Closed liangyi9812 closed 9 months ago
v0.45.141-beta
Official OpenWrt
Linux-amd64(x86-64)
插件设置 - 流媒体增强 - (实验性:屏蔽 Google DNS 的局域网设备 IP 与 实验性:屏蔽 Google DNS 的局域网设备 Mac) 均为不设置
未配置相关选项 (实验性:屏蔽 Google DNS 的局域网设备 IP 与 实验性:屏蔽 Google DNS 的局域网设备 Mac) 却出现了相关的nat防火墙
OpenClash 调试日志
生成时间: 2023-10-06 19:01:50 插件版本: v0.45.141-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================# 主机型号: QEMU Standard PC (i440FX + PIIX, 1996) 固件版本: ImmortalWrt 21.02.7 r20074-a8bbadefaf LuCI版本: git-20.074.84698-ead5e81 内核版本: 5.4.255 处理器架构: x86_64 #此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: DNS劫持: Dnsmasq 转发 #DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874 #===================== 依赖检查 =====================# dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci >= 19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 已安装 unzip: 已安装 iptables-mod-tproxy: 已安装 kmod-ipt-tproxy: 已安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 kmod-ipt-nat: 已安装 #===================== 内核检查 =====================# 运行状态: 运行中 运行内核:Meta 进程pid: 25300 运行权限: 25300: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-amd64 #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2023.08.17-13-gdcc8d87 Tun内核文件: 存在 Tun内核运行权限: 正常 Dev内核版本: v1.18.0-13-gd034a40 Dev内核文件: 存在 Dev内核运行权限: 正常 Meta内核版本: alpha-g6b1a438 Meta内核文件: 存在 Meta内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/liangyi-meta-gist.yaml 启动配置文件: /etc/openclash/liangyi-meta-gist.yaml 运行模式: fake-ip 默认代理模式: rule UDP流量转发(tproxy): 启用 自定义DNS: 停用 IPV6代理: 停用 IPV6-DNS解析: 启用 禁用Dnsmasq缓存: 启用 自定义规则: 停用 仅允许内网: 停用 仅代理命中规则流量: 停用 仅允许常用端口流量: 停用 绕过中国大陆IP: 停用 路由本机代理: 启用 #启动异常时建议关闭此项后重试 混合节点: 停用 保留配置: 停用 #启动异常时建议关闭此项后重试 第三方规则: 停用 #===================== 配置文件 =====================# pr: type: select proxies: &2 - "\U0001F3AF直连回国" - "\U0001F50CWARP" - "\U0001F50CCF-WORKER-MANUAL-IP" - "\U0001F530MyOwnProxies" - "\U0001F4B5NewWorld" - "\U0001F4B5GLaDOS" - "\U0001F512tls-group-select" - "\U0001F512tls-group-fallback" - "\U0001F512free-vveg26-chromego-select" - "\U0001F512free-vveg26-chromego-fallback" - "\U0001F510frees-select" - "\U0001F1ED\U0001F1F0香港" - "\U0001F1E8\U0001F1F3大陆|台湾" - "\U0001F1EF\U0001F1F5日本" - "\U0001F1F0\U0001F1F7韩国" - "\U0001F1FA\U0001F1F8美国" - "\U0001F1EC\U0001F1E7英国" - "\U0001F1F8\U0001F1EC新加坡" - "\U0001F3F3️\U0001F308其它地区" - "\U0001F3F4☠️未知地区" - DIRECT - REJECT use: type: select use: &3 - MyOwnProxies - NewWorld - GLaDOS - frees - free-vveg26-chromego p: type: http interval: 21600 health-check: enable: true url: https://www.gstatic.com/generate_204 interval: 520 fake-ip-filter: &1 - "*.lan" - "*.localdomain" - "*.example" - "*.invalid" - "*.localhost" - "*.test" - "*.local" - "*.home.arpa" - time.*.com - time.*.gov - time.*.edu.cn - time.*.apple.com - time1.*.com - time2.*.com - time3.*.com - time4.*.com - time5.*.com - time6.*.com - time7.*.com - ntp.*.com - ntp1.*.com - ntp2.*.com - ntp3.*.com - ntp4.*.com - ntp5.*.com - ntp6.*.com - ntp7.*.com - "*.time.edu.cn" - "*.ntp.org.cn" - "+.pool.ntp.org" - time1.cloud.tencent.com - music.163.com - "*.music.163.com" - "*.126.net" - musicapi.taihe.com - music.taihe.com - songsearch.kugou.com - trackercdn.kugou.com - "*.kuwo.cn" - api-jooxtt.sanook.com - api.joox.com - joox.com - y.qq.com - "*.y.qq.com" - streamoc.music.tc.qq.com - mobileoc.music.tc.qq.com - isure.stream.qqmusic.qq.com - dl.stream.qqmusic.qq.com - aqqmusic.tc.qq.com - amobile.music.tc.qq.com - "*.xiami.com" - "*.music.migu.cn" - music.migu.cn - "*.msftconnecttest.com" - "*.msftncsi.com" - msftconnecttest.com - msftncsi.com - localhost.ptlogin2.qq.com - localhost.sec.qq.com - "+.srv.nintendo.net" - "+.stun.playstation.net" - xbox.*.microsoft.com - xnotify.xboxlive.com - "+.battlenet.com.cn" - "+.wotgame.cn" - "+.wggames.cn" - "+.wowsgame.cn" - "+.wargaming.net" - proxy.golang.org - stun.*.* - stun.*.*.* - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - heartbeat.belkin.com - "*.linksys.com" - "*.linksyssmartwifi.com" - "*.router.asus.com" - mesu.apple.com - swscan.apple.com - swquery.apple.com - swdownload.apple.com - swcdn.apple.com - swdist.apple.com - sylvan.apple.com - lens.l.google.com - stun.l.google.com - "+.nflxvideo.net" - "*.square-enix.com" - "*.finalfantasyxiv.com" - "*.ffxiv.com" - "*.mcdn.bilivideo.cn" rule-providers: applications: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt path: "./rule_provider/applications.yaml" interval: 86400 liangyi-dns-direct: type: http behavior: ipcidr url: https://ghproxy.com/https://gist.githubusercontent.com/liangyi9812/f9ae2xxxxxxxe0366626/raw/liangyi-dns-direct.yaml path: "./rule_provider/liangyi-dns-direct.yaml" interval: 86400 liangyi-direct-nonip: type: http behavior: classical url: https://ghproxy.com/https://gist.githubusercontent.com/liangyi9812/f9ae2xxxxxxxe0366626/raw/liangyi-direct-nonip.yaml path: "./rule_provider/liangyi-direct-nonip.yaml" interval: 86400 