[Bug] fallback中不加入udp 53服务器就无法解析国外域名

vernesong / OpenClash

A Clash Client For OpenWrt

MIT License

16.55k stars 3.06k forks source link

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
[X] Meaningful 我提交的不是无意义的催促更新或修复请求

OpenClash Version

v0.45.141-beta

Bug on Environment

Other

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

在fallback中配置DNS为tls、https、tcp 53等服务器，不配置udp 53服务器，导致国外域名无法解析，均出现"** server can't find www.xxx.com: SERVFAIL"错误

当fallback中加入udp 53服务器，解析问题解除，但存在污染现象

Describe the Bug

之前一直使用老版本，具体哪个版本记不清了，反正是在openwrt服务器单独添加时没有vless + vision的版本，编译选项与新版本一摸一样，使用的clash meta内核，使用一直很稳定。

前几天为了能够支持vless + vision，特意重新编译了新版本，却在配置完成后无法访问任何外网，检查后发现所有涉及到国外的域名均存在DNS解析失败情况，多次尝试后发现在fallback中加入udp 53的国外DNS服务器可解决。

可今天需要访问到raw.githubusercontent.com时发现解析失败，连0.0.0.0都获取不到，直接无结果，开启Fallback-Filter也无法解决，感觉应该是DNS污染问题，原因应该为udp被恶意更改解析结果，可删除udp服务器后却导致所有国外域名均无法解析。

OpenClash Log

为了不让日志太长，我将部分不相关内容删除（主要是规则部分以及系统自带注释部分，规则使用的ACL4SSR_Github_Online_Full）

Redir-Host日志：


生成时间: 2023-09-07 23:12:07
插件版本: v0.45.141-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (i440FX + PIIX, 1996)
固件版本: ImmortalWrt 21.02-SNAPSHOT r20074-a8bbadefaf
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.255
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 6762
运行权限: 6762: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.17.0-20-ga19a9fe
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g3a9fc39
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 自定义规则 一 =====================#
script:
rules:
- DOMAIN-SUFFIX,chdbits.co,🎯 全球直连
- DOMAIN-SUFFIX,discfan.net,🎯 全球直连
- DOMAIN-SUFFIX,greatposterwall.com,🎯 全球直连
- DOMAIN-SUFFIX,haidan.video,🎯 全球直连
- DOMAIN-SUFFIX,hdsky.me,🎯 全球直连
- DOMAIN-SUFFIX,hdtime.org,🎯 全球直连
- DOMAIN-SUFFIX,m-team.cc,🎯 全球直连
- DOMAIN-SUFFIX,open.cd,🎯 全球直连
- DOMAIN-SUFFIX,ourbits.club,🎯 全球直连
- DOMAIN-SUFFIX,pttime.org,🎯 全球直连
- DOMAIN-KEYWORD,announce,🎯 全球直连

##在线IP段转CIDR地址：http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
rules:

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F530 节点选择"
  type: select
  proxies:
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
- name: "♻️ 自动选择"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  proxies:
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
- name: "\U0001F3A5 NETFLIX"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
- name: "⛔️ 广告拦截"
  type: select
  proxies:
  - "\U0001F6D1 全球拦截"
  - "\U0001F3AF 全球直连"
  - "\U0001F530 节点选择"
- name: "\U0001F6AB 运营劫持"
  type: select
  proxies:
  - "\U0001F6D1 全球拦截"
  - "\U0001F3AF 全球直连"
  - "\U0001F530 节点选择"
- name: "\U0001F30D 国外媒体"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
- name: "\U0001F30F 国内媒体"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001F530 节点选择"
- name: Ⓜ️ 微软服务
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001F530 节点选择"
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
- name: "\U0001F4F2 电报信息"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "\U0001F3AF 全球直连"
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
- name: "\U0001F34E 苹果服务"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "\U0001F3AF 全球直连"
  - "♻️ 自动选择"
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
- name: "\U0001F3AF 全球直连"
  type: select
  proxies:
  - DIRECT
- name: "\U0001F6D1 全球拦截"
  type: select
  proxies:
  - REJECT
  - DIRECT
- name: "\U0001F41F 漏网之鱼"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "\U0001F3AF 全球直连"
  - "♻️ 自动选择"
  - "[SS] SS1"
  - "[SS] SS2"
  - "[VMess] Vmess+Ws+1"
  - "[VMess] Vmess+Ws+2"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- "DOMAIN-SUFFIX,chdbits.co,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,discfan.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,greatposterwall.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,haidan.video,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,hdsky.me,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,hdtime.org,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,m-team.cc,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,open.cd,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,ourbits.club,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,pttime.org,\U0001F3AF 全球直连"
- "DOMAIN-KEYWORD,announce,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连"
- "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve"
- DOMAIN-KEYWORD,1drv,Ⓜ️ 微软服务
- xxxxxxx
- DOMAIN-SUFFIX,bingapis.com,Ⓜ️ 微软服务
- "DOMAIN,app.adjust.com,\U0001F3AF 全球直连"
- 这一部分均为ACL4SSR_Github_Online_Full的规则，未做更改
- "GEOIP,CN,\U0001F3AF 全球直连"
- "MATCH,\U0001F41F 漏网之鱼"
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
unified-delay: true
dns:
  enable: true
  ipv6: false
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 211.139.29.150
  - 119.29.29.29
  fallback:
  - tls://1.1.1.1:853
  - https://1.1.1.1/dns-query
  - tls://8.8.8.8:853
  - https://8.8.8.8/dns-query
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
    - 0.0.0.0/8
    - 10.0.0.0/8
    - 100.64.0.0/10
    - 127.0.0.0/8
    - 169.254.0.0/16
    - 172.16.0.0/12
    - 192.0.0.0/24
    - 192.0.2.0/24
    - 192.88.99.0/24
    - 192.168.0.0/16
    - 198.18.0.0/15
    - 198.51.100.0/24
    - 203.0.113.0/24
    - 224.0.0.0/4
    - 240.0.0.0/4
    - 255.255.255.255/32
    domain:
    - "+.google.com"
    - "+.facebook.com"
    - "+.youtube.com"
    - "+.githubusercontent.com"
    - "+.googlevideo.com"
    - "+.msftconnecttest.com"
    - "+.msftncsi.com"
  use-hosts: true
sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
profile:
  store-selected: true
hosts:
  a.com: 192.168.100.25
  b.com: 192.168.100.26
  c.com: 192.168.100.27
  d.com: 192.168.100.28

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Sep  7 23:12:09 2023
*nat
:PREROUTING ACCEPT [47:4470]
:INPUT ACCEPT [178:11544]
:OUTPUT ACCEPT [407:25460]
:POSTROUTING ACCEPT [434:28169]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 13936 -j DNAT --to-destination 192.168.100.152:1080
-A MINIUPNPD -p udp -m udp --dport 13936 -j DNAT --to-destination 192.168.100.152:3027
-A MINIUPNPD -p udp -m udp --dport 9307 -j DNAT --to-destination 192.168.100.222:9307
-A MINIUPNPD -p udp -m udp --dport 9308 -j DNAT --to-destination 192.168.100.222:9308
-A MINIUPNPD -p udp -m udp --dport 9309 -j DNAT --to-destination 192.168.100.222:9309
-A MINIUPNPD -p udp -m udp --dport 9310 -j DNAT --to-destination 192.168.100.222:9310
-A MINIUPNPD -p udp -m udp --dport 9306 -j DNAT --to-destination 192.168.100.222:9306
-A MINIUPNPD -p udp -m udp --dport 8735 -j DNAT --to-destination 192.168.100.223:8735
-A MINIUPNPD -p udp -m udp --dport 8736 -j DNAT --to-destination 192.168.100.223:8736
-A MINIUPNPD -p udp -m udp --dport 8737 -j DNAT --to-destination 192.168.100.223:8737
-A MINIUPNPD -p udp -m udp --dport 8738 -j DNAT --to-destination 192.168.100.223:8738
-A MINIUPNPD -p udp -m udp --dport 8734 -j DNAT --to-destination 192.168.100.223:8734
-A MINIUPNPD -p tcp -m tcp --dport 13864 -j DNAT --to-destination 192.168.100.152:1080
-A MINIUPNPD -p udp -m udp --dport 13864 -j DNAT --to-destination 192.168.100.152:3027
-A MINIUPNPD -p udp -m udp --dport 8522 -j DNAT --to-destination 192.168.100.236:8522
-A MINIUPNPD -p udp -m udp --dport 8608 -j DNAT --to-destination 192.168.100.236:8608
-A MINIUPNPD -p udp -m udp --dport 8567 -j DNAT --to-destination 192.168.100.236:8567
-A MINIUPNPD -p udp -m udp --dport 8103 -j DNAT --to-destination 192.168.100.112:8103
-A MINIUPNPD -p udp -m udp --dport 29575 -j DNAT --to-destination 192.168.100.223:29575
-A MINIUPNPD -p udp -m udp --dport 56291 -j DNAT --to-destination 192.168.100.222:56291
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13936
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13936
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13864
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13864
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set ! --match-set common_ports dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set ! --match-set common_ports dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Sep  7 23:12:09 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Sep  7 23:12:09 2023
*mangle
:PREROUTING ACCEPT [3728:502733]
:INPUT ACCEPT [3136:412828]
:FORWARD ACCEPT [596:96332]
:OUTPUT ACCEPT [3888:843892]
:POSTROUTING ACCEPT [4486:940288]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -m set ! --match-set common_ports dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 1080 -j RETURN
-A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8522 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8608 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8567 -j RETURN
-A openclash_upnp -s 192.168.100.112/32 -p udp -m udp --sport 8103 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 29575 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8735 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8736 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8737 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8738 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8734 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 56291 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9307 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9308 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9309 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9310 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9306 -j RETURN
COMMIT
# Completed on Thu Sep  7 23:12:09 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Thu Sep  7 23:12:09 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9307 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9308 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9309 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9310 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9306 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8735 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8736 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8737 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8738 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8734 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8522 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8608 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 192.168.100.112/32 -p udp -m udp --dport 8103 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 29575 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 56291 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Sep  7 23:12:09 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Thu Sep  7 23:12:09 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Thu Sep  7 23:12:09 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Thu Sep  7 23:12:09 2023
*mangle
:PREROUTING ACCEPT [480:48095]
:INPUT ACCEPT [440:45055]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [480:48095]
:POSTROUTING ACCEPT [480:48095]
COMMIT
# Completed on Thu Sep  7 23:12:09 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Thu Sep  7 23:12:09 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [20:1520]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Sep  7 23:12:09 2023

