[Bug] error: listen udp :0: bind: address already in use"

[jklolixxs]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.415.109-beta

Bug on Environment

Lean

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

v0.415.109-beta今天中午刚刚发现更新，于是就更新了一下，结果更新完毕，日志无限报 time="2023-04-15T05:35:45.460007365Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use" 7874是默认的ClashDNS监听端口，上个版本还是正常的，109这个版本突然就出现这个问题，导致网络全部中断，包括国内国外

Describe the Bug

v0.415.109-beta今天中午刚刚发现更新，于是就更新了一下，结果更新完毕，日志无限报 time="2023-04-15T05:35:45.460007365Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use" 7874是默认的ClashDNS监听端口，上个版本还是正常的，109这个版本突然就出现这个问题，导致网络全部中断，包括国内国外

OpenClash Log

OpenClash 调试日志

生成时间: 2023-04-15 13:37:44 插件版本: v0.45.109-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Default string Default string/Default string
固件版本: OpenWrt SNAPSHOT r0-72efda1
LuCI版本: git-23.087.57160-8186ccc-1
内核版本: 5.15.104
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 未运行
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.04.13-1-ge15ba70
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.15.0
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-gc2d1f71
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/Config-m.yaml
启动配置文件: /etc/openclash/Config-m.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

proxy-groups:

rule-providers:

rules:
- DST-PORT,7893,REJECT
- DST-PORT,7894,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- AND,((NETWORK,UDP),(OR,((DOMAIN-SUFFIX,dns.nextdns.io),(DOMAIN-SUFFIX,kahkee.xns.one),(DOMAIN-SUFFIX,novaxns.cyou),(DOMAIN-SUFFIX,beta.xns.one),(DOMAIN,hk.pro.xns.one),(DOMAIN,x08knsr3hx.cloudflare-gateway.com),(DOMAIN,yhkyoa83j5.cloudflare-gateway.com),(DOMAIN,6hkjyn5sp9.cloudflare-gateway.com),(DOMAIN-SUFFIX,adguard-dns.com))),(OR,((DST-PORT,443),(DST-PORT,853),(DST-PORT,5353),(DST-PORT,5053)))),DIRECT
- "AND,((OR,((NETWORK,UDP), (RULE-SET,stun_server))), (OR,((DST-PORT,19305), (DST-PORT,19302),
  (DST-PORT,10000), (DST-PORT,3478), (DST-PORT,443)))),\U0001F6D1 Reject"
- OR,((DOMAIN-SUFFIX,theporndude.com), (DOMAIN-SUFFIX,porndudecdn.com)),✈️ Proxy Group
- "OR,((GEOSITE,category-ads-all),(RULE-SET,Reject_Domain),(RULE-SET,Reject,no-resolve),(DOMAIN-SUFFIX,ourdvsss.com),(DOMAIN,upos-sz-mirroraliov.bilivideo.com),(DOMAIN,upos-sz-mirrorcosov.bilivideo.com)),\U0001F6D1
  Reject"
- OR,((DOMAIN-SUFFIX,qiandurebo.com), (DOMAIN-SUFFIX,qianduzhibo.com)),DIRECT
- "GEOSITE,bilibili,\U0001F5A5 BiliBili"
- "RULE-SET,BiliBili,\U0001F5A5 BiliBili"
- "RULE-SET,Netflix,\U0001F3A5 NETFLIX,no-resolve"
- "RULE-SET,PayPal,\U0001F4B3 PayPal,no-resolve"
- "OR,((DOMAIN-SUFFIX,okx.com),(DOMAIN-SUFFIX,okex.com),(DOMAIN-KEYWORD,okx),(RULE-SET,Binance,no-resolve)),\U0001F4B0
  USDT"
- "RULE-SET,Game,\U0001F3AE Game,no-resolve"
- RULE-SET,Nvidia,❇️ Nvidia,no-resolve
- "RULE-SET,GlobalMedia_Domain,\U0001F5A5 GlobalMedia"
- "RULE-SET,GlobalMedia,\U0001F5A5 GlobalMedia,no-resolve"
- DOMAIN-SUFFIX,push.apple.com,DIRECT
- "RULE-SET,Apple,\U0001F34E Apple,no-resolve"
- "RULE-SET,Google,\U0001F4E2 Google,no-resolve"
- RULE-SET,Microsoft,Ⓜ️ Microsoft,no-resolve
- "RULE-SET,Telegram,\U0001F4F1 Telegram,no-resolve"
- OR,((GEOSITE,geolocation-!cn),(RULE-SET,Proxy_Domain),(RULE-SET,Proxy,no-resolve),(RULE-SET,tld-not-cn)),✈️
  Proxy Group
- OR,((GEOSITE,cn),(RULE-SET,China_Domain),(RULE-SET,China,no-resolve),(RULE-SET,China_IP,no-resolve)),DIRECT
- RULE-SET,Lan,DIRECT,no-resolve
- GEOIP,CN,DIRECT
- "MATCH,\U0001F41F Final"
redir-port: 7894
tproxy-port: 7893
port: 7892
socks-port: 7891
mixed-port: 7890
mode: rule
log-level: info
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
find-process-mode: 'off'
global-client-fingerprint: chrome
dns:
  enable: true
  ipv6: false
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - tls://8.8.4.4
  proxy-server-nameserver:
  - tls://8.8.4.4:853
  nameserver-policy:
    geosite:cn:
    - udp://127.0.0.1:1745
    ".qiandurebo.com":
    - udp://127.0.0.1:1745
    ".qianduzhibo.com":
    - udp://127.0.0.1:1745
  use-hosts: true
sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
  force-domain:
  - "+"
  sniff:
    TLS:
    HTTP:
      ports:
      - 80
      - 8080-8880
      override-destination: true
profile:
  store-selected: true
hosts:

