[Bug] 使用一段时间就无法上网，路由器本身上网没问题

[cocdkl]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [x] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [x] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [x] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.15

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

在安装好之后的一段时间是有没有问题，但是过一段时间就无法上网，时间基本在晚上22点30左右（不确定和这个时间有没有关系），

Describe the Bug

路由器本身可以访问网络，但是电脑无法访问网络。

OpenClash Log

OpenClash 调试日志

生成时间: 2023-09-03 22:34:26 插件版本: v0.45.141-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Prafly Corporation PRA_EC_BTMT
固件版本: OpenWrt 22.03.5 r20134-5f15225c1e
LuCI版本: git-23.093.42303-d58cd69
内核版本: 5.10.176
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
kmod-nft-tproxy: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 4754
运行权限: 4754: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.17.0-20-ga19a9fe
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g3a9fc39
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 启用

#===================== 自定义规则 一 =====================#
script:
##  shortcuts:
##    Notice: The core timezone is UTC
##    CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
##    北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
##    time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
##    time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule

##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
- DOMAIN-SUFFIX,bing.com,Proxy
- DOMAIN-SUFFIX,exhentai.org,Proxy
- DOMAIN-SUFFIX,steamcommunity.com,Proxy
- DOMAIN-SUFFIX,steampowered.com,Proxy
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT

##在线IP段转CIDR地址：http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
##  shortcuts:
##    common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