#===================== IPSET状态 =====================#

Name: localnetwork
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 1024
References: 3
Number of entries: 9

Name: common_ports
Type: bitmap:port
Revision: 3
Header: range 0-65535
Size in memory: 8264
References: 3
Number of entries: 31

Name: china_ip_route
Type: hash:net
Revision: 6
Header: family inet hashsize 32768 maxelem 1000000
Size in memory: 2305640
References: 4
Number of entries: 92349

Name: china_ip_route_pass
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1000000
Size in memory: 448
References: 3
Number of entries: 0

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.1        0.0.0.0         UG    0      0        0 eth0
192.168.100.0        0.0.0.0         255.255.255.0   U     0      0        0 eth0

#ip route list
default via 192.168.100.1 dev eth0 proto static 
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.2 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main
4200000001: from all iif lo failed_policy
4200000003: from all iif eth0 failed_policy

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      6762/clash
tcp        0      0 :::7891                 :::*                    LISTEN      6762/clash
tcp        0      0 :::7892                 :::*                    LISTEN      6762/clash
tcp        0      0 :::7893                 :::*                    LISTEN      6762/clash
tcp        0      0 :::7895                 :::*                    LISTEN      6762/clash
tcp        0      0 :::9090                 :::*                    LISTEN      6762/clash
udp        0      0 :::7874                 :::*                                6762/clash
udp        0      0 :::7891                 :::*                                6762/clash
udp        0      0 :::7892                 :::*                                6762/clash
udp        0      0 :::7893                 :::*                                6762/clash
udp        0      0 :::7895                 :::*                                6762/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1#53

Name:      www.baidu.com
www.baidu.com   canonical name = www.a.shifen.com
Name:      www.a.shifen.com
Address 1: 120.232.145.144
Address 2: 120.232.145.185
*** Can't find www.baidu.com: No answer

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.auto =====================#

# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 07 Sep 2023 15:12:13 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2023-09-07T15:09:22.393865156Z" level=info msg="Start initial compatible provider ♻️ 自动选择"
time="2023-09-07T15:09:22.393844184Z" level=info msg="Start initial compatible provider 🌍 国外媒体"
time="2023-09-07T15:09:22.393839453Z" level=info msg="Start initial compatible provider 🌏 国内媒体"
time="2023-09-07T15:09:22.393855757Z" level=info msg="Start initial compatible provider 📲 电报信息"
time="2023-09-07T15:09:22.393860597Z" level=info msg="Start initial compatible provider 🎯 全球直连"
time="2023-09-07T15:09:22.393850805Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
2023-09-07 23:09:24 Step 6: Wait For The File Downloading...
2023-09-07 23:09:24 Step 7: Set Firewall Rules...
2023-09-07 23:09:24 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-09-07 23:09:24 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces...
2023-09-07 23:09:24 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-09-07 23:09:24 Tip: Start Add Custom Firewall Rules...
2023-09-07 23:09:24 Step 8: Restart Dnsmasq...
2023-09-07 23:09:24 Step 9: Add Cron Rules, Start Daemons...
2023-09-07 23:09:24 OpenClash Start Successful!
time="2023-09-07T15:09:29.246365153Z" level=info msg="[TCP] 192.168.100.8:51094 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]"
time="2023-09-07T15:09:29.252753801Z" level=info msg="[TCP] 192.168.100.8:51095 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]"
time="2023-09-07T15:09:30.028458956Z" level=info msg="[TCP] 192.168.100.8:51097 --> 31.13.69.245:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:09:31.041018597Z" level=info msg="[TCP] 192.168.100.8:51098 --> 104.26.12.31:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:09:35.306489334Z" level=info msg="[TCP] 192.168.100.8:51101 --> 31.13.69.245:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:09:45.005414623Z" level=info msg="[TCP] 192.168.100.50:54811 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:09:54.406304005Z" level=info msg="[TCP] 192.168.100.50:54818 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:10:11.210971493Z" level=info msg="[TCP] 192.168.100.50:54822 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
2023-09-07 23:10:24 Watchdog: Setting Firewall For Enabling Redirect...
time="2023-09-07T15:10:25.219983702Z" level=info msg="[TCP] 192.168.100.50:54824 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:10:49.295727291Z" level=info msg="[TCP] 192.168.100.50:54834 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:10:52.228599339Z" level=info msg="[TCP] 192.168.100.8:59543 --> 23.202.34.75:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:11:03.334933829Z" level=info msg="[TCP] 192.168.100.50:54839 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:11:33.326489298Z" level=info msg="[TCP] 192.168.100.50:54842 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:12:19.350271369Z" level=info msg="[TCP] 192.168.100.50:54848 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:12:28.354833215Z" level=info msg="[TCP] 192.168.100.50:54850 --> 184.26.43.82:80 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:12:33.280614753Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAB2Rpc2NmYW4DbmV0AAABAAE: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
time="2023-09-07T15:12:33.280666011Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAB2Rpc2NmYW4DbmV0AAABAAE] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.280769255Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAB2Rpc2NmYW4DbmV0AAABAAE: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
time="2023-09-07T15:12:33.280787365Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAB2Rpc2NmYW4DbmV0AAABAAE] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.280826363Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.28085071Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.280830557Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.280920807Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.281008536Z" level=debug msg="[DNS Server] Exchange ;raw.githubusercontent.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:33.281108887Z" level=debug msg="[DNS Server] Exchange ;raw.githubusercontent.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:33.28114544Z" level=debug msg="[DNS Server] Exchange ;raw.githubusercontent.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:33.281183408Z" level=debug msg="[DNS Server] Exchange ;raw.githubusercontent.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:33.61867718Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.618718912Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.618788676Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.618812034Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.618867843Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.618916097Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.618961159Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.618982667Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.619038736Z" level=debug msg="[DNS Server] Exchange ;api.ipify.org.\tIN\t A failed: all DNS requests failed, first error: requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.619144823Z" level=debug msg="[DNS] resolve api.ipify.org from udp://119.29.29.29:53"
time="2023-09-07T15:12:33.619204168Z" level=debug msg="[DNS] resolve api.ipify.org from udp://211.139.29.150:53"
time="2023-09-07T15:12:33.625986337Z" level=debug msg="[DNS] api.ipify.org --> [104.237.62.212 173.231.16.76 64.185.227.156], from udp://119.29.29.29:53"
time="2023-09-07T15:12:33.626019089Z" level=debug msg="[DNS] api.ipify.org --> [104.237.62.212 173.231.16.76 64.185.227.156], from udp://211.139.29.150:53"
time="2023-09-07T15:12:33.626049563Z" level=debug msg="[DNS] resolve api.ipify.org from https://8.8.8.8:443/dns-query"
time="2023-09-07T15:12:33.626075937Z" level=debug msg="[DNS] resolve api.ipify.org from tls://1.1.1.1:853"
time="2023-09-07T15:12:33.626067389Z" level=debug msg="[DNS] resolve api.ipify.org from https://1.1.1.1:443/dns-query"
time="2023-09-07T15:12:33.626072536Z" level=debug msg="[DNS] resolve api.ipify.org from tls://8.8.8.8:853"
time="2023-09-07T15:12:33.751248806Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
time="2023-09-07T15:12:33.751287485Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.751355872Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ\": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
time="2023-09-07T15:12:33.75139016Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.751356497Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.751449288Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.751481555Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:33.75150167Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:33.751565476Z" level=debug msg="[DNS Server] Exchange ;dns.msftncsi.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:33.751693616Z" level=debug msg="[DNS Server] Exchange ;dns.msftncsi.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:33.751737611Z" level=debug msg="[DNS Server] Exchange ;dns.msftncsi.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:33.751771003Z" level=debug msg="[DNS Server] Exchange ;dns.msftncsi.com.\tIN\t A failed: all DNS requests failed, first error: dial tcp 1.1.1.1:853: i/o timeout"
time="2023-09-07T15:12:35.134878952Z" level=debug msg="[DNS] resolve home.115.com from udp://119.29.29.29:53"
time="2023-09-07T15:12:35.134992959Z" level=debug msg="[DNS] resolve home.115.com from udp://211.139.29.150:53"
time="2023-09-07T15:12:35.142462601Z" level=debug msg="[DNS] home.115.com --> [103.143.19.140], from udp://211.139.29.150:53"
time="2023-09-07T15:12:35.142487359Z" level=debug msg="[DNS] home.115.com --> [103.143.19.140], from udp://119.29.29.29:53"
time="2023-09-07T15:12:38.38971884Z" level=debug msg="[DNS] resolve safebrowsing.urlsec.qq.com from udp://119.29.29.29:53"
time="2023-09-07T15:12:38.38979681Z" level=debug msg="[DNS] resolve safebrowsing.urlsec.qq.com from udp://211.139.29.150:53"
time="2023-09-07T15:12:38.389830999Z" level=debug msg="[DNS] resolve safebrowsing.urlsec.qq.com from udp://211.139.29.150:53"
time="2023-09-07T15:12:38.389904723Z" level=debug msg="[DNS] resolve safebrowsing.urlsec.qq.com from udp://119.29.29.29:53"
time="2023-09-07T15:12:38.396908662Z" level=debug msg="[DNS] safebrowsing.urlsec.qq.com --> [120.232.31.158 120.241.149.217], from udp://119.29.29.29:53"
time="2023-09-07T15:12:38.396941238Z" level=debug msg="[DNS] safebrowsing.urlsec.qq.com --> [120.232.31.158 120.241.149.217], from udp://211.139.29.150:53"
time="2023-09-07T15:12:38.619645512Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:38.619689258Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:38.61971077Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:38.619742832Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2Rucwhtc2Z0bmNzaQNjb20AAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:38.61979751Z" level=debug msg="re-creating the http client due to requesting https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ: Get \"https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:38.619810307Z" level=debug msg="[https://1.1.1.1:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:38.619815389Z" level=debug msg="re-creating the http client due to requesting https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ: Get \"https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ\": context deadline exceeded"
time="2023-09-07T15:12:38.619844652Z" level=debug msg="[https://8.8.8.8:443/dns-query?dns=AAABAAABAAAAAAAAA2FwaQVpcGlmeQNvcmcAAAEAAQ] using HTTP/2 for this upstream: <nil>"
time="2023-09-07T15:12:38.61992026Z" level=debug msg="[DNS Server] Exchange ;api.ipify.org.\tIN\t A failed: all DNS requests failed, first error: dial tcp 8.8.8.8:853: i/o timeout"
time="2023-09-07T15:12:38.620031022Z" level=debug msg="[DNS] resolve api.ipify.org from udp://211.139.29.150:53"
time="2023-09-07T15:12:38.620037875Z" level=debug msg="[DNS Server] Exchange ;api.ipify.org.\tIN\t A failed: all DNS requests failed, first error: dial tcp 8.8.8.8:853: i/o timeout"
time="2023-09-07T15:12:38.620042699Z" level=debug msg="[DNS] resolve api.ipify.org from udp://119.29.29.29:53"
time="2023-09-07T15:12:38.620631861Z" level=debug msg="[DNS] api.ipify.org --> [104.237.62.212 64.185.227.156 173.231.16.76], from udp://119.29.29.29:53"
time="2023-09-07T15:12:38.620654732Z" level=debug msg="[DNS] api.ipify.org --> [64.185.227.156 173.231.16.76 104.237.62.212], from udp://211.139.29.150:53"
time="2023-09-07T15:12:38.620683542Z" level=debug msg="[DNS] resolve api.ipify.org from https://8.8.8.8:443/dns-query"
time="2023-09-07T15:12:38.62070677Z" level=debug msg="[DNS] resolve api.ipify.org from tls://1.1.1.1:853"
time="2023-09-07T15:12:38.620696899Z" level=debug msg="[DNS] resolve api.ipify.org from https://1.1.1.1:443/dns-query"
time="2023-09-07T15:12:38.620701164Z" level=debug msg="[DNS] resolve api.ipify.org from tls://8.8.8.8:853"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】
2. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】
3. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【104.26.12.31】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】