liangyi-proxy-nonip: type: http behavior: classical url: https://ghproxy.com/https://gist.githubusercontent.com/liangyi9812/f9ae2xxxxxxxe0366626/raw/liangyi-proxy-nonip.yaml path: "./rule_provider/liangyi-proxy-nonip.yaml" interval: 86400 liangyi-proxy-important-nonip: type: http behavior: classical url: https://ghproxy.com/https://gist.githubusercontent.com/liangyi9812/f9ae2xxxxxxxe0366626/raw/liangyi-proxy-important-nonip.yaml path: "./rule_provider/liangyi-proxy-important-nonip.yaml" interval: 86400 BanAD: type: http behavior: classical url: https://ghproxy.com/https://github.com/ACL4SSR/ACL4SSR/raw/master/Clash/Providers/BanAD.yaml path: "./rule_provider/BanAD.yaml" interval: 86400 BanEasyPrivacy: type: http behavior: classical url: https://ghproxy.com/https://github.com/ACL4SSR/ACL4SSR/raw/master/Clash/Providers/BanEasyPrivacy.yaml path: "./rule_provider/BanEasyPrivacy.yaml" interval: 86400 BanEasyList: type: http behavior: classical url: https://ghproxy.com/https://github.com/ACL4SSR/ACL4SSR/raw/master/Clash/Providers/BanEasyList.yaml path: "./rule_provider/BanEasyList.yaml" interval: 86400 BanEasyListChina: type: http behavior: classical url: https://ghproxy.com/https://github.com/ACL4SSR/ACL4SSR/raw/master/Clash/Providers/BanEasyListChina.yaml path: "./rule_provider/BanEasyListChina.yaml" interval: 86400 BanProgramAD: type: http behavior: classical url: https://ghproxy.com/https://github.com/ACL4SSR/ACL4SSR/raw/master/Clash/Providers/BanProgramAD.yaml path: "./rule_provider/BanProgramAD.yaml" interval: 86400 profile: store-selected: true store-fake-ip: true mode: rule ipv6: true log-level: info allow-lan: true bind-address: "*" port: 7890 socks-port: 7891 mixed-port: 7893 external-controller: 0.0.0.0:8888 unified-delay: true tcp-concurrent: true find-process-mode: 'off' global-client-fingerprint: chrome geodata-mode: true geodata-loader: memconservative geox-url: geoip: https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat geosite: https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat mmdb: https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/country.mmdb sniffer: enable: true parse-pure-ip: true force-domain: - "+.netflix.com" - "+.nflxvideo.net" - "+.amazonaws.com" - "+.media.dssott.com" skip-domain: - "+.apple.com" - Mijia Cloud - dlg.io.mi.com sniff: TLS: HTTP: ports: - 80 - 8080-8880 override-destination: true dns: enable: true listen: 0.0.0.0:7874 prefer-h3: true ipv6: true use-hosts: true proxy-server-nameserver: - https://223.5.5.5/dns-query - https://8.8.8.8/dns-query nameserver-policy: geosite:cn,private,apple@cn,icloud@cn: - https://223.5.5.5/dns-query - https://8.8.8.8/dns-query nameserver: - https://1.12.12.12/dns-query fallback: - https://8.8.8.8/dns-query - https://1.1.1.1/dns-query fallback-filter: geoip: true geoip-code: CN ipcidr: - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 domain: - "+.google.com" - "+.facebook.com" - "+.youtube.com" - "+.githubusercontent.com" - "+.googlevideo.com" - "+.msftconnecttest.com" - "+.msftncsi.com" fake-ip-range: 198.18.0.1/16 fake-ip-filter: *1 enhanced-mode: fake-ip proxy-groups: - name: "\U0001F308Google" type: select proxies: *2 - name: "\U0001F3ACYouTube" type: select proxies: *2 - name: "⭐Github" type: select proxies: *2 - name: "\U0001F3B5Spotify" type: select proxies: *2 - name: "\U0001F47EOpenAI" type: select proxies: *2 - name: "\U0001F4DETelegram" type: select proxies: *2 - name: "\U0001F984Twitter" type: select proxies: *2 - name: "\U0001F3ACNETFLIX" type: select proxies: *2 - name: "⚡Speedtest" type: select proxies: *2 - name: "\U0001F5A5Hackintosh" type: select proxies: *2 - name: "\U0001F525Proxies" type: select proxies: *2 - name: "\U0001F525Proxies-Important" type: fallback use: - v2free-paid url: https://www.gstatic.com/generate_204 interval: 300 - name: "\U0001F420CN漏网之鱼" type: select proxies: *2 - name: "❗❗兜底❗❗" type: select proxies: *2 - name: "\U0001F530MyOwnProxies" type: select use: - MyOwnProxies proxies: - "\U0001F3AF直连回国" - "\U0001F50CWARP" - "\U0001F50CCF-WORKER-MANUAL-IP" - "\U0001F4B5NewWorld" - "\U0001F4B5GLaDOS" - "\U0001F512tls-group-select" - "\U0001F512tls-group-fallback" - "\U0001F512free-vveg26-chromego-select" - "\U0001F512free-vveg26-chromego-fallback" - "\U0001F510frees-select" - "\U0001F1ED\U0001F1F0香港" - "\U0001F1E8\U0001F1F3大陆|台湾" - "\U0001F1EF\U0001F1F5日本" - "\U0001F1F0\U0001F1F7韩国" - "\U0001F1FA\U0001F1F8美国" - "\U0001F1EC\U0001F1E7英国" - "\U0001F1F8\U0001F1EC新加坡" - "\U0001F3F3️\U0001F308其它地区" - "\U0001F3F4☠️未知地区" - name: "\U0001F517WARP前置节点" type: select proxies: *2 - name: "\U0001F4B5NewWorld" type: select use: - NewWorld - name: "\U0001F4B5GLaDOS" type: select use: - GLaDOS - name: "\U0001F512tls-group-select" type: select use: - tls-group - name: "\U0001F512tls-group-fallback" type: fallback use: - tls-group url: https://www.gstatic.com/generate_204 