#===================== 配置文件 =====================#

proxy-groups:
- name: Auto - UrlTest
  type: url-test
  proxies:
  - vvv
  url: http://cp.cloudflare.com/generate_204
  interval: '600'
  tolerance: '150'
- name: Proxy
  type: select
  proxies:
  - Auto - UrlTest
  - DIRECT
  - vvv
- name: Domestic
  type: select
  proxies:
  - DIRECT
  - Proxy
- name: Others
  type: select
  proxies:
  - Proxy
  - DIRECT
  - Domestic
- name: Microsoft
  type: select
  proxies:
  - DIRECT
  - Proxy
- name: OpenAI
  type: select
  proxies:
  - Proxy
  - DIRECT
  - vvv
- name: Apple
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
- name: Apple TV
  type: select
  proxies:
  - Proxy
  - DIRECT
  - vvv
- name: Google FCM
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
- name: Scholar
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
- name: Bilibili
  type: select
  proxies:
  - Asian TV
  - DIRECT
  - vvv
- name: Bahamut
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: HBO Max
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: HBO Go
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: Pornhub
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: Netflix
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: Disney
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: Youtube
  type: select
  disable-udp: true
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: Discovery Plus
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: DAZN
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: Spotify
  type: select
  proxies:
  - Global TV
  - DIRECT
  - vvv
- name: Steam
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
- name: miHoYo
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
- name: AdBlock
  type: select
  proxies:
  - REJECT
  - DIRECT
  - Proxy
- name: Anti IP
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
- name: Asian TV
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
- name: Global TV
  type: select
  proxies:
  - Proxy
  - DIRECT
  - vvv
- name: Speedtest
  type: select
  proxies:
  - Proxy
  - DIRECT
  - vvv
- name: Telegram
  type: select
  proxies:
  - Proxy
  - DIRECT
  - vvv
- name: Crypto
  type: select
  proxies:
  - Proxy
  - DIRECT
  - vvv
- name: Discord
  type: select
  proxies:
  - Proxy
  - DIRECT
  - vvv
- name: PayPal
  type: select
  proxies:
  - DIRECT
  - Proxy
  - vvv
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
dns:
  enable: true
  ipv6: false
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 223.5.5.5
  - https://doh.pub/dns-query
  - https://223.5.5.5/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://public.dns.iij.jp/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
profile:
  store-selected: true
authentication:
- Clash:yDRjwsfq
rule-providers:
  Reject:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Reject.yaml
    path: "./rule_provider/Reject"
    interval: 86400
  Special:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Special.yaml
    path: "./rule_provider/Special"
    interval: 86400
  PROXY:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Proxy.yaml
    path: "./rule_provider/Proxy"
    interval: 86400
  Domestic:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Domestic.yaml
    path: "./rule_provider/Domestic"
    interval: 86400
  Domestic IPs:
    type: http
    behavior: ipcidr
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Domestic%20IPs.yaml
    path: "./rule_provider/Domestic_IPs"
    interval: 86400
  LAN:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/LAN.yaml
    path: "./rule_provider/LAN"
    interval: 86400
  Anti IP:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/lwd-temp/anti-ip-attribution@main/generated/rule-provider.yaml
    path: "./rule_provider/Anti_IP"
    interval: 86400
  Netflix:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Netflix.yaml
    path: "./rule_provider/Netflix"
    interval: 86400
  Spotify:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Spotify.yaml
    path: "./rule_provider/Spotify"
    interval: 86400
  YouTube:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/YouTube.yaml
    path: "./rule_provider/YouTube"
    interval: 86400
  Bilibili:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Bilibili.yaml
    path: "./rule_provider/Bilibili"
    interval: 86400
  IQ:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/IQ.yaml
    path: "./rule_provider/IQI"
    interval: 86400
  IQIYI:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/IQIYI.yaml
    path: "./rule_provider/IQYI"
    interval: 86400
  Letv:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Letv.yaml
    path: "./rule_provider/Letv"
    interval: 86400
  Netease Music:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Netease%20Music.yaml
    path: "./rule_provider/Netease_Music"
    interval: 86400
  Tencent Video:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Tencent%20Video.yaml
    path: "./rule_provider/Tencent_Video"
    interval: 86400
  Youku:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Youku.yaml
    path: "./rule_provider/Youku"
    interval: 86400
  WeTV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/WeTV.yaml
    path: "./rule_provider/WeTV"
    interval: 86400
  ABC:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/ABC.yaml
    path: "./rule_provider/ABC"
    interval: 86400
  Abema TV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Abema%20TV.yaml
    path: "./rule_provider/Abema_TV"
    interval: 86400
  Amazon:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Amazon.yaml
    path: "./rule_provider/Amazon"
    interval: 86400
  Apple Music:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20Music.yaml
    path: "./rule_provider/Apple_Music"
    interval: 86400
  Apple News:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20News.yaml
    path: "./rule_provider/Apple_News"
    interval: 86400
  Apple TV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Apple%20TV.yaml
    path: "./rule_provider/Apple_TV"
    interval: 86400
  Bahamut:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Bahamut.yaml
    path: "./rule_provider/Bahamut"
    interval: 86400
  BBC iPlayer:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/BBC%20iPlayer.yaml
    path: "./rule_provider/BBC_iPlayer"
    interval: 86400
  DAZN:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/DAZN.yaml
    path: "./rule_provider/DAZN"
    interval: 86400
  Discovery Plus:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Discovery%20Plus.yaml
    path: "./rule_provider/Discovery_Plus"
    interval: 86400
