vernesong / OpenClash

A Clash Client For OpenWrt
MIT License
17.73k stars 3.2k forks source link

[Bug] 使用 Meta 核无法正常访问部分外网 #3381

Closed Xm798 closed 7 months ago

Xm798 commented 1 year ago

Verify Steps

OpenClash Version

v0.45.128-beta

Bug on Environment

Lean

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

  1. 将在 P 核下工作正常的配置文件切换至 Meta 核,无法访问 Google 等一系列外网,日志无 Host 信息。
  2. 将在 Clash Verge(Windows/Mac,内核版本 v1.14.4 Meta)下正常工作的使用 Meta 核心特性的配置文件上传至 OpenClash 并切换至 Meta 核,无法访问 Google 等一系列外网,日志无 Host 信息,因此排除 Meta 核心本身的问题。

Describe the Bug

连接调试日志:

找不到任何连接日志!
1. 可能是插件未在运行
2. 可能是缓存导致浏览直接使用 IP 地址进行访问
3. 可能是 DNS 未劫持成功,导致 Clash 无法正确反推出域名连接
4. 可能是所填地址无法进行解析和连接

DNS解析日志:


Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 1
  data: 39.109.122.128
  name: www.instagram.com.
  type: 1

Additional: 
  TTL: 0
  data: ON:; EDNS: version 0; flags:; udp: 4096
  name: .
  type: 41

OpenClash Log

OpenClash 调试日志

生成时间: 2023-07-04 12:56:34
插件版本: v0.45.128-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (i440FX + PIIX - Intel(R) Xeon(R) CPU E3-1245 v3 @ 3.40GHz : 1C1T
固件版本: OpenWrt SNAPSHOT r6031-4b89d5db8
LuCI版本: git-23.141.16773-28dd4b3-1
内核版本: 6.1.33
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核:Meta
进程pid: 27251 24347
运行权限: 27251: =ep
24347: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.06.30
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.17.0
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g0b1aff5
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/clash.yaml
启动配置文件: /etc/openclash/clash.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

anchors:
  proxy-groups:
    proxies_fallback: &1
    - "\U0001F1ED\U0001F1F0 香港"
    - "\U0001F1F8\U0001F1EC 新加坡"
    - "\U0001F1E8\U0001F1F3 台湾"
    - "\U0001F1EF\U0001F1F5 日本"
    - "\U0001F1FA\U0001F1F8 美国"
    - "\U0001F1FA\U0001F1F3 其他"
    - "\U0001F4A0 备线"
    proxies_default: &2
    - "\U0001F389 故障转移"
    - "\U0001F1ED\U0001F1F0 香港"
    - "\U0001F1F8\U0001F1EC 新加坡"
    - "\U0001F1E8\U0001F1F3 台湾"
    - "\U0001F1EF\U0001F1F5 日本"
    - "\U0001F1FA\U0001F1F8 美国"
    - "\U0001F1FA\U0001F1F3 其他"
    - "\U0001F4A0 备线"
    - "\U0001F680 手动选择"
    - "\U0001F3AF 全球直连"
    proxies_normal: &4
    - "\U0001FA81 节点选择"
    - "\U0001F1ED\U0001F1F0 香港"
    - "\U0001F1F8\U0001F1EC 新加坡"
    - "\U0001F1E8\U0001F1F3 台湾"
    - "\U0001F1EF\U0001F1F5 日本"
    - "\U0001F1FA\U0001F1F8 美国"
    - "\U0001F1FA\U0001F1F3 其他"
    - "\U0001F4A0 备线"
    - "\U0001F680 手动选择"
    - "\U0001F3AF 全球直连"
    proxies_drive: &3
    - "\U0001F5F3 实验性节点"
    - "\U0001FA81 节点选择"
    - "\U0001F1ED\U0001F1F0 香港"
    - "\U0001F1F8\U0001F1EC 新加坡"
    - "\U0001F1E8\U0001F1F3 台湾"
    - "\U0001F1EF\U0001F1F5 日本"
    - "\U0001F1FA\U0001F1F8 美国"
    - "\U0001F1FA\U0001F1F3 其他"
    - "\U0001F4A0 备线"
    - "\U0001F680 手动选择"
    - "\U0001F3AF 全球直连"
    proxies_directf: &5
    - "\U0001F3AF 全球直连"
    - "\U0001FA81 节点选择"
    - "\U0001F1ED\U0001F1F0 香港"
    - "\U0001F1F8\U0001F1EC 新加坡"
    - "\U0001F1E8\U0001F1F3 台湾"
    - "\U0001F1EF\U0001F1F5 日本"
    - "\U0001F1FA\U0001F1F8 美国"
    - "\U0001F1FA\U0001F1F3 其他"
    - "\U0001F4A0 备线"
    - "\U0001F680 手动选择"
  proxies_urltest_conf:
    type: url-test
    url: http://www.gstatic.com/generate_204
    interval: 300
    tolerance: 150
  proxies_fallback_conf:
    type: fallback
    url: http://www.gstatic.com/generate_204
    interval: 300
    tolerance: 150
  airport_common:
    type: http
    interval: 86400
    health-check:
      enable: true
      url: http://www.gstatic.com/generate_204
      interval: 1800
  rule_providers:
    classical:
      type: http
      behavior: classical
      interval: 86400
    domain:
      type: http
      behavior: domain
      interval: 86400
    ipcidr:
      type: http
      behavior: ipcidr
      interval: 86400
  proxy-filters:
    proxy-filters-HK: 香港|HK|(?i)Hong
    proxy-filters-SG: 新加坡|SG|(?i)Singapore
    proxy-filters-TW: 台湾|TW|(?i)Taiwan
    proxy-filters-JP: 日本|JP|(?i)Japan
    proxy-filters-US: 美国|US|(?i)United States
    proxy-filters-TR: 土耳其|TUR|Turkey
    proxy-filters-DE: 德国|DE|(?i)Germany
    proxy-filters-UK: 英国|UK|(?i)United Kingdom
    proxy-filters-NL: 荷兰|NL|(?i)Netherlands
    proxy-filters-FR: 法国|FR|(?i)France
    proxy-filters-IN: 印度|IN|(?i)India
    proxy-filters-AR: 阿根廷|ARG|(?i)Argentina
    proxy-filters-KR: 韩国|KR|(?i)Korean
    proxy-filters-RU: 俄罗斯|RU|(?i)Russia
    proxy-filters-PH: 菲律宾|PH|(?i)Philippines
    proxy-filters-MY: 马来西亚|MY|(?i)Malaysia
    proxy-filters-OTHER: "^((?!(香港|HK|(?i)Hong|台湾|TW|(?i)Taiwan|日本|JP|(?i)Japan|新加坡|(?i)Singapore|SG|美国|(?i)United
      States|到期|剩余流量|时间|官网|产品|Traffic|Expire)).*)"
port: 7890
socks-port: 7891
redir-port: 7892
mixed-port: 7893
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F389 故障转移"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 180
  tolerance: 150
  proxies: *1
- name: "\U0001FA81 节点选择"
  type: select
  proxies: *2
- name: "\U0001F4BE 网盘服务"
  type: select
  proxies: *3
- name: "\U0001F4E7 邮件服务"
  type: select
  proxies: *4
- name: "\U0001F4E1 测速服务"
  type: select
  proxies: *5
- name: "\U0001F39E︎ E-Hentai"
  type: select
  proxies: *4
- name: "\U0001F310 谷歌服务"
  type: select
  proxies: *4
- name: "\U0001F34E 苹果服务"
  type: select
  proxies: *5
- name: "\U0001F4BE 微软服务"
  type: select
  proxies: *5
- name: "\U0001F3AE 游戏服务"
  type: select
  proxies: *4
- name: "\U0001F4FA 港台媒体"
  type: select
  proxies: *5
- name: "\U0001F4F9 国际媒体"
  type: select
  proxies: *4
- name: "\U0001F41F 漏网之鱼"
  type: select
  proxies: *4
- name: "\U0001F9EA 学术服务"
  type: select
  use:
  - Scholar
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001FA81 节点选择"
- name: "\U0001F300 自建服务"
  type: select
  use:
  - Self
  proxies:
  - "\U0001F3AF 全球直连"
- name: "\U0001F680 手动选择"
  type: select
  use:
  - AirPort1
  - AirPort2
- name: "\U0001F5F3 实验性节点"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort2
  filter: 实验性
- name: "\U0001F1ED\U0001F1F0 香港"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1ED\U0001F1F0 香港-Main"
  - "\U0001F1ED\U0001F1F0 香港-Back"
- name: "\U0001F1F8\U0001F1EC 新加坡"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1F8\U0001F1EC 新加坡-Main"
  - "\U0001F1F8\U0001F1EC 新加坡-Back"
- name: "\U0001F1E8\U0001F1F3 台湾"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1E8\U0001F1F3 台湾-Main"
  - "\U0001F1E8\U0001F1F3 台湾-Back"
- name: "\U0001F1EF\U0001F1F5 日本"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1EF\U0001F1F5 日本-Main"
  - "\U0001F1EF\U0001F1F5 日本-Back"
- name: "\U0001F1FA\U0001F1F8 美国"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1FA\U0001F1F8 美国-Main"
  - "\U0001F1FA\U0001F1F8 美国-Back"
- name: "\U0001F1ED\U0001F1F0 香港-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort1
  filter: 香港|HK|(?i)Hong
- name: "\U0001F1F8\U0001F1EC 新加坡-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort1
  filter: 新加坡|SG|(?i)Singapore
- name: "\U0001F1E8\U0001F1F3 台湾-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort1
  filter: 台湾|TW|(?i)Taiwan
- name: "\U0001F1EF\U0001F1F5 日本-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort1
  filter: 日本|JP|(?i)Japan
- name: "\U0001F1FA\U0001F1F8 美国-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort1
  filter: 美国|US|(?i)United States
- name: "\U0001F1ED\U0001F1F0 香港-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort2
  filter: 香港|HK|(?i)Hong
- name: "\U0001F1F8\U0001F1EC 新加坡-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort2
  filter: 新加坡|SG|(?i)Singapore
- name: "\U0001F1E8\U0001F1F3 台湾-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort2
  filter: 台湾|TW|(?i)Taiwan
- name: "\U0001F1EF\U0001F1F5 日本-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort2
  filter: 日本|JP|(?i)Japan
- name: "\U0001F1FA\U0001F1F8 美国-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - AirPort2
  filter: 美国|US|(?i)United States
- name: "\U0001F4A0 备线"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  use:
  - Backup
  filter: 香港|HK|(?i)Hong
- name: "\U0001F1FA\U0001F1F3 其他"
  type: select
  use:
  - AirPort2
  filter: "^((?!(香港|HK|(?i)Hong|台湾|TW|(?i)Taiwan|日本|JP|(?i)Japan|新加坡|(?i)Singapore|SG|美国|(?i)United
    States|到期|剩余流量|时间|官网|产品|Traffic|Expire)).*)"
- name: "⛔️ 隐私广告"
  type: select
  proxies:
  - REJECT
  - "\U0001F3AF 全球直连"
  - "\U0001FA81 节点选择"
- name: "\U0001F3AF 全球直连"
  type: select
  proxies:
  - DIRECT
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- "RULE-SET,Direct_3,\U0001F3AF 全球直连"
- RULE-SET,Advertising_Domain,⛔️ 隐私广告
- RULE-SET,Advertising,⛔️ 隐私广告
- "RULE-SET,Scholar_2,\U0001F9EA 学术服务"
- "RULE-SET,EHGallery,\U0001FA81 节点选择"
- "RULE-SET,Mail,\U0001F4E7 邮件服务"
- "RULE-SET,GoogleDrive,\U0001F4BE 网盘服务"
- "RULE-SET,DropBox,\U0001F4BE 网盘服务"
- "RULE-SET,Telegram,\U0001FA81 节点选择"
- "RULE-SET,Emby,\U0001F4F9 国际媒体"
- "RULE-SET,AsianMedia,\U0001F4FA 港台媒体"
- "RULE-SET,GlobalMedia,\U0001F4F9 国际媒体"
- "RULE-SET,WeChat,\U0001F3AF 全球直连"
- "RULE-SET,ProxyLite,\U0001FA81 节点选择"
- "RULE-SET,Speedtest,\U0001F4E1 测速服务"
- "RULE-SET,Game,\U0001F3AE 游戏服务"
- "RULE-SET,Steam,\U0001F3AE 游戏服务"
- "RULE-SET,Epic,\U0001F3AE 游戏服务"
- "RULE-SET,Google,\U0001F310 谷歌服务"
- "RULE-SET,Microsoft,\U0001F4BE 微软服务"
- "RULE-SET,Apple,\U0001F34E 苹果服务"
- "RULE-SET,Global_Domain,\U0001FA81 节点选择"
- "RULE-SET,Global,\U0001FA81 节点选择"
- "RULE-SET,Lan,\U0001F3AF 全球直连"
- "RULE-SET,PrivateTracker,\U0001F3AF 全球直连"
- "RULE-SET,China_Classical,\U0001F3AF 全球直连"
- "RULE-SET,China_IPs,\U0001F3AF 全球直连"
- "GEOIP,CN,\U0001F3AF 全球直连"
- "MATCH,\U0001F41F 漏网之鱼"
rule-providers:
  Direct_3:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Direct/Direct.yaml
    path: "./rule_provider/rule-provider_Direct_3.yaml"
  Advertising_Domain:
    type: http
    behavior: domain
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Advertising/Advertising_Domain.yaml
    path: "./rule_provider/rule-provider_Advertising_Domain.yaml"
  Advertising:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Advertising/Advertising.yaml
    path: "./rule_provider/rule-provider_Advertising.yaml"
  Scholar_2:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Scholar/Scholar.yaml
    path: "./rule_provider/rule-provider_Scholar_2.yaml"
  EHGallery:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/EHGallery/EHGallery.yaml
    path: "./rule_provider/rule-provider_EHGallery.yaml"
  Mail:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Mail/Mail.yaml
    path: "./rule_provider/rule-provider_Mail.yaml"
  GoogleDrive:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/GoogleDrive/GoogleDrive.yaml
    path: "./rule_provider/rule-provider_Drive.yaml"
  DropBox:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Dropbox/Dropbox.yaml
    path: "./rule_provider/rule-provider_DropBox.yaml"
  Telegram:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Telegram/Telegram.yaml
    path: "./rule_provider/rule-provider_Telegram.yaml"
  Emby:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Emby/Emby.yaml
    path: "./rule_provider/rule-provider_Emby.yaml"
  AsianMedia:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/AsianMedia/AsianMedia.yaml
    path: "./rule_provider/rule-provider_AsianMedia.yaml"
  GlobalMedia:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/GlobalMedia/GlobalMedia.yaml
    path: "./rule_provider/rule-provider_GlobalMedia.yaml"
  WeChat:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/WeChat/WeChat.yaml
    path: "./rule_provider/rule-provider_WeChat.yaml"
  ProxyLite:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/ProxyLite/ProxyLite.yaml
    path: "./rule_provider/rule-provider_ProxyLite.yaml"
  Speedtest:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Speedtest/Speedtest.yaml
    path: "./rule_provider/rule-provider_Speedtest.yaml"
  Game:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Game/Game.yaml
    path: "./rule_provider/rule-provider_Game.yaml"
  Steam:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Steam/Steam.yaml
    path: "./rule_provider/rule-provider_Steam.yaml"
  Epic:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Epic/Epic.yaml
    path: "./rule_provider/rule-provider_Epic.yaml"
  Google:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Google/Google.yaml
    path: "./rule_provider/rule-provider_Google.yaml"
  Microsoft:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Microsoft/Microsoft.yaml
    path: "./rule_provider/rule-provider_Microsoft.yaml"
  Apple:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Apple/Apple.yaml
    path: "./rule_provider/rule-provider_Apple.yaml"
  Global_Domain:
    type: http
    behavior: domain
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Global/Global_Domain.yaml
    path: "./rule_provider/rule-provider_Global_Domain.yaml"
  Global:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Global/Global.yaml
    path: "./rule_provider/rule-provider_Global.yaml"
  Lan:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Lan/Lan.yaml
    path: "./rule_provider/rule-provider_Lan.yaml"
  PrivateTracker:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/PrivateTracker/PrivateTracker.yaml
    path: "./rule_provider/rule-provider_PrivateTracker.yaml"
  China_Classical:
    type: http
    behavior: classical
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/China/China_Classical.yaml
    path: "./rule_provider/rule-provider_China_Classical.yaml"
  China_IPs:
    type: http
    behavior: ipcidr
    interval: 86400
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/ChinaIPs/ChinaIPs_IP.yaml
    path: "./rule_provider/rule-provider_China_IPs.yaml"
tproxy-port: 7895
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
dns:
  enable: true
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 10.10.10.10
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://1.1.1.1/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
  - https://dns.alidns.com/dns-query
  default-nameserver:
  - 10.10.10.10
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
    - 0.0.0.0/8
    - 10.0.0.0/8
    - 100.64.0.0/10
    - 127.0.0.0/8
    - 169.254.0.0/16
    - 172.16.0.0/12
    - 192.0.0.0/24
    - 192.0.2.0/24
    - 192.88.99.0/24
    - 192.168.0.0/16
    - 198.18.0.0/15
    - 198.51.100.0/24
    - 203.0.113.0/24
    - 224.0.0.0/4
    - 240.0.0.0/4
    - 255.255.255.255/32
    domain:
    - "+.facebook.com"
    - "+.youtube.com"
    - "+.githubusercontent.com"
    - "+.googlevideo.com"
    - "+.msftconnecttest.com"
    - "+.msftncsi.com"
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time-ios.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.qq.com"
  - "+.tencent.com"
  - "+.srv.nintendo.net"
  - "*.n.n.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - na.b.g-tun.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  - shark007.net
  - Mijia Cloud
  - "+.cmbchina.com"
  - "+.cmbimg.com"
  - local.adguard.org
  - "+.sandai.net"
  - "+.n0808.com"
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:t3p6O3hU

