Closed xiaolongzhou123 closed 5 months ago
v0.45.152-beta
Lean
Linux-amd64(x86-64)
fake-ip混合模式,旁路由
这类问题很多场景出现了。
OpenClash 调试日志
生成时间: 2023-11-26 13:20:15 插件版本: v0.45.152-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================# 主机型号: Intel(R) Client Systems NUC7i5BNH/NUC7i5BNB - Intel(R) Core(TM) i5-7260U CPU @ 2.20GHz : 2C4T 固件版本: OpenWrt SNAPSHOT r6253-e14b03b6c LuCI版本: git-23.305.37706-43242b7-1 内核版本: 6.1.62 处理器架构: x86_64 #此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: DNS劫持: 停用 #DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#3053 #===================== 依赖检查 =====================# dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci >= 19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 已安装 unzip: 已安装 iptables-mod-tproxy: 已安装 kmod-ipt-tproxy: 已安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 kmod-ipt-nat: 已安装 #===================== 内核检查 =====================# 运行状态: 运行中 运行内核:Meta 进程pid: 5930 运行权限: 5930: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-amd64 #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2023.08.17-13-gdcc8d87 Tun内核文件: 存在 Tun内核运行权限: 正常 Dev内核版本: v1.18.0-13-gd034a40 Dev内核文件: 存在 Dev内核运行权限: 正常 Meta内核版本: alpha-g8c3557e Meta内核文件: 存在 Meta内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/wgetcloud.yaml 启动配置文件: /etc/openclash/wgetcloud.yaml 运行模式: fake-ip-mix 默认代理模式: rule UDP流量转发(tproxy): 停用 自定义DNS: 启用 IPV6代理: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 启用 自定义规则: 启用 仅允许内网: 启用 仅代理命中规则流量: 启用 仅允许常用端口流量: 停用 绕过中国大陆IP: 停用 路由本机代理: 启用 #启动异常时建议关闭此项后重试 混合节点: 停用 保留配置: 停用 #启动异常时建议关闭此项后重试 第三方规则: 停用 #===================== 自定义规则 一 =====================# script: ## shortcuts: ## Notice: The core timezone is UTC ## CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16 ## 内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换 ## 北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16 ## quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN') ## time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21 ## time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21 ## code: | ## def main(ctx, metadata): ## directkeywordlist = ["baidu"] ## for directkeyword in directkeywordlist: ## if directkeyword in metadata["host"]: ## ctx.log('[Script] matched keyword %s use direct' % directkeyword) ## return "DIRECT" rules: ##- SCRIPT,quic,REJECT #shortcuts rule ##- SCRIPT,time-limit,REJECT #shortcuts rule ##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连) ##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组) ##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组) ##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组) ##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝) - IP-CIDR,148.100.77.235/32,DIRECT #匹配数据目标IP(直连) ##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连) ##- DST-PORT,80,DIRECT #匹配数据目标端口(直连) ##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连) ##排序在上的规则优先生效,如添加(去除规则前的#号): ##IP段:192.168.1.2-192.168.1.200 直连 ##- SRC-IP-CIDR,192.168.1.2/31,DIRECT ##- SRC-IP-CIDR,192.168.1.4/30,DIRECT ##- SRC-IP-CIDR,192.168.1.8/29,DIRECT ##- SRC-IP-CIDR,192.168.1.16/28,DIRECT ##- SRC-IP-CIDR,192.168.1.32/27,DIRECT ##- SRC-IP-CIDR,192.168.1.64/26,DIRECT ##- SRC-IP-CIDR,192.168.1.128/26,DIRECT ##- SRC-IP-CIDR,192.168.1.192/29,DIRECT ##- SRC-IP-CIDR,192.168.1.200/32,DIRECT ##IP段:192.168.1.202-192.168.1.255 直连 ##- SRC-IP-CIDR,192.168.1.202/31,DIRECT ##- SRC-IP-CIDR,192.168.1.204/30,DIRECT ##- SRC-IP-CIDR,192.168.1.208/28,DIRECT ##- SRC-IP-CIDR,192.168.1.224/27,DIRECT ##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理 ##因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除 ##仅设置路由器自身直连: ##- SRC-IP-CIDR,192.168.1.1/32,DIRECT ##- SRC-IP-CIDR,198.18.0.1/32,DIRECT ##DDNS ##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT ##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT ##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT ##- DOMAIN-SUFFIX,ifconfig.co,DIRECT ##- DOMAIN-SUFFIX,api.myip.com,DIRECT ##- DOMAIN-SUFFIX,ip-api.com,DIRECT ##- DOMAIN-SUFFIX,ipapi.co,DIRECT ##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT ##- DOMAIN-SUFFIX,members.3322.org,DIRECT - DST-PORT,22,DIRECT ##在线IP段转CIDR地址:http://ip2cidr.com #===================== 自定义规则 二 =====================# script: ## shortcuts: ## common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889] ## code: | ## def main(ctx, metadata): ## directkeywordlist = ["baidu"] ## for directkeyword in directkeywordlist: ## if directkeyword in metadata["host"]: ## ctx.log('[Script] matched keyword %s use direct' % directkeyword) ## return "DIRECT" rules: ##- SCRIPT,common_port,DIRECT #shortcuts rule ##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组) ##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组) ##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组) ##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝) ##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连) ##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连) ##- DST-PORT,80,DIRECT #匹配数据目标端口(直连) ##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连) #===================== 配置文件 =====================# port: 7890 socks-port: 7891 allow-lan: true mode: rule log-level: info external-controller: 0.0.0.0:19090 proxy-groups: - name: "\U0001F530 节点选择" type: select proxies: - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - "\U0001F1ED\U0001F1F0 香港 03" - "\U0001F1F2\U0001F1FE 马来西亚 01 5" - name: "♻️ 自动选择" type: url-test url: http://www.gstatic.com/generate_204 interval: 300 proxies: - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - "\U0001F1ED\U0001F1F0 香港 03" - "\U0001F1F2\U0001F1FE 马来西亚 01 5" - name: "\U0001F3A5 NETFLIX" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - "\U0001F1ED\U0001F1F0 香港 03" - "\U0001F1E8\U0001F1F3 台湾 01" - "\U0001F1E8\U0001F1F3 台湾 02" - "\U0001F1E8\U0001F1F3 台湾 03" - "\U0001F1F2\U0001F1FE 马来西亚 01 5" - name: "\U0001F525 CHATGPT" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - name: "\U0001F525 YOUTUBE" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - "\U0001F1ED\U0001F1F0 香港 03" - name: "\U0001F30D 国外媒体" type: select proxies: - "\U0001F530 节点选择" - "♻️ 自动选择" - "\U0001F3AF 全球直连" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - name: "\U0001F30F 国内媒体" type: select proxies: - "\U0001F3AF 全球直连" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - "\U0001F530 节点选择" - name: Ⓜ️ 微软服务 type: select proxies: - "\U0001F3AF 全球直连" - "\U0001F530 节点选择" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - "\U0001F1ED\U0001F1F0 香港 03" - "\U0001F1E8\U0001F1F3 台湾 01" - name: "\U0001F4F2 电报信息" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - name: "\U0001F34E 苹果服务" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "♻️ 自动选择" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" - name: "\U0001F3AF 全球直连" type: select proxies: - DIRECT - name: "\U0001F6D1 全球拦截" type: select proxies: - REJECT - DIRECT - name: "\U0001F41F 漏网之鱼" type: select proxies: - "\U0001F530 节点选择" - "\U0001F3AF 全球直连" - "♻️ 自动选择" - "\U0001F1ED\U0001F1F0 香港 01" - "\U0001F1ED\U0001F1F0 香港 02" rules: - DST-PORT,7895,REJECT - DST-PORT,7892,REJECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - IP-CIDR,148.100.77.235/32,DIRECT - DST-PORT,22,DIRECT - DOMAIN-SUFFIX,awesome-hd.me,DIRECT - DOMAIN-SUFFIX,broadcasthe.net,DIRECT - DOMAIN-SUFFIX,chdbits.co,DIRECT - DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT - DOMAIN-SUFFIX,empornium.me,DIRECT - DOMAIN-SUFFIX,gazellegames.net,DIRECT - DOMAIN-SUFFIX,hdchina.org,DIRECT - DOMAIN-SUFFIX,hdsky.me,DIRECT - DOMAIN-SUFFIX,icetorrent.org,DIRECT - DOMAIN-SUFFIX,jpopsuki.eu,DIRECT - DOMAIN-SUFFIX,keepfrds.com,DIRECT - DOMAIN-SUFFIX,madsrevolution.net,DIRECT - DOMAIN-SUFFIX,m-team.cc,DIRECT - DOMAIN-SUFFIX,nanyangpt.com,DIRECT - DOMAIN-SUFFIX,ncore.cc,DIRECT - DOMAIN-SUFFIX,open.cd,DIRECT - DOMAIN-SUFFIX,ourbits.club,DIRECT - DOMAIN-SUFFIX,passthepopcorn.me,DIRECT - DOMAIN-SUFFIX,privatehd.to,DIRECT - DOMAIN-SUFFIX,redacted.ch,DIRECT - DOMAIN-SUFFIX,springsunday.net,DIRECT - DOMAIN-SUFFIX,tjupt.org,DIRECT - DOMAIN-SUFFIX,totheglory.im,DIRECT - DOMAIN-SUFFIX,smtp,DIRECT - DOMAIN-KEYWORD,announce,DIRECT - DOMAIN-KEYWORD,torrent,DIRECT - DOMAIN-KEYWORD,tracker,DIRECT - "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连" - "IP-CIDR,148.100.77.235/32,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve" - "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve" - DOMAIN-KEYWORD,1drv,Ⓜ️ 微软服务 - DOMAIN-KEYWORD,microsoft,Ⓜ️ 微软服务 - DOMAIN-SUFFIX,aadrm.com,Ⓜ️ 微软服务 - DOMAIN-SUFFIX,bingapis.com,Ⓜ️ 微软服务 - "IP-CIDR,23.246.0.0/18,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,37.77.184.0/21,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,45.57.0.0/17,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,64.120.128.0/17,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,66.197.128.0/17,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,108.175.32.0/20,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,192.173.64.0/18,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,198.38.96.0/19,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,198.45.48.0/20,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,34.210.42.111/32,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,52.89.124.203/32,\U0001F3A5 NETFLIX,no-resolve" - "IP-CIDR,54.148.37.5/32,\U0001F3A5 NETFLIX,no-resolve" - "DOMAIN-SUFFIX,openai.com,\U0001F525 CHATGPT" - "DOMAIN,youtubei.googleapis.com,\U0001F525 