  Disney Plus:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Disney%20Plus.yaml
    path: "./rule_provider/Disney_Plus"
    interval: 86400
  encoreTVB:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/encoreTVB.yaml
    path: "./rule_provider/encoreTVB"
    interval: 86400
  F1 TV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/F1%20TV.yaml
    path: "./rule_provider/F1_TV"
    interval: 86400
  Fox Now:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Fox%20Now.yaml
    path: "./rule_provider/Fox_Now"
    interval: 86400
  Fox+:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Fox%2B.yaml
    path: "./rule_provider/Fox+"
    interval: 86400
  HBO Go:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/HBO%20Go.yaml
    path: "./rule_provider/HBO_Go"
    interval: 86400
  HBO Max:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/HBO%20Max.yaml
    path: "./rule_provider/HBO_Max"
    interval: 86400
  Hulu Japan:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Hulu%20Japan.yaml
    path: "./rule_provider/Hulu_Japan"
    interval: 86400
  Hulu:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Hulu.yaml
    path: "./rule_provider/Hulu"
    interval: 86400
  Japonx:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Japonx.yaml
    path: "./rule_provider/Japonx"
    interval: 86400
  JOOX:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/JOOX.yaml
    path: "./rule_provider/JOOX"
    interval: 86400
  KKBOX:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/KKBOX.yaml
    path: "./rule_provider/KKBOX"
    interval: 86400
  KKTV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/KKTV.yaml
    path: "./rule_provider/KKTV"
    interval: 86400
  Line TV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Line%20TV.yaml
    path: "./rule_provider/Line_TV"
    interval: 86400
  myTV SUPER:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/myTV%20SUPER.yaml
    path: "./rule_provider/myTV_SUPER"
    interval: 86400
  Niconico:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Niconico.yaml
    path: "./rule_provider/Niconico"
    interval: 86400
  Pandora:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Pandora.yaml
    path: "./rule_provider/Pandora"
    interval: 86400
  PBS:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/PBS.yaml
    path: "./rule_provider/PBS"
    interval: 86400
  Pornhub:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Pornhub.yaml
    path: "./rule_provider/Pornhub"
    interval: 86400
  Soundcloud:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/Soundcloud.yaml
    path: "./rule_provider/Soundcloud"
    interval: 86400
  ViuTV:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Media/ViuTV.yaml
    path: "./rule_provider/ViuTV"
    interval: 86400
  Telegram:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Telegram.yaml
    path: "./rule_provider/Telegram"
    interval: 86400
  Crypto:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Crypto.yaml
    path: "./rule_provider/Crypto"
    interval: 86400
  Discord:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Discord.yaml
    path: "./rule_provider/Discord"
    interval: 86400
  Steam:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Steam.yaml
    path: "./rule_provider/Steam"
    interval: 86400
  Speedtest:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Speedtest.yaml
    path: "./rule_provider/Speedtest"
    interval: 86400
  PayPal:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/PayPal.yaml
    path: "./rule_provider/PayPal"
    interval: 86400
  Microsoft:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Microsoft.yaml
    path: "./rule_provider/Microsoft"
    interval: 86400
  OpenAI:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/OpenAI.yaml
    path: "./rule_provider/OpenAI"
    interval: 86400
  Apple:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Apple.yaml
    path: "./rule_provider/Apple"
    interval: 86400
  Google FCM:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Google%20FCM.yaml
    path: "./rule_provider/Google FCM"
    interval: 86400
  Scholar:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Scholar.yaml
    path: "./rule_provider/Scholar"
    interval: 86400
  miHoYo:
    type: http
    behavior: classical
    url: https://cdn.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/miHoYo.yaml
    path: "./rule_provider/miHoYo"
    interval: 86400
script:
  code: |
    def main(ctx, metadata):
        ruleset_action = {
            'Reject': 'AdBlock',
            'Special': 'DIRECT',
            'Anti IP': 'Anti IP',
            'Netflix': 'Netflix',
            'Disney Plus': 'Disney',
            'YouTube': 'Youtube',
            'Spotify': 'Spotify',
            'Bilibili': 'Bilibili',
            'IQ': 'Asian TV',
            'IQIYI': 'Asian TV',
            'Letv': 'Asian TV',
            'Netease Music': 'Asian TV',
            'Tencent Video': 'Asian TV',
            'Youku': 'Asian TV',
            'WeTV': 'Asian TV',
            'ABC': 'Global TV',
            'Abema TV': 'Global TV',
            'Amazon': 'Global TV',
            'Bahamut': 'Bahamut',
            'BBC iPlayer': 'Global TV',
            'DAZN': 'DAZN',
            'Discovery Plus': 'Discovery Plus',
            'encoreTVB': 'Global TV',
            'F1 TV': 'Global TV',
            'Fox Now': 'Global TV',
            'Fox+': 'Global TV',
            'HBO Go': 'HBO Go',
            'HBO Max': 'HBO Max',
            'Hulu Japan': 'Global TV',
            'Hulu': 'Global TV',
            'Japonx': 'Global TV',
            'JOOX': 'Global TV',
            'KKBOX': 'Global TV',
            'KKTV': 'Global TV',
            'Line TV': 'Global TV',
            'myTV SUPER': 'Global TV',
            'Niconico': 'Global TV',
            'Pandora': 'Global TV',
            'PBS': 'Global TV',
            'Pornhub': 'Pornhub',
            'Soundcloud': 'Global TV',
            'ViuTV': 'Global TV',
            'Apple Music': 'Apple TV',
            'Apple News': 'Apple TV',
            'Apple TV': 'Apple TV',
            'Apple': 'Apple',
            'Telegram': 'Telegram',
            'Crypto': 'Crypto',
            'Discord': 'Discord',
            'Google FCM': 'Google FCM',
            'Microsoft': 'Microsoft',
            'OpenAI': 'OpenAI',
            'PayPal': 'PayPal',
            'Scholar': 'Scholar',
            'Speedtest': 'Speedtest',
            'Steam': 'Steam',
            'miHoYo': 'miHoYo',
            'PROXY': 'Proxy',
            'Domestic': 'Domestic',
            'Domestic IPs': 'Domestic',
            'LAN': 'DIRECT'
          }