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Tue Jul  4 12:56:36 2023
*nat
:PREROUTING ACCEPT [166:98052]
:INPUT ACCEPT [959:64775]
:OUTPUT ACCEPT [6540:403210]
:POSTROUTING ACCEPT [6545:403486]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_VPN_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_VPN_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_VPN_postrouting - [0:0]
:zone_VPN_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_postrouting
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -s 10.1.1.1/32 -p tcp -m tcp --sport 53012 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule
-A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 53012 -m comment --comment "!fw3: Forward" -j DNAT --to-destination 10.1.1.1:53012
-A zone_wan_prerouting -p udp -m udp --dport 53012 -m comment --comment "!fw3: Forward" -j DNAT --to-destination 10.1.1.1:53012
COMMIT
# Completed on Tue Jul  4 12:56:36 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Tue Jul  4 12:56:36 2023
*mangle
:PREROUTING ACCEPT [24019:8435950]
:INPUT ACCEPT [23363:8432361]
:FORWARD ACCEPT [800:122027]
:OUTPUT ACCEPT [24854:9766230]
:POSTROUTING ACCEPT [25656:9888738]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -p udp -m udp --sport 4500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -s 10.1.1.1/32 -p udp -m udp --sport 53012 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 4500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -s 10.1.1.1/32 -p udp -m udp --sport 53012 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Tue Jul  4 12:56:36 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Tue Jul  4 12:56:36 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_VPN_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_VPN_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_VPN_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_VPN_dest_ACCEPT - [0:0]
:zone_VPN_forward - [0:0]
:zone_VPN_input - [0:0]
:zone_VPN_output - [0:0]
:zone_VPN_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input
-A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule
-A zone_VPN_forward -m comment --comment "!fw3: Zone VPN to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_VPN_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule
-A zone_VPN_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT
-A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule
-A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p udp -m udp --dport 500 -m comment --comment "!fw3: ike" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 4500 -m comment --comment "!fw3: ipsec" -j ACCEPT
-A zone_wan_input -p ah -m comment --comment "!fw3: ah" -j ACCEPT
-A zone_wan_input -p esp -m comment --comment "!fw3: esp" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Tue Jul  4 12:56:36 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Tue Jul  4 12:56:36 2023
*nat
:PREROUTING ACCEPT [8:1802]
:INPUT ACCEPT [8:1802]
:OUTPUT ACCEPT [1450:116438]
:POSTROUTING ACCEPT [1450:116438]
:openclash_output - [0:0]
-A PREROUTING -d 2001:4860:4860::8844/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 2001:4860:4860::8888/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A OUTPUT -j openclash_output
-A openclash_output -m set --match-set localnetwork6 dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
COMMIT
# Completed on Tue Jul  4 12:56:36 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Tue Jul  4 12:56:36 2023
*mangle
:PREROUTING ACCEPT [3302:692469]
:INPUT ACCEPT [3211:685917]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4535:460619]
:POSTROUTING ACCEPT [4535:460619]
:openclash - [0:0]
-A PREROUTING -j openclash
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -p udp -m udp --sport 4500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -s fc00::/6 -p udp -m udp --sport 546 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork6 dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash -p tcp -m comment --comment "OpenClash TCP Tproxy" -j TPROXY --on-port 7895 --on-ip :: --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Tue Jul  4 12:56:36 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Tue Jul  4 12:56:36 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_VPN_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_VPN_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_VPN_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_VPN_dest_ACCEPT - [0:0]
:zone_VPN_forward - [0:0]
:zone_VPN_input - [0:0]
:zone_VPN_output - [0:0]
:zone_VPN_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip6_route dst -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule
-A zone_VPN_forward -m comment --comment "!fw3: Zone VPN to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule
-A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT
-A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule
-A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p udp -m udp --dport 500 -m comment --comment "!fw3: ike" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 4500 -m comment --comment "!fw3: ipsec" -j ACCEPT
-A zone_wan_input -p ah -m comment --comment "!fw3: ah" -j ACCEPT
-A zone_wan_input -p esp -m comment --comment "!fw3: esp" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Tue Jul  4 12:56:36 2023

