Closed ylqjgm closed 11 months ago
Fake-IP日志:
生成时间: 2023-09-07 23:43:38
插件版本: v0.45.141-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: QEMU Standard PC (i440FX + PIIX, 1996)
固件版本: ImmortalWrt 21.02-SNAPSHOT r20074-a8bbadefaf
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.255
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:Meta
进程pid: 14587
运行权限: 14587: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.17.0-20-ga19a9fe
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g3a9fc39
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 自定义规则 一 =====================#
script:
rules:
- DOMAIN-SUFFIX,chdbits.co,🎯 全球直连
- DOMAIN-SUFFIX,discfan.net,🎯 全球直连
- DOMAIN-SUFFIX,greatposterwall.com,🎯 全球直连
- DOMAIN-SUFFIX,haidan.video,🎯 全球直连
- DOMAIN-SUFFIX,hdsky.me,🎯 全球直连
- DOMAIN-SUFFIX,hdtime.org,🎯 全球直连
- DOMAIN-SUFFIX,m-team.cc,🎯 全球直连
- DOMAIN-SUFFIX,open.cd,🎯 全球直连
- DOMAIN-SUFFIX,ourbits.club,🎯 全球直连
- DOMAIN-SUFFIX,pttime.org,🎯 全球直连
- DOMAIN-KEYWORD,announce,🎯 全球直连
##在线IP段转CIDR地址:http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
rules:
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F530 节点选择"
type: select
proxies:
- "♻️ 自动选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "♻️ 自动选择"
type: url-test
url: http://www.gstatic.com/generate_204
interval: 300
proxies:
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F3A5 NETFLIX"
type: select
proxies:
- "\U0001F530 节点选择"
- "♻️ 自动选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "⛔️ 广告拦截"
type: select
proxies:
- "\U0001F6D1 全球拦截"
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- name: "\U0001F6AB 运营劫持"
type: select
proxies:
- "\U0001F6D1 全球拦截"
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- name: "\U0001F30D 国外媒体"
type: select
proxies:
- "\U0001F530 节点选择"
- "♻️ 自动选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F30F 国内媒体"
type: select
proxies:
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- name: Ⓜ️ 微软服务
type: select
proxies:
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F4F2 电报信息"
type: select
proxies:
- "\U0001F530 节点选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F34E 苹果服务"
type: select
proxies:
- "\U0001F530 节点选择"
- "\U0001F3AF 全球直连"
- "♻️ 自动选择"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F3AF 全球直连"
type: select
proxies:
- DIRECT
- name: "\U0001F6D1 全球拦截"
type: select
proxies:
- REJECT
- DIRECT
- name: "\U0001F41F 漏网之鱼"
type: select
proxies:
- "\U0001F530 节点选择"
- "\U0001F3AF 全球直连"
- "♻️ 自动选择"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- "DOMAIN-SUFFIX,chdbits.co,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,discfan.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,greatposterwall.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,haidan.video,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,hdsky.me,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,hdtime.org,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,m-team.cc,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,open.cd,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,ourbits.club,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,pttime.org,\U0001F3AF 全球直连"
- "DOMAIN-KEYWORD,announce,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连"
- "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve"
- DOMAIN-KEYWORD,1drv,Ⓜ️ 微软服务
- 这一部分均为ACL4SSR_Github_Online_Full的规则,未做更改
- "GEOIP,CN,\U0001F3AF 全球直连"
- "MATCH,\U0001F41F 漏网之鱼"
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
unified-delay: true
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
listen: 0.0.0.0:7874
nameserver:
- 211.139.29.150
- 119.29.29.29
fallback:
- tls://1.1.1.1:853
- tls://8.8.8.8:853
- https://1.1.1.1/dns-query
- https://8.8.8.8/dns-query
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
- "+.googlevideo.com"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
fake-ip-filter:
- "*.lan"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time-ios.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- "+.qq.com"
- "+.tencent.com"
- "+.srv.nintendo.net"
- "*.n.n.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.*.microsoft.com
- "*.*.xboxlive.com"
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- "+.battlenet.com.cn"
- "+.wotgame.cn"
- "+.wggames.cn"
- "+.wowsgame.cn"
- "+.wargaming.net"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- "+.stun.*.*.*.*.*"
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "*.router.asus.com"
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- na.b.g-tun.com
- "+.nflxvideo.net"
- "*.square-enix.com"
- "*.finalfantasyxiv.com"
- "*.ffxiv.com"
- "*.ff14.sdo.com"
- ff.dorado.sdo.com
- "*.mcdn.bilivideo.cn"
- "+.media.dssott.com"
- shark007.net
- Mijia Cloud
- "+.cmbchina.com"
- "+.cmbimg.com"
- local.adguard.org
- "+.sandai.net"
- "+.n0808.com"
- "+.filejoker.net"
- "+.myqloud.org"
- services.googleapis.cn
use-hosts: true
sniffer:
enable: true
parse-pure-ip: true
profile:
store-selected: true
store-fake-ip: true
hosts:
a.com: 192.168.100.25
b.com: 192.168.100.26
c.com: 192.168.100.27
d.com: 192.168.100.28
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Thu Sep 7 23:43:40 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [3:181]
:POSTROUTING ACCEPT [3:181]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 13936 -j DNAT --to-destination 192.168.100.152:1080
-A MINIUPNPD -p udp -m udp --dport 13936 -j DNAT --to-destination 192.168.100.152:3027
-A MINIUPNPD -p udp -m udp --dport 9307 -j DNAT --to-destination 192.168.100.222:9307
-A MINIUPNPD -p udp -m udp --dport 9308 -j DNAT --to-destination 192.168.100.222:9308
-A MINIUPNPD -p udp -m udp --dport 9309 -j DNAT --to-destination 192.168.100.222:9309
-A MINIUPNPD -p udp -m udp --dport 9310 -j DNAT --to-destination 192.168.100.222:9310
-A MINIUPNPD -p udp -m udp --dport 9306 -j DNAT --to-destination 192.168.100.222:9306
-A MINIUPNPD -p udp -m udp --dport 8735 -j DNAT --to-destination 192.168.100.223:8735
-A MINIUPNPD -p udp -m udp --dport 8736 -j DNAT --to-destination 192.168.100.223:8736
-A MINIUPNPD -p udp -m udp --dport 8737 -j DNAT --to-destination 192.168.100.223:8737
-A MINIUPNPD -p udp -m udp --dport 8738 -j DNAT --to-destination 192.168.100.223:8738
-A MINIUPNPD -p udp -m udp --dport 8734 -j DNAT --to-destination 192.168.100.223:8734
-A MINIUPNPD -p tcp -m tcp --dport 13864 -j DNAT --to-destination 192.168.100.152:1080
-A MINIUPNPD -p udp -m udp --dport 13864 -j DNAT --to-destination 192.168.100.152:3027
-A MINIUPNPD -p udp -m udp --dport 8522 -j DNAT --to-destination 192.168.100.236:8522
-A MINIUPNPD -p udp -m udp --dport 8608 -j DNAT --to-destination 192.168.100.236:8608
-A MINIUPNPD -p udp -m udp --dport 8567 -j DNAT --to-destination 192.168.100.236:8567
-A MINIUPNPD -p udp -m udp --dport 8103 -j DNAT --to-destination 192.168.100.112:8103
-A MINIUPNPD -p udp -m udp --dport 29575 -j DNAT --to-destination 192.168.100.223:29575
-A MINIUPNPD -p udp -m udp --dport 56291 -j DNAT --to-destination 192.168.100.222:56291
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13936
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13936
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13864
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13864
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Sep 7 23:43:40 2023
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Thu Sep 7 23:43:40 2023
*mangle
:PREROUTING ACCEPT [2053:300985]
:INPUT ACCEPT [1762:260875]
:FORWARD ACCEPT [296:45324]
:OUTPUT ACCEPT [1909:787468]