        port = int(metadata['dst_port'])

        if metadata['network'] == 'UDP' and port == 443:
            ctx.log('[Script] matched QUIC traffic use reject')
            return 'REJECT'

        port_list = [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 3389, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
        if port not in port_list:
            ctx.log('[Script] not common port use direct')
            return 'DIRECT'

        if metadata['dst_ip'] == '':
            metadata['dst_ip'] = ctx.resolve_ip(metadata['host'])

        for ruleset in ruleset_action:
            if ctx.rule_providers[ruleset].match(metadata):
                return ruleset_action[ruleset]

        if metadata['dst_ip'] != '':
            code = ctx.geoip(metadata['dst_ip'])
            if code == 'CN':
                ctx.log('[Script] Geoip CN')
                return 'Domestic'

        ctx.log('[Script] FINAL')
        return 'Others'
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN-SUFFIX,bing.com,Proxy
- DOMAIN-SUFFIX,exhentai.org,Proxy
- DOMAIN-SUFFIX,steamcommunity.com,Proxy
- DOMAIN-SUFFIX,steampowered.com,Proxy
- RULE-SET, Reject, AdBlock
- RULE-SET, Special, DIRECT
- RULE-SET, Anti IP, Anti IP
- RULE-SET, Netflix, Netflix
- RULE-SET, Disney Plus, Disney
- RULE-SET, YouTube, Youtube
- RULE-SET, Spotify, Spotify
- RULE-SET, Bilibili, Bilibili
- RULE-SET, IQ, Asian TV
- RULE-SET, IQIYI, Asian TV
- RULE-SET, Letv, Asian TV
- RULE-SET, Netease Music, Asian TV
- RULE-SET, Tencent Video, Asian TV
- RULE-SET, Youku, Asian TV
- RULE-SET, WeTV, Asian TV
- RULE-SET, ABC, Global TV
- RULE-SET, Abema TV, Global TV
- RULE-SET, Amazon, Global TV
- RULE-SET, Bahamut, Bahamut
- RULE-SET, BBC iPlayer, Global TV
- RULE-SET, DAZN, DAZN
- RULE-SET, Discovery Plus, Discovery Plus
- RULE-SET, encoreTVB, Global TV
- RULE-SET, F1 TV, Global TV
- RULE-SET, Fox Now, Global TV
- RULE-SET, Fox+, Global TV
- RULE-SET, HBO Go, HBO Go
- RULE-SET, HBO Max, HBO Max
- RULE-SET, Hulu Japan, Global TV
- RULE-SET, Hulu, Global TV
- RULE-SET, Japonx, Global TV
- RULE-SET, JOOX, Global TV
- RULE-SET, KKBOX, Global TV
- RULE-SET, KKTV, Global TV
- RULE-SET, Line TV, Global TV
- RULE-SET, myTV SUPER, Global TV
- RULE-SET, Niconico, Global TV
- RULE-SET, Pandora, Global TV
- RULE-SET, PBS, Global TV
- RULE-SET, Pornhub, Pornhub
- RULE-SET, Soundcloud, Global TV
- RULE-SET, ViuTV, Global TV
- RULE-SET, Apple Music, Apple TV
- RULE-SET, Apple News, Apple TV
- RULE-SET, Apple TV, Apple TV
- RULE-SET, Apple, Apple
- RULE-SET, Telegram, Telegram
- RULE-SET, Crypto, Crypto
- RULE-SET, Discord, Discord
- RULE-SET, Google FCM, Google FCM
- RULE-SET, Microsoft, Microsoft
- RULE-SET, OpenAI, OpenAI
- RULE-SET, PayPal, PayPal
- RULE-SET, Scholar, Scholar
- RULE-SET, Speedtest, Speedtest
- RULE-SET, Steam, Steam
- RULE-SET, miHoYo, miHoYo
- RULE-SET, PROXY, Proxy
- RULE-SET, Domestic, Domestic
- RULE-SET, Domestic IPs, Domestic
- RULE-SET, LAN, DIRECT
- GEOIP, CN, Domestic
- MATCH, Others