OpenClash Config

OpenWRT来源：immortalwrt-21.02自主编译，仅选择OpenClash及几个基础插件

Expected Behavior

希望能解决这个问题

Screenshots

No response

生成时间: 2023-09-07 23:43:38 插件版本: v0.45.141-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息 #===================== 系统信息 =====================# 主机型号: QEMU Standard PC (i440FX + PIIX, 1996) 固件版本: ImmortalWrt 21.02-SNAPSHOT r20074-a8bbadefaf LuCI版本: git-20.074.84698-ead5e81 内核版本: 5.4.255 处理器架构: x86_64 #此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: DNS劫持: Dnsmasq 转发 #DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874 #===================== 依赖检查 =====================# dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci >= 19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 已安装 unzip: 已安装 iptables-mod-tproxy: 已安装 kmod-ipt-tproxy: 已安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 kmod-ipt-nat: 已安装 #===================== 内核检查 =====================# 运行状态: 运行中运行内核：Meta 进程pid: 14587 运行权限: 14587: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-amd64 #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2023.08.17 Tun内核文件: 存在 Tun内核运行权限: 正常 Dev内核版本: v1.17.0-20-ga19a9fe Dev内核文件: 存在 Dev内核运行权限: 正常 Meta内核版本: alpha-g3a9fc39 Meta内核文件: 存在 Meta内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/config.yaml 启动配置文件: /etc/openclash/config.yaml 运行模式: fake-ip 默认代理模式: rule UDP流量转发(tproxy): 启用自定义DNS: 启用 IPV6代理: 停用 IPV6-DNS解析: 停用禁用Dnsmasq缓存: 启用自定义规则: 启用仅允许内网: 启用仅代理命中规则流量: 停用仅允许常用端口流量: 停用绕过中国大陆IP: 启用路由本机代理: 启用 #启动异常时建议关闭此项后重试混合节点: 停用保留配置: 停用 #启动异常时建议关闭此项后重试第三方规则: 停用 #===================== 自定义规则一 =====================# script: rules: - DOMAIN-SUFFIX,chdbits.co,🎯 全球直连 - DOMAIN-SUFFIX,discfan.net,🎯 全球直连 - DOMAIN-SUFFIX,greatposterwall.com,🎯 全球直连 - DOMAIN-SUFFIX,haidan.video,🎯 全球直连 - DOMAIN-SUFFIX,hdsky.me,🎯 全球直连 - DOMAIN-SUFFIX,hdtime.org,🎯 全球直连 - DOMAIN-SUFFIX,m-team.cc,🎯 全球直连 - DOMAIN-SUFFIX,open.cd,🎯 全球直连 - DOMAIN-SUFFIX,ourbits.club,🎯 全球直连 - DOMAIN-SUFFIX,pttime.org,🎯 全球直连 - DOMAIN-KEYWORD,announce,🎯 全球直连 ##在线IP段转CIDR地址：http://ip2cidr.com #===================== 自定义规则二 =====================# script: rules: #===================== 配置文件 =====================# port: 7890 socks-port: 7891 allow-lan: true mode: rule log-level: info external-controller: 0.0.0.0:9090 proxy-groups: - name: "\U0001F530 节点选择" type: select proxies: - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "♻️ 自动选择" type: url-test url: http://www.gstatic.com/generate_204 interval: 300 proxies: - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F3A5 NETFLIX" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "⛔️ 广告拦截" type: select proxies: - "\U0001F6D1 全球拦截" - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - name: "\U0001F6AB 运营劫持" type: select proxies: - "\U0001F6D1 全球拦截" - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - name: "\U0001F30D 国外媒体" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F30F 国内媒体" type: select proxies: - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - name: Ⓜ️ 微软服务 type: select proxies: - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F4F2 电报信息" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F34E 苹果服务" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "♻️ 自动选择" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F3AF 全球直连" type: select proxies: - DIRECT - name: "\U0001F6D1 全球拦截" type: select proxies: - REJECT - DIRECT - name: "\U0001F41F 漏网之鱼" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "♻️ 自动选择" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" rules: - DST-PORT,7895,REJECT - DST-PORT,7892,REJECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - "DOMAIN-SUFFIX,chdbits.co,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,discfan.net,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,greatposterwall.com,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,haidan.video,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,hdsky.me,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,hdtime.org,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,m-team.cc,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,open.cd,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,ourbits.club,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,pttime.org,\U0001F3AF 全球直连" - "DOMAIN-KEYWORD,announce,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连" - "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve" - DOMAIN-KEYWORD,1drv,Ⓜ️ 微软服务 - 这一部分均为ACL4SSR_Github_Online_Full的规则，未做更改 - "GEOIP,CN,\U0001F3AF 全球直连" - "MATCH,\U0001F41F 漏网之鱼" redir-port: 7892 tproxy-port: 7895 mixed-port: 7893 bind-address: "*" external-ui: "/usr/share/openclash/ui" ipv6: false geodata-mode: true geodata-loader: standard tcp-concurrent: true unified-delay: true dns: enable: true ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 listen: 0.0.0.0:7874 nameserver: - 211.139.29.150 - 119.29.29.29 fallback: - tls://1.1.1.1:853 - tls://8.8.8.8:853 - https://1.1.1.1/dns-query - https://8.8.8.8/dns-query fallback-filter: geoip: true geoip-code: CN ipcidr: - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 domain: - "+.google.com" - "+.facebook.com" - "+.youtube.com" - "+.githubusercontent.com" - "+.googlevideo.com" - "+.msftconnecttest.com" - "+.msftncsi.com" fake-ip-filter: - "*.lan" - "*.localdomain" - "*.example" - "*.invalid" - "*.localhost" - "*.test" - "*.local" - "*.home.arpa" - time.*.com - time.*.gov - time.*.edu.cn - time.*.apple.com - time-ios.apple.com - time1.*.com - time2.*.com - time3.*.com - time4.*.com - time5.*.com - time6.*.com - time7.*.com - ntp.*.com - ntp1.*.com - ntp2.*.com - ntp3.*.com - ntp4.*.com - ntp5.*.com - ntp6.*.com - ntp7.*.com - "*.time.edu.cn" - "*.ntp.org.cn" - "+.pool.ntp.org" - time1.cloud.tencent.com - music.163.com - "*.music.163.com" - "*.126.net" - musicapi.taihe.com - music.taihe.com - songsearch.kugou.com - trackercdn.kugou.com - "*.kuwo.cn" - api-jooxtt.sanook.com - api.joox.com - joox.com - y.qq.com - "*.y.qq.com" - streamoc.music.tc.qq.com - mobileoc.music.tc.qq.com - isure.stream.qqmusic.qq.com - dl.stream.qqmusic.qq.com - aqqmusic.tc.qq.com - amobile.music.tc.qq.com - "*.xiami.com" - "*.music.migu.cn" - music.migu.cn - "+.msftconnecttest.com" - "+.msftncsi.com" - localhost.ptlogin2.qq.com - localhost.sec.qq.com - "+.qq.com" - "+.tencent.com" - "+.srv.nintendo.net" - "*.n.n.srv.nintendo.net" - "+.stun.playstation.net" - xbox.*.*.microsoft.com - "*.*.xboxlive.com" - xbox.*.microsoft.com - xnotify.xboxlive.com - "+.battlenet.com.cn" - "+.wotgame.cn" - "+.wggames.cn" - "+.wowsgame.cn" - "+.wargaming.net" - proxy.golang.org - stun.*.* - stun.*.*.* - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.stun.*.*.*.*.*" - heartbeat.belkin.com - "*.linksys.com" - "*.linksyssmartwifi.com" - "*.router.asus.com" - mesu.apple.com - swscan.apple.com - swquery.apple.com - swdownload.apple.com - swcdn.apple.com - swdist.apple.com - lens.l.google.com - stun.l.google.com - na.b.g-tun.com - "+.nflxvideo.net" - "*.square-enix.com" - "*.finalfantasyxiv.com" - "*.ffxiv.com" - "*.ff14.sdo.com" - ff.dorado.sdo.com - "*.mcdn.bilivideo.cn" - "+.media.dssott.com" - shark007.net - Mijia Cloud - "+.cmbchina.com" - "+.cmbimg.com" - local.adguard.org - "+.sandai.net" - "+.n0808.com" - "+.filejoker.net" - "+.myqloud.org" - services.googleapis.cn use-hosts: true sniffer: enable: true parse-pure-ip: true profile: store-selected: true store-fake-ip: true hosts: a.com: 192.168.100.25 b.com: 192.168.100.26 c.com: 192.168.100.27 d.com: 192.168.100.28 #===================== 自定义覆写设置 =====================# #!/bin/sh . /usr/share/openclash/ruby.sh . /usr/share/openclash/log.sh . /lib/functions.sh LOG_OUT "Tip: Start Running Custom Overwrite Scripts..." LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S")) LOG_FILE="/tmp/openclash.log" CONFIG_FILE="$1" #config path exit 0 #===================== 自定义防火墙设置 =====================# #!/bin/sh . /usr/share/openclash/log.sh . /lib/functions.sh LOG_OUT "Tip: Start Add Custom Firewall Rules..." exit 0 #===================== IPTABLES 防火墙设置 =====================# #IPv4 NAT chain # Generated by iptables-save v1.8.7 on Thu Sep 7 23:43:40 2023 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [3:181] :POSTROUTING ACCEPT [3:181] :MINIUPNPD - [0:0] :MINIUPNPD-POSTROUTING - [0:0] :openclash - [0:0] :openclash_output - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_wan_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_wan_rule - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] -A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -j openclash -A OUTPUT -j openclash_output -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting -A MINIUPNPD -p tcp -m tcp --dport 13936 -j DNAT --to-destination 192.168.100.152:1080 -A MINIUPNPD -p udp -m udp --dport 13936 -j DNAT --to-destination 192.168.100.152:3027 -A MINIUPNPD -p udp -m udp --dport 9307 -j DNAT --to-destination 192.168.100.222:9307 -A MINIUPNPD -p udp -m udp --dport 9308 -j DNAT --to-destination 192.168.100.222:9308 -A MINIUPNPD -p udp -m udp --dport 9309 -j DNAT --to-destination 192.168.100.222:9309 -A MINIUPNPD -p udp -m udp --dport 9310 -j DNAT --to-destination 192.168.100.222:9310 -A MINIUPNPD -p udp -m udp --dport 9306 -j DNAT --to-destination 192.168.100.222:9306 -A MINIUPNPD -p udp -m udp --dport 8735 -j DNAT --to-destination 192.168.100.223:8735 -A MINIUPNPD -p udp -m udp --dport 8736 -j DNAT --to-destination 192.168.100.223:8736 -A MINIUPNPD -p udp -m udp --dport 8737 -j DNAT --to-destination 192.168.100.223:8737 -A MINIUPNPD -p udp -m udp --dport 8738 -j DNAT --to-destination 192.168.100.223:8738 -A MINIUPNPD -p udp -m udp --dport 8734 -j DNAT --to-destination 192.168.100.223:8734 -A MINIUPNPD -p tcp -m tcp --dport 13864 -j DNAT --to-destination 192.168.100.152:1080 -A MINIUPNPD -p udp -m udp --dport 13864 -j DNAT --to-destination 192.168.100.152:3027 -A MINIUPNPD -p udp -m udp --dport 8522 -j DNAT --to-destination 192.168.100.236:8522 -A MINIUPNPD -p udp -m udp --dport 8608 -j DNAT --to-destination 192.168.100.236:8608 -A MINIUPNPD -p udp -m udp --dport 8567 -j DNAT --to-destination 192.168.100.236:8567 -A MINIUPNPD -p udp -m udp --dport 8103 -j DNAT --to-destination 192.168.100.112:8103 -A MINIUPNPD -p udp -m udp --dport 29575 -j DNAT --to-destination 192.168.100.223:29575 -A MINIUPNPD -p udp -m udp --dport 56291 -j DNAT --to-destination 192.168.100.222:56291 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13936 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13936 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13864 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13864 -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892 -A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash -p tcp -j REDIRECT --to-ports 7892 -A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A zone_lan_postrouting -j MINIUPNPD-POSTROUTING -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule -A zone_lan_prerouting -j MINIUPNPD -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule -A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule -A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT COMMIT # Completed on Thu Sep 7 23:43:40 2023 #IPv4 Mangle chain # Generated by iptables-save v1.8.7 on Thu Sep 7 23:43:40 2023 *mangle :PREROUTING ACCEPT [2053:300985] :INPUT ACCEPT [1762:260875] :FORWARD ACCEPT [296:45324] :OUTPUT ACCEPT [1909:787468] :POSTROUTING ACCEPT [2206:832824] :openclash - [0:0] :openclash_output - [0:0] :openclash_upnp - [0:0] -A PREROUTING -p udp -j openclash -A OUTPUT -p udp -j openclash_output -A openclash -p udp -m udp --sport 500 -j RETURN -A openclash -p udp -m udp --sport 68 -j RETURN -A openclash -i lo -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p udp -m udp --dport 53 -j RETURN -A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff -A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash -p udp -j openclash_upnp -A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff -A openclash_output -p udp -m udp --sport 500 -j RETURN -A openclash_output -p udp -m udp --sport 68 -j RETURN -A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff -A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 1080 -j RETURN -A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j RETURN -A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8522 -j RETURN -A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8608 -j RETURN -A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8567 -j RETURN -A openclash_upnp -s 192.168.100.112/32 -p udp -m udp --sport 8103 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 29575 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8735 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8736 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8737 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8738 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8734 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 56291 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9307 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9308 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9309 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9310 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9306 -j RETURN COMMIT # Completed on Thu Sep 7 23:43:40 2023 #IPv4 Filter chain # Generated by iptables-save v1.8.7 on Thu Sep 7 23:43:40 2023 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :MINIUPNPD - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output -A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT -A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9307 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9308 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9309 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9310 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9306 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8735 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8736 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8737 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8738 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8734 -j ACCEPT -A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT -A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT -A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8522 -j ACCEPT -A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8608 -j ACCEPT -A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8567 -j ACCEPT -A MINIUPNPD -d 192.168.100.112/32 -p udp -m udp --dport 8103 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 29575 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 56291 -j ACCEPT -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_lan_input -j MINIUPNPD -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT COMMIT # Completed on Thu Sep 7 23:43:40 2023 #IPv6 NAT chain # Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:43:40 2023 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [2:162] :POSTROUTING ACCEPT [2:162] -A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53 COMMIT # Completed on Thu Sep 7 23:43:40 2023 #IPv6 Mangle chain # Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:43:40 2023 *mangle :PREROUTING ACCEPT [595:58985] :INPUT ACCEPT [555:55945] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [595:58985] :POSTROUTING ACCEPT [595:58985] COMMIT # Completed on Thu Sep 7 23:43:40 2023 #IPv6 Filter chain # Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:43:40 2023 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [20:1520] :MINIUPNPD - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -j MINIUPNPD -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT COMMIT # Completed on Thu Sep 7 23:43:40 2023 #===================== IPSET状态 =====================# Name: localnetwork Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 1024 References: 3 Number of entries: 9 Name: china_ip_route Type: hash:net Revision: 6 Header: family inet hashsize 32768 maxelem 1000000 Size in memory: 2306472 References: 4 Number of entries: 92349 Name: china_ip_route_pass Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 1000000 Size in memory: 448 References: 3 Number of entries: 0 #===================== 路由表状态 =====================# #IPv4 #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 #ip route list default via 192.168.100.1 dev eth0 proto static 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.2 #ip rule show 0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default #IPv6 #route -A inet6 Kernel IPv6 routing table Destination Next Hop Flags Metric Ref Use Iface ::/0 :: !n -1 1 0 lo ::1/128 :: Un 0 6 0 lo ::/0 :: !n -1 1 0 lo #ip -6 route list #ip -6 rule show 0: from all lookup local 32766: from all lookup main 4200000001: from all iif lo failed_policy 4200000003: from all iif eth0 failed_policy #===================== 端口占用状态 =====================# tcp 0 0 :::7890 :::* LISTEN 14587/clash tcp 0 0 :::7891 :::* LISTEN 14587/clash tcp 0 0 :::7892 :::* LISTEN 14587/clash tcp 0 0 :::7893 :::* LISTEN 14587/clash tcp 0 0 :::7895 :::* LISTEN 14587/clash tcp 0 0 :::9090 :::* LISTEN 14587/clash udp 0 0 :::7874 :::* 14587/clash udp 0 0 :::7891 :::* 14587/clash udp 0 0 :::7892 :::* 14587/clash udp 0 0 :::7893 :::* 14587/clash udp 0 0 :::7895 :::* 14587/clash #===================== 测试本机DNS查询(www.baidu.com) =====================# Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.baidu.com www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com Address 1: 120.232.145.144 Address 2: 120.232.145.185 *** Can't find www.baidu.com: No answer #===================== 测试内核DNS查询(www.instagram.com) =====================# Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto #===================== /tmp/resolv.conf.auto =====================# # Interface lan nameserver 119.29.29.29 nameserver 8.8.8.8 #===================== /tmp/resolv.conf.d/resolv.conf.auto =====================# # Interface lan nameserver 119.29.29.29 nameserver 8.8.8.8 #===================== 测试本机网络连接(www.baidu.com) =====================# HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Thu, 07 Sep 2023 15:43:43 GMT Etag: "575e1f6f-115" Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT Pragma: no-cache Server: bfe/1.0.8.18 #===================== 测试本机网络下载(raw.githubusercontent.com) =====================# HTTP/2 404 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security: max-age=31536000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block content-type: text/plain; charset=utf-8 x-github-request-id: 9EC8:6CFA:6B9C73:7F9D0F:64F9EFB0 accept-ranges: bytes date: Thu, 07 Sep 2023 15:43:45 GMT via: 1.1 varnish x-served-by: cache-bur-kbur8200142-BUR x-cache: MISS x-cache-hits: 0 x-timer: S1694101425.125382,VS0,VE105 vary: Authorization,Accept-Encoding,Origin access-control-allow-origin: * cross-origin-resource-policy: cross-origin x-fastly-request-id: 8cf752d713a83b8a385f15f6765b02e9d7a004f9 expires: Thu, 07 Sep 2023 15:48:45 GMT source-age: 0 content-length: 14 #===================== 最近运行日志(自动切换为Debug模式) =====================# time="2023-09-07T15:40:47.132979138Z" level=info msg="[TCP] 192.168.100.8:51603 --> www.google.co.jp:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:40:49.560368801Z" level=info msg="[TCP] 192.168.100.8:51606 --> github.com:443 match DomainSuffix(github.com) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:40:55.748064121Z" level=info msg="[TCP] 192.168.100.8:59561 --> update.code.visualstudio.com:443 match DomainSuffix(visualstudio.com) using Ⓜ️ 微软服务[DIRECT]" time="2023-09-07T15:41:08.447224054Z" level=info msg="[TCP] 192.168.100.8:51610 --> www.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[SS] SS1]" time="2023-09-07T15:41:10.027440199Z" level=info msg="[TCP] 192.168.100.8:59562 --> ipcdn.