interval: 300 - name: "\U0001F512free-vveg26-chromego-select" type: select use: - free-vveg26-chromego - name: "\U0001F512free-vveg26-chromego-fallback" type: fallback use: - free-vveg26-chromego url: https://www.gstatic.com/generate_204 interval: 300 - name: "\U0001F510frees-select" type: select use: - frees - name: "\U0001F1ED\U0001F1F0香港" type: select use: *3 filter: "(?i)(港|香港|\\bhk\\b|\\bhong\\s?kong\\b|\U0001F1ED\U0001F1F0)" - name: "\U0001F1E8\U0001F1F3大陆|台湾" type: select use: *3 filter: "(?i)(中国|大陆|\\bzg\\b|\\bchina\\b|\\bch\\b|台|台湾|\\btw\\b|\\btaiwan\\b|\U0001F1E8\U0001F1F3)" - name: "\U0001F1EF\U0001F1F5日本" type: select use: *3 filter: "(?i)(日|日本|\\bjp\\b|\\bjapan\\b|\U0001F1EF\U0001F1F5)" - name: "\U0001F1F0\U0001F1F7韩国" type: select use: *3 filter: "(?i)(韩|韩国|\\bkr\\b|\\bkorea\\b|\U0001F1F0\U0001F1F7)" - name: "\U0001F1FA\U0001F1F8美国" type: select use: *3 filter: "(?i)(美|美国|\\bus\\b|\\bunited\\s?states\\b|\U0001F1FA\U0001F1F8)" - name: "\U0001F1EC\U0001F1E7英国" type: select use: *3 filter: "(?i)(英|英国|\\buk\\b|\\bunited\\s?kingdom\\b|\U0001F1EC\U0001F1E7)" - name: "\U0001F1F8\U0001F1EC新加坡" type: select use: *3 filter: "(?i)(新|新加坡|\\bsg\\b|\\bsingapore\\b|\U0001F1F8\U0001F1EC)" - name: "\U0001F3F3️\U0001F308其它地区" type: select use: *3 filter: "(?i)^(?!.*(?:\U0001F3F4☠️|\U0001F1ED\U0001F1F0|\U0001F1E8\U0001F1F3|\U0001F1EF\U0001F1F5|\U0001F1F0\U0001F1F7|\U0001F1FA\U0001F1F8|\U0001F1EC\U0001F1E7|\U0001F1F8\U0001F1EC|港|香港|hk|hong\\s?kong|中国|zg|china|ch|大陆|台|台湾|tw|taiwan|日本|jp|japan|韩|韩国|kr|korea|新|新加坡|sg|singapore|美|美国|us|united\\s?states|英|英国|uk|united\\s?kingdom)).*" - name: "\U0001F3F4☠️未知地区" type: select use: *3 filter: "(?i)\U0001F3F4☠️" - name: "\U0001F3AF直连回国" type: select proxies: - DIRECT - name: "\U0001F6D1广告拦截" type: select proxies: - REJECT - PASS - DIRECT rules: - DST-PORT,7895,REJECT - DST-PORT,7892,REJECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - RULE-SET,liangyi-dns-direct,DIRECT,no-resolve - GEOIP,LAN,DIRECT,no-resolve - GEOSITE,private,DIRECT - "DOMAIN-SUFFIX,jsdelivr.net,\U0001F3AF直连回国" - "DOMAIN,ghproxy.com,\U0001F3AF直连回国" - "GEOSITE,icloud@cn,\U0001F3AF直连回国" - "GEOSITE,apple@cn,\U0001F3AF直连回国" - "RULE-SET,liangyi-direct-nonip,\U0001F3AF直连回国" - "GEOSITE,category-ads-all,\U0001F6D1广告拦截" - "RULE-SET,BanAD,\U0001F6D1广告拦截" - "RULE-SET,BanEasyPrivacy,\U0001F6D1广告拦截" - "RULE-SET,BanEasyList,\U0001F6D1广告拦截" - "RULE-SET,BanEasyListChina,\U0001F6D1广告拦截" - "RULE-SET,BanProgramAD,\U0001F6D1广告拦截" - "RULE-SET,applications,\U0001F3AF直连回国" - "GEOSITE,CN,\U0001F3AF直连回国" - "RULE-SET,liangyi-proxy-nonip,\U0001F525Proxies" - "RULE-SET,liangyi-proxy-important-nonip,\U0001F525Proxies-Important" - "GEOSITE,spotify,\U0001F3B5Spotify" - "GEOSITE,openai,\U0001F47EOpenAI" - GEOSITE,github,⭐Github - "GEOSITE,youtube,\U0001F3ACYouTube" - "GEOSITE,twitter,\U0001F984Twitter" - "GEOSITE,telegram,\U0001F4DETelegram" - GEOSITE,speedtest,⚡Speedtest - "GEOSITE,netflix,\U0001F3ACNETFLIX" - "GEOSITE,google,\U0001F308Google" - "OR,((DOMAIN-KEYWORD,tonymacx86), (DOMAIN-KEYWORD,insanelymac)),\U0001F5A5Hackintosh" - "GEOSITE,geolocation-!cn,\U0001F420CN漏网之鱼" - "GEOIP,telegram,\U0001F4DETelegram" - MATCH,❗❗兜底❗❗ redir-port: 7892 tproxy-port: 7895 external-ui: "/usr/share/openclash/ui" authentication: - root:xxxxx #===================== 自定义覆写设置 =====================# #!/bin/sh . /usr/share/openclash/ruby.sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts LOG_OUT "Tip: Start Running Custom Overwrite Scripts..." LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S")) LOG_FILE="/tmp/openclash.log" CONFIG_FILE="$1" #config path #Simple Demo: #General Demo #1--config path #2--key name #3--value #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892" #ruby_edit "$CONFIG_FILE" "['secret']" "123456" #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true" #Hash Demo #1--config path #2--key name #3--hash type value #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}" #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}" #Array Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114" #Array Add From Yaml File Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value file path #5--value key name in #4 file #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']" #Ruby Script Demo: #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e " # begin # Value = YAML.load_file('$CONFIG_FILE'); # rescue Exception => e # puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】'; # end; #General # begin # Thread.new{ # Value['redir-port']=7892; # Value['tproxy-port']=7895; # Value['port']=7890; # Value['socks-port']=7891; # Value['mixed-port']=7893; # }.join; # rescue Exception => e # puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】'; # ensure # File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)}; # end" 2>/dev/null >> $LOG_FILE exit 0 #===================== 自定义防火墙设置 =====================# #!