[Bug] ssh ip无法连接，wireshark抓包出现TCP Retransmission

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
[X] Meaningful 我提交的不是无意义的催促更新或修复请求
OpenClash Version

v0.45.152-beta
Bug on Environment

Lean
Bug on Platform

Linux-amd64(x86-64)
To Reproduce

fake-ip混合模式,旁路由
当ssh root@148.100.77.235，ssh_exchange_identification: Connection closed by remote host
在旁路由openwrt上。ssh root@148.100.77.235，是可以成功的
Describe the Bug

这类问题很多场景出现了。
我ssh国外的ip出现过
另一种场景，我绕行大陆的ip之后，访问国内的网站，各别网站wireshark抓包也会出现 TCP Retransmission
我访问光猫也会出现，经过旁路由，不经过旁路由可以访问
OpenClash Log

OpenClash 调试日志
生成时间: 2023-11-26 13:20:15 插件版本: v0.45.152-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: Intel(R) Client Systems NUC7i5BNH/NUC7i5BNB - Intel(R) Core(TM) i5-7260U CPU @ 2.20GHz : 2C4T
固件版本: OpenWrt SNAPSHOT r6253-e14b03b6c
LuCI版本: git-23.305.37706-43242b7-1
内核版本: 6.1.62
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: 停用
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#3053

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 5930
运行权限: 5930: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g8c3557e
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/wgetcloud.yaml
启动配置文件: /etc/openclash/wgetcloud.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 自定义规则 一 =====================#
script:
##  shortcuts:
##    Notice: The core timezone is UTC
##    CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
##    北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
##    time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
##    time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule

##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
- IP-CIDR,148.100.77.235/32,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT
- DST-PORT,22,DIRECT
##在线IP段转CIDR地址：http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
##  shortcuts:
##    common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:19090
proxy-groups:
- name: "\U0001F530 节点选择"
  type: select
  proxies:
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
  - "\U0001F1ED\U0001F1F0 香港 03"
  - "\U0001F1F2\U0001F1FE 马来西亚 01 5"
- name: "♻️ 自动选择"
  type: url-test
  url: http://www.gstatic.com/generate_204
  interval: 300
  proxies:
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
  - "\U0001F1ED\U0001F1F0 香港 03"
  - "\U0001F1F2\U0001F1FE 马来西亚 01 5"
- name: "\U0001F3A5 NETFLIX"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
  - "\U0001F1ED\U0001F1F0 香港 03"
  - "\U0001F1E8\U0001F1F3 台湾 01"
  - "\U0001F1E8\U0001F1F3 台湾 02"
  - "\U0001F1E8\U0001F1F3 台湾 03"
  - "\U0001F1F2\U0001F1FE 马来西亚 01 5"
- name: "\U0001F525 CHATGPT"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
- name: "\U0001F525 YOUTUBE"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
  - "\U0001F1ED\U0001F1F0 香港 03"
- name: "\U0001F30D 国外媒体"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "♻️ 自动选择"
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
- name: "\U0001F30F 国内媒体"
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
  - "\U0001F530 节点选择"
- name: Ⓜ️ 微软服务
  type: select
  proxies:
  - "\U0001F3AF 全球直连"
  - "\U0001F530 节点选择"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
  - "\U0001F1ED\U0001F1F0 香港 03"
  - "\U0001F1E8\U0001F1F3 台湾 01"
- name: "\U0001F4F2 电报信息"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "\U0001F3AF 全球直连"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
- name: "\U0001F34E 苹果服务"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "\U0001F3AF 全球直连"
  - "♻️ 自动选择"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
- name: "\U0001F3AF 全球直连"
  type: select
  proxies:
  - DIRECT
- name: "\U0001F6D1 全球拦截"
  type: select
  proxies:
  - REJECT
  - DIRECT
- name: "\U0001F41F 漏网之鱼"
  type: select
  proxies:
  - "\U0001F530 节点选择"
  - "\U0001F3AF 全球直连"
  - "♻️ 自动选择"
  - "\U0001F1ED\U0001F1F0 香港 01"
  - "\U0001F1ED\U0001F1F0 香港 02"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- IP-CIDR,148.100.77.235/32,DIRECT
- DST-PORT,22,DIRECT
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连"
- "IP-CIDR,148.100.77.235/32,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve"
- DOMAIN-KEYWORD,1drv,Ⓜ️ 微软服务
- DOMAIN-KEYWORD,microsoft,Ⓜ️ 微软服务
- DOMAIN-SUFFIX,aadrm.com,Ⓜ️ 微软服务
- DOMAIN-SUFFIX,bingapis.com,Ⓜ️ 微软服务
- "IP-CIDR,23.246.0.0/18,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,37.77.184.0/21,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,45.57.0.0/17,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,64.120.128.0/17,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,66.197.128.0/17,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,108.175.32.0/20,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,192.173.64.0/18,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,198.38.96.0/19,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,198.45.48.0/20,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,34.210.42.111/32,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,52.89.124.203/32,\U0001F3A5 NETFLIX,no-resolve"
- "IP-CIDR,54.148.37.5/32,\U0001F3A5 NETFLIX,no-resolve"
- "DOMAIN-SUFFIX,openai.com,\U0001F525 CHATGPT"
- "DOMAIN,youtubei.googleapis.com,\U0001F525 YOUTUBE"
- "DOMAIN,yt3.ggpht.com,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,pluto.tv,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,pluto.tv:443,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,youtube.com.hr,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,youtube.la,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,youtubego.in,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,youtubei.googleapis.com,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,youtubekids.com,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,youtubemobilesupport.com,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,yt.be,\U0001F525 YOUTUBE"
- "DOMAIN-SUFFIX,ytimg.com,\U0001F525 YOUTUBE"
- "DOMAIN-KEYWORD,youtube,\U0001F525 YOUTUBE"
- "IP-CIDR,172.110.32.0/21,\U0001F525 YOUTUBE,no-resolve"
- "IP-CIDR,216.73.80.0/20,\U0001F525 YOUTUBE,no-resolve"
- "IP-CIDR6,2620:120:e000::/40,\U0001F525 YOUTUBE,no-resolve"
- "DOMAIN-SUFFIX,jtvnw.net,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,ttvnw.net,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,kktv.com.tw,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,kktv.me,\U0001F30D 国外媒体"
- "DOMAIN,kktv-theater.kk.stream,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,linetv.tw,\U0001F30D 国外媒体"
- "DOMAIN,d3c7rimkq79yfu.cloudfront.net,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,litv.tv,\U0001F30D 国外媒体"
- "DOMAIN,litvfreemobile-hichannel.cdn.hinet.net,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,api.mgtv.com,\U0001F30D 国外媒体"
- "DOMAIN,hamifans.emome.net,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,byteoversea.com,\U0001F30D 国外媒体"
- "DOMAIN,d1k2us671qcoau.cloudfront.net,\U0001F30D 国外媒体"
- "DOMAIN,d2anahhhmp1ffz.cloudfront.net,\U0001F30D 国外媒体"
- "DOMAIN,dfp6rglgjqszk.cloudfront.net,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,wetv.vip,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,wetvinfo.com,\U0001F30D 国外媒体"