YOUTUBE" - "DOMAIN,yt3.ggpht.com,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,pluto.tv,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,pluto.tv:443,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,youtube.com.hr,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,youtube.la,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,youtubego.in,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,youtubei.googleapis.com,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,youtubekids.com,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,youtubemobilesupport.com,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,yt.be,\U0001F525 YOUTUBE" - "DOMAIN-SUFFIX,ytimg.com,\U0001F525 YOUTUBE" - "DOMAIN-KEYWORD,youtube,\U0001F525 YOUTUBE" - "IP-CIDR,172.110.32.0/21,\U0001F525 YOUTUBE,no-resolve" - "IP-CIDR,216.73.80.0/20,\U0001F525 YOUTUBE,no-resolve" - "IP-CIDR6,2620:120:e000::/40,\U0001F525 YOUTUBE,no-resolve" - "DOMAIN-SUFFIX,jtvnw.net,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,ttvnw.net,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,kktv.com.tw,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,kktv.me,\U0001F30D 国外媒体" - "DOMAIN,kktv-theater.kk.stream,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,linetv.tw,\U0001F30D 国外媒体" - "DOMAIN,d3c7rimkq79yfu.cloudfront.net,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,litv.tv,\U0001F30D 国外媒体" - "DOMAIN,litvfreemobile-hichannel.cdn.hinet.net,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,api.mgtv.com,\U0001F30D 国外媒体" - "DOMAIN,hamifans.emome.net,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,byteoversea.com,\U0001F30D 国外媒体" - "DOMAIN,d1k2us671qcoau.cloudfront.net,\U0001F30D 国外媒体" - "DOMAIN,d2anahhhmp1ffz.cloudfront.net,\U0001F30D 国外媒体" - "DOMAIN,dfp6rglgjqszk.cloudfront.net,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,wetv.vip,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,wetvinfo.com,\U0001F30D 国外媒体" - "IP-CIDR,150.109.28.51/32,\U0001F30D 国外媒体,no-resolve" - "DOMAIN-SUFFIX,googlevideo.com,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,youtube.com,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,ytimg.com,\U0001F30D 国外媒体" - "DOMAIN,youtubei.googleapis.com,\U0001F30D 国外媒体" - "DOMAIN,yt3.ggpht.com,\U0001F30D 国外媒体" - "DOMAIN-SUFFIX,acg.tv,\U0001F30F 国内媒体" - "DOMAIN-SUFFIX,acgvideo.com,\U0001F30F 国内媒体" - "DOMAIN-SUFFIX,b23.tv,\U0001F30F 国内媒体" - "DOMAIN-SUFFIX,bilibili.com,\U0001F30F 国内媒体" - "DOMAIN-SUFFIX,api.mob.app.letv.com,\U0001F30F 国内媒体" - "DOMAIN-SUFFIX,v.smtcdns.com,\U0001F30F 国内媒体" - "DOMAIN-SUFFIX,vv.video.qq.com,\U0001F30F 国内媒体" - "DOMAIN-SUFFIX,youku.com,\U0001F30F 国内媒体" - "IP-CIDR,106.11.0.0/16,\U0001F30F 国内媒体,no-resolve" - "DOMAIN-SUFFIX,t.me,\U0001F4F2 电报信息" - "DOMAIN-SUFFIX,tdesktop.com,\U0001F4F2 电报信息" - "DOMAIN-SUFFIX,telegra.ph,\U0001F4F2 电报信息" - "DOMAIN-SUFFIX,telegram.me,\U0001F4F2 电报信息" - "DOMAIN-SUFFIX,telegram.org,\U0001F4F2 电报信息" - "DOMAIN-SUFFIX,telesco.pe,\U0001F4F2 电报信息" - "IP-CIDR,91.108.4.0/22,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,91.108.8.0/22,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,91.108.12.0/22,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,91.108.16.0/22,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,91.108.20.0/22,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,91.108.56.0/22,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,91.105.192.0/23,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,149.154.160.0/20,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR,185.76.151.0/24,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR6,2001:b28:f23d::/48,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR6,2001:b28:f23f::/48,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR6,2001:67c:4e8::/48,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR6,2001:b28:f23c::/48,\U0001F4F2 电报信息,no-resolve" - "IP-CIDR6,2a0a:f280::/32,\U0001F4F2 电报信息,no-resolve" - "DOMAIN-SUFFIX,amazon.co.jp,\U0001F530 节点选择" - "DOMAIN,d3c33hcgiwev3.cloudfront.net,\U0001F530 节点选择" - "DOMAIN,payments-jp.amazon.com,\U0001F530 节点选择" - "DOMAIN,s3-ap-northeast-1.amazonaws.com,\U0001F530 节点选择" - "DOMAIN,s3-ap-southeast-2.amazonaws.com,\U0001F530 节点选择" - "DOMAIN,a248.e.akamai.net,\U0001F530 节点选择" - "DOMAIN,a771.dscq.akamai.net,\U0001F530 节点选择" - "DOMAIN-SUFFIX,fb.me,\U0001F530 节点选择" - "DOMAIN-SUFFIX,fbaddins.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,spiegel.de,\U0001F530 节点选择" - "DOMAIN-SUFFIX,startpage.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,xhamster.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,xn--90wwvt03e.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,xn--i2ru8q2qg.