:POSTROUTING ACCEPT [2206:832824]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 1080 -j RETURN
-A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8522 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8608 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8567 -j RETURN
-A openclash_upnp -s 192.168.100.112/32 -p udp -m udp --sport 8103 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 29575 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8735 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8736 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8737 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8738 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8734 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 56291 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9307 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9308 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9309 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9310 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9306 -j RETURN
COMMIT
# Completed on Thu Sep 7 23:43:40 2023
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Thu Sep 7 23:43:40 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9307 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9308 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9309 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9310 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9306 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8735 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8736 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8737 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8738 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8734 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8522 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8608 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 192.168.100.112/32 -p udp -m udp --dport 8103 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 29575 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 56291 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Sep 7 23:43:40 2023
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:43:40 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [2:162]
:POSTROUTING ACCEPT [2:162]
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Thu Sep 7 23:43:40 2023
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:43:40 2023
*mangle
:PREROUTING ACCEPT [595:58985]
:INPUT ACCEPT [555:55945]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [595:58985]
:POSTROUTING ACCEPT [595:58985]
COMMIT
# Completed on Thu Sep 7 23:43:40 2023
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:43:40 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [20:1520]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Sep 7 23:43:40 2023
#===================== IPSET状态 =====================#
Name: localnetwork
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 1024
References: 3
Number of entries: 9
Name: china_ip_route
Type: hash:net
Revision: 6
Header: family inet hashsize 32768 maxelem 1000000
Size in memory: 2306472
References: 4
Number of entries: 92349
Name: china_ip_route_pass
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1000000
Size in memory: 448
References: 3
Number of entries: 0
#===================== 路由表状态 =====================#
#IPv4
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
#ip route list
default via 192.168.100.1 dev eth0 proto static
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.2
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#IPv6
#route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 :: !n -1 1 0 lo
::1/128 :: Un 0 6 0 lo
::/0 :: !n -1 1 0 lo
#ip -6 route list
#ip -6 rule show
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo failed_policy
4200000003: from all iif eth0 failed_policy
#===================== 端口占用状态 =====================#
tcp 0 0 :::7890 :::* LISTEN 14587/clash
tcp 0 0 :::7891 :::* LISTEN 14587/clash
tcp 0 0 :::7892 :::* LISTEN 14587/clash
tcp 0 0 :::7893 :::* LISTEN 14587/clash
tcp 0 0 :::7895 :::* LISTEN 14587/clash
tcp 0 0 :::9090 :::* LISTEN 14587/clash
udp 0 0 :::7874 :::* 14587/clash
udp 0 0 :::7891 :::* 14587/clash
udp 0 0 :::7892 :::* 14587/clash
udp 0 0 :::7893 :::* 14587/clash
udp 0 0 :::7895 :::* 14587/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address 1: 120.232.145.144
Address 2: 120.232.145.185
*** Can't find www.baidu.com: No answer
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto
#===================== /tmp/resolv.conf.auto =====================#
# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8
#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#
# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 07 Sep 2023 15:43:43 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
HTTP/2 404
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 9EC8:6CFA:6B9C73:7F9D0F:64F9EFB0
accept-ranges: bytes
date: Thu, 07 Sep 2023 15:43:45 GMT
via: 1.1 varnish
x-served-by: cache-bur-kbur8200142-BUR
x-cache: MISS
x-cache-hits: 0
x-timer: S1694101425.125382,VS0,VE105
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 8cf752d713a83b8a385f15f6765b02e9d7a004f9
expires: Thu, 07 Sep 2023 15:48:45 GMT
source-age: 0
content-length: 14
#===================== 最近运行日志(自动切换为Debug模式) =====================#
time="2023-09-07T15:40:47.132979138Z" level=info msg="[TCP] 192.168.100.8:51603 --> www.google.co.jp:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:40:49.560368801Z" level=info msg="[TCP] 192.168.100.8:51606 --> github.com:443 match DomainSuffix(github.com) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:40:55.748064121Z" level=info msg="[TCP] 192.168.100.8:59561 --> update.code.visualstudio.com:443 match DomainSuffix(visualstudio.com) using Ⓜ️ 微软服务[DIRECT]"
time="2023-09-07T15:41:08.447224054Z" level=info msg="[TCP] 192.168.100.8:51610 --> www.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[SS] SS1]"
time="2023-09-07T15:41:10.027440199Z" level=info msg="[TCP] 192.168.100.8:59562 --> ipcdn.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]"
time="2023-09-07T15:41:10.98528689Z" level=info msg="[TCP] 192.168.100.8:51612 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:41:12.422144264Z" level=info msg="[TCP] 192.168.100.8:51613 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
2023-09-07 23:41:21 Watchdog: Setting Firewall For Enabling Redirect...
time="2023-09-07T15:41:45.854743784Z" level=info msg="[TCP] 192.168.100.8:51614 --> safebrowsing.googleapis.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:41:53.819783742Z" level=info msg="[UDP] 192.168.100.8:57870 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[SS] SS1]"
time="2023-09-07T15:41:54.15241441Z" level=info msg="[UDP] 192.168.100.8:53221 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[SS] SS1]"
time="2023-09-07T15:41:56.24327689Z" level=info msg="[UDP] 192.168.100.8:63271 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[SS] SS1]"
time="2023-09-07T15:42:04.099264564Z" level=info msg="[TCP] 192.168.100.50:55199 --> client.wns.windows.com:443 match DomainSuffix(windows.com) using Ⓜ️ 微软服务[DIRECT]"
time="2023-09-07T15:42:04.222567852Z" level=info msg="[TCP] 192.168.100.8:59563 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]"
time="2023-09-07T15:42:19.27374937Z" level=info msg="[TCP] 192.168.100.8:51617 --> notifications.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
2023-09-07 23:42:20 OpenClash Restart...