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]" time="2023-09-07T15:41:10.98528689Z" level=info msg="[TCP] 192.168.100.8:51612 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:41:12.422144264Z" level=info msg="[TCP] 192.168.100.8:51613 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]" 2023-09-07 23:41:21 Watchdog: Setting Firewall For Enabling Redirect... time="2023-09-07T15:41:45.854743784Z" level=info msg="[TCP] 192.168.100.8:51614 --> safebrowsing.googleapis.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:41:53.819783742Z" level=info msg="[UDP] 192.168.100.8:57870 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[SS] SS1]" time="2023-09-07T15:41:54.15241441Z" level=info msg="[UDP] 192.168.100.8:53221 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[SS] SS1]" time="2023-09-07T15:41:56.24327689Z" level=info msg="[UDP] 192.168.100.8:63271 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[SS] SS1]" time="2023-09-07T15:42:04.099264564Z" level=info msg="[TCP] 192.168.100.50:55199 --> client.wns.windows.com:443 match DomainSuffix(windows.com) using Ⓜ️ 微软服务[DIRECT]" time="2023-09-07T15:42:04.222567852Z" level=info msg="[TCP] 192.168.100.8:59563 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]" time="2023-09-07T15:42:19.27374937Z" level=info msg="[TCP] 192.168.100.8:51617 --> notifications.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]" 2023-09-07 23:42:20 OpenClash Restart... 2023-09-07 23:42:20 OpenClash Stoping... 2023-09-07 23:42:20 Step 1: Backup The Current Groups State... 2023-09-07 23:42:20 Step 2: Delete OpenClash Firewall Rules... 2023-09-07 23:42:20 Step 3: Close The OpenClash Daemons... 2023-09-07 23:42:20 Step 4: Close The Clash Core Process... 2023-09-07 23:42:20 Step 5: Restart Dnsmasq... 2023-09-07 23:42:26 Step 6: Delete OpenClash Residue File... 2023-09-07 23:42:26 OpenClash Start Running... 2023-09-07 23:42:26 Step 1: Get The Configuration... 2023-09-07 23:42:26 Step 2: Check The Components... 2023-09-07 23:42:26 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start... 2023-09-07 23:42:26 Step 3: Modify The Config File... 2023-09-07 23:42:26 Warning: You May Need to Turn off The Rebinding Protection Option of Dnsmasq When Hosts Has Set a Reserved Address 2023-09-07 23:42:27 Tip: Start Running Custom Overwrite Scripts... 2023-09-07 23:42:27 Step 4: Start Running The Clash Core... 2023-09-07 23:42:27 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start... 2023-09-07 23:42:27 Test The Config File First... time="2023-09-07T15:42:28.29308775Z" level=info msg="Start initial configuration in progress" time="2023-09-07T15:42:28.29405701Z" level=info msg="Geodata Loader mode: standard" time="2023-09-07T15:42:28.681627162Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338" time="2023-09-07T15:42:29.635150816Z" level=warning msg="[CacheFile] can't open cache file: timeout" time="2023-09-07T15:42:29.635206682Z" level=warning msg="Deprecated: Use Sniff instead" time="2023-09-07T15:42:29.635230916Z" level=info msg="Initial configuration complete, total time: 1342ms" 2023-09-07 23:42:29 configuration file【/etc/openclash/config.yaml】test is successful 2023-09-07 23:42:30 Step 5: Check The Core Status... time="2023-09-07T15:42:31.3741561Z" level=info msg="Start initial configuration in progress" time="2023-09-07T15:42:31.375120247Z" level=info msg="Geodata Loader mode: standard" time="2023-09-07T15:42:31.75916711Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338" time="2023-09-07T15:42:31.77415109Z" level=warning msg="Deprecated: Use Sniff instead" time="2023-09-07T15:42:31.774190765Z" level=info msg="Initial configuration complete, total time: 399ms" time="2023-09-07T15:42:31.774721895Z" level=info msg="RESTful API listening at: [::]:9090" time="2023-09-07T15:42:31.788442255Z" level=info msg="Sniffer is loaded and working" time="2023-09-07T15:42:31.788467971Z" level=info msg="Use tcp concurrent" time="2023-09-07T15:42:31.788578013Z" level=info msg="DNS server listening at: [::]:7874" time="2023-09-07T15:42:31.788626307Z" level=info msg="HTTP proxy listening at: [::]:7890" time="2023-09-07T15:42:31.788661499Z" level=info msg="SOCKS proxy listening at: [::]:7891" time="2023-09-07T15:42:31.78873546Z" level=info msg="Redirect proxy listening at: [::]:7892" time="2023-09-07T15:42:31.788783994Z" level=info msg="TProxy server listening at: [::]:7895" time="2023-09-07T15:42:31.788844231Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893" time="2023-09-07T15:42:31.788890625Z" level=info msg="Start initial compatible provider 🎥 NETFLIX" time="2023-09-07T15:42:31.788922805Z" level=info msg="Start initial compatible provider 🌍 国外媒体" time="2023-09-07T15:42:31.788939443Z" level=info msg="Start initial compatible provider 🔰 节点选择" time="2023-09-07T15:42:31.788942741Z" level=info msg="Start initial compatible provider 🌏 国内媒体" time="2023-09-07T15:42:31.78894865Z" level=info msg="Start initial compatible provider ♻️ 自动选择" time="2023-09-07T15:42:31.788978534Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务" time="2023-09-07T15:42:31.788960328Z" level=info msg="Start initial compatible provider ⛔️ 广告拦截" time="2023-09-07T15:42:31.788965391Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼" time="2023-09-07T15:42:31.788970181Z" level=info msg="Start initial compatible provider default" time="2023-09-07T15:42:31.788983866Z" level=info msg="Start initial compatible provider 🛑 全球拦截" time="2023-09-07T15:42:31.788987028Z" level=info msg="Start initial compatible provider 🚫 运营劫持" time="2023-09-07T15:42:31.788992078Z" level=info msg="Start initial compatible provider 🍎 苹果服务" time="2023-09-07T15:42:31.788998816Z" level=info msg="Start initial compatible provider 🎯 全球直连" time="2023-09-07T15:42:31.788954993Z" level=info msg="Start initial compatible provider 📲 电报信息" 2023-09-07 23:42:33 Step 6: Wait For The File Downloading... 2023-09-07 23:42:33 Step 7: Set Firewall Rules... 2023-09-07 23:42:33 Tip: DNS Hijacking Mode is Dnsmasq Redirect... 2023-09-07 23:42:33 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces... 2023-09-07 23:42:34 Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well... 2023-09-07 23:42:34 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules... 2023-09-07 23:42:34 Tip: Start Add Custom Firewall Rules... 2023-09-07 23:42:34 Step 8: Restart Dnsmasq... 2023-09-07 23:42:34 Step 9: Add Cron Rules, Start Daemons... 2023-09-07 23:42:34 OpenClash Start Successful! 2023-09-07 23:42:35 Tip: Dnsmasq Work is Normal, Restore The Firewall DNS Hijacking Rules... time="2023-09-07T15:42:38.646214673Z" level=info msg="[TCP] 192.168.100.8:51636 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]" time="2023-09-07T15:42:39.666068693Z" level=info msg="[TCP] 192.168.100.8:51635 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]" time="2023-09-07T15:42:39.6940961Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55204 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" time="2023-09-07T15:42:39.810849715Z" level=info msg="[TCP] 192.168.100.8:51638 --> 140.82.113.26:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:42:41.352935Z" level=info msg="[TCP] 192.168.100.8:51637 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:42:44.706937273Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55205 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" time="2023-09-07T15:42:45.837474116Z" level=info msg="[TCP] 192.168.100.8:51641 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:42:55.937693957Z" level=info msg="[TCP] 192.168.100.8:51643 --> 20.205.243.166:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:43:04.296735477Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55210 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" time="2023-09-07T15:43:09.309243496Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55212 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" time="2023-09-07T15:43:09.998048682Z" level=info msg="[TCP] 192.168.100.8:51649 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:43:10.003878907Z" level=info msg="[TCP] 192.168.100.8:51650 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:43:10.710827477Z" level=info msg="[TCP] 192.168.100.8:51646 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:43:18.374114239Z" level=info msg="[TCP] 192.168.100.8:51651 --> clients4.google.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:43:25.089166765Z" level=info msg="[TCP] 192.168.100.8:51653 --> www.instagram.com:443 match DomainSuffix(instagram.com) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:43:30.090760532Z" level=info msg="[TCP] 192.168.100.8:59564 --> valid.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]" time="2023-09-07T15:43:33.055030097Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55217 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" 2023-09-07 23:43:35 Watchdog: Setting Firewall For Enabling Redirect... time="2023-09-07T15:43:38.065702655Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55218 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" time="2023-09-07T15:43:44.087291663Z" level=info msg="[TCP] 192.168.100.2:49962 --> raw.githubusercontent.com:443 match DomainSuffix(githubusercontent.com) using 🔰 节点选择[[SS] SS1]" #===================== 最近运行日志获取完成(自动切换为silent模式) =====================# #===================== 活动连接信息 =====================# 1. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】 2. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】 3. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】 4. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】 5. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】 6. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【140.82.113.26】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】 7. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】 8. SourceIP:【192.168.100.8】 - Host:【clients4.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[SS] SS1】 9. SourceIP:【192.168.100.8】 - Host:【www.instagram.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【instagram.com】 - Lastchain:【[SS] SS1】 10. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】 11. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】