#===================== IPSET状态 =====================#

Name: music
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x07291331
Size in memory: 208
References: 0
Number of entries: 0

Name: localnetwork
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xd0a0ddb0
Size in memory: 896
References: 3
Number of entries: 9

Name: china_ip_route
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 1000000 bucketsize 12 initval 0xb1b9c697
Size in memory: 232136
References: 1
Number of entries: 8616

Name: china_ip_route_pass
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x0591a99e
Size in memory: 464
References: 0
Number of entries: 0

Name: china_ip6_route
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0xa5f1b363
Size in memory: 89448
References: 3
Number of entries: 1942

Name: china_ip6_route_pass
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x1ca189c5
Size in memory: 1248
References: 2
Number of entries: 0

Name: localnetwork6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x8744ef90
Size in memory: 2544
References: 2
Number of entries: 18

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0

#ip route list
default via 10.0.0.1 dev eth0 proto static 
10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.1.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   1        0 lo      
::/0                                        fe80::20e:c4ff:fed2:345b                UG    512    1        0 eth0    
::/0                                        fe80::20e:c4ff:fed2:345b                UG    512    2        0 eth0    
::/0                                        fe80::20e:c4ff:fed2:345b                UG    512    1        0 eth0    
2408:632c:83c:794c::/64                     ::                                      !n    2147483647 2        0 lo      
*WAN IP*:/64                     ::                                      U     256    2        0 eth0    
*WAN IP*:/64                     ::                                      !n    2147483647 1        0 lo      
2408:632c:83c:66d8::/64                     fe80::409:fea1:fc18:9b73                UG    512    1        0 eth0    
2408:632c:83c:66d8::/64                     fe80::409:fea1:fc18:9b73                UG    512    1        0 eth0    
2408:632c:83c:66d8::/64                     fe80::409:fea1:fc18:9b73                UG    512    2        0 eth0    
fdb1:d39:787e:42f8::/64                     ::                                      U     256    2        0 eth0    
fdb1:d39:787e:42f8::/64                     ::                                      !n    2147483647 1        0 lo      
fdde:b5c0:4950::/64                         ::                                      U     1024   1        0 eth0    
fdde:b5c0:4950::/48                         ::                                      !n    2147483647 3        0 lo      
fe80::/64                                   ::                                      U     256    2        0 eth0    
::/0                                        ::                                      !n    -1     3        0 lo      
::1/128                                     ::                                      Un    0      4        0 lo      
*WAN IP*:/128                    ::                                      Un    0      3        0 eth0    
*WAN IP*:3cd/128                 ::                                      Un    0      4        0 eth0    
*WAN IP*11:32ff:fe2b:e66b/128    ::                                      Un    0      3        0 eth0    
fdb1:d39:787e:42f8::/128                    ::                                      Un    0      3        0 eth0    
fdb1:d39:787e:42f8:11:32ff:fe2b:e66b/128    ::                                      Un    0      3        0 eth0    
fdde:b5c0:4950::/128                        ::                                      Un    0      3        0 eth0    
fdde:b5c0:4950::1/128                       ::                                      Un    0      6        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 eth0    
fe80::11:32ff:fe2b:e66b/128                 ::                                      Un    0      4        0 eth0    
ff00::/8                                    ::                                      U     256    3        0 eth0    
::/0                                        ::                                      !n    -1     3        0 lo      

#ip -6 route list
default from *WAN IP*:3cd via fe80::20e:c4ff:fed2:345b dev eth0 proto static metric 512 pref medium
default from *WAN IP*:/64 via fe80::20e:c4ff:fed2:345b dev eth0 proto static metric 512 pref medium
default from fdb1:d39:787e:42f8::/64 via fe80::20e:c4ff:fed2:345b dev eth0 proto static metric 512 pref medium
unreachable 2408:632c:83c:794c::/64 dev lo proto static metric 2147483647 pref medium
*WAN IP*:/64 dev eth0 proto static metric 256 pref medium
unreachable *WAN IP*:/64 dev lo proto static metric 2147483647 pref medium
2408:632c:83c:66d8::/64 from *WAN IP*:3cd via fe80::409:fea1:fc18:9b73 dev eth0 proto static metric 512 pref medium
2408:632c:83c:66d8::/64 from *WAN IP*:/64 via fe80::409:fea1:fc18:9b73 dev eth0 proto static metric 512 pref medium
2408:632c:83c:66d8::/64 from fdb1:d39:787e:42f8::/64 via fe80::409:fea1:fc18:9b73 dev eth0 proto static metric 512 pref medium
fdb1:d39:787e:42f8::/64 dev eth0 proto static metric 256 pref medium
unreachable fdb1:d39:787e:42f8::/64 dev lo proto static metric 2147483647 pref medium
fdde:b5c0:4950::/64 dev eth0 proto static metric 1024 pref medium
unreachable fdde:b5c0:4950::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
4200000001: from all iif lo failed_policy
4200000002: from all iif eth0 failed_policy
4200000002: from all iif eth0 failed_policy

#===================== 端口占用状态 =====================#

tcp        0      0 :::9090                 :::*                    LISTEN      24347/clash
tcp        0      0 :::7891                 :::*                    LISTEN      24347/clash
tcp        0      0 :::7890                 :::*                    LISTEN      24347/clash
tcp        0      0 :::7895                 :::*                    LISTEN      24347/clash
tcp        0      0 :::7893                 :::*                    LISTEN      24347/clash
tcp        0      0 :::7892                 :::*                    LISTEN      24347/clash
udp        0      0 :::35755                :::*                                24347/clash
udp        0      0 :::47712                :::*                                24347/clash
udp        0      0 :::7874                 :::*                                24347/clash
udp        0      0 :::7891                 :::*                                24347/clash
udp        0      0 :::7892                 :::*                                24347/clash
udp        0      0 :::7893                 :::*                                24347/clash
udp        0      0 :::7895                 :::*                                24347/clash
udp        0      0 :::43818                :::*                                24347/clash
udp        0      0 :::57199                :::*                                24347/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Name:   www.baidu.com
Address: 198.18.0.22

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 123
  data: 39.109.122.128
  name: www.instagram.com.
  type: 1

Additional: 
  TTL: 0
  data: ON:; EDNS: version 0; flags:; udp: 4096
  name: .
  type: 41

Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface LAN6
nameserver fdb1:d39:787e:42f8:42:aff:fe0a:a0a
nameserver 2400:3200::1
# Interface lan
nameserver 10.10.10.10

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 04 Jul 2023 04:56:36 GMT
Etag: "575e1f7d-115"
Last-Modified: Mon, 13 Jun 2016 02:50:37 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "0246dfa84fd9b3fe49d9faae5c0f547d9f8e6db1a1dda69a56511efd8ba1db11"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: A718:641F:217C1D:26EB63:64A16FC0
accept-ranges: bytes
date: Tue, 04 Jul 2023 04:56:38 GMT
via: 1.1 varnish
x-served-by: cache-hkg17925-HKG
x-cache: HIT
x-cache-hits: 1
x-timer: S1688446597.317947,VS0,VE1554
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: d03cb8cefd6c0b7212803bb843928b1d36225cee
expires: Tue, 04 Jul 2023 05:01:38 GMT
source-age: 105
content-length: 83