authentication:
- Clash:

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sat Apr 15 13:37:46 2023
*nat
:PREROUTING ACCEPT [77:7759]
:INPUT ACCEPT [174:13291]
:OUTPUT ACCEPT [496:31889]
:POSTROUTING ACCEPT [327:20852]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:PSW2 - [0:0]
:PSW2_OUTPUT - [0:0]
:PSW2_REDIRECT - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -j PSW2_REDIRECT
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -p tcp -j PSW2
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth1 -m comment --comment "!fw3" -j zone_wan_prerouting
-A OUTPUT -p tcp -j PSW2_OUTPUT
-A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE
-A POSTROUTING -o ztyxaqgiyj -j MASQUERADE
-A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE
-A POSTROUTING -o ztyxaqgiyj -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth1 -m comment --comment "!fw3" -j zone_wan_postrouting
-A PSW2 -m set --match-set laniplist dst -j RETURN
-A PSW2 -m set --match-set vpsiplist dst -j RETURN
-A PSW2 -d 192.168.1.2/32 -m comment --comment "\'WAN_IP_RETURN\'" -j RETURN
-A PSW2 -d 198.18.0.0/16 -p tcp -m comment --comment "\'默认\'" -j REDIRECT --to-ports 1041
-A PSW2 -p tcp -m comment --comment "\'默认\'" -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -j REDIRECT --to-ports 1041
-A PSW2 -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW2_OUTPUT -m set --match-set laniplist dst -j RETURN
-A PSW2_OUTPUT -d 211.99.113.220/32 -p tcp -m comment --comment "\'638212ab.qmzylp.sbs:12008\'" -m tcp --dport 12008 -j RETURN
-A PSW2_OUTPUT -m set --match-set vpsiplist dst -j RETURN
-A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW2_OUTPUT -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 1041
-A PSW2_OUTPUT -p tcp -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -j REDIRECT --to-ports 1041
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sat Apr 15 13:37:46 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sat Apr 15 13:37:46 2023
*mangle
:PREROUTING ACCEPT [5555:5177823]
:INPUT ACCEPT [5696:7195433]
:FORWARD ACCEPT [4149:4800310]
:OUTPUT ACCEPT [6062:9069723]
:POSTROUTING ACCEPT [10211:13870033]
:PSW2 - [0:0]
:PSW2_DIVERT - [0:0]
:PSW2_OUTPUT - [0:0]
:PSW2_RULE - [0:0]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A PREROUTING -p tcp -m socket -j PSW2_DIVERT
-A PREROUTING -j PSW2
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j RRDIPT_OUTPUT
-A OUTPUT -p udp -j PSW2_OUTPUT
-A PSW2 -m set --match-set laniplist dst -j RETURN
-A PSW2 -m set --match-set vpsiplist dst -j RETURN
-A PSW2 -d 192.168.1.2/32 -m comment --comment "\'WAN_IP_RETURN\'" -j RETURN
-A PSW2 -i lo -p udp -m comment --comment "\'本机\'" -m mark --mark 0x1 -j TPROXY --on-port 1041 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PSW2 -i lo -p udp -m comment --comment "\'本机\'" -j RETURN
-A PSW2 -p udp -m udp --dport 53 -j RETURN
-A PSW2 -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW2 -d 198.18.0.0/16 -p udp -m comment --comment "\'默认\'" -j PSW2_RULE
-A PSW2 -p udp -m comment --comment "\'默认\'" -j PSW2_RULE
-A PSW2 -p udp -m comment --comment "\'默认\'" -m mark --mark 0x1 -j TPROXY --on-port 1041 --on-ip 0.0.0.0 --tproxy-mark 0x1/0x1
-A PSW2 -p udp -m comment --comment "\'默认\'" -j RETURN
-A PSW2_DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A PSW2_DIVERT -j ACCEPT
-A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW2_OUTPUT -m set --match-set laniplist dst -j RETURN