- "IP-CIDR,150.109.28.51/32,\U0001F30D 国外媒体,no-resolve"
- "DOMAIN-SUFFIX,googlevideo.com,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,youtube.com,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,ytimg.com,\U0001F30D 国外媒体"
- "DOMAIN,youtubei.googleapis.com,\U0001F30D 国外媒体"
- "DOMAIN,yt3.ggpht.com,\U0001F30D 国外媒体"
- "DOMAIN-SUFFIX,acg.tv,\U0001F30F 国内媒体"
- "DOMAIN-SUFFIX,acgvideo.com,\U0001F30F 国内媒体"
- "DOMAIN-SUFFIX,b23.tv,\U0001F30F 国内媒体"
- "DOMAIN-SUFFIX,bilibili.com,\U0001F30F 国内媒体"
- "DOMAIN-SUFFIX,api.mob.app.letv.com,\U0001F30F 国内媒体"
- "DOMAIN-SUFFIX,v.smtcdns.com,\U0001F30F 国内媒体"
- "DOMAIN-SUFFIX,vv.video.qq.com,\U0001F30F 国内媒体"
- "DOMAIN-SUFFIX,youku.com,\U0001F30F 国内媒体"
- "IP-CIDR,106.11.0.0/16,\U0001F30F 国内媒体,no-resolve"
- "DOMAIN-SUFFIX,t.me,\U0001F4F2 电报信息"
- "DOMAIN-SUFFIX,tdesktop.com,\U0001F4F2 电报信息"
- "DOMAIN-SUFFIX,telegra.ph,\U0001F4F2 电报信息"
- "DOMAIN-SUFFIX,telegram.me,\U0001F4F2 电报信息"
- "DOMAIN-SUFFIX,telegram.org,\U0001F4F2 电报信息"
- "DOMAIN-SUFFIX,telesco.pe,\U0001F4F2 电报信息"
- "IP-CIDR,91.108.4.0/22,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,91.108.8.0/22,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,91.108.12.0/22,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,91.108.16.0/22,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,91.108.20.0/22,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,91.108.56.0/22,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,91.105.192.0/23,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,149.154.160.0/20,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR,185.76.151.0/24,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR6,2001:b28:f23d::/48,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR6,2001:b28:f23f::/48,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR6,2001:67c:4e8::/48,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR6,2001:b28:f23c::/48,\U0001F4F2 电报信息,no-resolve"
- "IP-CIDR6,2a0a:f280::/32,\U0001F4F2 电报信息,no-resolve"
- "DOMAIN-SUFFIX,amazon.co.jp,\U0001F530 节点选择"
- "DOMAIN,d3c33hcgiwev3.cloudfront.net,\U0001F530 节点选择"
- "DOMAIN,payments-jp.amazon.com,\U0001F530 节点选择"
- "DOMAIN,s3-ap-northeast-1.amazonaws.com,\U0001F530 节点选择"
- "DOMAIN,s3-ap-southeast-2.amazonaws.com,\U0001F530 节点选择"
- "DOMAIN,a248.e.akamai.net,\U0001F530 节点选择"
- "DOMAIN,a771.dscq.akamai.net,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,fb.me,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,fbaddins.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,spiegel.de,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,startpage.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,xhamster.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,xn--90wwvt03e.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,xn--i2ru8q2qg.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,xnxx.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,s3.amazonaws.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,zaobao.com.sg,\U0001F530 节点选择"
- "DOMAIN,international-gfe.download.nvidia.com,\U0001F530 节点选择"
- "DOMAIN-SUFFIX,aaplimg.com,\U0001F34E 苹果服务"
- "DOMAIN-SUFFIX,apple.co,\U0001F34E 苹果服务"
- "DOMAIN-SUFFIX,apple.com,\U0001F34E 苹果服务"
- "IP-CIDR,205.180.175.0/24,\U0001F34E 苹果服务,no-resolve"
- "DOMAIN-SUFFIX,zenki.cn,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cntv.lat,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,mgtv.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,iqiyi.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,iqiyipic.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,71.am,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,jd.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,jd.hk,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,jdpay.com,\U0001F3AF 全球直连"
- "DOMAIN-KEYWORD,XLLiveUD,\U0001F3AF 全球直连"
- "GEOIP,CN,\U0001F3AF 全球直连"
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- "DST-PORT,80,\U0001F41F 漏网之鱼"
- "DST-PORT,443,\U0001F41F 漏网之鱼"
- "DST-PORT,22,\U0001F41F 漏网之鱼"
- MATCH,DIRECT
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
unified-delay: true
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 202.106.195.68
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://public.dns.iij.jp/dns-query
  - https://dns.oszx.co/dns-query
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time-ios.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - "*.metahubs.cn"
  - "*.zsecs.com"
  - music.163.com
  - "*.xiaohongshu.com"
  - "*.music.163.com"
  - "*.126.net"
  - "*.baidu.com"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.qq.com"
  - "+.tencent.com"
  - "+.srv.nintendo.net"
  - "*.n.n.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - na.b.g-tun.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  - shark007.net
  - Mijia Cloud
  - "+.cmbchina.com"
  - "+.cmbimg.com"
  - local.adguard.org
  - "+.sandai.net"
  - "+.n0808.com"
  - services.googleapis.cn
sniffer:
  enable: true
  force-domain:
  - "+.netflix.com"
  - "+.nflxvideo.net"
  - "+.amazonaws.com"
  - "+.media.dssott.com"
  - "+.metahubs.cn"
  - "+.baidu.com"
  - "+.zsecs.com"
  skip-domain:
  - "+.apple.com"
  - Mijia Cloud
  - dlg.io.mi.com
  sniff:
    TLS:
    HTTP:
      ports:
      - 80
      - 8080-8880
      override-destination: true
tun:
  enable: true
  stack: system
  device: utun
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:h84R7QaE