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,xnxx.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,s3.amazonaws.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,zaobao.com.sg,\U0001F530 节点选择" - "DOMAIN,international-gfe.download.nvidia.com,\U0001F530 节点选择" - "DOMAIN-SUFFIX,aaplimg.com,\U0001F34E 苹果服务" - "DOMAIN-SUFFIX,apple.co,\U0001F34E 苹果服务" - "DOMAIN-SUFFIX,apple.com,\U0001F34E 苹果服务" - "IP-CIDR,205.180.175.0/24,\U0001F34E 苹果服务,no-resolve" - "DOMAIN-SUFFIX,zenki.cn,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,cntv.lat,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,mgtv.com,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,iqiyi.com,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,iqiyipic.com,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,71.am,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,jd.com,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,jd.hk,\U0001F3AF 全球直连" - "DOMAIN-SUFFIX,jdpay.com,\U0001F3AF 全球直连" - "DOMAIN-KEYWORD,XLLiveUD,\U0001F3AF 全球直连" - "GEOIP,CN,\U0001F3AF 全球直连" - PROCESS-NAME,aria2c,DIRECT - PROCESS-NAME,BitComet,DIRECT - PROCESS-NAME,fdm,DIRECT - PROCESS-NAME,NetTransport,DIRECT - PROCESS-NAME,qbittorrent,DIRECT - PROCESS-NAME,Thunder,DIRECT - PROCESS-NAME,transmission-daemon,DIRECT - PROCESS-NAME,transmission-qt,DIRECT - PROCESS-NAME,uTorrent,DIRECT - PROCESS-NAME,WebTorrent,DIRECT - PROCESS-NAME,Folx,DIRECT - PROCESS-NAME,Transmission,DIRECT - PROCESS-NAME,transmission,DIRECT - PROCESS-NAME,WebTorrent Helper,DIRECT - PROCESS-NAME,v2ray,DIRECT - PROCESS-NAME,ss-local,DIRECT - PROCESS-NAME,ssr-local,DIRECT - PROCESS-NAME,ss-redir,DIRECT - PROCESS-NAME,ssr-redir,DIRECT - PROCESS-NAME,ss-server,DIRECT - PROCESS-NAME,trojan-go,DIRECT - PROCESS-NAME,xray,DIRECT - PROCESS-NAME,hysteria,DIRECT - PROCESS-NAME,UUBooster,DIRECT - PROCESS-NAME,uugamebooster,DIRECT - "DST-PORT,80,\U0001F41F 漏网之鱼" - "DST-PORT,443,\U0001F41F 漏网之鱼" - "DST-PORT,22,\U0001F41F 漏网之鱼" - MATCH,DIRECT redir-port: 7892 tproxy-port: 7895 mixed-port: 7893 bind-address: "*" external-ui: "/usr/share/openclash/ui" ipv6: false geodata-mode: true geodata-loader: standard tcp-concurrent: true unified-delay: true dns: enable: true ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 listen: 0.0.0.0:7874 nameserver: - 202.106.195.68 fallback: - https://dns.cloudflare.com/dns-query - https://public.dns.iij.jp/dns-query - https://dns.oszx.co/dns-query fake-ip-filter: - "*.lan" - "*.localdomain" - "*.example" - "*.invalid" - "*.localhost" - "*.test" - "*.local" - "*.home.arpa" - time.*.com - time.*.gov - time.*.edu.cn - time.*.apple.com - time-ios.apple.com - time1.*.com - time2.*.com - time3.*.com - time4.*.com - time5.*.com - time6.*.com - time7.*.com - ntp.*.com - ntp1.*.com - ntp2.*.com - ntp3.*.com - ntp4.*.com - ntp5.*.com - ntp6.*.com - ntp7.*.com - "*.time.edu.cn" - "*.ntp.org.cn" - "+.pool.ntp.org" - time1.cloud.tencent.com - "*.metahubs.cn" - "*.zsecs.com" - music.163.com - "*.xiaohongshu.com" - "*.music.163.com" - "*.126.net" - "*.baidu.com" - musicapi.taihe.com - music.taihe.com - songsearch.kugou.com - trackercdn.kugou.com - "*.kuwo.cn" - api-jooxtt.sanook.com - api.joox.com - joox.com - y.qq.com - "*.y.qq.com" - streamoc.music.tc.qq.com - mobileoc.music.tc.qq.com - isure.stream.qqmusic.qq.com - dl.stream.qqmusic.qq.com - aqqmusic.tc.qq.com - amobile.music.tc.qq.com - "*.xiami.com" - "*.music.migu.cn" - music.migu.cn - "+.msftconnecttest.com" - "+.msftncsi.com" - localhost.ptlogin2.qq.com - localhost.sec.qq.com - "+.qq.com" - "+.tencent.com" - "+.srv.nintendo.net" - "*.n.n.srv.nintendo.net" - "+.stun.playstation.net" - xbox.*.*.microsoft.com - "*.*.xboxlive.com" - xbox.*.microsoft.com - xnotify.xboxlive.com - "+.battlenet.com.cn" - "+.wotgame.cn" - "+.wggames.cn" - "+.wowsgame.cn" - "+.wargaming.net" - proxy.golang.org - stun.*.* - stun.*.*.* - "+.stun.*.*" - "+.stun.*.*.*" - "+.stun.*.*.*.*" - "+.stun.*.*.*.*.*" - heartbeat.belkin.com - "*.linksys.com" - "*.linksyssmartwifi.com" - "*.router.asus.com" - mesu.apple.com - swscan.apple.com - swquery.apple.com - swdownload.apple.com - swcdn.apple.com - swdist.apple.com - lens.l.google.com - stun.l.google.com - na.b.g-tun.com - "+.nflxvideo.net" - "*.square-enix.com" - "*.finalfantasyxiv.com" - "*.ffxiv.com" - "*.ff14.sdo.com" - ff.dorado.sdo.com - "*.mcdn.bilivideo.cn" - "+.media.dssott.com" - shark007.net - Mijia Cloud - "+.cmbchina.com" - "+.cmbimg.com" - local.adguard.org - "+.sandai.net" - "+.n0808.com" - services.googleapis.cn sniffer: enable: true force-domain: - "+.netflix.com" - "+.nflxvideo.net" - "+.amazonaws.com" - "+.media.dssott.com" - "+.metahubs.cn" - "+.baidu.com" - "+.zsecs.com" skip-domain: - "+.apple.com" - Mijia Cloud - dlg.io.mi.com sniff: TLS: HTTP: ports: - 80 - 8080-8880 override-destination: true tun: enable: true stack: system device: utun auto-route: false auto-detect-interface: false dns-hijack: - tcp://any:53 profile: store-selected: true store-fake-ip: true authentication: - Clash:h84R7QaE #===================== 自定义覆写设置 =====================# #!