OpenClash Config

config openclash 'config'
    option proxy_port '7892'
    option tproxy_port '7895'
    option mixed_port '7893'
    option socks_port '7891'
    option http_port '7890'
    option dns_port '7874'
    option update '0'
    option cn_port '9090'
    option dashboard_password '123456'
    option dashboard_forward_ssl '0'
    option rule_source '0'
    option enable_custom_clash_rules '0'
    option other_rule_auto_update '0'
    option enable_redirect_dns '1'
    option servers_if_update '0'
    option disable_masq_cache '1'
    option servers_update '0'
    option log_level '0'
    option proxy_mode 'rule'
    option intranet_allowed '1'
    option enable_udp_proxy '1'
    option disable_udp_quic '1'
    option enable_rule_proxy '0'
    option small_flash_memory '0'
    option interface_name '0'
    option log_size '1024'
    option tolerance '0'
    option custom_host '0'
    option custom_name_policy '0'
    option append_wan_dns '0'
    option stream_domains_prefetch '0'
    option stream_auto_select '0'
    option bypass_gateway_compatible '0'
    option github_address_mod '0'
    option urltest_address_mod '0'
    option urltest_interval_mod '0'
    option delay_start '0'
    option router_self_proxy '1'
    option dashboard_type 'Official'
    option yacd_type 'Official'
    option append_default_dns '0'
    option geo_custom_url 'https://testingcf.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/lite/Country.mmdb'
    option chnr_custom_url 'https://ispip.clang.cn/all_cn.txt'
    option chnr6_custom_url 'https://ispip.clang.cn/all_cn_ipv6.txt'
    option cndomain_custom_url 'https://testingcf.jsdelivr.net/gh/felixonmars/dnsmasq-china-list@master/accelerated-domains.china.conf'
    option core_version 'linux-amd64'
    option default_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
    option restricted_mode '0'
    option dnsmasq_noresolv '0'
    option dnsmasq_resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
    option enable_custom_domain_dns_server '0'
    option china_ip_route '0'
    option geo_update_week_time '1'
    option geo_update_day_time '0'
    option geosite_auto_update '0'
    option chnr_auto_update '0'
    option chnr_update_week_time '1'
    option chnr_update_day_time '0'
    option auto_restart '0'
    option auto_restart_week_time '1'
    option auto_restart_day_time '0'
    option find_process_mode '0'
    option global_client_fingerprint '0'
    option geodata_loader '0'
    option enable_geoip_dat '0'
    option fakeip_range '198.18.0.1/16'
    option store_fakeip '1'
    option operation_mode 'fake-ip'
    option en_mode 'fake-ip'
    option enable_meta_sniffer '0'
    option geo_auto_update '1'
    option geoip_auto_update '1'
    option geoip_update_week_time '1'
    option geoip_update_day_time '0'
    option geoip_custom_url 'https://testingcf.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat'
    option enable_custom_dns '1'
    option custom_fallback_filter '1'
    option custom_fakeip_filter '1'
    option release_branch 'dev'
    option auto_update '1'
    option config_auto_update_mode '0'
    option config_update_week_time '*'
    option auto_update_time '5'
    option ipv6_enable '1'
    option ipv6_mode '0'
    option enable_v6_udp_proxy '0'
    option ipv6_dns '1'
    option china_ip6_route '1'
    option restart '0'
    option enable '1'
    option config_path '/etc/openclash/config/Mix.yaml'
    option core_type 'Meta'
    option config_reload '1'
    option redirect_dns '1'
    option dnsmasq_cachesize '8192'
    option cachesize_dns '1'
    option dnsmasq_filter_aaaa '0'
    option filter_aaaa_dns '1'
    option enable_meta_core '0'

config dns_servers
    option group 'nameserver'
    option type 'udp'
    option enabled '1'
    option ip '10.10.10.10'

config dns_servers
    option type 'https'
    option group 'fallback'
    option ip 'dns.cloudflare.com/dns-query'
    option enabled '1'

config dns_servers
    option group 'fallback'
    option type 'https'
    option ip '1.1.1.1/dns-query'
    option enabled '1'

config dns_servers
    option group 'fallback'
    option type 'https'
    option ip 'jp.tiar.app/dns-query'
    option enabled '1'

config dns_servers
    option group 'fallback'
    option type 'https'
    option ip 'jp.tiarap.org/dns-query'
    option enabled '1'

config dns_servers
    option group 'fallback'
    option ip 'dns.alidns.com/dns-query'
    option type 'https'
    option enabled '1'

config dns_servers
    option enabled '1'
    option type 'udp'
    option group 'default'
    option ip '10.10.10.10'
    option interface 'Disable'
    option node_resolve '0'

Expected Behavior

预期 Meta 核能正常工作。

Screenshots

No response

vernesong commented 1 year ago

你这里启动了两个内核,重启试一下,电脑看看dns是不是fakeip

Xm798 commented 1 year ago

你这里启动了两个内核,重启试一下,电脑看看dns是不是fakeip

我尝试切换到 Meta 核 - 重启 OpenWRT,但是问题依然存在。

电脑端检测是 Fake-IP 模式,日志如下:

~#@❯ dig google.com                                                                                              ❮  

; <<>> DiG 9.16.41 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64871
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0001, udp: 1232
; COOKIE: 576d4a345240e31c (echoed)
;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             1       IN      A       198.18.0.12

;; Query time: 52 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Wed Jul 05 00:11:39 ;; MSG SIZE  rcvd: 67

另外,直接下载 OpenClash 的运行时配置,加载至电脑端 Clash Verge,运行正常,日志中 Host 信息也均正常。

以下是调试日志,问题依旧。

正在收集数据...

找不到任何连接日志!

1. 可能是插件未在运行

2. 可能是缓存导致浏览直接使用 IP 地址进行访问

3. 可能是 DNS 未劫持成功,导致 Clash 无法正确反推出域名连接

4. 可能是所填地址无法进行解析和连接

正在收集数据...

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.google.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 149
  data: 157.240.8.50
  name: www.google.com.
  type: 1

Additional: 
  TTL: 0
  data: ON:; EDNS: version 0; flags:; udp: 4096
  name: .
  type: 41

麻烦 v 佬帮忙再看一下呢TAT

Xm798 commented 1 year ago

本次导出的日志(配置文件是 P 核运行正常的配置,仅切换核心)