生成时间: 2023-09-07 23:57:17 插件版本: v0.45.141-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息 #===================== 系统信息 =====================# 主机型号: QEMU Standard PC (i440FX + PIIX, 1996) 固件版本: ImmortalWrt 21.02-SNAPSHOT r20074-a8bbadefaf LuCI版本: git-20.074.84698-ead5e81 内核版本: 5.4.255 处理器架构: x86_64 #此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: DNS劫持: Dnsmasq 转发 #DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874 #===================== 依赖检查 =====================# dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci >= 19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 已安装 unzip: 已安装 iptables-mod-tproxy: 已安装 kmod-ipt-tproxy: 已安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 kmod-ipt-nat: 已安装 #===================== 内核检查 =====================# 运行状态: 运行中运行内核：Meta 进程pid: 21649 运行权限: 21649: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-amd64 #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2023.08.17 Tun内核文件: 存在 Tun内核运行权限: 正常 Dev内核版本: v1.17.0-20-ga19a9fe Dev内核文件: 存在 Dev内核运行权限: 正常 Meta内核版本: alpha-g3a9fc39 Meta内核文件: 存在 Meta内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/config.yaml 启动配置文件: /etc/openclash/config.yaml 运行模式: fake-ip 默认代理模式: rule UDP流量转发(tproxy): 启用自定义DNS: 启用 IPV6代理: 停用 IPV6-DNS解析: 停用禁用Dnsmasq缓存: 启用自定义规则: 启用仅允许内网: 启用仅代理命中规则流量: 停用仅允许常用端口流量: 停用绕过中国大陆IP: 启用路由本机代理: 启用 #启动异常时建议关闭此项后重试混合节点: 停用保留配置: 停用 #启动异常时建议关闭此项后重试第三方规则: 停用 #===================== 自定义规则一 =====================# script: rules: - DOMAIN-SUFFIX,chdbits.co,🎯 全球直连 - DOMAIN-SUFFIX,discfan.net,🎯 全球直连 - DOMAIN-SUFFIX,greatposterwall.com,🎯 全球直连 - DOMAIN-SUFFIX,haidan.video,🎯 全球直连 - DOMAIN-SUFFIX,hdsky.me,🎯 全球直连 - DOMAIN-SUFFIX,hdtime.org,🎯 全球直连 - DOMAIN-SUFFIX,m-team.cc,🎯 全球直连 - DOMAIN-SUFFIX,open.cd,🎯 全球直连 - DOMAIN-SUFFIX,ourbits.club,🎯 全球直连 - DOMAIN-SUFFIX,pttime.org,🎯 全球直连 - DOMAIN-KEYWORD,announce,🎯 全球直连 ##在线IP段转CIDR地址：http://ip2cidr.com #===================== 自定义规则二 =====================# script: rules: #===================== 配置文件 =====================# port: 7890 socks-port: 7891 allow-lan: true mode: rule log-level: info external-controller: 0.0.0.0:9090 proxy-groups: - name: "\U0001F530 节点选择" type: select proxies: - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "♻️ 自动选择" type: url-test url: http://www.gstatic.com/generate_204 interval: 300 proxies: - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F3A5 NETFLIX" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "⛔️ 广告拦截" type: select proxies: - "\U0001F6D1 全球拦截" - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - name: "\U0001F6AB 运营劫持" type: select proxies: - "\U0001F6D1 全球拦截" - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - name: "\U0001F30D 国外媒体" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F30F 国内媒体" type: select proxies: - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - name: Ⓜ️ 微软服务 type: select proxies: - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F4F2 电报信息" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F34E 苹果服务" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "♻️ 自动选择" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" - name: "\U0001F3AF 全球直连" type: select proxies: - DIRECT - name: "\U0001F6D1 全球拦截" type: select proxies: - REJECT - DIRECT - name: "\U0001F41F 漏网之鱼" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "♻️ 自动选择" - "[SS] SS1" - "[SS] SS2" - "[VMess] Vmess+Ws+1" - "[VMess] Vmess+Ws+2" rules: - DST-PORT,7895,REJECT - DST-PORT,7892,REJECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - "DOMAIN-SUFFIX,chdbits.co,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,discfan.net,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,greatposterwall.com,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,haidan.video,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,hdsky.me,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,hdtime.org,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,m-team.cc,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,open.cd,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,ourbits.club,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,pttime.org,\U0001F3AF 全球直连" - "DOMAIN-KEYWORD,announce,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连" - "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve" - DOMAIN-KEYWORD,1drv,Ⓜ️ 微软服务 - 这一部分均为ACL4SSR_Github_Online_Full的规则，未做更改 - "GEOIP,CN,\U0001F3AF 全球直连" - "MATCH,\U0001F41F 漏网之鱼" redir-port: 7892 tproxy-port: 7895 mixed-port: 7893 bind-address: "*" external-ui: "/usr/share/openclash/ui" ipv6: false geodata-mode: true geodata-loader: standard tcp-concurrent: true unified-delay: true dns: enable: true ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 listen: 0.0.0.0:7874 nameserver: - 211.139.29.150 - 119.29.29.29 fallback: - tls://1.1.1.1:853 - tls://8.8.8.8:853 - https://1.1.1.1/dns-query - https://8.8.8.8/dns-query - 1.1.1.1 fallback-filter: geoip: true geoip-code: CN ipcidr: - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 domain: - "+.google.com" - "+.facebook.com" - "+.youtube.com" - "+.githubusercontent.com" - "+.googlevideo.com" - "+.msftconnecttest.com" - "+.msftncsi.com" fake-ip-filter: - "*.lan" - "*.localdomain" - "*.example" - "*.invalid" - "*.localhost" - "*.test" - "*.local" - "*.home.arpa" - time.*.com - time.*.gov - time.*.edu.cn - time.*.apple.com - time-ios.apple.com - time1.*.com - time2.*.com - time3.*.com - time4.*.com - time5.*.com - time6.*.com - time7.*.com - ntp.*.com - ntp1.*.com - ntp2.*.com - ntp3.*.com - ntp4.*.com - ntp5.*.com - ntp6.*.com - ntp7.*.com - "*.time.edu.cn" - "*.ntp.org.cn" - "+.pool.ntp.org" - time1.cloud.tencent.com - music.163.com - "*.music.163.com" - "*.126.net" - musicapi.taihe.com - music.taihe.com - songsearch.kugou.com - trackercdn.kugou.com - "*.kuwo.cn" - api-jooxtt.sanook.com - api.joox.com - joox.com - y.qq.com - "*.y.qq.com" - streamoc.music.tc.qq.com - mobileoc.music.tc.qq.com - isure.stream.qqmusic.qq.com - dl.stream.qqmusic.qq.com - aqqmusic.tc.qq.com - amobile.music.tc.qq.com - "*.xiami.com" - "*.music.migu.cn" - music.migu.cn - "+.msftconnecttest.com" - "+.msftncsi.com" - localhost.ptlogin2.qq.com - localhost.sec.qq.com - "+.qq.com" - "+.tencent.com" - "+.srv.nintendo.net" - "*.n.n.srv.nintendo.net" - "+.stun.playstation.net" - xbox.*.*.microsoft.com - "*.*.xboxlive.com" - xbox.*.microsoft.com - xnotify.xboxlive.com - "+.battlenet.com.cn" - "+.wotgame.cn" - "+.wggames.cn" - "+.wowsgame.cn" - "+.wargaming.net" - proxy.golang.org - stun.*.* - stun.*.*.* - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.stun.*.*.*.*.*" - heartbeat.belkin.com - "*.linksys.com" - "*.linksyssmartwifi.com" - "*.router.asus.com" - mesu.apple.com - swscan.apple.com - swquery.apple.com - swdownload.apple.com - swcdn.apple.com - swdist.apple.com - lens.l.google.com - stun.l.google.com - na.b.g-tun.com - "+.nflxvideo.net" - "*.square-enix.com" - "*.finalfantasyxiv.com" - "*.ffxiv.com" - "*.ff14.sdo.com" - ff.dorado.sdo.com - "*.mcdn.bilivideo.cn" - "+.media.dssott.com" - shark007.net - Mijia Cloud - "+.cmbchina.com" - "+.cmbimg.com" - local.adguard.org - "+.sandai.net" - "+.n0808.com" - "+.filejoker.net" - "+.myqloud.org" - services.googleapis.cn use-hosts: true sniffer: enable: true parse-pure-ip: true profile: store-selected: true store-fake-ip: true hosts: a.com: 192.168.100.25 b.com: 192.168.100.26 c.com: 192.168.100.27 d.com: 192.168.100.28 #===================== 自定义覆写设置 =====================# #!/bin/sh . /usr/share/openclash/ruby.sh . /usr/share/openclash/log.sh . /lib/functions.sh LOG_OUT "Tip: Start Running Custom Overwrite Scripts..." LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S")) LOG_FILE="/tmp/openclash.log" CONFIG_FILE="$1" #config path exit 0 #===================== 自定义防火墙设置 =====================# #!/bin/sh . /usr/share/openclash/log.sh . /lib/functions.sh LOG_OUT "Tip: Start Add Custom Firewall Rules..." exit 0 #===================== IPTABLES 防火墙设置 =====================# #IPv4 NAT chain # Generated by iptables-save v1.8.7 on Thu Sep 7 23:57:19 2023 *nat :PREROUTING ACCEPT [195:24602] :INPUT ACCEPT [191:18750] :OUTPUT ACCEPT [247:16144] :POSTROUTING ACCEPT [387:24766] :MINIUPNPD - [0:0] :MINIUPNPD-POSTROUTING - [0:0] :openclash - [0:0] :openclash_output - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_wan_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_wan_rule - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] -A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -j openclash -A OUTPUT -j openclash_output -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting -A MINIUPNPD -p tcp -m tcp --dport 13936 -j DNAT --to-destination 192.168.100.152:1080 -A MINIUPNPD -p udp -m udp --dport 13936 -j DNAT --to-destination 192.168.100.152:3027 -A MINIUPNPD -p udp -m udp --dport 9307 -j DNAT --to-destination 192.168.100.222:9307 -A MINIUPNPD -p udp -m udp --dport 9308 -j DNAT --to-destination 192.168.100.222:9308 -A MINIUPNPD -p udp -m udp --dport 9309 -j DNAT --to-destination 192.168.100.222:9309 -A MINIUPNPD -p udp -m udp --dport 9310 -j DNAT --to-destination 192.168.100.222:9310 -A MINIUPNPD -p udp -m udp --dport 9306 -j DNAT --to-destination 192.168.100.222:9306 -A MINIUPNPD -p udp -m udp --dport 8735 -j DNAT --to-destination 192.168.100.223:8735 -A MINIUPNPD -p udp -m udp --dport 8736 -j DNAT --to-destination 192.168.100.223:8736 -A MINIUPNPD -p udp -m udp --dport 8737 -j DNAT --to-destination 192.168.100.223:8737 -A MINIUPNPD -p udp -m udp --dport 8738 -j DNAT --to-destination 192.168.100.223:8738 -A MINIUPNPD -p udp -m udp --dport 8734 -j DNAT --to-destination 192.168.100.223:8734 -A MINIUPNPD -p tcp -m tcp --dport 13864 -j DNAT --to-destination 192.168.100.152:1080 -A MINIUPNPD -p udp -m udp --dport 13864 -j DNAT --to-destination 192.168.100.152:3027 -A MINIUPNPD -p udp -m udp --dport 8522 -j DNAT --to-destination 192.168.100.236:8522 -A MINIUPNPD -p udp -m udp --dport 8608 -j DNAT --to-destination 192.168.100.236:8608 -A MINIUPNPD -p udp -m udp --dport 8567 -j DNAT --to-destination 192.168.100.236:8567 -A MINIUPNPD -p udp -m udp --dport 8103 -j DNAT --to-destination 192.168.100.112:8103 -A MINIUPNPD -p udp -m udp --dport 29575 -j DNAT --to-destination 192.168.100.223:29575 -A MINIUPNPD -p udp -m udp --dport 56291 -j DNAT --to-destination 192.168.100.222:56291 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13936 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13936 