/bin/sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules LOG_OUT "Tip: Start Add Custom Firewall Rules..." exit 0 #===================== IPTABLES 防火墙设置 =====================# #IPv4 NAT chain # Generated by iptables-save v1.8.7 on Fri Oct 6 19:01:55 2023 *nat :PREROUTING ACCEPT [141:74064] :INPUT ACCEPT [785:51071] :OUTPUT ACCEPT [975:95970] :POSTROUTING ACCEPT [977:96090] :openclash - [0:0] :openclash_output - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] -A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -j openclash -A OUTPUT -j openclash_output -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892 -A openclash -p tcp -j REDIRECT --to-ports 7892 -A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule COMMIT # Completed on Fri Oct 6 19:01:55 2023 #IPv4 Mangle chain # Generated by iptables-save v1.8.7 on Fri Oct 6 19:01:55 2023 *mangle :PREROUTING ACCEPT [41240:20089081] :INPUT ACCEPT [41077:20108818] :FORWARD ACCEPT [101:6950] :OUTPUT ACCEPT [41609:24769386] :POSTROUTING ACCEPT [41710:24776336] :openclash - [0:0] :openclash_output - [0:0] :openclash_upnp - [0:0] -A PREROUTING -p udp -j openclash -A OUTPUT -p udp -j openclash_output -A openclash -i lo -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p udp -m udp --dport 53 -j RETURN -A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff -A openclash -p udp -j openclash_upnp -A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff -A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff COMMIT # Completed on Fri Oct 6 19:01:55 2023 #IPv4 Filter chain # Generated by iptables-save v1.8.7 on Fri Oct 6 19:01:55 2023 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :reject - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] -A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT COMMIT # Completed on Fri Oct 6 19:01:55 2023 #IPv6 NAT chain # Generated by ip6tables-save v1.8.7 on Fri Oct 6 19:01:55 2023 *nat :PREROUTING ACCEPT [99:26455] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [127:11967] :POSTROUTING ACCEPT [127:11967] -A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53 COMMIT # Completed on Fri Oct 6 19:01:55 2023 #IPv6 Mangle chain # Generated by ip6tables-save v1.8.7 on Fri Oct 6 19:01:55 2023 *mangle :PREROUTING ACCEPT [1702:433078] :INPUT ACCEPT [1058:244678] :FORWARD ACCEPT [1:72] :OUTPUT ACCEPT [1615:183241] :POSTROUTING ACCEPT [1617:183361] COMMIT # Completed on Fri Oct 6 19:01:55 2023 #IPv6 Filter chain # Generated by ip6tables-save v1.8.7 on Fri Oct 6 19:01:55 2023 *filter :INPUT ACCEPT [1:72] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :reject - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT COMMIT # Completed on Fri Oct 6 19:01:55 2023 #===================== IPSET状态 =====================# Name: localnetwork Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 Size in memory: 1032 References: 3 Number of entries: 9 Name: china_ip_route Type: hash:net Revision: 6 Header: family inet hashsize 2048 maxelem 1000000 Size in memory: 187552 References: 1 Number of entries: 8612 Name: china_ip_route_pass Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 1000000 Size in memory: 456 References: 0 Number of entries: 0 #===================== 路由表状态 =====================# #IPv4 #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.21.1 0.0.0.0 UG 0 0 0 br-lan 192.168.21.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan #ip route list default via 192.168.21.1 dev br-lan proto static 192.168.21.0/24 dev br-lan proto kernel scope link src 192.168.21.2 #ip rule show 0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default #IPv6 #route -A inet6 Kernel IPv6 routing table Destination Next Hop Flags Metric Ref Use Iface ::/0 fe80::60a6:acff:fe22:4413 UG 512 3 0 br-lan 2409:8a28:a288:37c1::/64 :: U 256 1 0 br-lan 2409:8a28:a288:37c1::/64 :: !n 2147483647 1 0 lo fe80::/64 :: U 256 2 0 br-lan ::/0 :: !n -1 2 0 lo ::1/128 :: Un 0 5 0 lo 2409:8a28:a288:37c1::/128 :: Un 0 3 0 br-lan *WAN IP*:e20b/128 :: Un 0 5 0 br-lan fe80::/128 :: Un 0 3 0 br-lan fe80::b80f:37ff:fe66:e20b/128 :: Un 0 5 0 br-lan ff00::/8 :: U 256 4 0 br-lan ::/0 :: !n -1 2 0 lo #ip -6 route list default from 2409:8a28:a288:37c1::/64 via fe80::60a6:acff:fe22:4413 dev br-lan proto static metric 512 pref medium 2409:8a28:a288:37c1::/64 dev br-lan proto static metric 256 pref medium unreachable 2409:8a28:a288:37c1::/64 dev lo proto static metric 2147483647 pref medium fe80::/64 dev br-lan proto kernel metric 256 pref medium #ip -6 rule show 0: from all lookup local 32766: from all lookup main 4200000001: from all iif lo failed_policy 4200000004: from all iif br-lan failed_policy 4200000004: from all iif br-lan failed_policy #===================== 端口占用状态 =====================# tcp 0 0 :::7890 :::* LISTEN 25300/clash tcp 0 0 :::7891 :::* LISTEN 25300/clash tcp 