iptables-mod-extra: 未安装
kmod-ipt-extra: 未安装
kmod-ipt-nat: 未安装

#===================== 内核检查 =====================#

运行状态: 未运行
已选择的架构: 未选择架构

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2022.11.25-8-g25028e7
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.12.0-8-ga5d5488
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g7a64c432
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/Wallless_T.yaml
启动配置文件: /etc/openclash/Wallless_T.yaml
运行模式: redir-host-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
DNS劫持: 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
DNS远程解析: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F680 节点选择"
  type: select
  proxies:
  - "♻️ 自动选择"
  - "\U0001F52F 故障转移"
  - "\U0001F52E 负载均衡"
  - "\U0001F1ED\U0001F1F0 香港节点"

---已删除节点信息和规则---

redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - dhcp://"br-lan"
  - 192.168.88.1
  - 114.114.114.114
  - 119.29.29.29
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  default-nameserver:
  - 192.168.88.1
  - 114.114.114.114
  - 119.29.29.29
  fake-ip-filter:
  - "+.*"
experimental:
  sniff-tls-sni: true
tun:
  enable: true
  stack: system
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
  store-fake-ip: true

#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sun Feb  5 22:05:07 2023
*nat
:PREROUTING ACCEPT [1157:151639]
:INPUT ACCEPT [412:93917]
:OUTPUT ACCEPT [141:8716]
:POSTROUTING ACCEPT [22:1321]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_ipsecserver_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_ipsecserver_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_ipsecserver_postrouting - [0:0]
:zone_ipsecserver_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_postrouting
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_ipsecserver_postrouting -m comment --comment "!fw3: Custom ipsecserver postrouting rule chain" -j postrouting_ipsecserver_rule
-A zone_ipsecserver_prerouting -m comment --comment "!fw3: Custom ipsecserver prerouting rule chain" -j prerouting_ipsecserver_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun Feb  5 22:05:07 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sun Feb  5 22:05:07 2023
*mangle
:PREROUTING ACCEPT [22615:10911739]
:INPUT ACCEPT [5286:1285718]
:FORWARD ACCEPT [14930:9483451]
:OUTPUT ACCEPT [2776:930424]
:POSTROUTING ACCEPT [17583:10405361]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.88.251/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.251/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.139/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.139/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.235/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.235/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.252/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.252/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.253/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.253/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.237/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.237/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.254/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.254/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.10/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.10/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.239/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.239/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.20/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.20/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.22/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.22/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.15/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.15/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.24/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.24/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.32/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.32/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.17/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.17/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.50/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.50/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.10/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.10/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.240/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.240/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.11/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.11/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.51/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.51/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.35/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.35/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.36/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.36/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.20/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.20/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.12/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.12/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.60/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.60/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.21/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.21/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.13/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.13/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.30/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.30/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.22/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.22/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.62/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.62/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.70/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.70/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.14/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.14/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.38/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.38/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.31/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.31/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.15/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.15/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.23/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.23/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.72/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.72/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.40/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.40/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.24/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.24/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.32/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.32/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.16/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.16/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.238/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.238/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.41/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.41/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.33/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.33/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.17/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.17/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.25/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.25/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.50/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.50/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.42/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.42/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.239/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.239/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.18/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.18/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.34/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.34/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.26/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.26/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.43/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.43/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.19/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.19/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.35/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.35/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.27/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.27/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.51/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.51/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.28/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.28/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.44/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.44/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.60/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.60/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.36/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.36/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.52/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.52/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.61/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.61/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.37/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.37/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.86/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.86/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.38/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.38/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.54/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.54/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.46/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.46/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.70/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.70/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.62/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.62/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.47/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.47/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.39/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.39/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.63/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.63/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.55/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.55/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.56/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.56/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.48/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.48/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.49/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.49/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.1/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.1/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.57/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.57/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.58/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.58/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.66/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.66/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.59/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.59/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.68/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.68/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.69/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.69/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.2/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.2/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.3/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.3/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.4/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.4/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.5/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.5/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.51.1/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.51.1/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.6/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.6/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.7/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.7/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.8/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.8/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.89.9/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.89.9/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.101/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.101/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.111/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.111/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.103/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.103/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.104/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.104/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.122/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.122/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.123/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.123/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.108/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.108/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.116/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.116/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.109/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.109/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.117/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.117/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.230/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.230/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.231/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.231/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.240/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.240/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.232/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.232/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.241/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.241/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.233/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.233/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.234/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.234/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.88.242/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.88.242/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
COMMIT
# Completed on Sun Feb  5 22:05:07 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sun Feb  5 22:05:08 2023
*filter
:INPUT ACCEPT [9:452]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A forwarding_rule -i pppoe+ -j RETURN
-A forwarding_rule -o pppoe+ -j RETURN
-A forwarding_rule -i ppp+ -m conntrack --ctstate NEW -j ACCEPT
-A forwarding_rule -o ppp+ -m conntrack --ctstate NEW -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT
-A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Sun Feb  5 22:05:08 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sun Feb  5 22:05:08 2023
*nat
:PREROUTING ACCEPT [2248:268469]
:INPUT ACCEPT [2200:260773]
:OUTPUT ACCEPT [89:14088]
:POSTROUTING ACCEPT [89:14088]
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Sun Feb  5 22:05:08 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sun Feb  5 22:05:08 2023
*mangle
:PREROUTING ACCEPT [90056:15300065]
:INPUT ACCEPT [88587:15183821]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [500:87740]
:POSTROUTING ACCEPT [562:104894]
COMMIT
# Completed on Sun Feb  5 22:05:08 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sun Feb  5 22:05:08 2023
*filter
:INPUT ACCEPT [62:17154]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [98:20730]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT
-A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Sun Feb  5 22:05:08 2023