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13864 -A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13864 -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892 -A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash -p tcp -j REDIRECT --to-ports 7892 -A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A zone_lan_postrouting -j MINIUPNPD-POSTROUTING -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule -A zone_lan_prerouting -j MINIUPNPD -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule -A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule -A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT COMMIT # Completed on Thu Sep 7 23:57:19 2023 #IPv4 Mangle chain # Generated by iptables-save v1.8.7 on Thu Sep 7 23:57:19 2023 *mangle :PREROUTING ACCEPT [14068:11181695] :INPUT ACCEPT [11811:10831896] :FORWARD ACCEPT [2264:356385] :OUTPUT ACCEPT [10817:11992303] :POSTROUTING ACCEPT [13089:12348944] :openclash - [0:0] :openclash_output - [0:0] :openclash_upnp - [0:0] -A PREROUTING -p udp -j openclash -A OUTPUT -p udp -j openclash_output -A openclash -p udp -m udp --sport 500 -j RETURN -A openclash -p udp -m udp --sport 68 -j RETURN -A openclash -i lo -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p udp -m udp --dport 53 -j RETURN -A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff -A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash -p udp -j openclash_upnp -A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff -A openclash_output -p udp -m udp --sport 500 -j RETURN -A openclash_output -p udp -m udp --sport 68 -j RETURN -A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff -A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 1080 -j RETURN -A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j RETURN -A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8522 -j RETURN -A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8608 -j RETURN -A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8567 -j RETURN -A openclash_upnp -s 192.168.100.112/32 -p udp -m udp --sport 8103 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 29575 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8735 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8736 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8737 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8738 -j RETURN -A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8734 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 56291 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9307 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9308 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9309 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9310 -j RETURN -A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9306 -j RETURN COMMIT # Completed on Thu Sep 7 23:57:19 2023 #IPv4 Filter chain # Generated by iptables-save v1.8.7 on Thu Sep 7 23:57:19 2023 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :MINIUPNPD - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output -A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT -A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9307 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9308 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9309 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9310 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9306 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8735 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8736 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8737 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8738 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8734 -j ACCEPT -A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT -A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT -A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8522 -j ACCEPT -A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8608 -j ACCEPT -A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8567 -j ACCEPT -A MINIUPNPD -d 192.168.100.112/32 -p udp -m udp --dport 8103 -j ACCEPT -A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 29575 -j ACCEPT -A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 56291 -j ACCEPT -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_lan_input -j MINIUPNPD -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT COMMIT # Completed on Thu Sep 7 23:57:19 2023 #IPv6 NAT chain # Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:57:19 2023 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [12:972] :POSTROUTING ACCEPT [12:972] -A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53 COMMIT # Completed on Thu Sep 7 23:57:19 2023 #IPv6 Mangle chain # Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:57:19 2023 *mangle :PREROUTING ACCEPT [662:65008] :INPUT ACCEPT [622:61968] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [662:65008] :POSTROUTING ACCEPT [662:65008] COMMIT # Completed on Thu Sep 7 23:57:19 2023 #IPv6 Filter chain # Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:57:19 2023 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [20:1520] :MINIUPNPD - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -j MINIUPNPD -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT COMMIT # Completed on Thu Sep 7 23:57:19 2023 #===================== IPSET状态 =====================# Name: localnetwork Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 960 References: 3 Number of entries: 9 Name: china_ip_route Type: hash:net Revision: 6 Header: family inet hashsize 32768 maxelem 1000000 Size in memory: 2302760 References: 4 Number of entries: 92349 Name: china_ip_route_pass Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 1000000 Size in memory: 448 References: 3 Number of entries: 0 #===================== 路由表状态 =====================# #IPv4 #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 #ip route list default via 192.168.100.1 dev eth0 proto static 192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.2 #ip rule show 0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default #IPv6 #route -A inet6 Kernel IPv6 routing table Destination Next Hop Flags Metric Ref Use Iface ::/0 :: !n -1 1 0 lo ::1/128 :: Un 0 6 0 lo ::/0 :: !n -1 1 0 lo #ip -6 route list #ip -6 rule show 0: from all lookup local 32766: from all lookup main 4200000001: from all iif lo failed_policy 4200000003: from all iif eth0 failed_policy #===================== 端口占用状态 =====================# tcp 0 0 :::7890 :::* LISTEN 21649/clash tcp 0 0 :::7891 :::* LISTEN 21649/clash tcp 0 0 :::7892 :::* LISTEN 21649/clash tcp 0 0 :::7893 :::* LISTEN 21649/clash tcp 0 0 :::7895 :::* LISTEN 21649/clash tcp 0 0 :::9090 :::* LISTEN 21649/clash udp 0 0 :::7874 :::* 21649/clash udp 0 0 :::7891 :::* 21649/clash udp 0 0 :::7892 :::* 21649/clash udp 0 0 :::7893 :::* 21649/clash udp 0 0 :::7895 :::* 21649/clash #===================== 测试本机DNS查询(www.baidu.com) =====================# Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.baidu.com www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com Address 1: 120.232.145.185 Address 2: 120.232.145.144 *** Can't find www.baidu.com: No answer #===================== 测试内核DNS查询(www.instagram.com) =====================# Status: 0 TC: false RD: true RA: true AD: false CD: false Question: Name: www.instagram.com. Qtype: 1 Qclass: 1 Answer: TTL: 152 data: 69.171.234.48 name: www.instagram.com. type: 1 Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto #===================== /tmp/resolv.conf.auto =====================# # Interface lan nameserver 119.29.29.29 nameserver 8.8.8.8 #===================== /tmp/resolv.conf.d/resolv.conf.auto =====================# # Interface lan nameserver 119.29.29.29 nameserver 8.8.8.8 #===================== 测试本机网络连接(www.baidu.com) =====================# HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Thu, 07 Sep 2023 15:57:19 GMT Etag: "575e1f6f-115" Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT Pragma: no-cache Server: bfe/1.0.8.18 #===================== 测试本机网络下载(raw.githubusercontent.com) =====================# HTTP/2 404 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security: max-age=31536000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block content-type: text/plain; charset=utf-8 x-github-request-id: 8EAA:413E:40E611:4967A2:64F9F2DE accept-ranges: bytes date: Thu, 07 Sep 2023 15:57:19 GMT via: 1.1 varnish x-served-by: cache-itm18840-ITM x-cache: MISS x-cache-hits: 0 x-timer: S1694102240.838295,VS0,VE157 vary: Authorization,Accept-Encoding,Origin access-control-allow-origin: * cross-origin-resource-policy: cross-origin x-fastly-request-id: 72edfbf8e375e47a21dd705d83dfb5fc8f421b2f expires: Thu, 07 Sep 2023 16:02:19 GMT source-age: 0 content-length: 14 #===================== 最近运行日志(自动切换为Debug模式) =====================# time="2023-09-07T15:43:33.055030097Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55217 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" 2023-09-07 23:43:35 Watchdog: Setting Firewall For Enabling Redirect... time="2023-09-07T15:43:38.065702655Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55218 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded" time="2023-09-07T15:43:44.087291663Z" level=info msg="[TCP] 192.168.100.2:49962 --> raw.githubusercontent.com:443 match DomainSuffix(githubusercontent.com) using 🔰 节点选择[[SS] SS1]" 2023-09-07 23:44:46 OpenClash Restart... 2023-09-07 23:44:46 OpenClash Stoping... 2023-09-07 23:44:46 Step 1: Backup The Current Groups State... 2023-09-07 23:44:46 Step 2: Delete OpenClash Firewall Rules... 2023-09-07 23:44:47 Step 3: Close The OpenClash Daemons... 2023-09-07 23:44:47 Step 4: Close The Clash Core Process... 2023-09-07 23:44:47 Step 5: Restart Dnsmasq... 2023-09-07 23:44:52 Step 6: Delete OpenClash Residue File... 2023-09-07 23:44:52 OpenClash Start Running... 2023-09-07 23:44:52 Step 1: Get The Configuration... 2023-09-07 23:44:52 Step 2: Check The Components... 2023-09-07 23:44:52 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start... 2023-09-07 23:44:52 Step 3: Modify The Config File... 2023-09-07 23:44:52 Warning: You May Need to Turn off The Rebinding Protection Option of Dnsmasq When Hosts Has Set a Reserved Address 2023-09-07 23:44:53 Tip: Start Running Custom Overwrite Scripts... 2023-09-07 23:44:53 Step 4: Start Running The Clash Core... 2023-09-07 23:44:53 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start... 