2023-09-07 23:42:20 OpenClash Stoping...
2023-09-07 23:42:20 Step 1: Backup The Current Groups State...
2023-09-07 23:42:20 Step 2: Delete OpenClash Firewall Rules...
2023-09-07 23:42:20 Step 3: Close The OpenClash Daemons...
2023-09-07 23:42:20 Step 4: Close The Clash Core Process...
2023-09-07 23:42:20 Step 5: Restart Dnsmasq...
2023-09-07 23:42:26 Step 6: Delete OpenClash Residue File...
2023-09-07 23:42:26 OpenClash Start Running...
2023-09-07 23:42:26 Step 1: Get The Configuration...
2023-09-07 23:42:26 Step 2: Check The Components...
2023-09-07 23:42:26 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2023-09-07 23:42:26 Step 3: Modify The Config File...
2023-09-07 23:42:26 Warning: You May Need to Turn off The Rebinding Protection Option of Dnsmasq When Hosts Has Set a Reserved Address
2023-09-07 23:42:27 Tip: Start Running Custom Overwrite Scripts...
2023-09-07 23:42:27 Step 4: Start Running The Clash Core...
2023-09-07 23:42:27 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2023-09-07 23:42:27 Test The Config File First...
time="2023-09-07T15:42:28.29308775Z" level=info msg="Start initial configuration in progress"
time="2023-09-07T15:42:28.29405701Z" level=info msg="Geodata Loader mode: standard"
time="2023-09-07T15:42:28.681627162Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338"
time="2023-09-07T15:42:29.635150816Z" level=warning msg="[CacheFile] can't open cache file: timeout"
time="2023-09-07T15:42:29.635206682Z" level=warning msg="Deprecated: Use Sniff instead"
time="2023-09-07T15:42:29.635230916Z" level=info msg="Initial configuration complete, total time: 1342ms"
2023-09-07 23:42:29 configuration file【/etc/openclash/config.yaml】test is successful
2023-09-07 23:42:30 Step 5: Check The Core Status...
time="2023-09-07T15:42:31.3741561Z" level=info msg="Start initial configuration in progress"
time="2023-09-07T15:42:31.375120247Z" level=info msg="Geodata Loader mode: standard"
time="2023-09-07T15:42:31.75916711Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338"
time="2023-09-07T15:42:31.77415109Z" level=warning msg="Deprecated: Use Sniff instead"
time="2023-09-07T15:42:31.774190765Z" level=info msg="Initial configuration complete, total time: 399ms"
time="2023-09-07T15:42:31.774721895Z" level=info msg="RESTful API listening at: [::]:9090"
time="2023-09-07T15:42:31.788442255Z" level=info msg="Sniffer is loaded and working"
time="2023-09-07T15:42:31.788467971Z" level=info msg="Use tcp concurrent"
time="2023-09-07T15:42:31.788578013Z" level=info msg="DNS server listening at: [::]:7874"
time="2023-09-07T15:42:31.788626307Z" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-09-07T15:42:31.788661499Z" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-09-07T15:42:31.78873546Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-09-07T15:42:31.788783994Z" level=info msg="TProxy server listening at: [::]:7895"
time="2023-09-07T15:42:31.788844231Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-09-07T15:42:31.788890625Z" level=info msg="Start initial compatible provider 🎥 NETFLIX"
time="2023-09-07T15:42:31.788922805Z" level=info msg="Start initial compatible provider 🌍 国外媒体"
time="2023-09-07T15:42:31.788939443Z" level=info msg="Start initial compatible provider 🔰 节点选择"
time="2023-09-07T15:42:31.788942741Z" level=info msg="Start initial compatible provider 🌏 国内媒体"
time="2023-09-07T15:42:31.78894865Z" level=info msg="Start initial compatible provider ♻️ 自动选择"
time="2023-09-07T15:42:31.788978534Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务"
time="2023-09-07T15:42:31.788960328Z" level=info msg="Start initial compatible provider ⛔️ 广告拦截"
time="2023-09-07T15:42:31.788965391Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼"
time="2023-09-07T15:42:31.788970181Z" level=info msg="Start initial compatible provider default"
time="2023-09-07T15:42:31.788983866Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
time="2023-09-07T15:42:31.788987028Z" level=info msg="Start initial compatible provider 🚫 运营劫持"
time="2023-09-07T15:42:31.788992078Z" level=info msg="Start initial compatible provider 🍎 苹果服务"
time="2023-09-07T15:42:31.788998816Z" level=info msg="Start initial compatible provider 🎯 全球直连"
time="2023-09-07T15:42:31.788954993Z" level=info msg="Start initial compatible provider 📲 电报信息"
2023-09-07 23:42:33 Step 6: Wait For The File Downloading...
2023-09-07 23:42:33 Step 7: Set Firewall Rules...
2023-09-07 23:42:33 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-09-07 23:42:33 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces...
2023-09-07 23:42:34 Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well...
2023-09-07 23:42:34 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-09-07 23:42:34 Tip: Start Add Custom Firewall Rules...
2023-09-07 23:42:34 Step 8: Restart Dnsmasq...
2023-09-07 23:42:34 Step 9: Add Cron Rules, Start Daemons...
2023-09-07 23:42:34 OpenClash Start Successful!