OpenClash 调试日志

生成时间: 2023-07-05 00:16:29
插件版本: v0.45.129-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (i440FX + PIIX - Intel(R) Xeon(R) CPU E3-1245 v3 @ 3.40GHz : 1C1T
固件版本: OpenWrt SNAPSHOT r6031-4b89d5db8
LuCI版本: git-23.141.16773-28dd4b3-1
内核版本: 6.1.33
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核:Meta
进程pid: 4727
运行权限: 4727: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.06.30
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.17.0
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g0b1aff5
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/Mix.yaml
启动配置文件: /etc/openclash/Mix.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F389 故障转移"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 180
  proxies:
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
- name: "\U0001FA81 节点选择"
  type: select
  proxies:
  - "\U0001F389 故障转移"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
  - "\U0001F370 手动选择"
  - "\U0001F3AF 全球直连"
- name: "\U0001F5F3️ PT 站点"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 01"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 02"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 03"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 04"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 05"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 06"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 07"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 08"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 09"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 10"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 11"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 01"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 02"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 03"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 04"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 05"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 06"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 07"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 08"
- name: "\U0001F4BE 网盘服务"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 600
  tolerance: 150
  proxies:
  - "\U0001F4A0 备线"
  - "\U0001FA81 节点选择"
- name: "\U0001F4E7 邮件服务"
  type: select
  proxies:
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
  - "\U0001F370 手动选择"
  - "\U0001F3AF 全球直连"
- name: "\U0001F4E1 测速服务"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F370 手动选择"
- name: "\U0001F310 谷歌服务"
  type: select
  proxies:
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
  - "\U0001F3AF 全球直连"
- name: "\U0001F34E 苹果服务"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F4A0 备线"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
- name: "\U0001F4BE 微软服务"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F4A0 备线"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
- name: "\U0001F3AE 游戏服务"
  type: select
  proxies:
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
  - "\U0001F370 手动选择"
  - "\U0001F3AF 全球直连"
- name: "\U0001F4FA 港台媒体"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
  - "\U0001F370 手动选择"
- name: "\U0001F4F9 国际媒体"
  type: select
  proxies:
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
  - "\U0001F370 手动选择"
  - "\U0001F3AF 全球直连"
- name: "\U0001F41F 漏网之鱼"
  type: select
  proxies:
  - "\U0001FA81 节点选择"
  - "\U0001F1ED\U0001F1F0 香港"
  - "\U0001F1F8\U0001F1EC 新加坡"
  - "\U0001F1E8\U0001F1F3 台湾"
  - "\U0001F1EF\U0001F1F5 日本"
  - "\U0001F1FA\U0001F1F8 美国"
  - "\U0001F1FA\U0001F1F3 其他"
  - "\U0001F4A0 备线"
  - "\U0001F370 手动选择"
  - "\U0001F3AF 全球直连"
- name: "\U0001F370 手动选择"
  type: select
  proxies:
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 01"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 02"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 03"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 04"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 05"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 06"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 07"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 08"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 09"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 10"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 11"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 01"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 02"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 03"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 04"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 05"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 06"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 07"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 08"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 09"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 10"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 11"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 12"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 13"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 01"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 02"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 03"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 04"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 05"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 06"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 07"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 08"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 01"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 02"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 03"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 04"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 05"
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 01"
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 02"
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 03"
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 04"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 01"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 02"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 03"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 04"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 05"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 06"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 07"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 08"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 01"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 02"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 03"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 04"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 05"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 06"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 07"
  - "\U0001F1E8\U0001F1F3 Taiwan IEPL WD 08"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 01"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 02"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 03"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 04"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 05"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 06"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 07"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 08"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 01"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 02"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 03"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 04"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 05"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 06"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 07"
  - "\U0001F1EF\U0001F1F5 Japan IEPL WD 08"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 01"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 02"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 03"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 04"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 05"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 06"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 07"
  - "\U0001F1FA\U0001F1F8 United States IEPL WD 08"
  - "\U0001F1E8\U0001F1E6 Canada IEPL WD 01"
  - "\U0001F1EC\U0001F1E7 United Kingdom IEPL WD 01"
  - "\U0001F1EC\U0001F1E7 United Kingdom IEPL WD 02"
  - "\U0001F1E9\U0001F1EA Germany IEPL WD 01"
  - "\U0001F1E9\U0001F1EA Germany IEPL WD 02"
  - "\U0001F1F3\U0001F1F1 Netherlands IEPL WD 01"
  - "\U0001F1F3\U0001F1F1 Netherlands IEPL WD 02"
  - "\U0001F1EE\U0001F1F9 Italy IEPL WD 01"
  - "\U0001F1EA\U0001F1F8 Spain IEPL WD 01"
  - "\U0001F1F9\U0001F1F7 Turkey IEPL WD 01"
  - "\U0001F1E6\U0001F1FA Australia IEPL WD 01"
  - "\U0001F1E6\U0001F1F7 Argentina IEPL WD 01"
  - "\U0001F1E7\U0001F1F7 Brazil IEPL WD 01"
  - "\U0001F1E8\U0001F1F1 Chile IEPL WD 01"
  - "\U0001F1F0\U0001F1F7 Korea IEPL WD 01"
  - "\U0001F1EE\U0001F1F3 India IEPL WD 01"
  - "\U0001F1EE\U0001F1F1 Israel IEPL WD 01"
  - "\U0001F1F9\U0001F1ED Thailand IEPL WD 01"
  - "\U0001F1FB\U0001F1F3 Vietnam IEPL WD 01"
  - "\U0001F1F2\U0001F1FE Malaysia IEPL WD 01"
  - Johannesburg IEPL WD 01
- name: "\U0001F1ED\U0001F1F0 香港"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 600
  tolerance: 150
  proxies:
  - "\U0001F1ED\U0001F1F0 香港-Main"
  - "\U0001F1ED\U0001F1F0 香港-Back"
- name: "\U0001F1F8\U0001F1EC 新加坡"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 600
  tolerance: 150
  proxies:
  - "\U0001F1F8\U0001F1EC 新加坡-Main"
  - "\U0001F1F8\U0001F1EC 新加坡-Back"
- name: "\U0001F1E8\U0001F1F3 台湾"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 600
  tolerance: 150
  proxies:
  - "\U0001F1E8\U0001F1F3 台湾-Main"
  - "\U0001F1E8\U0001F1F3 台湾-Back"
- name: "\U0001F1EF\U0001F1F5 日本"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 600
  tolerance: 150
  proxies:
  - "\U0001F1EF\U0001F1F5 日本-Main"
  - "\U0001F1EF\U0001F1F5 日本-Back"
- name: "\U0001F1FA\U0001F1F8 美国"
  type: fallback
  url: http://www.gstatic.com/generate_204
  interval: 600
  tolerance: 150
  proxies:
  - "\U0001F1FA\U0001F1F8 美国-Main"
  - "\U0001F1FA\U0001F1F8 美国-Back"
- name: "\U0001F1ED\U0001F1F0 香港-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 01"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 02"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 03"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 04"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 05"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 06"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 07"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 08"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 09"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 10"
  - "\U0001F1ED\U0001F1F0 香港 AirPort1 11"
- name: "\U0001F1F8\U0001F1EC 新加坡-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 01"
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 02"
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 03"
  - "\U0001F1F8\U0001F1EC 新加坡 AirPort1 04"
- name: "\U0001F1E8\U0001F1F3 台湾-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 01"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 02"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 03"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 04"
  - "\U0001F1E8\U0001F1F3 台湾 AirPort1 05"
- name: "\U0001F1EF\U0001F1F5 日本-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 01"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 02"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 03"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 04"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 05"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 06"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 07"
  - "\U0001F1EF\U0001F1F5 日本 AirPort1 08"
- name: "\U0001F1FA\U0001F1F8 美国-Main"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 900
  tolerance: 150
  proxies:
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 01"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 02"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 03"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 04"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 05"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 06"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 07"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 08"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 09"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 10"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 11"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 12"
  - "\U0001F1FA\U0001F1F8 美国 AirPort1 13"
- name: "\U0001F1ED\U0001F1F0 香港-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - DIRECT
- name: "\U0001F1F8\U0001F1EC 新加坡-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - DIRECT
- name: "\U0001F1E8\U0001F1F3 台湾-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - DIRECT
- name: "\U0001F1EF\U0001F1F5 日本-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - DIRECT
- name: "\U0001F1FA\U0001F1F8 美国-Back"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  tolerance: 150
  proxies:
  - DIRECT
- name: "\U0001F1FA\U0001F1F3 其他"
  type: select
  proxies:
  - DIRECT
- name: "\U0001F4A0 备线"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 600
  tolerance: 150
  proxies:
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 01"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 02"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 03"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 04"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 05"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 06"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 07"
  - "\U0001F1ED\U0001F1F0 Hong Kong IEPL WD 08"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 01"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 02"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 03"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 04"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 05"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 06"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 07"
  - "\U0001F1F8\U0001F1EC Singapore IEPL WD 08"
- name: "⛔️ 隐私广告"
  type: select
  proxies:
  - REJECT
  - "\U0001F3AF 全球直连"
  - "\U0001FA81 节点选择"
- name: "\U0001F3AF 全球直连"
  type: select
  proxies:
  - DIRECT
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- "RULE-SET,Direct_3,\U0001F3AF 全球直连"
- RULE-SET,Advertising_Domain,⛔️ 隐私广告
- RULE-SET,Advertising,⛔️ 隐私广告
- "RULE-SET,Scholar_2,\U0001F9EA 学术服务"
- "RULE-SET,EHGallery,\U0001FA81 节点选择"
- "RULE-SET,Mail,\U0001F4E7 邮件服务"
- "RULE-SET,Telegram,\U0001FA81 节点选择"
- "RULE-SET,Emby,\U0001F4F9 国际媒体"
- "RULE-SET,AsianMedia,\U0001F4FA 港台媒体"
- "RULE-SET,GlobalMedia,\U0001F4F9 国际媒体"
- "RULE-SET,WeChat,\U0001F3AF 全球直连"
- "RULE-SET,ProxyLite,\U0001FA81 节点选择"
- "RULE-SET,Speedtest,\U0001F4E1 测速服务"
- "RULE-SET,Game,\U0001F3AE 游戏服务"
- "RULE-SET,Steam,\U0001F3AE 游戏服务"
- "RULE-SET,Epic,\U0001F3AE 游戏服务"
- "RULE-SET,Google,\U0001F310 谷歌服务"
- "RULE-SET,Microsoft,\U0001F4BE 微软服务"
- "RULE-SET,Apple,\U0001F34E 苹果服务"
- "RULE-SET,Global_Domain,\U0001FA81 节点选择"
- "RULE-SET,Global,\U0001FA81 节点选择"
- "RULE-SET,Lan,\U0001F3AF 全球直连"
- "RULE-SET,PrivateTracker,\U0001F3AF 全球直连"
- "RULE-SET,China_Classical,\U0001F3AF 全球直连"
- "GEOIP,CN,\U0001F3AF 全球直连"
- "MATCH,\U0001F41F 漏网之鱼"
rule-providers:
  Direct_3:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Direct/Direct.yaml
    path: "./rule_provider/rule-provider_Direct_3.yaml"
    interval: 86400
  Advertising_Domain:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Advertising/Advertising_Domain.yaml
    path: "./rule_provider/rule-provider_Advertising_Domain.yaml"
    interval: 86400
  Advertising:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Advertising/Advertising.yaml
    path: "./rule_provider/rule-provider_Advertising.yaml"
    interval: 86400
  Scholar_2:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Scholar/Scholar.yaml
    path: "./rule_provider/rule-provider_Scholar_2.yaml"
    interval: 86400
  EHGallery:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/EHGallery/EHGallery.yaml
    path: "./rule_provider/rule-provider_EHGallery.yaml"
    interval: 86400
  Mail:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Mail/Mail.yaml
    path: "./rule_provider/rule-provider_Mail.yaml"
    interval: 86400
  Telegram:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Telegram/Telegram.yaml
    path: "./rule_provider/rule-provider_Telegram.yaml"
    interval: 86400
  Emby:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Emby/Emby.yaml
    path: "./rule_provider/rule-provider_Emby.yaml"
    interval: 86400
  AsianMedia:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/AsianMedia/AsianMedia.yaml
    path: "./rule_provider/rule-provider_AsianMedia.yaml"
    interval: 86400
  GlobalMedia:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/GlobalMedia/GlobalMedia.yaml
    path: "./rule_provider/rule-provider_GlobalMedia.yaml"
    interval: 86400
  WeChat:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/WeChat/WeChat.yaml
    path: "./rule_provider/rule-provider_WeChat.yaml"
    interval: 86400
  ProxyLite:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/ProxyLite/ProxyLite.yaml
    path: "./rule_provider/rule-provider_ProxyLite.yaml"
    interval: 86400
  Speedtest:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Speedtest/Speedtest.yaml
    path: "./rule_provider/rule-provider_Speedtest.yaml"
    interval: 86400
  Game:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Game/Game.yaml
    path: "./rule_provider/rule-provider_Game.yaml"
    interval: 86400
  Steam:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Steam/Steam.yaml
    path: "./rule_provider/rule-provider_Steam.yaml"
    interval: 86400
  Epic:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Epic/Epic.yaml
    path: "./rule_provider/rule-provider_Epic.yaml"
    interval: 86400
  Google:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Google/Google.yaml
    path: "./rule_provider/rule-provider_Google.yaml"
    interval: 86400
  Microsoft:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Microsoft/Microsoft.yaml
    path: "./rule_provider/rule-provider_Microsoft.yaml"
    interval: 86400
  Apple:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Apple/Apple.yaml
    path: "./rule_provider/rule-provider_Apple.yaml"
    interval: 86400
  Global_Domain:
    type: http
    behavior: domain
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Global/Global_Domain.yaml
    path: "./rule_provider/rule-provider_Global_Domain.yaml"
    interval: 86400
  Global:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Global/Global.yaml
    path: "./rule_provider/rule-provider_Global.yaml"
    interval: 86400
  Lan:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Lan/Lan.yaml
    path: "./rule_provider/rule-provider_Lan.yaml"
    interval: 86400
  PrivateTracker:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/PrivateTracker/PrivateTracker.yaml
    path: "./rule_provider/rule-provider_PrivateTracker.yaml"
    interval: 86400
  China_Classical:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/China/China_Classical.yaml
    path: "./rule_provider/rule-provider_China_Classical.yaml"
    interval: 86400
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
dns:
  enable: true
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 10.10.10.10
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://1.1.1.1/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
  - https://dns.alidns.com/dns-query
  default-nameserver:
  - 10.10.10.10
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
    - 0.0.0.0/8
    - 10.0.0.0/8
    - 100.64.0.0/10
    - 127.0.0.0/8
    - 169.254.0.0/16
    - 172.16.0.0/12
    - 192.0.0.0/24
    - 192.0.2.0/24
    - 192.88.99.0/24
    - 192.168.0.0/16
    - 198.18.0.0/15
    - 198.51.100.0/24
    - 203.0.113.0/24
    - 224.0.0.0/4
    - 240.0.0.0/4
    - 255.255.255.255/32
    domain:
    - "+.facebook.com"
    - "+.youtube.com"
    - "+.githubusercontent.com"
    - "+.googlevideo.com"
    - "+.msftconnecttest.com"
    - "+.msftncsi.com"
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time-ios.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.qq.com"
  - "+.tencent.com"
  - "+.srv.nintendo.net"
  - "*.n.n.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - na.b.g-tun.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  - shark007.net
  - Mijia Cloud
  - "+.cmbchina.com"
  - "+.cmbimg.com"
  - local.adguard.org
  - "+.sandai.net"
  - "+.n0808.com"
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:t3p6O3hU