-A PSW2_OUTPUT -d 211.99.113.220/32 -p udp -m comment --comment "\'638212ab.qmzylp.sbs:12008\'" -m udp --dport 12008 -j RETURN
-A PSW2_OUTPUT -m set --match-set vpsiplist dst -j RETURN
-A PSW2_OUTPUT -d 198.18.0.0/16 -p udp -j PSW2_RULE
-A PSW2_OUTPUT -p udp -j PSW2_RULE
-A PSW2_RULE -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PSW2_RULE -m mark --mark 0x1 -j RETURN
-A PSW2_RULE -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j MARK --set-xmark 0x1/0xffffffff
-A PSW2_RULE -p udp -m conntrack --ctstate NEW -j MARK --set-xmark 0x1/0xffffffff
-A PSW2_RULE -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A RRDIPT_FORWARD -s 192.168.8.223/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.8.223/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_INPUT -i eth1 -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A RRDIPT_OUTPUT -o eth1 -j RETURN
COMMIT
# Completed on Sat Apr 15 13:37:46 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sat Apr 15 13:37:46 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -j SOCAT
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -o ztyxaqgiyj -j ACCEPT
-A FORWARD -i ztyxaqgiyj -j ACCEPT
-A FORWARD -o ztyxaqgiyj -j ACCEPT
-A FORWARD -i ztyxaqgiyj -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Apr 15 13:37:46 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sat Apr 15 13:37:46 2023
*nat
:PREROUTING ACCEPT [118:15176]
:INPUT ACCEPT [113:10709]
:OUTPUT ACCEPT [76:8451]
:POSTROUTING ACCEPT [148:15536]
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Sat Apr 15 13:37:46 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sat Apr 15 13:37:46 2023
*mangle
:PREROUTING ACCEPT [224:22110]
:INPUT ACCEPT [207:19977]
:FORWARD ACCEPT [17:2133]
:OUTPUT ACCEPT [207:20036]
:POSTROUTING ACCEPT [224:22169]
:PSW2 - [0:0]
:PSW2_DIVERT - [0:0]
:PSW2_OUTPUT - [0:0]
:PSW2_RULE - [0:0]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A PREROUTING -p tcp -m socket -j PSW2_DIVERT
-A PREROUTING -j PSW2
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A FORWARD -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j RRDIPT_OUTPUT
-A PSW2 -m set --match-set laniplist6 dst -j RETURN
-A PSW2 -m set --match-set vpsiplist6 dst -j RETURN
-A PSW2 -d *WAN IP*:2c0e/128 -m comment --comment "\'WAN6_IP_RETURN\'" -j RETURN
-A PSW2 -p udp -m udp --dport 53 -j RETURN
-A PSW2 -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW2 -p udp -m comment --comment "\'默认\'" -j RETURN
-A PSW2_DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A PSW2_DIVERT -j ACCEPT
-A PSW2_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW2_OUTPUT -m set --match-set laniplist6 dst -j RETURN
-A PSW2_OUTPUT -m set --match-set vpsiplist6 dst -j RETURN
-A PSW2_RULE -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PSW2_RULE -m mark --mark 0x1 -j RETURN
-A PSW2_RULE -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j MARK --set-xmark 0x1/0xffffffff
-A PSW2_RULE -p udp -m conntrack --ctstate NEW -j MARK --set-xmark 0x1/0xffffffff
-A PSW2_RULE -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A RRDIPT_FORWARD -s fe80::14ad:efff:feb0:b367/128 -j RETURN
-A RRDIPT_FORWARD -d fe80::14ad:efff:feb0:b367/128 -j RETURN
-A RRDIPT_FORWARD -s 240e:319:2b1e:5e10:393d:9823:5e26:61fe/128 -j RETURN
-A RRDIPT_FORWARD -d 240e:319:2b1e:5e10:393d:9823:5e26:61fe/128 -j RETURN
-A RRDIPT_FORWARD -s 240e:319:2b1e:5e10:8fd7:63b6:498c:49e3/128 -j RETURN