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sun Sep  3 22:34:30 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sun Sep  3 22:34:30 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sun Sep  3 22:34:30 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sun Sep  3 22:34:30 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sun Sep  3 22:34:30 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Sun Sep  3 22:34:30 2023

#IPv6 NAT chain

#IPv6 Mangle chain

#IPv6 Filter chain

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
        iifname "eth1" ip saddr != @localnetwork counter packets 753 bytes 229344 jump openclash_wan_input
        iifname "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state established,related accept comment "!fw4: Allow inbound established and related flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname "eth1" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy drop;
        ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
        iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname "eth1" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        jump handle_reject
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        ip daddr { 8.8.4.4, 8.8.8.8 } tcp dport 53 counter packets 0 bytes 0 redirect to :7892 comment "OpenClash Google DNS Hijack"
        udp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        ip protocol tcp counter packets 111 bytes 6044 jump openclash
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname "eth1" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
        ip protocol tcp counter packets 116 bytes 6948 jump openclash_output
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip protocol udp counter packets 238 bytes 33179 jump openclash_mangle
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
    }
}
table inet fw4 {
    chain openclash {
        ip daddr @localnetwork counter packets 25 bytes 1300 return
        ip protocol tcp counter packets 86 bytes 4744 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_mangle {
        meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 68 counter packets 1 bytes 350 return
        meta l4proto udp iifname "lo" counter packets 40 bytes 3228 return
        ip daddr @localnetwork counter packets 197 bytes 29601 return
        udp dport 53 counter packets 0 bytes 0 return
        ip protocol udp counter packets 0 bytes 0 jump openclash_upnp
        meta l4proto udp meta mark set 0x00000162 tproxy ip to 127.0.0.1:7895 counter packets 0 bytes 0 accept
    }
}
table inet fw4 {
    chain openclash_output {
        ip daddr @localnetwork counter packets 14 bytes 820 return
        ip protocol tcp meta skuid != 65534 counter packets 2 bytes 120 redirect to :7892
    }
}
table inet fw4 {
    chain openclash_wan_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
    }
}

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan

#ip route list
default via 192.168.1.1 dev eth1 proto static src 192.168.1.2 
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.2 
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        fe80::1                                 UG    512    4        0 eth1    
::/0                                        fe80::1                                 UG    512    2        0 eth1    
2408:8207:8443:2b80::/64                    ::                                      U     256    1        0 eth1    
2408:8207:8443:2b81::/64                    ::                                      U     1024   2        0 br-lan  
2408:8207:8443:2b81::/64                    ::                                      !n    2147483647 1        0 lo      
fd98:fd6f:4a8::/64                          ::                                      U     1024   1        0 br-lan  
fd98:fd6f:4a8::/48                          ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    1        0 br-lan  
fe80::/64                                   ::                                      U     256    3        0 eth1    
::/0                                        ::                                      !n    -1     2        0 lo      
::1/128                                     ::                                      Un    0      7        0 lo      
*WAN IP*:8dd/128  ::                                      Un    0      5        0 eth1    
2408:8207:8443:2b81::/128                   ::                                      Un    0      3        0 br-lan  
2408:8207:8443:2b81::1/128                  ::                                      Un    0      3        0 br-lan  
fd98:fd6f:4a8::/128                         ::                                      Un    0      3        0 br-lan  
fd98:fd6f:4a8::1/128                        ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 eth1    
fe80::2a51:32ff:fe10:8dc/128                ::                                      Un    0      4        0 br-lan  
fe80::2a51:32ff:fe10:8dd/128                ::                                      Un    0      3        0 eth1    
ff00::/8                                    ::                                      U     256    7        0 br-lan  
ff00::/8                                    ::                                      U     256    4        0 eth1    
::/0                                        ::                                      !n    -1     2        0 lo      

#ip -6 route list
default from *WAN IP*:8dd via fe80::1 dev eth1 proto static metric 512 pref medium
default from 2408:8207:8443:2b81::/64 via fe80::1 dev eth1 proto static metric 512 pref medium
2408:8207:8443:2b80::/64 dev eth1 proto static metric 256 pref medium
2408:8207:8443:2b81::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2408:8207:8443:2b81::/64 dev lo proto static metric 2147483647 pref medium
fd98:fd6f:4a8::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd98:fd6f:4a8::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main
4200000000: from 2408:8207:8443:2b81::1/64 iif br-lan unreachable