2023-09-07 23:42:35 Tip: Dnsmasq Work is Normal, Restore The Firewall DNS Hijacking Rules...
time="2023-09-07T15:42:38.646214673Z" level=info msg="[TCP] 192.168.100.8:51636 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]"
time="2023-09-07T15:42:39.666068693Z" level=info msg="[TCP] 192.168.100.8:51635 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]"
time="2023-09-07T15:42:39.6940961Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55204 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
time="2023-09-07T15:42:39.810849715Z" level=info msg="[TCP] 192.168.100.8:51638 --> 140.82.113.26:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:42:41.352935Z" level=info msg="[TCP] 192.168.100.8:51637 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:42:44.706937273Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55205 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
time="2023-09-07T15:42:45.837474116Z" level=info msg="[TCP] 192.168.100.8:51641 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:42:55.937693957Z" level=info msg="[TCP] 192.168.100.8:51643 --> 20.205.243.166:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:43:04.296735477Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55210 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
time="2023-09-07T15:43:09.309243496Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55212 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
time="2023-09-07T15:43:09.998048682Z" level=info msg="[TCP] 192.168.100.8:51649 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:43:10.003878907Z" level=info msg="[TCP] 192.168.100.8:51650 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:43:10.710827477Z" level=info msg="[TCP] 192.168.100.8:51646 --> 162.125.18.129:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:43:18.374114239Z" level=info msg="[TCP] 192.168.100.8:51651 --> clients4.google.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:43:25.089166765Z" level=info msg="[TCP] 192.168.100.8:51653 --> www.instagram.com:443 match DomainSuffix(instagram.com) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:43:30.090760532Z" level=info msg="[TCP] 192.168.100.8:59564 --> valid.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]"
time="2023-09-07T15:43:33.055030097Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55217 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
2023-09-07 23:43:35 Watchdog: Setting Firewall For Enabling Redirect...
time="2023-09-07T15:43:38.065702655Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55218 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
time="2023-09-07T15:43:44.087291663Z" level=info msg="[TCP] 192.168.100.2:49962 --> raw.githubusercontent.com:443 match DomainSuffix(githubusercontent.com) using 🔰 节点选择[[SS] SS1]"
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
2. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
3. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】
4. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
5. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【20.205.243.166】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
6. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【140.82.113.26】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
7. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
8. SourceIP:【192.168.100.8】 - Host:【clients4.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[SS] SS1】
9. SourceIP:【192.168.100.8】 - Host:【www.instagram.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【instagram.com】 - Lastchain:【[SS] SS1】
10. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】
11. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【162.125.18.129】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
当我在fallback中配置了udp 53的DNS后,可解析国外网站,偶尔也可以解析下raw.githubusercontent.com
生成时间: 2023-09-07 23:57:17
插件版本: v0.45.141-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: QEMU Standard PC (i440FX + PIIX, 1996)
固件版本: ImmortalWrt 21.02-SNAPSHOT r20074-a8bbadefaf
LuCI版本: git-20.074.84698-ead5e81
内核版本: 5.4.255
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:Meta
进程pid: 21649
运行权限: 21649: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.17.0-20-ga19a9fe
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g3a9fc39
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 自定义规则 一 =====================#
script:
rules:
- DOMAIN-SUFFIX,chdbits.co,🎯 全球直连
- DOMAIN-SUFFIX,discfan.net,🎯 全球直连
- DOMAIN-SUFFIX,greatposterwall.com,🎯 全球直连
- DOMAIN-SUFFIX,haidan.video,🎯 全球直连
- DOMAIN-SUFFIX,hdsky.me,🎯 全球直连
- DOMAIN-SUFFIX,hdtime.org,🎯 全球直连
- DOMAIN-SUFFIX,m-team.cc,🎯 全球直连
- DOMAIN-SUFFIX,open.cd,🎯 全球直连
- DOMAIN-SUFFIX,ourbits.club,🎯 全球直连
- DOMAIN-SUFFIX,pttime.org,🎯 全球直连
- DOMAIN-KEYWORD,announce,🎯 全球直连
##在线IP段转CIDR地址:http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
rules:
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F530 节点选择"
type: select
proxies:
- "♻️ 自动选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "♻️ 自动选择"
type: url-test
url: http://www.gstatic.com/generate_204
interval: 300
proxies:
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F3A5 NETFLIX"
type: select
proxies:
- "\U0001F530 节点选择"
- "♻️ 自动选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "⛔️ 广告拦截"
type: select
proxies:
- "\U0001F6D1 全球拦截"
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- name: "\U0001F6AB 运营劫持"
type: select
proxies:
- "\U0001F6D1 全球拦截"
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- name: "\U0001F30D 国外媒体"
type: select
proxies:
- "\U0001F530 节点选择"
- "♻️ 自动选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F30F 国内媒体"
type: select
proxies:
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- name: Ⓜ️ 微软服务
type: select
proxies:
- "\U0001F3AF 全球直连"
- "\U0001F530 节点选择"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F4F2 电报信息"
type: select
proxies:
- "\U0001F530 节点选择"
- "\U0001F3AF 全球直连"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F34E 苹果服务"
type: select
proxies:
- "\U0001F530 节点选择"
- "\U0001F3AF 全球直连"
- "♻️ 自动选择"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
- name: "\U0001F3AF 全球直连"
type: select
proxies:
- DIRECT
- name: "\U0001F6D1 全球拦截"
type: select
proxies:
- REJECT
- DIRECT
- name: "\U0001F41F 漏网之鱼"
type: select
proxies:
- "\U0001F530 节点选择"
- "\U0001F3AF 全球直连"
- "♻️ 自动选择"
- "[SS] SS1"
- "[SS] SS2"
- "[VMess] Vmess+Ws+1"
- "[VMess] Vmess+Ws+2"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- "DOMAIN-SUFFIX,chdbits.co,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,discfan.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,greatposterwall.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,haidan.video,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,hdsky.me,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,hdtime.org,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,m-team.cc,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,open.cd,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,ourbits.club,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,pttime.org,\U0001F3AF 全球直连"