0 0 :::7892 :::* LISTEN 25300/clash tcp 0 0 :::7893 :::* LISTEN 25300/clash tcp 0 0 :::7895 :::* LISTEN 25300/clash tcp 0 0 :::8888 :::* LISTEN 25300/clash udp 0 0 :::36712 :::* 25300/clash udp 0 0 :::44915 :::* 25300/clash udp 0 0 :::40826 :::* 25300/clash udp 0 0 :::44952 :::* 25300/clash udp 0 0 :::43937 :::* 25300/clash udp 0 0 :::48058 :::* 25300/clash udp 0 0 :::57294 :::* 25300/clash udp 0 0 :::49114 :::* 25300/clash udp 0 0 :::59364 :::* 25300/clash udp 0 0 :::32787 :::* 25300/clash udp 0 0 :::48170 :::* 25300/clash udp 0 0 :::36941 :::* 25300/clash udp 0 0 :::36944 :::* 25300/clash udp 0 0 :::35948 :::* 25300/clash udp 0 0 :::58511 :::* 25300/clash udp 0 0 :::43178 :::* 25300/clash udp 0 0 :::51371 :::* 25300/clash udp 0 0 :::36015 :::* 25300/clash udp 0 0 :::52432 :::* 25300/clash udp 0 0 :::60636 :::* 25300/clash udp 0 0 :::57571 :::* 25300/clash udp 0 0 :::46316 :::* 25300/clash udp 0 0 :::33100 :::* 25300/clash udp 0 0 :::34158 :::* 25300/clash udp 0 0 :::39282 :::* 25300/clash udp 0 0 :::34165 :::* 25300/clash udp 0 0 :::43390 :::* 25300/clash udp 0 0 :::34186 :::* 25300/clash udp 0 0 :::40356 :::* 25300/clash udp 0 0 :::50605 :::* 25300/clash udp 0 0 :::46515 :::* 25300/clash udp 0 0 :::38333 :::* 25300/clash udp 0 0 :::59842 :::* 25300/clash udp 0 0 :::39380 :::* 25300/clash udp 0 0 :::52705 :::* 25300/clash udp 0 0 :::35311 :::* 25300/clash udp 0 0 :::37393 :::* 25300/clash udp 0 0 :::46694 :::* 25300/clash udp 0 0 :::41576 :::* 25300/clash udp 0 0 :::56947 :::* 25300/clash udp 0 0 :::54902 :::* 25300/clash udp 0 0 :::33412 :::* 25300/clash udp 0 0 :::58012 :::* 25300/clash udp 0 0 :::60098 :::* 25300/clash udp 0 0 :::7874 :::* 25300/clash udp 0 0 :::7891 :::* 25300/clash udp 0 0 :::7892 :::* 25300/clash udp 0 0 :::7893 :::* 25300/clash udp 0 0 :::7895 :::* 25300/clash udp 0 0 :::36577 :::* 25300/clash udp 0 0 :::41739 :::* 25300/clash udp 0 0 :::42765 :::* 25300/clash udp 0 0 :::56077 :::* 25300/clash udp 0 0 :::39694 :::* 25300/clash udp 0 0 :::46871 :::* 25300/clash udp 0 0 :::48920 :::* 25300/clash udp 0 0 :::57164 :::* 25300/clash udp 0 0 :::34645 :::* 25300/clash #===================== 测试本机DNS查询(www.baidu.com) =====================# Server: 127.0.0.1 Address: 127.0.0.1#53 Name: www.baidu.com Address 1: 198.18.0.65 *** Can't find www.baidu.com: No answer #===================== 测试内核DNS查询(www.instagram.com) =====================# Status: 0 TC: false RD: true RA: true AD: false CD: false Question: Name: www.instagram.com. Qtype: 1 Qclass: 1 Answer: TTL: 727 data: geo-p42.instagram.com. name: www.instagram.com. type: 5 TTL: 2748 data: z-p42-instagram.c10r.instagram.com. name: geo-p42.instagram.com. type: 5 TTL: 60 data: 31.13.75.174 name: z-p42-instagram.c10r.instagram.com. type: 1 Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto #===================== /tmp/resolv.conf.auto =====================# # Interface lan nameserver 192.168.21.1 nameserver 114.114.114.114 #===================== /tmp/resolv.conf.d/resolv.conf.auto =====================# # Interface lan nameserver 192.168.21.1 nameserver 114.114.114.114 #===================== 测试本机网络连接(www.baidu.com) =====================# HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Fri, 06 Oct 2023 11:01:56 GMT Etag: "575e1f60-115" Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT Pragma: no-cache Server: bfe/1.0.8.18 #===================== 测试本机网络下载(raw.githubusercontent.com) =====================# HTTP/2 404 content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox strict-transport-security: max-age=31536000 x-content-type-options: nosniff x-frame-options: deny x-xss-protection: 1; mode=block content-type: text/plain; charset=utf-8 x-github-request-id: 63C6:47D6E:17BE6D:1A6DA2:651FE905 accept-ranges: bytes date: Fri, 06 Oct 2023 11:01:56 GMT via: 1.1 varnish x-served-by: cache-nrt-rjtf7700041-NRT x-cache: HIT x-cache-hits: 1 x-timer: S1696590117.897229,VS0,VE0 vary: Authorization,Accept-Encoding,Origin access-control-allow-origin: * cross-origin-resource-policy: cross-origin x-fastly-request-id: f20d280f743a9b451699e0915b1fa5b68910fa73 expires: Fri, 06 Oct 2023 11:06:56 GMT source-age: 29 content-length: 14 #===================== 最近运行日志(自动切换为Debug模式) =====================# time="2023-10-06T11:01:16.238684381Z" level=info msg="[TCP] 192.168.21.11:55238 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:18.22899842Z" level=info msg="[TCP] 192.168.21.11:55254 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:18.232336564Z" level=info msg="[TCP] 192.168.21.11:55255 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:18.235458638Z" level=info msg="[TCP] 192.168.21.11:55256 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:20.235222102Z" level=info msg="[TCP] 192.168.21.11:55265 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:20.239322999Z" level=info msg="[TCP] 192.168.21.11:55266 