#===================== 端口占用状态 =====================#

tcp        0      0 :::9090                 :::*                    LISTEN      4754/clash
tcp        0      0 :::7890                 :::*                    LISTEN      4754/clash
tcp        0      0 :::7891                 :::*                    LISTEN      4754/clash
tcp        0      0 :::7892                 :::*                    LISTEN      4754/clash
tcp        0      0 :::7893                 :::*                    LISTEN      4754/clash
tcp        0      0 :::7895                 :::*                    LISTEN      4754/clash
udp        0      0 :::7874                 :::*                                4754/clash
udp        0      0 :::7891                 :::*                                4754/clash
udp        0      0 :::7892                 :::*                                4754/clash
udp        0      0 :::7893                 :::*                                4754/clash
udp        0      0 :::7895                 :::*                                4754/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 110.242.68.4
Name:   www.a.shifen.com
Address: 110.242.68.3

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 2585
  data: geo-p42.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 2586
  data: z-p42-instagram.c10r.instagram.com.
  name: geo-p42.instagram.com.
  type: 5

  TTL: 29
  data: 31.13.82.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface wan
nameserver 192.168.1.1
# Interface wan6
nameserver fe80::1%eth1

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sun, 03 Sep 2023 14:34:32 GMT
Etag: "575e1f59-115"
Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 404 
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: B17E:2705:2C3217:33BE6D:64F49979
accept-ranges: bytes
date: Sun, 03 Sep 2023 14:34:33 GMT
via: 1.1 varnish
x-served-by: cache-itm18829-ITM
x-cache: MISS
x-cache-hits: 0
x-timer: S1693751673.301218,VS0,VE163
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: d2e5bfdd8861facae18b6231aa8725e0aa16ef91
expires: Sun, 03 Sep 2023 14:39:33 GMT
source-age: 0
content-length: 14