- "DOMAIN-KEYWORD,announce,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连"
- "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve"
- DOMAIN-KEYWORD,1drv,Ⓜ️ 微软服务
- 这一部分均为ACL4SSR_Github_Online_Full的规则,未做更改
- "GEOIP,CN,\U0001F3AF 全球直连"
- "MATCH,\U0001F41F 漏网之鱼"
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
unified-delay: true
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
listen: 0.0.0.0:7874
nameserver:
- 211.139.29.150
- 119.29.29.29
fallback:
- tls://1.1.1.1:853
- tls://8.8.8.8:853
- https://1.1.1.1/dns-query
- https://8.8.8.8/dns-query
- 1.1.1.1
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
- "+.googlevideo.com"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
fake-ip-filter:
- "*.lan"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time-ios.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- music.163.com
- "*.music.163.com"
- "*.126.net"
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- "*.kuwo.cn"
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- "*.y.qq.com"
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- "*.xiami.com"
- "*.music.migu.cn"
- music.migu.cn
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- "+.qq.com"
- "+.tencent.com"
- "+.srv.nintendo.net"
- "*.n.n.srv.nintendo.net"
- "+.stun.playstation.net"
- xbox.*.*.microsoft.com
- "*.*.xboxlive.com"
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- "+.battlenet.com.cn"
- "+.wotgame.cn"
- "+.wggames.cn"
- "+.wowsgame.cn"
- "+.wargaming.net"
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- "+.stun.*.*.*.*.*"
- heartbeat.belkin.com
- "*.linksys.com"
- "*.linksyssmartwifi.com"
- "*.router.asus.com"
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- na.b.g-tun.com
- "+.nflxvideo.net"
- "*.square-enix.com"
- "*.finalfantasyxiv.com"
- "*.ffxiv.com"
- "*.ff14.sdo.com"
- ff.dorado.sdo.com
- "*.mcdn.bilivideo.cn"
- "+.media.dssott.com"
- shark007.net
- Mijia Cloud
- "+.cmbchina.com"
- "+.cmbimg.com"
- local.adguard.org
- "+.sandai.net"
- "+.n0808.com"
- "+.filejoker.net"
- "+.myqloud.org"
- services.googleapis.cn
use-hosts: true
sniffer:
enable: true
parse-pure-ip: true
profile:
store-selected: true
store-fake-ip: true
hosts:
a.com: 192.168.100.25
b.com: 192.168.100.26
c.com: 192.168.100.27
d.com: 192.168.100.28
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Thu Sep 7 23:57:19 2023
*nat
:PREROUTING ACCEPT [195:24602]
:INPUT ACCEPT [191:18750]
:OUTPUT ACCEPT [247:16144]
:POSTROUTING ACCEPT [387:24766]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A MINIUPNPD -p tcp -m tcp --dport 13936 -j DNAT --to-destination 192.168.100.152:1080
-A MINIUPNPD -p udp -m udp --dport 13936 -j DNAT --to-destination 192.168.100.152:3027
-A MINIUPNPD -p udp -m udp --dport 9307 -j DNAT --to-destination 192.168.100.222:9307
-A MINIUPNPD -p udp -m udp --dport 9308 -j DNAT --to-destination 192.168.100.222:9308
-A MINIUPNPD -p udp -m udp --dport 9309 -j DNAT --to-destination 192.168.100.222:9309
-A MINIUPNPD -p udp -m udp --dport 9310 -j DNAT --to-destination 192.168.100.222:9310
-A MINIUPNPD -p udp -m udp --dport 9306 -j DNAT --to-destination 192.168.100.222:9306
-A MINIUPNPD -p udp -m udp --dport 8735 -j DNAT --to-destination 192.168.100.223:8735
-A MINIUPNPD -p udp -m udp --dport 8736 -j DNAT --to-destination 192.168.100.223:8736
-A MINIUPNPD -p udp -m udp --dport 8737 -j DNAT --to-destination 192.168.100.223:8737
-A MINIUPNPD -p udp -m udp --dport 8738 -j DNAT --to-destination 192.168.100.223:8738
-A MINIUPNPD -p udp -m udp --dport 8734 -j DNAT --to-destination 192.168.100.223:8734
-A MINIUPNPD -p tcp -m tcp --dport 13864 -j DNAT --to-destination 192.168.100.152:1080
-A MINIUPNPD -p udp -m udp --dport 13864 -j DNAT --to-destination 192.168.100.152:3027
-A MINIUPNPD -p udp -m udp --dport 8522 -j DNAT --to-destination 192.168.100.236:8522
-A MINIUPNPD -p udp -m udp --dport 8608 -j DNAT --to-destination 192.168.100.236:8608
-A MINIUPNPD -p udp -m udp --dport 8567 -j DNAT --to-destination 192.168.100.236:8567
-A MINIUPNPD -p udp -m udp --dport 8103 -j DNAT --to-destination 192.168.100.112:8103
-A MINIUPNPD -p udp -m udp --dport 29575 -j DNAT --to-destination 192.168.100.223:29575
-A MINIUPNPD -p udp -m udp --dport 56291 -j DNAT --to-destination 192.168.100.222:56291
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13936
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13936
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p tcp -m tcp --sport 1080 -j MASQUERADE --to-ports 13864
-A MINIUPNPD-POSTROUTING -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j MASQUERADE --to-ports 13864
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Sep 7 23:57:19 2023
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Thu Sep 7 23:57:19 2023
*mangle
:PREROUTING ACCEPT [14068:11181695]
:INPUT ACCEPT [11811:10831896]
:FORWARD ACCEPT [2264:356385]
:OUTPUT ACCEPT [10817:11992303]
:POSTROUTING ACCEPT [13089:12348944]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 1080 -j RETURN
-A openclash_upnp -s 192.168.100.152/32 -p udp -m udp --sport 3027 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8522 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8608 -j RETURN
-A openclash_upnp -s 192.168.100.236/32 -p udp -m udp --sport 8567 -j RETURN
-A openclash_upnp -s 192.168.100.112/32 -p udp -m udp --sport 8103 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 29575 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8735 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8736 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8737 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8738 -j RETURN
-A openclash_upnp -s 192.168.100.223/32 -p udp -m udp --sport 8734 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 56291 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9307 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9308 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9309 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9310 -j RETURN
-A openclash_upnp -s 192.168.100.222/32 -p udp -m udp --sport 9306 -j RETURN
COMMIT
# Completed on Thu Sep 7 23:57:19 2023
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Thu Sep 7 23:57:19 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9307 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9308 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9309 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9310 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 9306 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8735 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8736 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8737 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8738 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 8734 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p tcp -m tcp --dport 1080 -j ACCEPT