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:20.243043567Z" level=info msg="[TCP] 192.168.21.11:55267 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:22.232297353Z" level=info msg="[TCP] 192.168.21.11:55272 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:22.235695573Z" level=info msg="[TCP] 192.168.21.11:55273 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:22.238665044Z" level=info msg="[TCP] 192.168.21.11:55274 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:24.230230196Z" level=info msg="[TCP] 192.168.21.11:55279 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:24.233483266Z" level=info msg="[TCP] 192.168.21.11:55280 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:24.236689806Z" level=info msg="[TCP] 192.168.21.11:55281 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:26.23225277Z" level=info msg="[TCP] 192.168.21.11:55286 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:26.236061975Z" level=info msg="[TCP] 192.168.21.11:55287 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:26.23940066Z" level=info msg="[TCP] 192.168.21.11:55288 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:28.22978485Z" level=info msg="[TCP] 192.168.21.11:55293 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:28.233252593Z" level=info msg="[TCP] 192.168.21.11:55294 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:28.237442504Z" level=info msg="[TCP] 192.168.21.11:55295 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:30.232337212Z" level=info msg="[TCP] 192.168.21.11:55300 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:30.236181766Z" level=info msg="[TCP] 192.168.21.11:55301 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:30.239495271Z" level=info msg="[TCP] 192.168.21.11:55302 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:32.229256572Z" level=info msg="[TCP] 192.168.21.11:55307 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:32.232552024Z" level=info msg="[TCP] 192.168.21.11:55308 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:32.235829158Z" level=info msg="[TCP] 192.168.21.11:55309 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:34.231033551Z" level=info msg="[TCP] 192.168.21.11:55314 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:34.234411665Z" level=info msg="[TCP] 192.168.21.11:55315 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:34.238114099Z" level=info msg="[TCP] 192.168.21.11:55316 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:36.231933164Z" level=info msg="[TCP] 192.168.21.11:55321 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:36.23553981Z" level=info msg="[TCP] 192.168.21.11:55322 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:36.239327814Z" level=info msg="[TCP] 192.168.21.11:55323 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:38.233158788Z" level=info msg="[TCP] 192.168.21.11:55328 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:38.236762707Z" level=info msg="[TCP] 192.168.21.11:55329 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:38.240042866Z" level=info msg="[TCP] 192.168.21.11:55330 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:39.20191923Z" level=info msg="[TCP] 192.168.21.11:55332 --> 46-courier.push.apple.com:5223 match GeoSite(geolocation-!cn) using 🐠CN漏网之鱼[DIRECT]" time="2023-10-06T11:01:39.786741762Z" level=info msg="[TCP] 192.168.21.13:44864 --> 223.5.5.5:853 match RuleSet(liangyi-dns-direct) using DIRECT" time="2023-10-06T11:01:40.048785777Z" level=info msg="[TCP] 192.168.21.11:55334 --> courier-ab-vs.push.apple.com:5223 match GeoSite(geolocation-!cn) using 🐠CN漏网之鱼[DIRECT]" time="2023-10-06T11:01:40.233961195Z" level=info msg="[TCP] 192.168.21.11:55337 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:40.237786805Z" level=info msg="[TCP] 192.168.21.11:55338 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:40.241765523Z" level=info msg="[TCP] 192.168.21.11:55339 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:40.731840459Z" level=info msg="[TCP] 192.168.21.11:55341 --> fmfmobile.fe.apple-dns.cn:443 match GeoSite(apple@cn) using 🎯直连回国[DIRECT]" time="2023-10-06T11:01:42.230919861Z" level=info msg="[TCP] 192.168.21.11:55345 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:42.234283517Z" level=info msg="[TCP] 192.168.21.11:55346 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:42.237671282Z" level=info msg="[TCP] 192.168.21.11:55347 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:43.828368223Z" level=info msg="[TCP] 192.168.21.11:55351 --> firebaselogging-pa.googleapis.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:43.832749032Z" level=info msg="[TCP] 192.168.21.11:55352 --> firebaselogging-pa.googleapis.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:43.836903357Z" level=info msg="[TCP] 192.168.21.11:55353 --> firebaselogging-pa.googleapis.