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sun Nov 26 13:20:16 2023
*nat
:PREROUTING ACCEPT [84:36308]
:INPUT ACCEPT [514:32078]
:OUTPUT ACCEPT [799:51910]
:POSTROUTING ACCEPT [805:52190]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_post - [0:0]
:postrouting_VPN_rule - [0:0]
:postrouting_iptv_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:prerouting_VPN_rule - [0:0]
:prerouting_iptv_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:zone_VPN_postrouting - [0:0]
:zone_VPN_prerouting - [0:0]
:zone_iptv_postrouting - [0:0]
:zone_iptv_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 3053
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0.24 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i utun -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_prerouting
-A PREROUTING -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_prerouting
-A PREROUTING -d 172.18.0.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053
-A PREROUTING -d 172.19.0.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053
-A PREROUTING -d 172.17.0.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053
-A PREROUTING -d 192.168.1.8/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053
-A PREROUTING -d 192.168.24.2/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0.24 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o utun -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_postrouting
-A POSTROUTING -o eth0.17 -m comment --comment "!fw3" -j zone_iptv_postrouting
-A POSTROUTING -m comment --comment "OpenClash Bypass Gateway Compatible" -j openclash_post
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_post -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash_post -m mark --mark 0x162 -j ACCEPT
-A openclash_post -m set --match-set localnetwork dst -j RETURN
-A openclash_post -m addrtype ! --src-type LOCAL -m owner ! --uid-owner 65534 -j MASQUERADE
-A postrouting_rule -d 192.168.1.0/24 -j MASQUERADE
-A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule
-A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule
-A zone_iptv_postrouting -m comment --comment "!fw3: Custom iptv postrouting rule chain" -j postrouting_iptv_rule
-A zone_iptv_prerouting -m comment --comment "!fw3: Custom iptv prerouting rule chain" -j prerouting_iptv_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
COMMIT
# Completed on Sun Nov 26 13:20:16 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sun Nov 26 13:20:16 2023
*mangle
:PREROUTING ACCEPT [15504:3301894]
:INPUT ACCEPT [15331:3255793]
:FORWARD ACCEPT [173:46101]
:OUTPUT ACCEPT [16005:16654865]
:POSTROUTING ACCEPT [16155:16669497]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -j openclash_output
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Sun Nov 26 13:20:16 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sun Nov 26 13:20:16 2023
*filter
:INPUT ACCEPT [9:520]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_VPN_rule - [0:0]
:forwarding_iptv_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_VPN_rule - [0:0]
:input_iptv_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_VPN_rule - [0:0]
:output_iptv_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:zone_VPN_dest_ACCEPT - [0:0]
:zone_VPN_forward - [0:0]
:zone_VPN_input - [0:0]
:zone_VPN_output - [0:0]
:zone_VPN_src_ACCEPT - [0:0]
:zone_iptv_dest_ACCEPT - [0:0]
:zone_iptv_forward - [0:0]
:zone_iptv_input - [0:0]
:zone_iptv_output - [0:0]
:zone_iptv_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i eth0.24 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input
-A INPUT -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_input
-A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0.24 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward
-A FORWARD -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_forward
-A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0.24 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output
-A OUTPUT -o eth0.17 -m comment --comment "!fw3" -j zone_iptv_output
-A forwarding_rule -d 192.168.1.0/24 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule
-A zone_VPN_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule
-A zone_VPN_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT
-A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule
-A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_iptv_dest_ACCEPT -o eth0.17 -m comment --comment "!fw3" -j ACCEPT
-A zone_iptv_forward -m comment --comment "!fw3: Custom iptv forwarding rule chain" -j forwarding_iptv_rule
-A zone_iptv_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_iptv_forward -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT
-A zone_iptv_input -m comment --comment "!fw3: Custom iptv input rule chain" -j input_iptv_rule
-A zone_iptv_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_iptv_input -m comment --comment "!fw3" -j zone_iptv_src_ACCEPT
-A zone_iptv_output -m comment --comment "!fw3: Custom iptv output rule chain" -j output_iptv_rule
-A zone_iptv_output -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT
-A zone_iptv_src_ACCEPT -i eth0.17 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0.24 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0.24 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Sun Nov 26 13:20:16 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sun Nov 26 13:20:16 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [623:75324]
:POSTROUTING ACCEPT [623:75324]
COMMIT
# Completed on Sun Nov 26 13:20:16 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sun Nov 26 13:20:16 2023
*mangle
:PREROUTING ACCEPT [2550:314690]
:INPUT ACCEPT [2482:308502]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2464:310215]
:POSTROUTING ACCEPT [2618:356816]
COMMIT
# Completed on Sun Nov 26 13:20:16 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sun Nov 26 13:20:16 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_VPN_rule - [0:0]
:forwarding_iptv_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_VPN_rule - [0:0]
:input_iptv_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_VPN_rule - [0:0]
:output_iptv_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:zone_VPN_dest_ACCEPT - [0:0]
:zone_VPN_forward - [0:0]
:zone_VPN_input - [0:0]
:zone_VPN_output - [0:0]
:zone_VPN_src_ACCEPT - [0:0]
:zone_iptv_dest_ACCEPT - [0:0]
:zone_iptv_forward - [0:0]
:zone_iptv_input - [0:0]
:zone_iptv_output - [0:0]
:zone_iptv_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i eth0.24 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input
-A INPUT -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0.24 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward
-A FORWARD -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0.24 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output
-A OUTPUT -o eth0.17 -m comment --comment "!fw3" -j zone_iptv_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule
-A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule
-A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT
-A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule
-A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT
-A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_iptv_dest_ACCEPT -o eth0.17 -m comment --comment "!fw3" -j ACCEPT
-A zone_iptv_forward -m comment --comment "!fw3: Custom iptv forwarding rule chain" -j forwarding_iptv_rule
-A zone_iptv_forward -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT
-A zone_iptv_input -m comment --comment "!fw3: Custom iptv input rule chain" -j input_iptv_rule
-A zone_iptv_input -m comment --comment "!fw3" -j zone_iptv_src_ACCEPT
-A zone_iptv_output -m comment --comment "!fw3: Custom iptv output rule chain" -j output_iptv_rule
-A zone_iptv_output -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT
-A zone_iptv_src_ACCEPT -i eth0.17 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0.24 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0.24 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Sun Nov 26 13:20:16 2023