-A MINIUPNPD -d 192.168.100.152/32 -p udp -m udp --dport 3027 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8522 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8608 -j ACCEPT
-A MINIUPNPD -d 192.168.100.236/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 192.168.100.112/32 -p udp -m udp --dport 8103 -j ACCEPT
-A MINIUPNPD -d 192.168.100.223/32 -p udp -m udp --dport 29575 -j ACCEPT
-A MINIUPNPD -d 192.168.100.222/32 -p udp -m udp --dport 56291 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Sep 7 23:57:19 2023
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:57:19 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [12:972]
:POSTROUTING ACCEPT [12:972]
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
COMMIT
# Completed on Thu Sep 7 23:57:19 2023
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:57:19 2023
*mangle
:PREROUTING ACCEPT [662:65008]
:INPUT ACCEPT [622:61968]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [662:65008]
:POSTROUTING ACCEPT [662:65008]
COMMIT
# Completed on Thu Sep 7 23:57:19 2023
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Thu Sep 7 23:57:19 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [20:1520]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Sep 7 23:57:19 2023
#===================== IPSET状态 =====================#
Name: localnetwork
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 960
References: 3
Number of entries: 9
Name: china_ip_route
Type: hash:net
Revision: 6
Header: family inet hashsize 32768 maxelem 1000000
Size in memory: 2302760
References: 4
Number of entries: 92349
Name: china_ip_route_pass
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1000000
Size in memory: 448
References: 3
Number of entries: 0
#===================== 路由表状态 =====================#
#IPv4
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 eth0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
#ip route list
default via 192.168.100.1 dev eth0 proto static
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.2
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#IPv6
#route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 :: !n -1 1 0 lo
::1/128 :: Un 0 6 0 lo
::/0 :: !n -1 1 0 lo
#ip -6 route list
#ip -6 rule show
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo failed_policy
4200000003: from all iif eth0 failed_policy
#===================== 端口占用状态 =====================#
tcp 0 0 :::7890 :::* LISTEN 21649/clash
tcp 0 0 :::7891 :::* LISTEN 21649/clash
tcp 0 0 :::7892 :::* LISTEN 21649/clash
tcp 0 0 :::7893 :::* LISTEN 21649/clash
tcp 0 0 :::7895 :::* LISTEN 21649/clash
tcp 0 0 :::9090 :::* LISTEN 21649/clash
udp 0 0 :::7874 :::* 21649/clash
udp 0 0 :::7891 :::* 21649/clash
udp 0 0 :::7892 :::* 21649/clash
udp 0 0 :::7893 :::* 21649/clash
udp 0 0 :::7895 :::* 21649/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: www.baidu.com
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address 1: 120.232.145.185
Address 2: 120.232.145.144
*** Can't find www.baidu.com: No answer
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 1
Qclass: 1
Answer:
TTL: 152
data: 69.171.234.48
name: www.instagram.com.
type: 1
Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto
#===================== /tmp/resolv.conf.auto =====================#
# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8
#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#
# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 07 Sep 2023 15:57:19 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
HTTP/2 404
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 8EAA:413E:40E611:4967A2:64F9F2DE
accept-ranges: bytes
date: Thu, 07 Sep 2023 15:57:19 GMT
via: 1.1 varnish
x-served-by: cache-itm18840-ITM
x-cache: MISS
x-cache-hits: 0
x-timer: S1694102240.838295,VS0,VE157
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 72edfbf8e375e47a21dd705d83dfb5fc8f421b2f
expires: Thu, 07 Sep 2023 16:02:19 GMT
source-age: 0
content-length: 14
#===================== 最近运行日志(自动切换为Debug模式) =====================#
time="2023-09-07T15:43:33.055030097Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55217 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
2023-09-07 23:43:35 Watchdog: Setting Firewall For Enabling Redirect...
time="2023-09-07T15:43:38.065702655Z" level=warning msg="[TCP] dial Ⓜ️ 微软服务 (match DomainSuffix/windows.com) 192.168.100.50:55218 --> client.wns.windows.com:443 error: dns resolve failed: context deadline exceeded"
time="2023-09-07T15:43:44.087291663Z" level=info msg="[TCP] 192.168.100.2:49962 --> raw.githubusercontent.com:443 match DomainSuffix(githubusercontent.com) using 🔰 节点选择[[SS] SS1]"
2023-09-07 23:44:46 OpenClash Restart...
2023-09-07 23:44:46 OpenClash Stoping...
2023-09-07 23:44:46 Step 1: Backup The Current Groups State...
2023-09-07 23:44:46 Step 2: Delete OpenClash Firewall Rules...
2023-09-07 23:44:47 Step 3: Close The OpenClash Daemons...
2023-09-07 23:44:47 Step 4: Close The Clash Core Process...
2023-09-07 23:44:47 Step 5: Restart Dnsmasq...
2023-09-07 23:44:52 Step 6: Delete OpenClash Residue File...
2023-09-07 23:44:52 OpenClash Start Running...
2023-09-07 23:44:52 Step 1: Get The Configuration...
2023-09-07 23:44:52 Step 2: Check The Components...
2023-09-07 23:44:52 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2023-09-07 23:44:52 Step 3: Modify The Config File...
2023-09-07 23:44:52 Warning: You May Need to Turn off The Rebinding Protection Option of Dnsmasq When Hosts Has Set a Reserved Address
2023-09-07 23:44:53 Tip: Start Running Custom Overwrite Scripts...
2023-09-07 23:44:53 Step 4: Start Running The Clash Core...
2023-09-07 23:44:53 Tip: Detected The Exclusive Function of The Meta Core, Use Meta Core to Start...
2023-09-07 23:44:53 Test The Config File First...
time="2023-09-07T15:44:54.650121476Z" level=info msg="Start initial configuration in progress"
time="2023-09-07T15:44:54.651080491Z" level=info msg="Geodata Loader mode: standard"
time="2023-09-07T15:44:55.030012099Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338"
time="2023-09-07T15:44:55.983417384Z" level=warning msg="[CacheFile] can't open cache file: timeout"
time="2023-09-07T15:44:55.983474143Z" level=warning msg="Deprecated: Use Sniff instead"
time="2023-09-07T15:44:55.983504049Z" level=info msg="Initial configuration complete, total time: 1333ms"
2023-09-07 23:44:55 configuration file【/etc/openclash/config.yaml】test is successful
2023-09-07 23:44:57 Step 5: Check The Core Status...