/bin/sh . /usr/share/openclash/ruby.sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts LOG_OUT "Tip: Start Running Custom Overwrite Scripts..." LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S")) LOG_FILE="/tmp/openclash.log" CONFIG_FILE="$1" #config path #Simple Demo: #General Demo #1--config path #2--key name #3--value #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892" #ruby_edit "$CONFIG_FILE" "['secret']" "123456" #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true" #Hash Demo #1--config path #2--key name #3--hash type value #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}" #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}" #Array Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114" #Array Add From Yaml File Demo: #1--config path #2--key name #3--position(start from 0, end with -1) #4--value file path #5--value key name in #4 file #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']" #Ruby Script Demo: #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e " # begin # Value = YAML.load_file('$CONFIG_FILE'); # rescue Exception => e # puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】'; # end; #General # begin # Thread.new{ # Value['redir-port']=7892; # Value['tproxy-port']=7895; # Value['port']=7890; # Value['socks-port']=7891; # Value['mixed-port']=7893; # }.join; # rescue Exception => e # puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】'; # ensure # File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)}; # end" 2>/dev/null >> $LOG_FILE exit 0 #===================== 自定义防火墙设置 =====================# #!/bin/sh . /usr/share/openclash/log.sh . /lib/functions.sh # This script is called by /etc/init.d/openclash # Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules LOG_OUT "Tip: Start Add Custom Firewall Rules..." exit 0 #===================== IPTABLES 防火墙设置 =====================# #IPv4 NAT chain # Generated by iptables-save v1.8.7 on Sun Nov 26 13:20:16 2023 *nat :PREROUTING ACCEPT [84:36308] :INPUT ACCEPT [514:32078] :OUTPUT ACCEPT [799:51910] :POSTROUTING ACCEPT [805:52190] :MINIUPNPD - [0:0] :MINIUPNPD-POSTROUTING - [0:0] :openclash - [0:0] :openclash_output - [0:0] :openclash_post - [0:0] :postrouting_VPN_rule - [0:0] :postrouting_iptv_rule - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :prerouting_VPN_rule - [0:0] :prerouting_iptv_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :zone_VPN_postrouting - [0:0] :zone_VPN_prerouting - [0:0] :zone_iptv_postrouting - [0:0] :zone_iptv_prerouting - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053 -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 3053 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i eth0.24 -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i utun -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_prerouting -A PREROUTING -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_prerouting -A PREROUTING -d 172.18.0.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053 -A PREROUTING -d 172.19.0.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053 -A PREROUTING -d 172.17.0.1/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053 -A PREROUTING -d 192.168.1.8/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053 -A PREROUTING -d 192.168.24.2/32 -p udp -m udp --dport 53 -j REDIRECT --to-ports 3053 -A PREROUTING -p tcp -j openclash -A OUTPUT -j openclash_output -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o eth0.24 -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o utun -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_postrouting -A POSTROUTING -o eth0.17 -m comment --comment "!fw3" -j zone_iptv_postrouting -A POSTROUTING -m comment --comment "OpenClash Bypass Gateway Compatible" -j openclash_post -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN -A openclash -p tcp -j REDIRECT --to-ports 7892 -A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A openclash_post -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN -A openclash_post -m mark --mark 0x162 -j ACCEPT -A openclash_post -m set --match-set localnetwork dst -j RETURN -A openclash_post -m addrtype ! --src-type LOCAL -m owner ! --uid-owner 65534 -j MASQUERADE -A postrouting_rule -d 192.168.1.0/24 -j MASQUERADE -A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule -A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule -A zone_iptv_postrouting -m comment --comment "!fw3: Custom iptv postrouting rule chain" -j postrouting_iptv_rule -A zone_iptv_prerouting -m comment --comment "!fw3: Custom iptv prerouting rule chain" -j prerouting_iptv_rule -A zone_lan_postrouting -j MINIUPNPD-POSTROUTING -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -j MINIUPNPD -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule COMMIT # Completed on Sun Nov 26 13:20:16 2023 #IPv4 Mangle chain # Generated by iptables-save v1.8.7 on Sun Nov 26 13:20:16 2023 *mangle :PREROUTING ACCEPT [15504:3301894] :INPUT ACCEPT [15331:3255793] :FORWARD ACCEPT [173:46101] :OUTPUT ACCEPT [16005:16654865] :POSTROUTING ACCEPT [16155:16669497] :openclash - [0:0] :openclash_dns_hijack - [0:0] :openclash_output - [0:0] :openclash_upnp - [0:0] -A PREROUTING -p udp -j openclash -A OUTPUT -j openclash_output -A openclash -i utun -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN -A openclash -p udp -j openclash_upnp -A openclash -j MARK --set-xmark 0x162/0xffffffff -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN -A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff COMMIT # Completed on Sun Nov 26 13:20:16 2023 #IPv4 Filter chain # Generated by iptables-save v1.8.7 on Sun Nov 26 13:20:16 2023 *filter :INPUT ACCEPT [9:520] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :MINIUPNPD - [0:0] :SOCAT - [0:0] :forwarding_VPN_rule - [0:0] :forwarding_iptv_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :input_VPN_rule - [0:0] :input_iptv_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :output_VPN_rule - [0:0] :output_iptv_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :reject - [0:0] :zone_VPN_dest_ACCEPT - [0:0] :zone_VPN_forward - [0:0] :zone_VPN_input - [0:0] :zone_VPN_output - [0:0] :zone_VPN_src_ACCEPT - [0:0] :zone_iptv_dest_ACCEPT - [0:0] :zone_iptv_forward - [0:0] :zone_iptv_input - [0:0] :zone_iptv_output - [0:0] :zone_iptv_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A INPUT -j SOCAT -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -i eth0.24 -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input -A INPUT -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_input -A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable -A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT -A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i eth0.24 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward -A FORWARD -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_forward -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o eth0.24 -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output -A OUTPUT -o eth0.17 -m comment --comment "!fw3" -j zone_iptv_output -A forwarding_rule -d 192.168.1.0/24 -j ACCEPT -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable -A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT -A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule -A zone_VPN_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule -A zone_VPN_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT -A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule -A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_iptv_dest_ACCEPT -o eth0.17 -m comment --comment "!fw3" -j ACCEPT -A zone_iptv_forward -m comment --comment "!fw3: Custom iptv forwarding rule chain" -j forwarding_iptv_rule -A zone_iptv_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_iptv_forward -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT -A zone_iptv_input -m comment --comment "!fw3: Custom iptv input rule chain" -j input_iptv_rule -A zone_iptv_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_iptv_input -m comment --comment "!fw3" -j zone_iptv_src_ACCEPT -A zone_iptv_output -m comment --comment "!fw3: Custom iptv output rule chain" -j output_iptv_rule -A zone_iptv_output -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT -A zone_iptv_src_ACCEPT -i eth0.17 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o eth0.24 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i eth0.24 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT COMMIT # Completed on Sun Nov 26 13:20:16 2023 #IPv6 NAT chain # Generated by ip6tables-save v1.8.7 on Sun Nov 26 13:20:16 2023 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [623:75324] :POSTROUTING ACCEPT [623:75324] COMMIT # Completed on Sun Nov 26 13:20:16 2023 #IPv6 Mangle chain # Generated by ip6tables-save v1.8.7 on Sun Nov 26 13:20:16 2023 *mangle :PREROUTING ACCEPT [2550:314690] :INPUT ACCEPT [2482:308502] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [2464:310215] :POSTROUTING ACCEPT [2618:356816] COMMIT # Completed on Sun Nov 26 13:20:16 2023 #IPv6 Filter chain # Generated by ip6tables-save