#===================== IPSET状态 =====================#

Name: cn
Name: ct
Name: cnc
Name: cmcc
Name: crtc
Name: cernet
Name: gwbn
Name: othernet
Name: music
Name: mwan3_connected_v4
Name: mwan3_connected_v6
Name: mwan3_source_v6
Name: mwan3_dynamic_v4
Name: mwan3_dynamic_v6
Name: mwan3_custom_v4
Name: mwan3_custom_v6
Name: mwan3_connected

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.88.1    0.0.0.0         UG    0      0        0 br-lan
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.88.0    0.0.0.0         255.255.252.0   U     0      0        0 br-lan
#ip route list
default via 192.168.88.1 dev br-lan proto static 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.88.0/22 dev br-lan proto kernel scope link src 192.168.88.251 
#ip rule show
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#===================== Tun设备状态 =====================#

#===================== 端口占用状态 =====================#

#===================== 测试本机DNS查询 =====================#

Server:     127.0.0.1
Address:    127.0.0.1#53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com.
Name:   www.a.shifen.com
Address: 163.177.151.110
Name:   www.a.shifen.com
Address: 163.177.151.109

#===================== resolv.conf.d =====================#

# Interface lan
nameserver 116.116.116.116
nameserver 221.5.88.88

#===================== 测试本机网络连接 =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sun, 05 Feb 2023 14:05:08 GMT
Etag: "575e1f72-115"
Last-Modified: Mon, 13 Jun 2016 02:50:26 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载 =====================#

#===================== 最近运行日志 =====================#

2023-02-05 22:00:31 Step 3: Modify The Config File...
2023-02-05 22:00:41 Step 4: Start Running The Clash Core...
2023-02-05 22:00:41 Tip: Detected The Exclusive Function of The TUN Core, Use TUN Core to Start...
2023-02-05 22:00:42 Step 5: Check The Core Status...
22:00:43 INF [Config] initial compatible provider name=🛡️ 隐私防护
22:00:43 INF [Config] initial compatible provider name=📲 电报消息
22:00:43 INF [Config] initial compatible provider name=🚀 手动切换
22:00:43 INF [Config] initial compatible provider name=🇸🇬 狮城节点
22:00:43 INF [Config] initial compatible provider name=🇭🇰 香港节点
22:00:43 INF [Config] initial compatible provider name=Ⓜ️ 微软服务
22:00:43 INF [Config] initial compatible provider name=🌏 国内媒体
22:00:43 INF [Config] initial compatible provider name=🎶 网易音乐
22:00:43 INF [Config] initial compatible provider name=🔯 故障转移
22:00:43 INF [Config] initial compatible provider name=🚀 节点选择
22:00:43 INF [Config] initial compatible provider name=🎯 全球直连
22:00:43 INF [Config] initial compatible provider name=🎮 游戏平台
22:00:43 INF [Config] initial compatible provider name=🎥 奈飞视频
22:00:43 INF [Config] initial compatible provider name=🐟 漏网之鱼
22:00:43 INF [Config] initial compatible provider name=📺 巴哈姆特
22:00:43 INF [Config] initial compatible provider name=🌍 国外媒体
22:00:43 INF [Config] initial compatible provider name=📹 油管视频
22:00:43 INF [Config] initial compatible provider name=🍎 苹果服务
22:00:43 INF [Config] initial compatible provider name=🇰🇷 韩国节点
22:00:43 INF [Config] initial compatible provider name=🇺🇲 美国节点
22:00:43 INF [Config] initial compatible provider name=🇨🇳 台湾节点
22:00:43 INF [Config] initial compatible provider name=🔮 负载均衡
22:00:43 INF [Config] initial compatible provider name=🎥 奈飞节点
22:00:43 INF [Config] initial compatible provider name=🛑 广告拦截
22:00:43 INF [Config] initial compatible provider name=🍃 应用净化
22:00:43 INF [Config] initial compatible provider name=🇯🇵 日本节点
22:00:43 INF [Config] initial compatible provider name=♻️ 自动选择
22:00:43 INF [Config] initial compatible provider name=🆎 AdBlock
22:00:43 INF [Config] initial compatible provider name=📢 谷歌FCM
22:00:43 INF [Config] initial compatible provider name=📺 哔哩哔哩
22:00:43 INF [Config] initial compatible provider name=Ⓜ️ 微软云盘
2023-02-05 22:00:45 Step 6: Wait For The File Downloading...
2023-02-05 22:00:47 Step 7: Set Firewall Rules...
2023-02-05 22:00:47 Tip: Waiting for TUN Interface Start...
2023-02-05 22:00:47 Step 8: Restart Dnsmasq...
2023-02-05 22:00:47 Step 9: Add Cron Rules, Start Daemons...
2023-02-05 22:00:47 OpenClash Start Successful!
2023-02-05 22:04:25 OpenClash Stoping...
2023-02-05 22:04:25 Step 1: Backup The Current Groups State...
2023-02-05 22:04:25 Step 2: Delete OpenClash Firewall Rules...
2023-02-05 22:04:26 Step 3: Close The OpenClash Daemons...
2023-02-05 22:04:26 Step 4: Close The Clash Core Process...
2023-02-05 22:04:27 Step 5: Restart Dnsmasq...
2023-02-05 22:04:27 Step 6: Delete OpenClash Residue File...
2023-02-05 22:04:27 OpenClash Already Stop!
2023-02-05 22:04:36【/tmp/clash_last_version】Download Failed:【curl: (28) Operation timed out after 10001 milliseconds with 0 bytes received】

#===================== 活动连接信息 =====================#
OpenClash Config

No response
Expected Behavior

关闭OpenClash不能导致上不了网
Screenshots