-A RRDIPT_FORWARD -d 240e:319:2b1e:5e10:8fd7:63b6:498c:49e3/128 -j RETURN
-A RRDIPT_FORWARD -s fe80::105c:b065:8c70:2389/128 -j RETURN
-A RRDIPT_FORWARD -d fe80::105c:b065:8c70:2389/128 -j RETURN
-A RRDIPT_FORWARD -s fe80::82ad:16ff:fed6:3041/128 -j RETURN
-A RRDIPT_FORWARD -d fe80::82ad:16ff:fed6:3041/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:f3aa:4a9:72d1:f9ca/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:f3aa:4a9:72d1:f9ca/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1::22c/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1::22c/128 -j RETURN
-A RRDIPT_FORWARD -s fe80::6594:8169:94f2:7f41/128 -j RETURN
-A RRDIPT_FORWARD -d fe80::6594:8169:94f2:7f41/128 -j RETURN
-A RRDIPT_FORWARD -s 240e:319:2b1e:5e10:f91f:e3d0:c1b:8849/128 -j RETURN
-A RRDIPT_FORWARD -d 240e:319:2b1e:5e10:f91f:e3d0:c1b:8849/128 -j RETURN
-A RRDIPT_FORWARD -s 240e:319:2b1e:5e10:39c6:1be2:7c2c:4ae0/128 -j RETURN
-A RRDIPT_FORWARD -d 240e:319:2b1e:5e10:39c6:1be2:7c2c:4ae0/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:6da7:89b5:c87e:a82f/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:6da7:89b5:c87e:a82f/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:3478:a8ad:ca2d:ef1f/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:3478:a8ad:ca2d:ef1f/128 -j RETURN
-A RRDIPT_FORWARD -s fe80::2/128 -j RETURN
-A RRDIPT_FORWARD -d fe80::2/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:d9:fba:b630:f787/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:d9:fba:b630:f787/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1::ef5/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1::ef5/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:f91f:e3d0:c1b:8849/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:f91f:e3d0:c1b:8849/128 -j RETURN
-A RRDIPT_FORWARD -s 240e:319:2b1e:5e10:42c:c830:a56e:f472/128 -j RETURN
-A RRDIPT_FORWARD -d 240e:319:2b1e:5e10:42c:c830:a56e:f472/128 -j RETURN
-A RRDIPT_FORWARD -s fe80::9687:e0ff:fe05:7e10/128 -j RETURN
-A RRDIPT_FORWARD -d fe80::9687:e0ff:fe05:7e10/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:39c6:1be2:7c2c:4ae0/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:39c6:1be2:7c2c:4ae0/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:3458:b95e:2e6c:a240/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:3458:b95e:2e6c:a240/128 -j RETURN
-A RRDIPT_FORWARD -s 240e:319:2b1e:5e10:3478:a8ad:ca2d:ef1f/128 -j RETURN
-A RRDIPT_FORWARD -d 240e:319:2b1e:5e10:3478:a8ad:ca2d:ef1f/128 -j RETURN
-A RRDIPT_FORWARD -s fd79:641f:3af1:0:4b5b:9428:4664:3121/128 -j RETURN
-A RRDIPT_FORWARD -d fd79:641f:3af1:0:4b5b:9428:4664:3121/128 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_INPUT -i eth1 -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A RRDIPT_OUTPUT -o eth1 -j RETURN
COMMIT
# Completed on Sat Apr 15 13:37:46 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sat Apr 15 13:37:46 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -j SOCAT
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth1 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth1 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth1 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth1 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o eth1 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth1 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Sat Apr 15 13:37:46 2023