#===================== IPSET状态 =====================#

Name: cn
Type: hash:net
Revision: 7
Header: family inet hashsize 4096 maxelem 65536 bucketsize 12 initval 0x5ec157a7
Size in memory: 255560
References: 0
Number of entries: 8618

Name: ct
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xfe9fc41a
Size in memory: 60176
References: 0
Number of entries: 1962

Name: cnc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x78379e11
Size in memory: 32528
References: 0
Number of entries: 915

Name: cmcc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x1c7be52e
Size in memory: 3104
References: 0
Number of entries: 55

Name: crtc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xd05016ac
Size in memory: 1232
References: 0
Number of entries: 16

Name: cernet
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x68745f29
Size in memory: 8336
References: 0
Number of entries: 171

Name: gwbn
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x726410f6
Size in memory: 12704
References: 0
Number of entries: 290

Name: othernet
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 65536 bucketsize 12 initval 0xaf73d5b0
Size in memory: 150824
References: 0
Number of entries: 5209

Name: music
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x68d77d87
Size in memory: 928
References: 0
Number of entries: 18

Name: mwan3_connected_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb7e8f3ba
Size in memory: 1520
References: 1
Number of entries: 22

Name: mwan3_connected_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa9b7089a
Size in memory: 1320
References: 1
Number of entries: 1

Name: mwan3_source_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xeef7cb7d
Size in memory: 1248
References: 0
Number of entries: 0

Name: mwan3_dynamic_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa8f0d71e
Size in memory: 464
References: 1
Number of entries: 0

Name: mwan3_dynamic_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x7d1ddfff
Size in memory: 1248
References: 1
Number of entries: 0

Name: mwan3_custom_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb70d2eb5
Size in memory: 464
References: 1
Number of entries: 0