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Wed Jul  5 00:16:31 2023
*nat
:PREROUTING ACCEPT [262:30276]
:INPUT ACCEPT [2465:162170]
:OUTPUT ACCEPT [17727:1084809]
:POSTROUTING ACCEPT [17766:1087661]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_VPN_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_VPN_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_VPN_postrouting - [0:0]
:zone_VPN_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_postrouting
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -s 10.1.1.1/32 -p tcp -m tcp --sport 53012 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule
-A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 53012 -m comment --comment "!fw3: Forward" -j DNAT --to-destination 10.1.1.1:53012
-A zone_wan_prerouting -p udp -m udp --dport 53012 -m comment --comment "!fw3: Forward" -j DNAT --to-destination 10.1.1.1:53012
COMMIT
# Completed on Wed Jul  5 00:16:31 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Wed Jul  5 00:16:31 2023
*mangle
:PREROUTING ACCEPT [89473:38291782]
:INPUT ACCEPT [88725:38119829]
:FORWARD ACCEPT [908:222499]
:OUTPUT ACCEPT [79286:443439210]
:POSTROUTING ACCEPT [80195:443662431]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -p udp -m udp --sport 4500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -s 10.1.1.1/32 -p udp -m udp --sport 53012 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 4500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -s 10.1.1.1/32 -p udp -m udp --sport 53012 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Wed Jul  5 00:16:31 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Wed Jul  5 00:16:31 2023
*filter
:INPUT ACCEPT [6:276]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_VPN_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_VPN_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_VPN_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_VPN_dest_ACCEPT - [0:0]
:zone_VPN_forward - [0:0]
:zone_VPN_input - [0:0]
:zone_VPN_output - [0:0]
:zone_VPN_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input
-A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule
-A zone_VPN_forward -m comment --comment "!fw3: Zone VPN to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_VPN_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule
-A zone_VPN_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT
-A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule
-A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p udp -m udp --dport 500 -m comment --comment "!fw3: ike" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 4500 -m comment --comment "!fw3: ipsec" -j ACCEPT
-A zone_wan_input -p ah -m comment --comment "!fw3: ah" -j ACCEPT
-A zone_wan_input -p esp -m comment --comment "!fw3: esp" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Wed Jul  5 00:16:31 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Wed Jul  5 00:16:31 2023
*nat
:PREROUTING ACCEPT [10:1750]
:INPUT ACCEPT [9:1606]
:OUTPUT ACCEPT [3756:300714]
:POSTROUTING ACCEPT [3756:300714]
:openclash_output - [0:0]
-A PREROUTING -d 2001:4860:4860::8844/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 2001:4860:4860::8888/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A OUTPUT -j openclash_output
-A openclash_output -m set --match-set localnetwork6 dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
COMMIT
# Completed on Wed Jul  5 00:16:31 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Wed Jul  5 00:16:31 2023
*mangle
:PREROUTING ACCEPT [34465:394532593]
:INPUT ACCEPT [34245:394516681]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [27134:2249269]
:POSTROUTING ACCEPT [27134:2249269]
:openclash - [0:0]
-A PREROUTING -j openclash
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -p udp -m udp --sport 4500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -s fc00::/6 -p udp -m udp --sport 546 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork6 dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash -p tcp -m comment --comment "OpenClash TCP Tproxy" -j TPROXY --on-port 7895 --on-ip :: --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Wed Jul  5 00:16:31 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Wed Jul  5 00:16:31 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_VPN_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_VPN_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_VPN_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_VPN_dest_ACCEPT - [0:0]
:zone_VPN_forward - [0:0]
:zone_VPN_input - [0:0]
:zone_VPN_output - [0:0]
:zone_VPN_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip6_route dst -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule
-A zone_VPN_forward -m comment --comment "!fw3: Zone VPN to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule
-A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT
-A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule
-A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p udp -m udp --dport 500 -m comment --comment "!fw3: ike" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 4500 -m comment --comment "!fw3: ipsec" -j ACCEPT
-A zone_wan_input -p ah -m comment --comment "!fw3: ah" -j ACCEPT
-A zone_wan_input -p esp -m comment --comment "!fw3: esp" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Wed Jul  5 00:16:31 2023

#===================== IPSET状态 =====================#

Name: music
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x0a03a33e
Size in memory: 208
References: 0
Number of entries: 0

Name: localnetwork
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x3f83d6c0
Size in memory: 896
References: 3
Number of entries: 9

Name: china_ip_route
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 1000000 bucketsize 12 initval 0x5bd29474
Size in memory: 232040
References: 1
Number of entries: 8616

Name: china_ip_route_pass
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x83d4368a
Size in memory: 464
References: 0
Number of entries: 0

Name: china_ip6_route
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x1232dbf5
Size in memory: 89736
References: 3
Number of entries: 1942

Name: china_ip6_route_pass
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x85ab7620
Size in memory: 1248
References: 2
Number of entries: 0

Name: localnetwork6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x0c62fa43
Size in memory: 2544
References: 2
Number of entries: 18

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.1        0.0.0.0         UG    0      0        0 eth0
10.0.0.0        0.0.0.0         255.0.0.0       U     0      0        0 eth0

#ip route list
default via 10.0.0.1 dev eth0 proto static 
10.0.0.0/8 dev eth0 proto kernel scope link src 10.1.1.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   1        0 lo      
::/0                                        fe80::20e:c4ff:fed2:345b                UG    512    1        0 eth0    
::/0                                        fe80::20e:c4ff:fed2:345b                UG    512    2        0 eth0    
::/0                                        fe80::20e:c4ff:fed2:345b                UG    512    2        0 eth0    
*WAN IP*:/64                     ::                                      U     256    1        0 eth0    
*WAN IP*:/64                     ::                                      !n    2147483647 3        0 lo      
2408:xxxx:xxxx:7d65::/64                     ::                                      U     1024   1        0 eth0    
2408:xxxx:xxxx:7d65::/64                     ::                                      !n    2147483647 1        0 lo      
2408:xxxx:xxxx:7d66::/64                     fe80::409:fea1:fc18:9b73                UG    512    2        0 eth0    
2408:xxxx:xxxx:7d66::/64                     fe80::409:fea1:fc18:9b73                UG    512    2        0 eth0    
2408:xxxx:xxxx:7d66::/64                     fe80::409:fea1:fc18:9b73                UG    512    1        0 eth0    
fdde:b5c0:4950::/64                         ::                                      U     1024   1        0 eth0    
fdde:b5c0:4950::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    1        0 eth0    
::/0                                        ::                                      !n    -1     3        0 lo      
::1/128                                     ::                                      Un    0      4        0 lo      
*WAN IP*:/128                    ::                                      Un    0      3        0 eth0    
*WAN IP*:3cd/128                 ::                                      Un    0      4        0 eth0    
*WAN IP*11:32ff:fe2b:e66b/128    ::                                      Un    0      3        0 eth0    
2408:xxxx:xxxx:7d65::/128                    ::                                      Un    0      3        0 eth0    
2408:xxxx:xxxx:7d65::1/128                   ::                                      Un    0      4        0 eth0    
fdde:b5c0:4950::/128                        ::                                      Un    0      3        0 eth0    
fdde:b5c0:4950::1/128                       ::                                      Un    0      3        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 eth0    
fe80::11:32ff:fe2b:e66b/128                 ::                                      Un    0      4        0 eth0    
ff00::/8                                    ::                                      U     256    4        0 eth0    
::/0                                        ::                                      !n    -1     3        0 lo      

#ip -6 route list
default from *WAN IP*:3cd via fe80::20e:c4ff:fed2:345b dev eth0 proto static metric 512 pref medium
default from *WAN IP*:/64 via fe80::20e:c4ff:fed2:345b dev eth0 proto static metric 512 pref medium
default from 2408:xxxx:xxxx:7d65::/64 via fe80::20e:c4ff:fed2:345b dev eth0 proto static metric 512 pref medium
*WAN IP*:/64 dev eth0 proto static metric 256 pref medium
unreachable *WAN IP*:/64 dev lo proto static metric 2147483647 pref medium
2408:xxxx:xxxx:7d65::/64 dev eth0 proto static metric 1024 pref medium
unreachable 2408:xxxx:xxxx:7d65::/64 dev lo proto static metric 2147483647 pref medium
2408:xxxx:xxxx:7d66::/64 from *WAN IP*:3cd via fe80::409:fea1:fc18:9b73 dev eth0 proto static metric 512 pref medium
2408:xxxx:xxxx:7d66::/64 from *WAN IP*:/64 via fe80::409:fea1:fc18:9b73 dev eth0 proto static metric 512 pref medium
2408:xxxx:xxxx:7d66::/64 from 2408:xxxx:xxxx:7d65::/64 via fe80::409:fea1:fc18:9b73 dev eth0 proto static metric 512 pref medium
fdde:b5c0:4950::/64 dev eth0 proto static metric 1024 pref medium
unreachable fdde:b5c0:4950::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
4200000000: from 2408:xxxx:xxxx:7d65::1/64 iif eth0 unreachable
4200000001: from all iif lo failed_policy
4200000002: from all iif eth0 failed_policy
4200000002: from all iif eth0 failed_policy