#===================== IPSET状态 =====================#

Name: mwan3_connected_v4
Name: mwan3_connected_v6
Name: mwan3_source_v6
Name: mwan3_dynamic_v4
Name: mwan3_dynamic_v6
Name: mwan3_custom_v4
Name: mwan3_custom_v6
Name: china
Name: laniplist
Name: vpsiplist
Name: laniplist6
Name: vpsiplist6
Name: mwan3_connected

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
10.10.10.0      0.0.0.0         255.255.255.0   U     0      0        0 ztyxaqgiyj
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.8.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
#ip route list
default via 192.168.1.1 dev eth1 proto static src 192.168.1.2 
10.10.10.0/24 dev ztyxaqgiyj proto kernel scope link src 10.10.10.10 
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2 
192.168.8.0/24 dev br-lan proto kernel scope link src 192.168.8.1 
#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x1 lookup 100
32766:  from all lookup main
32767:  from all lookup default

#===================== 端口占用状态 =====================#

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Name:   www.baidu.com
Address: 104.193.88.123
Name:   www.baidu.com
Address: 104.193.88.77

#===================== 测试内核DNS查询(www.instagram.com) =====================#

#===================== resolv.conf.auto =====================#

# Interface lan
nameserver 114.114.114.114
nameserver 119.29.29.29

#===================== resolv.conf.d =====================#

# Interface wan
nameserver 192.168.1.1
# Interface wan6
nameserver fe80::1%eth1

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 15 Apr 2023 05:37:49 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: ""
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 
accept-ranges: bytes
date: Sat, 15 Apr 2023 05:37:49 GMT
via: 1.1 varnish
x-served-by: cache-hkg17935-HKG
x-cache: HIT
x-cache-hits: 3
x-timer: S1681537070.970611,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 
expires: Sat, 15 Apr 2023 05:42:49 GMT
source-age: 225
content-length: 83