time="2023-09-07T15:44:57.715180396Z" level=info msg="Start initial configuration in progress"
time="2023-09-07T15:44:57.71610786Z" level=info msg="Geodata Loader mode: standard"
time="2023-09-07T15:44:58.09642811Z" level=info msg="Start initial GeoIP rule CN => 🎯 全球直连, records: 11338"
time="2023-09-07T15:44:58.111587917Z" level=warning msg="Deprecated: Use Sniff instead"
time="2023-09-07T15:44:58.11163341Z" level=info msg="Initial configuration complete, total time: 396ms"
time="2023-09-07T15:44:58.112187925Z" level=info msg="RESTful API listening at: [::]:9090"
time="2023-09-07T15:44:58.125333152Z" level=info msg="Sniffer is loaded and working"
time="2023-09-07T15:44:58.125358194Z" level=info msg="Use tcp concurrent"
time="2023-09-07T15:44:58.125528325Z" level=info msg="DNS server listening at: [::]:7874"
time="2023-09-07T15:44:58.125576884Z" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-09-07T15:44:58.125607691Z" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-09-07T15:44:58.125643529Z" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-09-07T15:44:58.125684559Z" level=info msg="TProxy server listening at: [::]:7895"
time="2023-09-07T15:44:58.12575511Z" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-09-07T15:44:58.125820824Z" level=info msg="Start initial compatible provider 🌏 国内媒体"
time="2023-09-07T15:44:58.125851199Z" level=info msg="Start initial compatible provider 🚫 运营劫持"
time="2023-09-07T15:44:58.125870705Z" level=info msg="Start initial compatible provider 🍎 苹果服务"
time="2023-09-07T15:44:58.125888555Z" level=info msg="Start initial compatible provider default"
time="2023-09-07T15:44:58.125892322Z" level=info msg="Start initial compatible provider 🎥 NETFLIX"
time="2023-09-07T15:44:58.125915208Z" level=info msg="Start initial compatible provider 🔰 节点选择"
time="2023-09-07T15:44:58.12593229Z" level=info msg="Start initial compatible provider ♻️ 自动选择"
time="2023-09-07T15:44:58.125933611Z" level=info msg="Start initial compatible provider 🛑 全球拦截"
time="2023-09-07T15:44:58.125923045Z" level=info msg="Start initial compatible provider 🌍 国外媒体"
time="2023-09-07T15:44:58.12592313Z" level=info msg="Start initial compatible provider 🐟 漏网之鱼"
time="2023-09-07T15:44:58.1259248Z" level=info msg="Start initial compatible provider 📲 电报信息"
time="2023-09-07T15:44:58.125906409Z" level=info msg="Start initial compatible provider 🎯 全球直连"
time="2023-09-07T15:44:58.125938047Z" level=info msg="Start initial compatible provider ⛔️ 广告拦截"
time="2023-09-07T15:44:58.125929907Z" level=info msg="Start initial compatible provider Ⓜ️ 微软服务"
2023-09-07 23:45:00 Step 6: Wait For The File Downloading...
2023-09-07 23:45:00 Step 7: Set Firewall Rules...
2023-09-07 23:45:00 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-09-07 23:45:00 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces...
2023-09-07 23:45:00 Tip: Bypass the China IP May Cause the Dnsmasq Load For a Long Time After Restart in FAKE-IP Mode, Hijack the DNS to Core Untill the Dnsmasq Works Well...
2023-09-07 23:45:01 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-09-07 23:45:01 Tip: Start Add Custom Firewall Rules...
2023-09-07 23:45:01 Step 8: Restart Dnsmasq...
2023-09-07 23:45:01 Step 9: Add Cron Rules, Start Daemons...
2023-09-07 23:45:01 OpenClash Start Successful!
2023-09-07 23:45:01 Tip: Dnsmasq Work is Normal, Restore The Firewall DNS Hijacking Rules...
time="2023-09-07T15:45:04.970465492Z" level=info msg="[TCP] 192.168.100.8:51671 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]"
time="2023-09-07T15:45:04.970541412Z" level=info msg="[TCP] 192.168.100.8:51672 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]"
time="2023-09-07T15:45:06.03799341Z" level=info msg="[TCP] 192.168.100.8:51675 --> clients4.google.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:45:13.449854334Z" level=info msg="[TCP] 192.168.100.50:55239 --> client.wns.windows.com:443 match DomainSuffix(windows.com) using Ⓜ️ 微软服务[DIRECT]"
time="2023-09-07T15:45:50.766990872Z" level=info msg="[TCP] 192.168.100.8:51689 --> www.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[SS] SS1]"
time="2023-09-07T15:45:51.976256546Z" level=info msg="[TCP] 192.168.100.8:51690 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:45:53.106471829Z" level=info msg="[TCP] 192.168.100.8:51691 --> api.ipify.org:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:45:54.444599546Z" level=info msg="[TCP] 192.168.100.8:59566 --> safebrowsing.googleapis-cn.com:443 match DomainKeyword(google) using 🔰 节点选择[[SS] SS1]"
2023-09-07 23:46:01 Watchdog: Setting Firewall For Enabling Redirect...