v1.8.7 on Sun Nov 26 13:20:16 2023 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :MINIUPNPD - [0:0] :SOCAT - [0:0] :forwarding_VPN_rule - [0:0] :forwarding_iptv_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :input_VPN_rule - [0:0] :input_iptv_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :output_VPN_rule - [0:0] :output_iptv_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :reject - [0:0] :zone_VPN_dest_ACCEPT - [0:0] :zone_VPN_forward - [0:0] :zone_VPN_input - [0:0] :zone_VPN_output - [0:0] :zone_VPN_src_ACCEPT - [0:0] :zone_iptv_dest_ACCEPT - [0:0] :zone_iptv_forward - [0:0] :zone_iptv_input - [0:0] :zone_iptv_output - [0:0] :zone_iptv_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] -A INPUT -j SOCAT -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -i eth0.24 -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input -A INPUT -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i eth0.24 -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward -A FORWARD -i eth0.17 -m comment --comment "!fw3" -j zone_iptv_forward -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o eth0.24 -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output -A OUTPUT -o eth0.17 -m comment --comment "!fw3" -j zone_iptv_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable -A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT -A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule -A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule -A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT -A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule -A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_iptv_dest_ACCEPT -o eth0.17 -m comment --comment "!fw3" -j ACCEPT -A zone_iptv_forward -m comment --comment "!fw3: Custom iptv forwarding rule chain" -j forwarding_iptv_rule -A zone_iptv_forward -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT -A zone_iptv_input -m comment --comment "!fw3: Custom iptv input rule chain" -j input_iptv_rule -A zone_iptv_input -m comment --comment "!fw3" -j zone_iptv_src_ACCEPT -A zone_iptv_output -m comment --comment "!fw3: Custom iptv output rule chain" -j output_iptv_rule -A zone_iptv_output -m comment --comment "!fw3" -j zone_iptv_dest_ACCEPT -A zone_iptv_src_ACCEPT -i eth0.17 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o eth0.24 -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -j MINIUPNPD -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i eth0.24 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT COMMIT # Completed on Sun Nov 26 13:20:16 2023 #===================== IPSET状态 =====================# Name: cn Type: hash:net Revision: 7 Header: family inet hashsize 4096 maxelem 65536 bucketsize 12 initval 0x5ec157a7 Size in memory: 255560 References: 0 Number of entries: 8618 Name: ct Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xfe9fc41a Size in memory: 60176 References: 0 Number of entries: 1962 Name: cnc Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x78379e11 Size in memory: 32528 References: 0 Number of entries: 915 Name: cmcc Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x1c7be52e Size in memory: 3104 References: 0 Number of entries: 55 Name: crtc Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xd05016ac Size in memory: 1232 References: 0 Number of entries: 16 Name: cernet Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x68745f29 Size in memory: 8336 References: 0 Number of entries: 171 Name: gwbn Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x726410f6 Size in memory: 12704 References: 0 Number of entries: 290 Name: othernet Type: hash:net Revision: 7 Header: family inet hashsize 2048 maxelem 65536 bucketsize 12 initval 0xaf73d5b0 Size in memory: 150824 References: 0 Number of entries: 5209 Name: music Type: hash:ip Revision: 5 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x68d77d87 Size in memory: 928 References: 0 Number of entries: 18 Name: mwan3_connected_v4 Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb7e8f3ba Size in memory: 1520 References: 1 Number of entries: 22 Name: mwan3_connected_v6 Type: hash:net Revision: 7 Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa9b7089a Size in memory: 1320 References: 1 Number of entries: 1 Name: mwan3_source_v6 Type: hash:net Revision: 7 Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xeef7cb7d Size in memory: 1248 References: 0 Number of entries: 0 Name: mwan3_dynamic_v4 Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa8f0d71e Size in memory: 464 References: 1 Number of entries: 0 Name: mwan3_dynamic_v6 Type: hash:net Revision: 7 Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x7d1ddfff Size in memory: 1248 