2023-09-07 23:44:53 Test The Config File First... time="2023-09-07T15:44:54.650121476Z" level=info msg="Start initial configuration in progress" time="2023-09-07T15:44:54.651080491Z" level=info msg="Geodata Loader mode: standard" time="2023-09-07T15:44:55.030012099Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338" time="2023-09-07T15:44:55.983417384Z" level=warning msg="[CacheFile] can't open cache file: timeout" time="2023-09-07T15:44:55.983474143Z" level=warning msg="Deprecated: Use Sniff instead" time="2023-09-07T15:44:55.983504049Z" level=info msg="Initial configuration complete, total time: 1333ms" 2023-09-07 23:44:55 configuration file【/etc/openclash/config.yaml】test is successful 2023-09-07 23:44:57 Step 5: Check The Core Status... time="2023-09-07T15:44:57.715180396Z" level=info msg="Start initial configuration in progress" time="2023-09-07T15:44:57.71610786Z" level=info msg="Geodata Loader mode: standard" time="2023-09-07T15:44:58.09642811Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338" time="2023-09-07T15:44:58.111587917Z" level=warning msg="Deprecated: Use Sniff instead" time="2023-09-07T15:44:58.11163341Z" level=info msg="Initial configuration complete, total time: 396ms" time="2023-09-07T15:44:58.112187925Z" level=info msg="RESTful API listening at: [::]:9090" time="2023-09-07T15:44:58.125333152Z" level=info msg="Sniffer is loaded and working" time="2023-09-07T15:44:58.125358194Z" level=info msg="Use tcp concurrent" time="2023-09-07T15:44:58.125528325Z" level=info msg="DNS server listening at: [::]:7874" time="2023-09-07T15:44:58.125576884Z" level=info msg="HTTP proxy listening at: [::]:7890" time="2023-09-07T15:44:58.125607691Z" level=info msg="SOCKS proxy listening at: [::]:7891" time="2023-09-07T15:44:58.125643529Z" level=info msg="Redirect proxy listening at: [::]:7892" time="2023-09-07T15:44:58.125684559Z" level=info msg="TProxy server listening at: [::]:7895" time="2023-09-07T15:44:58.12575511Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893" time="2023-09-07T15:44:58.125820824Z" level=info msg="Start initial compatible provider 🌏 国内媒体" time="2023-09-07T15:44:58.125851199Z" level=info msg="Start initial compatible provider 🚫 运营劫持" time="2023-09-07T15:44:58.125870705Z" level=info msg="Start initial compatible provider 🍎 苹果服务" time="2023-09-07T15:44:58.125888555Z" level=info msg="Start initial compatible provider default" time="2023-09-07T15:44:58.125892322Z" level=info msg="Start initial compatible provider 🎥 NETFLIX" time="2023-09-07T15:44:58.125915208Z" level=info msg="Start initial compatible provider 🔰 节点选择" time="2023-09-07T15:44:58.12593229Z" level=info msg="Start initial compatible provider ♻️ 自动选择" time="2023-09-07T15:44:58.125933611Z" level=info msg="Start initial compatible provider 🛑 全球拦截" time="2023-09-07T15:44:58.125923045Z" level=info msg="Start initial compatible provider 🌍 国外媒体" time="2023-09-07T15:44:58.12592313Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼" time="2023-09-07T15:44:58.1259248Z" level=info msg="Start initial compatible provider 📲 电报信息" time="2023-09-07T15:44:58.125906409Z" level=info msg="Start initial compatible provider 🎯 全球直连" time="2023-09-07T15:44:58.125938047Z" level=info msg="Start initial compatible provider ⛔️ 广告拦截" time="2023-09-07T15:44:58.125929907Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务" 2023-09-07 23:45:00 Step 6: Wait For The File Downloading... 2023-09-07 23:45:00 Step 7: Set Firewall Rules... 2023-09-07 23:45:00 Tip: DNS Hijacking Mode is Dnsmasq Redirect... 2023-09-07 23:45:00 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces... 2023-09-07 23:45:00 Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well... 2023-09-07 23:45:01 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules... 2023-09-07 23:45:01 Tip: Start Add Custom Firewall Rules... 2023-09-07 23:45:01 Step 8: Restart Dnsmasq... 2023-09-07 23:45:01 Step 9: Add Cron Rules, Start Daemons... 2023-09-07 23:45:01 OpenClash Start Successful! 2023-09-07 23:45:01 Tip: Dnsmasq Work is Normal, Restore The Firewall DNS Hijacking Rules... time="2023-09-07T15:45:04.970465492Z" level=info msg="[TCP] 192.168.100.8:51671 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]" time="2023-09-07T15:45:04.970541412Z" level=info msg="[TCP] 192.168.100.8:51672 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]" time="2023-09-07T15:45:06.03799341Z" level=info msg="[TCP] 192.168.100.8:51675 --> clients4.google.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:45:13.449854334Z" level=info msg="[TCP] 192.168.100.50:55239 --> client.wns.windows.com:443 match DomainSuffix(windows.com) using Ⓜ️ 微软服务[DIRECT]" time="2023-09-07T15:45:50.766990872Z" level=info msg="[TCP] 192.168.100.8:51689 --> www.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[SS] SS1]" time="2023-09-07T15:45:51.976256546Z" level=info msg="[TCP] 192.168.100.8:51690 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:45:53.106471829Z" level=info msg="[TCP] 192.168.100.8:51691 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:45:54.444599546Z" level=info msg="[TCP] 192.168.100.8:59566 --> safebrowsing.googleapis-cn.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]" 2023-09-07 23:46:01 Watchdog: Setting Firewall For Enabling Redirect... time="2023-09-07T15:46:06.951278947Z" level=info msg="[TCP] 192.168.100.8:51696 --> identity.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:46:08.12853195Z" level=info msg="[TCP] 192.168.100.8:51697 --> notifications.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:46:09.335961704Z" level=info msg="[TCP] 192.168.100.8:51698 --> api.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]" time="2023-09-07T15:46:56.963049116Z" level=info msg="[TCP] 192.168.100.8:51703 --> accounts.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[SS] SS1]" time="2023-09-07T15:47:05.311892217Z" level=info msg="[TCP] 192.168.100.8:51704 --> alive.github.com:443 match DomainSuffix(github.com) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:47:06.491150856Z" level=info msg="[TCP] 192.168.100.8:59567 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]" time="2023-09-07T15:47:28.246810876Z" level=info msg="[TCP] 192.168.100.8:51707 --> github.com:443 match DomainSuffix(github.com) using 🔰 节点选择[[SS] SS1]" time="2023-09-07T15:49:07.814280868Z" level=info msg="[TCP] 192.168.100.8:51710 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]" time="2023-09-07T15:52:08.386296714Z" level=info msg="[TCP] 192.168.100.8:59568 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]" time="2023-09-07T15:52:39.078668476Z" level=info msg="[TCP] 192.168.100.8:51717 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[VMess] Vmess+Ws+2]" time="2023-09-07T15:54:02.250530097Z" level=info msg="[TCP] 192.168.100.8:51723 --> westus-0.in.applicationinsights.azure.com:443 match DomainSuffix(azure.com) using Ⓜ️ 微软服务[DIRECT]" time="2023-09-07T15:55:17.007524683Z" level=info msg="[TCP] 192.168.100.50:55355 --> v10.events.data.microsoft.com:443 match DomainKeyword(microsoft) using Ⓜ️ 微软服务[DIRECT]" time="2023-09-07T15:56:14.543621021Z" level=info msg="[TCP] 192.168.100.8:51730 --> www.google.com:443 match DomainKeyword(google) using 🔰 节点选择[[VMess] Vmess+Ws+2]" time="2023-09-07T15:56:16.022122648Z" level=info msg="[TCP] 192.168.100.8:51734 --> api.wcc.best:443 match Match using 🐟 漏网之鱼[[VMess] Vmess+Ws+2]" time="2023-09-07T15:56:18.135299Z" level=info msg="[TCP] 192.168.100.8:51735 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[VMess] Vmess+Ws+2]" time="2023-09-07T15:56:59.870539164Z" level=info msg="[TCP] 192.168.100.8:51737 --> accounts.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[VMess] Vmess+Ws+2]" time="2023-09-07T15:57:08.211647365Z" level=info msg="[UDP] 192.168.100.8:123 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]" time="2023-09-07T15:57:08.686651154Z" level=info msg="[TCP] 192.168.100.50:55386 --> safebrowsing.googleapis.com:443 match DomainKeyword(google) using 🔰 节点选择[[VMess] Vmess+Ws+2]" time="2023-09-07T15:57:09.817330011Z" level=info msg="[TCP] 192.168.100.8:59569 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]" time="2023-09-07T15:57:09.932752932Z" level=info msg="[TCP] 192.168.100.8:59570 --> weather-data.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]" time="2023-09-07T15:57:13.705693651Z" level=info msg="[TCP] 192.168.100.8:51741 --> www.instagram.com:443 match DomainSuffix(instagram.com) using 🔰 节点选择[[VMess] Vmess+Ws+2]" time="2023-09-07T15:57:19.629650675Z" level=info msg="[TCP] 192.168.100.2:49284 --> raw.githubusercontent.com:443 match DomainSuffix(githubusercontent.com) using 🔰 节点选择[[VMess] Vmess+Ws+2]" #===================== 最近运行日志获取完成(自动切换为silent模式) =====================# #===================== 活动连接信息 =====================# 1. SourceIP:【192.168.100.8】 - Host:【api.wcc.best】 - DestinationIP:【104.21.73.40】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[VMess] Vmess+Ws+2】 2. SourceIP:【192.168.100.8】 - Host:【alive.github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【github.com】 - Lastchain:【[SS] SS1】 3. SourceIP:【192.168.100.50】 - Host:【client.wns.windows.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【windows.com】 - Lastchain:【DIRECT】 4. SourceIP:【192.168.100.8】 - Host:【time-ios.g.aaplimg.com】 - DestinationIP:【17.253.84.253】 - Network:【udp】 - RulePayload:【aaplimg.com】 - Lastchain:【[VMess] Vmess+Ws+2】 5. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】 6. SourceIP:【192.168.100.8】 - Host:【accounts.youtube.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【youtube.com】 - Lastchain:【[VMess] Vmess+Ws+2】 7. SourceIP:【192.168.100.50】 - Host:【safebrowsing.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[VMess] Vmess+Ws+2】 8. SourceIP:【192.168.100.8】 - Host:【notifications.bitwarden.com】 - DestinationIP:【104.18.13.33】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】 9. SourceIP:【192.168.100.8】 - Host:【www.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[VMess] Vmess+Ws+2】 10. SourceIP:【192.168.100.8】 - Host:【www.instagram.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【instagram.com】 - Lastchain:【[VMess] Vmess+Ws+2】 11. SourceIP:【192.168.100.8】 - Host:【clients4.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[SS] SS1】 12. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[VMess] Vmess+Ws+2】

vernesong / OpenClash