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2023-04-15T05:35:43.1804349Z" level=info msg="[UDP] 127.0.0.1:50193 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.181372596Z" level=info msg="[UDP] 127.0.0.1:58157 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.18496481Z" level=info msg="[UDP] 127.0.0.1:36247 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.185149526Z" level=info msg="[UDP] 127.0.0.1:60823 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.18597213Z" level=info msg="[UDP] 192.168.1.2:54061 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.187279395Z" level=info msg="[UDP] 127.0.0.1:40343 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.187781457Z" level=info msg="[UDP] 127.0.0.1:48536 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.189750268Z" level=info msg="[UDP] 192.168.1.2:60547 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.189911642Z" level=info msg="[UDP] 192.168.1.2:33581 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.189973707Z" level=info msg="[UDP] 127.0.0.1:50003 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.194137671Z" level=info msg="[UDP] 127.0.0.1:33632 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.195631856Z" level=info msg="[UDP] 127.0.0.1:44439 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.195783591Z" level=info msg="[UDP] 127.0.0.1:45936 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.197126804Z" level=info msg="[UDP] 192.168.1.2:45920 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.198171288Z" level=info msg="[UDP] 192.168.1.2:41842 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.19882512Z" level=info msg="[UDP] 127.0.0.1:41985 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.198969391Z" level=info msg="[UDP] 127.0.0.1:33649 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.200067143Z" level=info msg="[UDP] 192.168.1.2:54112 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.200972697Z" level=info msg="[UDP] 127.0.0.1:37749 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.201102581Z" level=info msg="[UDP] 127.0.0.1:41845 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.202019544Z" level=info msg="[UDP] 127.0.0.1:45959 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.202767504Z" level=info msg="[UDP] 127.0.0.1:45963 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.204556763Z" level=info msg="[UDP] 127.0.0.1:41841 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.206574225Z" level=info msg="[UDP] 127.0.0.1:41867 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.208409922Z" level=info msg="[UDP] 127.0.0.1:46085 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.209991841Z" level=info msg="[UDP] 127.0.0.1:50074 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.211786185Z" level=info msg="[UDP] 192.168.1.2:33656 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.213022891Z" level=info msg="[UDP] 192.168.1.2:41989 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.21318389Z" level=info msg="[UDP] 127.0.0.1:54170 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.214195918Z" level=info msg="[UDP] 127.0.0.1:54161 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.215137799Z" level=info msg="[UDP] 192.168.1.2:45939 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.217578782Z" level=info msg="[UDP] 127.0.0.1:33801 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.218627739Z" level=info msg="[UDP] 192.168.1.2:37894 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.220253671Z" level=info msg="[UDP] 127.0.0.1:58388 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.220433793Z" level=info msg="[UDP] 192.168.1.2:37907 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.221294867Z" level=info msg="[UDP] 192.168.1.2:58459 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.223512548Z" level=info msg="[UDP] 127.0.0.1:58277 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.223737723Z" level=info msg="[UDP] 127.0.0.1:58374 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.228491281Z" level=info msg="[UDP] 192.168.1.2:54365 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.228710424Z" level=info msg="[UDP] 127.0.0.1:54292 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.228810858Z" level=info msg="[UDP] 127.0.0.1:33883 --> 127.0.0.1:7874 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.232057011Z" level=info msg="[UDP] 192.168.1.2:46100 --> 192.168.1.2:50392 match RuleSet(Lan) using DIRECT"
time="2023-04-15T05:35:43.235832162Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.239356372Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.243378424Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.244437783Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.244674777Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.252956674Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.256256601Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.260193599Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.262411721Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.266406017Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.273346292Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.274572339Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.283418479Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.284718226Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.286881044Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.303851639Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.307819983Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.311273062Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.320521067Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.329102304Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.346383918Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.348734285Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.373455724Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.38258239Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.387606025Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.404037867Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.44106311Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.45548204Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.462721773Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.52188241Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.537218731Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.537262948Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.587653445Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.635425311Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.723680864Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.766778629Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.916011249Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:43.960064974Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:44.044963145Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:44.086639193Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:44.249996448Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
2023-04-15 13:35:44 OpenClash Stoping...
2023-04-15 13:35:44 Step 1: Backup The Current Groups State...
time="2023-04-15T05:35:44.452898376Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:44.528144878Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:44.556072018Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:44.605315976Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:44.665438291Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:42079 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
2023-04-15 13:35:44 Step 2: Delete OpenClash Firewall Rules...
time="2023-04-15T05:35:44.741166099Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:54366 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:45.169904148Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 192.168.1.2:46174 --> 192.168.1.2:50392 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:45.460007365Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:42078 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
time="2023-04-15T05:35:45.562416493Z" level=warning msg="[UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:50270 --> 127.0.0.1:7874 error: listen udp :0: bind: address already in use"
2023-04-15 13:35:46 Step 3: Close The OpenClash Daemons...
2023-04-15 13:35:46 Step 4: Close The Clash Core Process...
2023-04-15 13:35:47 Step 5: Restart Dnsmasq...
2023-04-15 13:35:47 Step 6: Delete OpenClash Residue File...
2023-04-15 13:35:47 OpenClash Already Stop!

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

OpenClash Config

No response

Expected Behavior

可以正常使用

Screenshots

No response

[jklolixxs]

包括更换DNS端口也无效，依旧报告这个错误 [UDP] dial DIRECT (match RuleSet/Lan) 127.0.0.1:48091 --> 127.0.0.1:7878 error: listen udp :0: bind: address already in use

[mxy1024mxy]

我也遇到了同样的问题

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days