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2023-09-03T14:31:38.434852432Z" level=info msg="Start initial provider IQIYI"
time="2023-09-03T14:31:38.435743912Z" level=info msg="Start initial provider Netease Music"
time="2023-09-03T14:31:38.437639456Z" level=info msg="Start initial provider Bilibili"
time="2023-09-03T14:31:38.439976048Z" level=info msg="Start initial provider Special"
time="2023-09-03T14:31:38.44705888Z" level=info msg="Start initial provider Letv"
time="2023-09-03T14:31:38.447440744Z" level=info msg="Start initial provider Scholar"
time="2023-09-03T14:31:38.449874608Z" level=info msg="Start initial provider Bahamut"
2023-09-03 22:31:40 Step 6: Wait For The File Downloading...
2023-09-03 22:31:40 Step 7: Set Firewall Rules...
2023-09-03 22:31:40 Warning: Dnsmasq not Support nftset, Use ipset...
2023-09-03 22:31:40 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-09-03 22:31:40 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-09-03 22:31:41 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-09-03 22:31:41 Tip: Start Add Custom Firewall Rules...
2023-09-03 22:31:41 Step 8: Restart Dnsmasq...
time="2023-09-03T14:31:41.603855248Z" level=info msg="[TCP] 192.168.3.180:39728 --> 221.181.99.30:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:43.1405542Z" level=info msg="[TCP] 192.168.3.180:40260 --> 111.206.147.156:8080 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:43.52451322Z" level=info msg="[TCP] 192.168.3.180:37078 --> 182.50.10.168:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:44.82315574Z" level=info msg="[TCP] 192.168.3.180:49652 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
2023-09-03 22:31:44 Step 9: Add Cron Rules, Start Daemons...
2023-09-03 22:31:44 OpenClash Start Successful!
time="2023-09-03T14:31:45.43973368Z" level=info msg="[TCP] 192.168.3.180:37484 --> 223.166.152.125:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.469969744Z" level=info msg="[TCP] 192.168.3.180:44010 --> 182.50.15.211:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.544372456Z" level=info msg="[TCP] 192.168.3.180:49664 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.609059224Z" level=info msg="[TCP] 192.168.3.180:49678 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.818715628Z" level=info msg="[TCP] 192.168.3.180:49684 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.840902176Z" level=info msg="[TCP] 192.168.3.180:49700 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.873257296Z" level=info msg="[TCP] 192.168.3.180:49708 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.892006372Z" level=info msg="[TCP] 192.168.3.180:49718 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:45.919051576Z" level=info msg="[TCP] 192.168.3.180:49730 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:46.573459132Z" level=info msg="[TCP] 192.168.3.180:49740 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:46.598114872Z" level=info msg="[TCP] 192.168.3.180:49750 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:46.779350392Z" level=info msg="[TCP] 192.168.3.180:49756 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:47.680480816Z" level=info msg="[TCP] 192.168.3.180:49764 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:48.010263244Z" level=info msg="[TCP] 192.168.3.180:49778 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:48.327184156Z" level=info msg="[TCP] 192.168.3.180:49784 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:50.617784344Z" level=info msg="[TCP] 192.168.3.180:44118 --> 39.156.81.128:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:52.262855404Z" level=info msg="[TCP] 192.168.3.180:40570 --> 140.207.122.242:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:52.931248576Z" level=info msg="[TCP] 192.168.3.180:41208 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:53.415370912Z" level=info msg="[TCP] 192.168.3.180:41212 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:53.558153188Z" level=info msg="[TCP] 192.168.3.180:41224 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:53.822319784Z" level=info msg="[TCP] 192.168.3.180:41236 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:31:53.977572244Z" level=info msg="[TCP] 192.168.3.180:41252 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:11.049411553Z" level=info msg="[TCP] 192.168.3.180:43820 --> 182.50.10.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:36.162413516Z" level=info msg="[TCP] 192.168.3.208:1029 --> 223.6.6.6:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:36.463214635Z" level=info msg="[TCP] 192.168.3.208:1030 --> 101.199.253.2:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:54.778290995Z" level=info msg="[TCP] 192.168.1.2:52620(curl) --> cdn.jsdelivr.net:443 match Match using Others[vvv]"
time="2023-09-03T14:32:55.240897401Z" level=info msg="[TCP] 192.168.3.208:1060 --> 223.5.5.5:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:55.51878225Z" level=info msg="[TCP] 192.168.3.208:1061 --> 123.125.81.48:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:55.521010686Z" level=info msg="[TCP] 192.168.3.208:1062 --> 123.125.81.48:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:56.155452821Z" level=info msg="[TCP] 192.168.3.208:1063 --> 223.5.5.5:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:56.222677861Z" level=info msg="[TCP] 192.168.3.208:1064 --> 123.6.49.166:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:56.260289191Z" level=info msg="[TCP] 192.168.3.208:1065 --> 101.198.199.200:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:56.521529548Z" level=info msg="[TCP] 192.168.3.208:1066 --> 1.192.137.23:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:56.580801263Z" level=info msg="[TCP] 192.168.3.208:1067 --> 101.199.128.196:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:57.299714214Z" level=info msg="[TCP] 192.168.3.208:1068 --> 123.125.81.48:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:57.32497398Z" level=info msg="[TCP] 192.168.3.208:1069 --> 101.198.199.200:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:57.451587607Z" level=info