Name: mwan3_custom_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xfda0beab
Size in memory: 1248
References: 1
Number of entries: 0

Name: lan_ac_black_ports
Type: bitmap:port
Revision: 3
Header: range 0-65535
Size in memory: 8272
References: 5
Number of entries: 4

Name: localnetwork
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa8de5e30
Size in memory: 944
References: 10
Number of entries: 10

Name: china_ip_route
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 1000000 bucketsize 12 initval 0x46707ec3
Size in memory: 232712
References: 1
Number of entries: 8645

Name: china_ip_route_pass
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0xb5c68745
Size in memory: 656
References: 0
Number of entries: 4

Name: mwan3_connected
Type: list:set
Revision: 3
Header: size 8
Size in memory: 376
References: 0
Number of entries: 6

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.24.1    0.0.0.0         UG    0      0        0 eth0.24
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-b6e502c2aef8
172.19.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-c0bce1d8eab2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0.17
192.168.24.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0.24
198.18.0.0      0.0.0.0         255.255.255.252 U     0      0        0 utun

#ip route list
default via 192.168.24.1 dev eth0.24 proto static 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
172.18.0.0/16 dev br-b6e502c2aef8 proto kernel scope link src 172.18.0.1 
172.19.0.0/16 dev br-c0bce1d8eab2 proto kernel scope link src 172.19.0.1 
192.168.1.0/24 dev eth0.17 proto kernel scope link src 192.168.1.8 
192.168.24.0/24 dev eth0.24 proto kernel scope link src 192.168.24.2 
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
fe80::/64                                   ::                                      U     256    1        0 eth0    
fe80::/64                                   ::                                      U     256    1        0 eth0.17 
fe80::/64                                   ::                                      U     256    1        0 eth0.24 
fe80::/64                                   ::                                      U     256    1        0 br-c0bce1d8eab2
fe80::/64                                   ::                                      U     256    1        0 br-b6e502c2aef8
fe80::/64                                   ::                                      U     256    1        0 vethccc4119
fe80::/64                                   ::                                      U     256    1        0 veth0dbeb66
fe80::/64                                   ::                                      U     256    1        0 vethfbc71bb
fe80::/64                                   ::                                      U     256    1        0 vethd2dc31a
fe80::/64                                   ::                                      U     256    1        0 veth118cc1b
fe80::/64                                   ::                                      U     256    1        0 veth2928583
fe80::/64                                   ::                                      U     256    1        0 veth07615a2
fe80::/64                                   ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
fe80::/128                                  ::                                      Un    0      6        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 eth0.24 
fe80::/128                                  ::                                      Un    0      3        0 eth0.17 
fe80::/128                                  ::                                      Un    0      3        0 br-b6e502c2aef8
fe80::/128                                  ::                                      Un    0      3        0 br-c0bce1d8eab2
fe80::/128                                  ::                                      Un    0      3        0 vethccc4119
fe80::/128                                  ::                                      Un    0      3        0 veth0dbeb66
fe80::/128                                  ::                                      Un    0      3        0 vethd2dc31a
fe80::/128                                  ::                                      Un    0      3        0 vethfbc71bb
fe80::/128                                  ::                                      Un    0      3        0 veth118cc1b
fe80::/128                                  ::                                      Un    0      3        0 veth2928583
fe80::/128                                  ::                                      Un    0      3        0 veth07615a2
fe80::/128                                  ::                                      Un    0      3        0 utun    
fe80::42:45ff:feb7:65d8/128                 ::                                      Un    0      2        0 br-c0bce1d8eab2
fe80::42:a8ff:fed7:df05/128                 ::                                      Un    0      3        0 br-b6e502c2aef8
fe80::18cb:6fff:fe21:382c/128               ::                                      Un    0      2        0 vethccc4119
fe80::5c6a:88ff:feee:7b53/128               ::                                      Un    0      3        0 vethd2dc31a
fe80::6891:6dff:fec1:d1c3/128               ::                                      Un    0      3        0 veth07615a2
fe80::7c6d:55ff:fe36:2551/128               ::                                      Un    0      2        0 vethfbc71bb
fe80::96c6:91ff:fea8:4180/128               ::                                      Un    0      6        0 eth0    
fe80::96c6:91ff:fea8:4180/128               ::                                      Un    0      2        0 eth0.24 
fe80::96c6:91ff:fea8:4180/128               ::                                      Un    0      2        0 eth0.17 
fe80::9c4f:adff:fe77:5021/128               ::                                      Un    0      2        0 veth118cc1b
fe80::adc5:43bc:2cc9:f918/128               ::                                      Un    0      2        0 utun    
fe80::ec3a:a8ff:feea:a142/128               ::                                      Un    0      3        0 veth2928583
fe80::fc41:73ff:fe60:f320/128               ::                                      Un    0      2        0 veth0dbeb66
ff00::/8                                    ::                                      U     256    4        0 eth0    
ff00::/8                                    ::                                      U     256    4        0 eth0.17 
ff00::/8                                    ::                                      U     256    5        0 eth0.24 
ff00::/8                                    ::                                      U     256    5        0 br-c0bce1d8eab2
ff00::/8                                    ::                                      U     256    5        0 br-b6e502c2aef8
ff00::/8                                    ::                                      U     256    3        0 vethccc4119
ff00::/8                                    ::                                      U     256    3        0 veth0dbeb66
ff00::/8                                    ::                                      U     256    3        0 vethfbc71bb
ff00::/8                                    ::                                      U     256    3        0 vethd2dc31a
ff00::/8                                    ::                                      U     256    3        0 veth118cc1b
ff00::/8                                    ::                                      U     256    3        0 veth2928583
ff00::/8                                    ::                                      U     256    3        0 veth07615a2
ff00::/8                                    ::                                      U     256    5        0 utun    
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.17 proto kernel metric 256 pref medium
fe80::/64 dev eth0.24 proto kernel metric 256 pref medium
fe80::/64 dev br-c0bce1d8eab2 proto kernel metric 256 pref medium
fe80::/64 dev br-b6e502c2aef8 proto kernel metric 256 pref medium
fe80::/64 dev vethccc4119 proto kernel metric 256 pref medium
fe80::/64 dev veth0dbeb66 proto kernel metric 256 pref medium
fe80::/64 dev vethfbc71bb proto kernel metric 256 pref medium
fe80::/64 dev vethd2dc31a proto kernel metric 256 pref medium
fe80::/64 dev veth118cc1b proto kernel metric 256 pref medium
fe80::/64 dev veth2928583 proto kernel metric 256 pref medium
fe80::/64 dev veth07615a2 proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main
4200000001: from all iif lo failed_policy
4200000004: from all iif eth0.17 failed_policy
4200000005: from all iif eth0.24 failed_policy
4200000043: from all iif utun failed_policy