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:44.233373167Z" level=info msg="[TCP] 192.168.21.11:55355 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:44.237075823Z" level=info msg="[TCP] 192.168.21.11:55356 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:44.239995075Z" level=info msg="[TCP] 192.168.21.11:55357 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:46.229949709Z" level=info msg="[TCP] 192.168.21.11:55362 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:46.234047444Z" level=info msg="[TCP] 192.168.21.11:55363 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:46.237565649Z" level=info msg="[TCP] 192.168.21.11:55364 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:48.23002233Z" level=info msg="[TCP] 192.168.21.11:55369 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:48.233448968Z" level=info msg="[TCP] 192.168.21.11:55370 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:48.237410345Z" level=info msg="[TCP] 192.168.21.11:55371 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:50.231161753Z" level=info msg="[TCP] 192.168.21.11:55376 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:50.234530154Z" level=info msg="[TCP] 192.168.21.11:55377 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:50.237913557Z" level=info msg="[TCP] 192.168.21.11:55378 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:52.231941105Z" level=info msg="[TCP] 192.168.21.11:55383 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:52.235657264Z" level=info msg="[TCP] 192.168.21.11:55384 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:52.23869484Z" level=info msg="[TCP] 192.168.21.11:55385 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:54.231998126Z" level=info msg="[TCP] 192.168.21.11:55390 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:54.237522224Z" level=info msg="[TCP] 192.168.21.11:55391 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:54.240428563Z" level=info msg="[TCP] 192.168.21.11:55392 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:56.06851769Z" level=info msg="[TCP] 192.168.21.2:51000 --> www.baidu.com:80 match GeoSite(CN) using 🎯直连回国[DIRECT]" time="2023-10-06T11:01:56.236899132Z" level=info msg="[TCP] 192.168.21.11:55397 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:56.240872524Z" level=info msg="[TCP] 192.168.21.11:55398 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:56.244446725Z" level=info msg="[TCP] 192.168.21.11:55399 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:56.595213827Z" level=info msg="[TCP] 192.168.21.2:56128 --> raw.githubusercontent.com:443 match GeoSite(github) using ⭐Github[🏴\u200d☠️ cf-worker-cdn]" time="2023-10-06T11:01:58.23202737Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:01:58.233104897Z" level=info msg="[TCP] 192.168.21.11:55404 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:58.236057427Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:01:58.237046802Z" level=info msg="[TCP] 192.168.21.11:55405 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:01:58.239129346Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:01:58.240049607Z" level=info msg="[TCP] 192.168.21.11:55406 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:00.230241781Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:00.231336239Z" level=info msg="[TCP] 192.168.21.11:55410 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:00.234049078Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:00.235020513Z" level=info msg="[TCP] 192.168.21.11:55412 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:00.237590061Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:00.238574768Z" level=info msg="[TCP] 192.168.21.11:55413 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:02.230893264Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:02.231975322Z" level=info msg="[TCP] 192.168.21.11:55417 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:02.234359818Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:02.235333781Z" level=info msg="[TCP] 192.168.21.11:55418 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:02.237701649Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:02.238655183Z" level=info msg="[TCP] 192.168.21.11:55419 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:04.233190925Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:04.234253001Z" level=info msg="[TCP] 192.168.21.11:55424 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:04.236876763Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:04.237835846Z" level=info msg="[TCP] 192.168.21.11:55425 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:04.240288709Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:04.241754796Z" level=info msg="[TCP] 192.168.21.11:55426 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:06.231330598Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:06.232372565Z" level=info msg="[TCP] 192.168.21.11:55431 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:06.23462848Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:06.235666735Z" level=info msg="[TCP] 192.168.21.11:55432 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" time="2023-10-06T11:02:06.237972344Z" level=debug msg="[Rule] use default rules" time="2023-10-06T11:02:06.23892174Z" level=info msg="[TCP] 192.168.21.11:55433 --> otheve.beacon.qq.com:443 match RuleSet(BanEasyPrivacy) using 🛑广告拦截[REJECT]" #===================== 最近运行日志获取完成(自动切换为silent模式) =====================# #===================== 活动连接信息 =====================# 1. SourceIP:【192.168.21.11】 - Host:【content-autofill.