msg="[TCP] 192.168.3.208:1070 --> 36.99.172.78:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:58.75737624Z" level=info msg="[TCP] 192.168.3.208:1071 --> 101.198.199.200:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:32:58.911331722Z" level=info msg="[TCP] 192.168.3.208:1072 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:01.37287999Z" level=info msg="[TCP] 192.168.3.208:1073 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:01.3729553Z" level=info msg="[TCP] 192.168.3.208:1074 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:01.703877259Z" level=info msg="[TCP] 192.168.3.208:1075 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:02.235030901Z" level=info msg="[TCP] 192.168.3.208:1076 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:02.340759471Z" level=info msg="[TCP] 192.168.3.208:1077 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:02.451760402Z" level=info msg="[TCP] 192.168.3.208:1078 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:02.65618268Z" level=info msg="[TCP] 192.168.3.208:1079 --> 101.199.253.86:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:03.33396577Z" level=info msg="[TCP] 192.168.3.208:1080 --> 101.198.199.200:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:03.454387023Z" level=info msg="[TCP] 192.168.3.208:1081 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:04.781029735Z" level=info msg="[TCP] 192.168.3.208:1082 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:06.116491094Z" level=info msg="[TCP] 192.168.3.208:1083 --> 101.199.253.86:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:07.696959989Z" level=info msg="[TCP] 192.168.3.208:1084 --> 101.198.199.200:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:07.784213962Z" level=info msg="[TCP] 192.168.3.208:1085 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:07.827081018Z" level=info msg="[TCP] 192.168.3.208:1086 --> 1.192.193.246:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:07.850206488Z" level=info msg="[TCP] 192.168.3.208:1087 --> 180.163.251.223:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:07.882128505Z" level=info msg="[TCP] 192.168.3.208:1088 --> 223.5.5.5:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:07.95725539Z" level=info msg="[TCP] 192.168.3.208:1089 --> 123.6.49.149:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:08.121667587Z" level=info msg="[TCP] 192.168.3.208:1090 --> 223.5.5.5:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:08.21579313Z" level=info msg="[TCP] 192.168.3.208:1091 --> 27.115.124.141:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:18.183446265Z" level=info msg="[TCP] 192.168.3.208:1092 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:19.29128366Z" level=info msg="[TCP] 192.168.3.208:1093 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:21.591378134Z" level=info msg="[TCP] 192.168.3.208:1098 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:24.002645049Z" level=info msg="[TCP] 192.168.3.208:1099 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:25.676923793Z" level=info msg="[TCP] 192.168.3.208:1100 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:29.92884568Z" level=info msg="[TCP] 192.168.1.2:52968(curl) --> cdn.jsdelivr.net:443 match Match using Others[vvv]"
time="2023-09-03T14:33:35.502714721Z" level=info msg="[TCP] 192.168.3.208:1101 --> 101.199.253.86:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:52.677627669Z" level=info msg="[TCP] 192.168.3.208:1102 --> 101.199.253.124:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:33:53.25978683Z" level=info msg="[TCP] 192.168.3.208:1103 --> 101.199.253.86:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:02.577626164Z" level=info msg="[TCP] 192.168.3.208:1104 --> 101.199.253.86:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:04.076376509Z" level=info msg="[TCP] 192.168.3.208:1105 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:07.786769544Z" level=info msg="[TCP] 192.168.3.208:1112 --> 101.198.199.200:443 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:07.911114282Z" level=info msg="[TCP] 192.168.3.208:1113 --> 1.192.137.20:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:08.790653025Z" level=info msg="[TCP] 192.168.3.208:1116 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:08.8642122Z" level=info msg="[TCP] 192.168.3.208:1118 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:08.889413018Z" level=info msg="[TCP] 192.168.3.208:1119 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:10.841875311Z" level=info msg="[TCP] 192.168.3.208:1123 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:11.987269383Z" level=info msg="[TCP] 192.168.3.208:1125 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:20.246012732Z" level=info msg="[TCP] 192.168.3.208:1126 --> 1.192.192.177:80 match RuleSet(Domestic IPs) using Domestic[DIRECT]"
time="2023-09-03T14:34:32.207709419Z" level=info msg="[TCP] 192.168.1.2:58322(curl) --> www.baidu.com:80 match RuleSet(Anti IP) using Anti IP[DIRECT]"
time="2023-09-03T14:34:32.884693175Z" level=info msg="[TCP] 192.168.1.2:34706(curl) --> raw.githubusercontent.com:443 match RuleSet(PROXY) using Proxy[vvv]"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.3.180】 - Host:【Empty】 - DestinationIP:【182.50.10.168】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.3.180】 - Host:【Empty】 - DestinationIP:【39.156.81.128】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.3.208】 - Host:【Empty】 - DestinationIP:【101.198.199.200】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.3.208】 - Host:【Empty】 - DestinationIP:【101.199.128.196】 - Network:【tcp】 - RulePayload:【Domestic IPs】 - Lastchain:【DIRECT】

OpenClash Config

No response

Expected Behavior

可以正常上网

Screenshots

No response

[vernesong]

dns改成防火墙转发

[cocdkl]

dns改成防火墙转发

还是不可以，我也觉得是dns的问题，但是不知道怎么找到具体原因，而且关闭openclash也无法上网

[cocdkl]

感觉和openclash没啥关系，可能是openwrt的问题，不知道为啥路由器解析dns只能用ipv6，ipv4解析不了

[jsrdgewei]

你的是内网IP吧，试试wan口重播试试。openwrt的问题，遇到运行商释放ip重新获取就会出现问题。我的内网宽带经常这样，公网的宽带就没有问题，内网是48小时更新ip，公网是一个月更新