time="2023-09-07T15:46:06.951278947Z" level=info msg="[TCP] 192.168.100.8:51696 --> identity.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:46:08.12853195Z" level=info msg="[TCP] 192.168.100.8:51697 --> notifications.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:46:09.335961704Z" level=info msg="[TCP] 192.168.100.8:51698 --> api.bitwarden.com:443 match Match using 🐟 漏网之鱼[[SS] SS1]"
time="2023-09-07T15:46:56.963049116Z" level=info msg="[TCP] 192.168.100.8:51703 --> accounts.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[SS] SS1]"
time="2023-09-07T15:47:05.311892217Z" level=info msg="[TCP] 192.168.100.8:51704 --> alive.github.com:443 match DomainSuffix(github.com) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:47:06.491150856Z" level=info msg="[TCP] 192.168.100.8:59567 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[SS] SS1]"
time="2023-09-07T15:47:28.246810876Z" level=info msg="[TCP] 192.168.100.8:51707 --> github.com:443 match DomainSuffix(github.com) using 🔰 节点选择[[SS] SS1]"
time="2023-09-07T15:49:07.814280868Z" level=info msg="[TCP] 192.168.100.8:51710 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[SS] SS1]"
time="2023-09-07T15:52:08.386296714Z" level=info msg="[TCP] 192.168.100.8:59568 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:52:39.078668476Z" level=info msg="[TCP] 192.168.100.8:51717 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:54:02.250530097Z" level=info msg="[TCP] 192.168.100.8:51723 --> westus-0.in.applicationinsights.azure.com:443 match DomainSuffix(azure.com) using Ⓜ️ 微软服务[DIRECT]"
time="2023-09-07T15:55:17.007524683Z" level=info msg="[TCP] 192.168.100.50:55355 --> v10.events.data.microsoft.com:443 match DomainKeyword(microsoft) using Ⓜ️ 微软服务[DIRECT]"
time="2023-09-07T15:56:14.543621021Z" level=info msg="[TCP] 192.168.100.8:51730 --> www.google.com:443 match DomainKeyword(google) using 🔰 节点选择[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:56:16.022122648Z" level=info msg="[TCP] 192.168.100.8:51734 --> api.wcc.best:443 match Match using 🐟 漏网之鱼[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:56:18.135299Z" level=info msg="[TCP] 192.168.100.8:51735 --> 91.108.56.126:443 match IPCIDR(91.108.56.0/22) using 📲 电报信息[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:56:59.870539164Z" level=info msg="[TCP] 192.168.100.8:51737 --> accounts.youtube.com:443 match DomainSuffix(youtube.com) using 🌍 国外媒体[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:57:08.211647365Z" level=info msg="[UDP] 192.168.100.8:123 --> time-ios.g.aaplimg.com:123 match DomainSuffix(aaplimg.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:57:08.686651154Z" level=info msg="[TCP] 192.168.100.50:55386 --> safebrowsing.googleapis.com:443 match DomainKeyword(google) using 🔰 节点选择[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:57:09.817330011Z" level=info msg="[TCP] 192.168.100.8:59569 --> stocks-data-service.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:57:09.932752932Z" level=info msg="[TCP] 192.168.100.8:59570 --> weather-data.apple.com:443 match DomainSuffix(apple.com) using 🍎 苹果服务[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:57:13.705693651Z" level=info msg="[TCP] 192.168.100.8:51741 --> www.instagram.com:443 match DomainSuffix(instagram.com) using 🔰 节点选择[[VMess] Vmess+Ws+2]"
time="2023-09-07T15:57:19.629650675Z" level=info msg="[TCP] 192.168.100.2:49284 --> raw.githubusercontent.com:443 match DomainSuffix(githubusercontent.com) using 🔰 节点选择[[VMess] Vmess+Ws+2]"
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
1. SourceIP:【192.168.100.8】 - Host:【api.wcc.best】 - DestinationIP:【104.21.73.40】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[VMess] Vmess+Ws+2】
2. SourceIP:【192.168.100.8】 - Host:【alive.github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【github.com】 - Lastchain:【[SS] SS1】
3. SourceIP:【192.168.100.50】 - Host:【client.wns.windows.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【windows.com】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.100.8】 - Host:【time-ios.g.aaplimg.com】 - DestinationIP:【17.253.84.253】 - Network:【udp】 - RulePayload:【aaplimg.com】 - Lastchain:【[VMess] Vmess+Ws+2】
5. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[SS] SS1】
6. SourceIP:【192.168.100.8】 - Host:【accounts.youtube.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【youtube.com】 - Lastchain:【[VMess] Vmess+Ws+2】
7. SourceIP:【192.168.100.50】 - Host:【safebrowsing.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[VMess] Vmess+Ws+2】
8. SourceIP:【192.168.100.8】 - Host:【notifications.bitwarden.com】 - DestinationIP:【104.18.13.33】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[SS] SS1】
9. SourceIP:【192.168.100.8】 - Host:【www.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[VMess] Vmess+Ws+2】
10. SourceIP:【192.168.100.8】 - Host:【www.instagram.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【instagram.com】 - Lastchain:【[VMess] Vmess+Ws+2】
11. SourceIP:【192.168.100.8】 - Host:【clients4.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【[SS] SS1】
12. SourceIP:【192.168.100.8】 - Host:【Empty】 - DestinationIP:【91.108.56.126】 - Network:【tcp】 - RulePayload:【91.108.56.0/22】 - Lastchain:【[VMess] Vmess+Ws+2】
fallback:
fallback:
- tls://1.1.1.1:853
- tls://8.8.8.8:853
- https://1.1.1.1/dns-query
- https://8.8.8.8/dns-query
换成 fallback:
- tls://8.8.4.4:853 试试
非常感谢! 同样国外域名无法解析,照你的办法解决了 不过我是在重启路由器之后发生的,配置并没有进行改动,就很迷……
fallback:
- tls://1.1.1.1:853
- tls://8.8.8.8:853
- https://1.1.1.1/dns-query
- https://8.8.8.8/dns-query
换成 fallback:
- tls://8.8.4.4:853 试试
已经解决,非常感谢
这是什么原理啊,bug吗
插眼,谁知道加了个fallback 的dns服务器会出现这种问题😭幸亏有人踩过
插眼,谁知道加了个fallback 的dns服务器会出现这种问题😭幸亏有人踩过
插眼,我也是出现这种问题了,,,也是真服了啊
Verify Steps
OpenClash Version
v0.45.141-beta
Bug on Environment
Other
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
在fallback中配置DNS为tls、https、tcp 53等服务器,不配置udp 53服务器,导致国外域名无法解析,均出现"** server can't find www.xxx.com: SERVFAIL"错误
当fallback中加入udp 53服务器,解析问题解除,但存在污染现象
Describe the Bug
之前一直使用老版本,具体哪个版本记不清了,反正是在openwrt服务器单独添加时没有vless + vision的版本,编译选项与新版本一摸一样,使用的clash meta内核,使用一直很稳定。
前几天为了能够支持vless + vision,特意重新编译了新版本,却在配置完成后无法访问任何外网,检查后发现所有涉及到国外的域名均存在DNS解析失败情况,多次尝试后发现在fallback中加入udp 53的国外DNS服务器可解决。
可今天需要访问到raw.githubusercontent.com时发现解析失败,连0.0.0.0都获取不到,直接无结果,开启Fallback-Filter也无法解决,感觉应该是DNS污染问题,原因应该为udp被恶意更改解析结果,可删除udp服务器后却导致所有国外域名均无法解析。
OpenClash Log
为了不让日志太长,我将部分不相关内容删除(主要是规则部分以及系统自带注释部分,规则使用的ACL4SSR_Github_Online_Full)
Redir-Host日志:
OpenClash Config
Expected Behavior
希望能解决这个问题
Screenshots
No response