#===================== 端口占用状态 =====================#

tcp        0      0 :::7895                 :::*                    LISTEN      4727/clash
tcp        0      0 :::7893                 :::*                    LISTEN      4727/clash
tcp        0      0 :::7892                 :::*                    LISTEN      4727/clash
tcp        0      0 :::7891                 :::*                    LISTEN      4727/clash
tcp        0      0 :::7890                 :::*                    LISTEN      4727/clash
tcp        0      0 :::9090                 :::*                    LISTEN      4727/clash
udp        0      0 :::46017                :::*                                4727/clash
udp        0      0 :::38403                :::*                                4727/clash
udp        0      0 :::7874                 :::*                                4727/clash
udp        0      0 :::7891                 :::*                                4727/clash
udp        0      0 :::7892                 :::*                                4727/clash
udp        0      0 :::7893                 :::*                                4727/clash
udp        0      0 :::7895                 :::*                                4727/clash
udp        0      0 :::51427                :::*                                4727/clash
udp        0      0 :::46323                :::*                                4727/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Name:   www.baidu.com
Address: 198.18.0.37

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 1
  data: 39.109.122.128
  name: www.instagram.com.
  type: 1

Additional: 
  TTL: 0
  data: ON:; EDNS: version 0; flags:; udp: 4096
  name: .
  type: 41

Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface LAN6
nameserver fdb1:d39:787e:42f8:42:aff:fe0a:a0a
nameserver 2400:3200::1
# Interface lan
nameserver 10.10.10.10

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 04 Jul 2023 16:16:32 GMT
Etag: "575e1f7d-115"
Last-Modified: Mon, 13 Jun 2016 02:50:37 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "164887e509f49d611b745c94926c1e59df6802fc9db3bd2060f2c471fe51246c"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: E70E:4199:7A32FD:8DFB20:64A43A69
accept-ranges: bytes
date: Tue, 04 Jul 2023 16:16:32 GMT
via: 1.1 varnish
x-served-by: cache-hkg17926-HKG
x-cache: HIT
x-cache-hits: 78
x-timer: S1688487393.570831,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 282dabe8fc098651f1ca0832f5e69392d489f3a4
expires: Tue, 04 Jul 2023 16:21:32 GMT
source-age: 8
content-length: 83

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2023-07-04T16:16:42.689186777Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689278818Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689373437Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689395363Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689475376Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.68971641Z" level=debug msg="[DNS] jp.tiarap.org --> [2606:4700:3035::6815:1ea2 2606:4700:3030::ac43:ad3b], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689748711Z" level=debug msg="[DNS] jp.tiarap.org --> [104.21.30.162 172.67.173.59], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689916127Z" level=debug msg="[DNS] dns.cloudflare.com --> [104.16.132.229 104.16.133.229], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689955445Z" level=debug msg="[DNS] jp.tiar.app --> [2400:8902::f03c:91ff:feda:c514], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.689965894Z" level=debug msg="[DNS] dns.cloudflare.com --> [2606:4700::6810:85e5 2606:4700::6810:84e5], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.690027131Z" level=debug msg="[DNS] jp.tiar.app --> [172.104.93.80], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.699078933Z" level=debug msg="[DNS] aeventlog.beacon.qq.com --> [113.56.189.191], from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.699155031Z" level=debug msg="[DNS] aeventlog.beacon.qq.com --> [], from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.699516588Z" level=debug msg="[DNS] aeventlog.beacon.qq.com --> 113.56.189.191"
time="2023-07-04T16:16:42.699718635Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.699768147Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.699791234Z" level=debug msg="[Process] find process aeventlog.beacon.qq.com: process not found"
time="2023-07-04T16:16:42.699951092Z" level=info msg="[TCP] 10.0.0.102:51300 --> aeventlog.beacon.qq.com:8081 match RuleSet(Advertising_Domain) using ⛔️ 隐私广告[REJECT]"
time="2023-07-04T16:16:42.700335616Z" level=debug msg="[DNS] jp.tiarap.org --> [104.21.30.162 172.67.173.59], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.700411923Z" level=debug msg="[DNS] jp.tiarap.org --> [2606:4700:3035::6815:1ea2 2606:4700:3030::ac43:ad3b], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.704888709Z" level=debug msg="[Rule] use default rules"
time="2023-07-04T16:16:42.704988988Z" level=debug msg="[DNS] resolve h.trace.qq.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.70503861Z" level=debug msg="[DNS] resolve h.trace.qq.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.705447449Z" level=debug msg="[DNS] h.trace.qq.com --> [::], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.705473518Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.705586958Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.cloudflare.com:443/dns-query"
time="2023-07-04T16:16:42.705683089Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiarap.org:443/dns-query"
time="2023-07-04T16:16:42.705785433Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.70581727Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.705866849Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://1.1.1.1:443/dns-query"
time="2023-07-04T16:16:42.705943242Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiar.app:443/dns-query"
time="2023-07-04T16:16:42.70601797Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.706213593Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.70623725Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.706254066Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.70656109Z" level=debug msg="[DNS] dns.cloudflare.com --> [104.16.132.229 104.16.133.229], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.706603447Z" level=debug msg="[DNS] h.trace.qq.com --> [0.0.0.0], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.706619323Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.706713793Z" level=debug msg="[DNS] jp.tiarap.org --> [104.21.30.162 172.67.173.59], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.706732955Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiarap.org:443/dns-query"
time="2023-07-04T16:16:42.706768937Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.cloudflare.com:443/dns-query"
time="2023-07-04T16:16:42.706791138Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://1.1.1.1:443/dns-query"
time="2023-07-04T16:16:42.706809947Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiar.app:443/dns-query"
time="2023-07-04T16:16:42.706849952Z" level=debug msg="[DNS] dns.cloudflare.com --> [2606:4700::6810:85e5 2606:4700::6810:84e5], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.706965359Z" level=debug msg="[DNS] jp.tiar.app --> [172.104.93.80], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.707030225Z" level=debug msg="[DNS] jp.tiar.app --> [2400:8902::f03c:91ff:feda:c514], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.707111245Z" level=debug msg="[DNS] jp.tiarap.org --> [2606:4700:3035::6815:1ea2 2606:4700:3030::ac43:ad3b], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.715862373Z" level=debug msg="[DNS] h.trace.qq.com --> [2408:873d:a00::61 2408:873d:a00:11::c], from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.716116341Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.716394965Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.716534218Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.716639317Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.716661489Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.716732336Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.717126641Z" level=debug msg="[DNS] jp.tiarap.org --> [2606:4700:3035::6815:1ea2 2606:4700:3030::ac43:ad3b], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.717185873Z" level=debug msg="[DNS] h.trace.qq.com --> [113.56.189.246 113.56.189.162], from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.717228438Z" level=debug msg="[DNS] jp.tiarap.org --> [104.21.30.162 172.67.173.59], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.717332897Z" level=debug msg="[DNS] h.trace.qq.com --> 113.56.189.246"
time="2023-07-04T16:16:42.717516456Z" level=debug msg="[Process] find process h.trace.qq.com: process not found"
time="2023-07-04T16:16:42.717566077Z" level=info msg="[TCP] 10.0.0.102:36064 --> h.trace.qq.com:443 match RuleSet(Advertising_Domain) using ⛔️ 隐私广告[REJECT]"
time="2023-07-04T16:16:42.717756831Z" level=debug msg="[DNS] dns.cloudflare.com --> [104.16.132.229 104.16.133.229], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.717801373Z" level=debug msg="[DNS] dns.cloudflare.com --> [2606:4700::6810:85e5 2606:4700::6810:84e5], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.717813634Z" level=debug msg="[DNS] jp.tiar.app --> [172.104.93.80], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.717823208Z" level=debug msg="[DNS] jp.tiar.app --> [2400:8902::f03c:91ff:feda:c514], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.722727375Z" level=debug msg="[Rule] use default rules"
time="2023-07-04T16:16:42.722844906Z" level=debug msg="[DNS] resolve h.trace.qq.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.72289695Z" level=debug msg="[DNS] resolve h.trace.qq.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.723366607Z" level=debug msg="[DNS] h.trace.qq.com --> [::], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.72341268Z" level=debug msg="[DNS] h.trace.qq.com --> [0.0.0.0], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.723429675Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.723552018Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.723626698Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiarap.org:443/dns-query"
time="2023-07-04T16:16:42.723797331Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.723825198Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.cloudflare.com:443/dns-query"
time="2023-07-04T16:16:42.72389021Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://1.1.1.1:443/dns-query"
time="2023-07-04T16:16:42.723971053Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiar.app:443/dns-query"
time="2023-07-04T16:16:42.724043693Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiarap.org:443/dns-query"
time="2023-07-04T16:16:42.724066515Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://dns.cloudflare.com:443/dns-query"
time="2023-07-04T16:16:42.72408728Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://1.1.1.1:443/dns-query"
time="2023-07-04T16:16:42.724105782Z" level=debug msg="[DNS] resolve h.trace.qq.com from https://jp.tiar.app:443/dns-query"
time="2023-07-04T16:16:42.724137277Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.724272765Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.724371448Z" level=debug msg="[DNS] resolve dns.cloudflare.com from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.724397475Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.724465483Z" level=debug msg="[DNS] resolve jp.tiar.app from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.724921354Z" level=debug msg="[DNS] jp.tiarap.org --> [2606:4700:3035::6815:1ea2 2606:4700:3030::ac43:ad3b], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.724958287Z" level=debug msg="[DNS] jp.tiarap.org --> [104.21.30.162 172.67.173.59], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.725123273Z" level=debug msg="[DNS] jp.tiar.app --> [172.104.93.80], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.725166012Z" level=debug msg="[DNS] jp.tiar.app --> [2400:8902::f03c:91ff:feda:c514], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.725230746Z" level=debug msg="[DNS] dns.cloudflare.com --> [2606:4700::6810:85e5 2606:4700::6810:84e5], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.725244605Z" level=debug msg="[DNS] dns.cloudflare.com --> [104.16.132.229 104.16.133.229], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.733686352Z" level=debug msg="[DNS] h.trace.qq.com --> [113.56.189.246 113.56.189.162], from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.733775784Z" level=debug msg="[DNS] h.trace.qq.com --> [2408:873d:a00::61 2408:873d:a00:11::c], from https://dns.alidns.com:443/dns-query"
time="2023-07-04T16:16:42.734141151Z" level=debug msg="[DNS] h.trace.qq.com --> 113.56.189.162"
time="2023-07-04T16:16:42.734356723Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.734395378Z" level=debug msg="[DNS] resolve jp.tiarap.org from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.734414028Z" level=debug msg="[Process] find process h.trace.qq.com: process not found"
time="2023-07-04T16:16:42.734535846Z" level=info msg="[TCP] 10.0.0.102:40808 --> h.trace.qq.com:443 match RuleSet(Advertising_Domain) using ⛔️ 隐私广告[REJECT]"
time="2023-07-04T16:16:42.734877187Z" level=debug msg="[DNS] jp.tiarap.org --> [104.21.30.162 172.67.173.59], from udp://10.10.10.10:53"
time="2023-07-04T16:16:42.735032653Z" level=debug msg="[DNS] jp.tiarap.org --> [2606:4700:3035::6815:1ea2 2606:4700:3030::ac43:ad3b], from udp://10.10.10.10:53"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