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 2. SourceIP:【192.168.21.11】 - Host:【courier-ab-vs.push.apple.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【geolocation-!cn】 - Lastchain:【DIRECT】 3. SourceIP:【192.168.21.11】 - Host:【www.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 4. SourceIP:【192.168.21.11】 - Host:【content-autofill.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 5. SourceIP:【192.168.21.11】 - Host:【z1.ax1x.com】 - DestinationIP:【5.9.60.155】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】 6. SourceIP:【192.168.21.11】 - Host:【imgloc.com】 - DestinationIP:【162.159.153.10】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】 7. SourceIP:【192.168.21.11】 - Host:【clients4.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 8. SourceIP:【192.168.21.11】 - Host:【encrypted-tbn0.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 9. SourceIP:【192.168.21.11】 - Host:【sb.adtidy.org】 - DestinationIP:【104.18.25.57】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】 10. SourceIP:【192.168.21.11】 - Host:【vscode-sync.trafficmanager.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【geolocation-!cn】 - Lastchain:【DIRECT】 11. SourceIP:【192.168.21.11】 - Host:【imgse.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 12. SourceIP:【192.168.21.11】 - Host:【github.githubassets.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🏴☠️ cf-worker-cdn】 13. SourceIP:【192.168.21.11】 - Host:【3o.hk】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【geolocation-!cn】 - Lastchain:【DIRECT】 14. SourceIP:【192.168.21.11】 - Host:【imgse.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 15. SourceIP:【192.168.21.11】 - Host:【content-autofill.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 16. SourceIP:【192.168.21.11】 - Host:【safebrowsing.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 17. SourceIP:【192.168.21.11】 - Host:【safebrowsing.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 18. SourceIP:【192.168.21.11】 - Host:【alive.github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🏴☠️ cf-worker-cdn】 19. SourceIP:【192.168.21.13】 - Host:【Empty】 - DestinationIP:【120.133.59.13】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】 20. SourceIP:【192.168.21.11】 - Host:【imgse.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 21. SourceIP:【192.168.21.11】 - Host:【camo.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🏴☠️ cf-worker-cdn】 22. SourceIP:【192.168.21.11】 - Host:【apis.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 23. SourceIP:【192.168.21.11】 - Host:【imgse.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【CN】 - Lastchain:【DIRECT】 24. SourceIP:【192.168.21.11】 - Host:【fmfmobile.fe.apple-dns.cn】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【apple@cn】 - Lastchain:【DIRECT】 25. SourceIP:【192.168.21.11】 - Host:【www.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 26. SourceIP:【192.168.21.11】 - Host:【a.nel.cloudflare.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【geolocation-!cn】 - Lastchain:【DIRECT】 27. SourceIP:【192.168.21.11】 - Host:【encrypted-tbn0.gstatic.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 28. SourceIP:【192.168.21.11】 - Host:【content-autofill.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 29. SourceIP:【192.168.21.11】 - Host:【www.googleapis.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】 30. SourceIP:【192.168.21.11】 - Host:【github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【🏴☠️ cf-worker-cdn】 31. SourceIP:【192.168.21.11】 - Host:【accounts.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【🏴☠️ cf-worker-cdn】
No response
未配置相关选项时不填加相关的NAT规则,以防混淆
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
Hi,您好,想明白了吗?
Verify Steps
OpenClash Version
v0.45.141-beta
Bug on Environment
Official OpenWrt
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
Describe the Bug
未配置相关选项 (实验性:屏蔽 Google DNS 的局域网设备 IP 与 实验性:屏蔽 Google DNS 的局域网设备 Mac) 却出现了相关的nat防火墙
OpenClash Log
OpenClash 调试日志
生成时间: 2023-10-06 19:01:50 插件版本: v0.45.141-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
OpenClash Config
No response
Expected Behavior
未配置相关选项时不填加相关的NAT规则,以防混淆
Screenshots
No response