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:39731        0.0.0.0:*               LISTEN      5930/clash
tcp        0      0 :::19090                :::*                    LISTEN      5930/clash
tcp        0      0 :::7895                 :::*                    LISTEN      5930/clash
tcp        0      0 :::7892                 :::*                    LISTEN      5930/clash
tcp        0      0 :::7893                 :::*                    LISTEN      5930/clash
tcp        0      0 :::7890                 :::*                    LISTEN      5930/clash
tcp        0      0 :::7891                 :::*                    LISTEN      5930/clash
udp        0      0 :::38994                :::*                                5930/clash
udp        0      0 :::7874                 :::*                                5930/clash
udp        0      0 :::7891                 :::*                                5930/clash
udp        0      0 :::7892                 :::*                                5930/clash
udp        0      0 :::7893                 :::*                                5930/clash
udp        0      0 :::7895                 :::*                                5930/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 110.242.68.4
Name:   www.a.shifen.com
Address: 110.242.68.3

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 2408:871a:2100:3:0:ff:b025:348d
Name:   www.a.shifen.com
Address: 2408:871a:2100:2:0:ff:b09f:237

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 3564
  data: geo-p42.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 3564
  data: z-p42-instagram.c10r.instagram.com.
  name: geo-p42.instagram.com.
  type: 5

  TTL: 24
  data: 157.240.22.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface lan
nameserver 202.106.195.68

### OpenClash Config

```shell
1
Expected Behavior

能连上就行了
vernesong / OpenClash

[Bug] ssh ip无法连接，wireshark抓包出现TCP Retransmission #3627

Verify Steps

OpenClash Version

Bug on Environment

Bug on Platform

To Reproduce

Describe the Bug

OpenClash Log

Expected Behavior

Screenshots