1. SourceIP:【10.0.0.102】 - Host:【sqimg.qq.com】 - DestinationIP:【122.192.127.91】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
2. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【153.3.46.82】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
3. SourceIP:【10.0.0.103】 - Host:【Empty】 - DestinationIP:【58.83.177.124】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
4. SourceIP:【10.0.0.10】 - Host:【api.io.mi.com】 - DestinationIP:【120.52.181.17】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
5. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
6. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【112.83.140.4】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
7. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【202.89.233.100】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
8. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【35.186.224.47】 - Network:【tcp】 - RulePayload:【GlobalMedia】 - Lastchain:【🇭🇰 香港 AirPort1 01】
9. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【185.199.108.133】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
10. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【13.107.6.158】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
11. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【114.250.63.34】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
12. SourceIP:【10.0.0.10】 - Host:【plex.tv】 - DestinationIP:【54.78.236.162】 - Network:【tcp】 - RulePayload:【Direct_2】 - Lastchain:【DIRECT】
13. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.24】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
14. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【114.250.63.34】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
15. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【13.107.5.93】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
16. SourceIP:【10.0.0.10】 - Host:【userprofile.mina.mi.com】 - DestinationIP:【111.202.0.131】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
17. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【74.125.203.188】 - Network:【tcp】 - RulePayload:【ProxyLite】 - Lastchain:【🇭🇰 香港 AirPort1 01】
18. SourceIP:【10.0.0.20】 - Host:【mesu.apple.com】 - DestinationIP:【113.194.63.30】 - Network:【tcp】 - RulePayload:【Global_Domain】 - Lastchain:【🇭🇰 香港 AirPort1 04】
19. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【140.82.113.22】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
20. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.24.125.47】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
21. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【40.122.187.60】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
22. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.56】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
23. SourceIP:【10.0.0.102】 - Host:【hw-sh-pcdn-32.biliapi.net】 - DestinationIP:【112.65.212.216】 - Network:【tcp】 - RulePayload:【AsianMedia】 - Lastchain:【DIRECT】
24. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【216.218.135.2】 - Network:【udp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
25. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【122.193.131.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
26. SourceIP:【10.0.0.102】 - Host:【wa.qq.com】 - DestinationIP:【153.35.101.184】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
27. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.42.65.88】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
28. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【59.111.36.245】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
29. SourceIP:【10.0.0.102】 - Host:【sqimg.qq.com】 - DestinationIP:【122.192.127.91】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
30. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【123.60.15.104】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
31. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【142.251.42.238】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
32. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.24】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
33. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.56】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
34. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【122.193.131.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
35. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【45.254.48.91】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
36. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【122.193.131.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
37. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【153.3.149.209】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
38. SourceIP:【10.0.0.103】 - Host:【Empty】 - DestinationIP:【58.83.177.124】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
39. SourceIP:【10.0.0.10】 - Host:【Empty】 - DestinationIP:【43.154.14.106】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
40. SourceIP:【10.0.0.10】 - Host:【Empty】 - DestinationIP:【203.107.6.88】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
41. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【104.199.240.237】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
42. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【111.202.1.248】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
43. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.189.173.12】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
44. SourceIP:【10.0.0.10】 - Host:【Empty】 - DestinationIP:【139.162.170.32】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
45. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【13.107.6.158】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
46. SourceIP:【10.0.0.20】 - Host:【init.itunes.apple.com】 - DestinationIP:【110.52.56.73】 - Network:【tcp】 - RulePayload:【Global_Domain】 - Lastchain:【🇭🇰 香港 AirPort1 01】
47. SourceIP:【10.0.0.102】 - Host:【mime.baidu.com】 - DestinationIP:【103.211.221.190】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
48. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.56】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
49. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【114.250.63.34】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
50. SourceIP:【10.0.0.102】 - Host:【olimenew.baidu.com】 - DestinationIP:【153.37.235.45】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
51. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【59.83.209.181】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
52. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【220.181.52.17】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
53. SourceIP:【10.0.0.20】 - Host:【Empty】 - DestinationIP:【17.57.145.170】 - Network:【tcp】 - RulePayload:【Apple】 - Lastchain:【DIRECT】
54. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.56】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
55. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.205.69.80】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
56. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.198.162.76】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
57. SourceIP:【10.0.0.102】 - Host:【dataflow.biliapi.com】 - DestinationIP:【61.240.206.14】 - Network:【tcp】 - RulePayload:【AsianMedia】 - Lastchain:【DIRECT】
58. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.189.173.12】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
59. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.189.173.12】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
60. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【117.18.232.200】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
61. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【204.79.197.222】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
62. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【202.89.233.100】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
63. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.198.162.76】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
64. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.42.65.89】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
65. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【104.210.1.187】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
66. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【122.195.90.151】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
67. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【142.251.43.10】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
68. SourceIP:【10.0.0.20】 - Host:【gateway.icloud.com】 - DestinationIP:【17.248.170.141】 - Network:【tcp】 - RulePayload:【Apple】 - Lastchain:【DIRECT】
69. SourceIP:【10.0.0.20】 - Host:【itunes.apple.com】 - DestinationIP:【101.70.156.149】 - Network:【tcp】 - RulePayload:【Global_Domain】 - Lastchain:【🇭🇰 香港 AirPort1 01】
70. SourceIP:【10.0.0.102】 - Host:【htrace.wetvinfo.com】 - DestinationIP:【116.128.171.104】 - Network:【tcp】 - RulePayload:【AsianMedia】 - Lastchain:【DIRECT】
71. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【112.86.231.165】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
72. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【23.77.214.7】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
73. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【13.107.6.158】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
74. SourceIP:【10.0.0.10】 - Host:【api.telegram.org】 - DestinationIP:【31.13.76.65】 - Network:【tcp】 - RulePayload:【Telegram】 - Lastchain:【🇭🇰 香港 AirPort1 04】
75. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.56】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
76. SourceIP:【10.0.0.102】 - Host:【sns-img-hw.xhscdn.com】 - DestinationIP:【218.12.77.214】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
77. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【45.254.48.91】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
78. SourceIP:【10.0.0.102】 - Host:【sqimg.qq.com】 - DestinationIP:【122.192.127.91】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
79. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【122.193.131.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
80. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.189.173.12】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
81. SourceIP:【10.0.0.102】 - Host:【szlong.weixin.qq.com】 - DestinationIP:【157.148.61.149】 - Network:【tcp】 - RulePayload:【WeChat】 - Lastchain:【DIRECT】
82. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【122.193.131.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
83. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.56】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
84. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【122.193.131.193】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
85. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【104.26.12.31】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
86. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.56】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
87. SourceIP:【10.0.0.102】 - Host:【tracking.miui.com】 - DestinationIP:【123.125.102.56】 - Network:【tcp】 - RulePayload:【Direct_3】 - Lastchain:【DIRECT】
88. SourceIP:【10.0.0.20】 - Host:【itunes.apple.com】 - DestinationIP:【112.240.57.248】 - Network:【tcp】 - RulePayload:【Global_Domain】 - Lastchain:【🇭🇰 香港 AirPort1 01】
89. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【112.83.140.4】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
90. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【20.189.173.12】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 04】
91. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【140.82.113.25】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇭🇰 香港 AirPort1 01】
92. SourceIP:【10.0.0.102】 - Host:【sqimg.qq.com】 - DestinationIP:【114.112.216.189】 - Network:【tcp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
93. SourceIP:【10.0.0.102】 - Host:【flash.xiaohongshu.com】 - DestinationIP:【212.64.115.24】 - Network:【udp】 - RulePayload:【China_Classical】 - Lastchain:【DIRECT】
94. SourceIP:【10.0.0.102】 - Host:【Empty】 - DestinationIP:【101.67.19.5】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
95. SourceIP:【10.0.0.20】 - Host:【init.itunes.apple.com】 - DestinationIP:【113.194.63.30】 - Network:【tcp】 - RulePayload:【Global_Domain】 - Lastchain:【🇭🇰 香港 AirPort1 01】
96. SourceIP:【10.0.0.3】 - Host:【Empty】 - DestinationIP:【114.250.63.34】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
vernesong commented 1 year ago

关v6

Xm798 commented 1 year ago

关v6

关闭 IPv6 流量代理和 允许 IPv6 类型 DNS 解析,将内核切换至 Meta,问题依旧存在。P 核正常,运行 Meta 核的 Clash Verge 在开启 V6 的情况下也是正常的。

正在收集数据...

找不到任何连接日志!

1. 可能是插件未在运行

2. 可能是缓存导致浏览直接使用 IP 地址进行访问

3. 可能是 DNS 未劫持成功,导致 Clash 无法正确反推出域名连接

4. 可能是所填地址无法进行解析和连接

正在收集数据...

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.google.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 10
  data: 199.96.63.177
  name: www.google.com.
  type: 1

Additional: 
  TTL: 0
  data: ON:; EDNS: version 0; flags:; udp: 4096
  name: .
  type: 41
vernesong commented 1 year ago

那我帮不了你

chenzhiguo commented 1 year ago

附议,同样使用Clash.Meta内核无法访问Google,Youtube,使用的Vless节点。

orthwang commented 1 year ago

这个问题持续一个月了 开了meta 后 redir模式无法访问外网 fake-ip可以访问 但时常有问题 请解决

github-actions[bot] commented 11 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

chenzhiguo commented 11 months ago

到现在用openclash还是无法正常使用clash.meta内核,alpha版本也不行。

Leefurmore commented 9 months ago

到现在用openclash还是无法正常使用clash.meta内核,alpha版本也不行。

一样,无法联网

ghost commented 9 months ago

内核问题建议去给内核开发组反馈 oc这边的issue内核开发组看不见

github-actions[bot] commented 7 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days