References: 1 Number of entries: 0 Name: mwan3_custom_v4 Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb70d2eb5 Size in memory: 464 References: 1 Number of entries: 0 Name: mwan3_custom_v6 Type: hash:net Revision: 7 Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xfda0beab Size in memory: 1248 References: 1 Number of entries: 0 Name: lan_ac_black_ports Type: bitmap:port Revision: 3 Header: range 0-65535 Size in memory: 8272 References: 5 Number of entries: 4 Name: localnetwork Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa8de5e30 Size in memory: 944 References: 10 Number of entries: 10 Name: china_ip_route Type: hash:net Revision: 7 Header: family inet hashsize 2048 maxelem 1000000 bucketsize 12 initval 0x46707ec3 Size in memory: 232712 References: 1 Number of entries: 8645 Name: china_ip_route_pass Type: hash:net Revision: 7 Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0xb5c68745 Size in memory: 656 References: 0 Number of entries: 4 Name: mwan3_connected Type: list:set Revision: 3 Header: size 8 Size in memory: 376 References: 0 Number of entries: 6 #===================== 路由表状态 =====================# #IPv4 #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.24.1 0.0.0.0 UG 0 0 0 eth0.24 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-b6e502c2aef8 172.19.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-c0bce1d8eab2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.17 192.168.24.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.24 198.18.0.0 0.0.0.0 255.255.255.252 U 0 0 0 utun #ip route list default via 192.168.24.1 dev eth0.24 proto static 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 172.18.0.0/16 dev br-b6e502c2aef8 proto kernel scope link src 172.18.0.1 172.19.0.0/16 dev br-c0bce1d8eab2 proto kernel scope link src 172.19.0.1 192.168.1.0/24 dev eth0.17 proto kernel scope link src 192.168.1.8 192.168.24.0/24 dev eth0.24 proto kernel scope link src 192.168.24.2 198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1 #ip rule show 0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default #IPv6 #route -A inet6 Kernel IPv6 routing table Destination Next Hop Flags Metric Ref Use Iface fe80::/64 :: U 256 1 0 eth0 fe80::/64 :: U 256 1 0 eth0.17 fe80::/64 :: U 256 1 0 eth0.24 fe80::/64 :: U 256 1 0 br-c0bce1d8eab2 fe80::/64 :: U 256 1 0 br-b6e502c2aef8 fe80::/64 :: U 256 1 0 vethccc4119 fe80::/64 :: U 256 1 0 veth0dbeb66 fe80::/64 :: U 256 1 0 vethfbc71bb fe80::/64 :: U 256 1 0 vethd2dc31a fe80::/64 :: U 256 1 0 veth118cc1b fe80::/64 :: U 256 1 0 veth2928583 fe80::/64 :: U 256 1 0 veth07615a2 fe80::/64 :: U 256 1 0 utun ::/0 :: !n -1 1 0 lo ::1/128 :: Un 0 6 0 lo fe80::/128 :: Un 0 6 0 eth0 fe80::/128 :: Un 0 3 0 eth0.24 fe80::/128 :: Un 0 3 0 eth0.17 fe80::/128 :: Un 0 3 0 br-b6e502c2aef8 fe80::/128 :: Un 0 3 0 br-c0bce1d8eab2 fe80::/128 :: Un 0 3 0 vethccc4119 fe80::/128 :: Un 0 3 0 veth0dbeb66 fe80::/128 :: Un 0 3 0 vethd2dc31a fe80::/128 :: Un 0 3 0 vethfbc71bb fe80::/128 :: Un 0 3 0 veth118cc1b fe80::/128 :: Un 0 3 0 veth2928583 fe80::/128 :: Un 0 3 0 veth07615a2 fe80::/128 :: Un 0 3 0 utun fe80::42:45ff:feb7:65d8/128 :: Un 0 2 0 br-c0bce1d8eab2 fe80::42:a8ff:fed7:df05/128 :: Un 0 3 0 br-b6e502c2aef8 fe80::18cb:6fff:fe21:382c/128 :: Un 0 2 0 vethccc4119 fe80::5c6a:88ff:feee:7b53/128 :: Un 0 3 0 vethd2dc31a fe80::6891:6dff:fec1:d1c3/128 :: Un 0 3 0 veth07615a2 fe80::7c6d:55ff:fe36:2551/128 :: Un 0 2 0 vethfbc71bb fe80::96c6:91ff:fea8:4180/128 :: Un 0 6 0 eth0 fe80::96c6:91ff:fea8:4180/128 :: Un 0 2 0 eth0.24 fe80::96c6:91ff:fea8:4180/128 :: Un 0 2 0 eth0.17 fe80::9c4f:adff:fe77:5021/128 :: Un 0 2 0 veth118cc1b fe80::adc5:43bc:2cc9:f918/128 :: Un 0 2 0 utun fe80::ec3a:a8ff:feea:a142/128 :: Un 0 3 0 veth2928583 fe80::fc41:73ff:fe60:f320/128 :: Un 0 2 0 veth0dbeb66 ff00::/8 :: U 256 4 0 eth0 ff00::/8 :: U 256 4 0 eth0.17 ff00::/8 :: U 256 5 0 eth0.24 ff00::/8 :: U 256 5 0 br-c0bce1d8eab2 ff00::/8 :: U 256 5 0 br-b6e502c2aef8 ff00::/8 :: U 256 3 0 vethccc4119 ff00::/8 :: U 256 3 0 veth0dbeb66 ff00::/8 :: U 256 3 0 vethfbc71bb ff00::/8 :: U 256 3 0 vethd2dc31a ff00::/8 :: U 256 3 0 veth118cc1b ff00::/8 :: U 256 3 0 veth2928583 ff00::/8 :: U 256 3 0 veth07615a2 ff00::/8 :: U 256 5 0 utun ::/0 :: !n -1 1 0 lo #ip -6 route list fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0.17 proto kernel metric 256 pref medium fe80::/64 dev eth0.24 proto kernel metric 256 pref medium fe80::/64 dev br-c0bce1d8eab2 proto kernel metric 256 pref medium fe80::/64 dev br-b6e502c2aef8 proto kernel metric 256 pref medium fe80::/64 dev vethccc4119 proto kernel metric 256 pref medium fe80::/64 dev veth0dbeb66 proto kernel metric 256 pref medium fe80::/64 dev vethfbc71bb proto kernel metric 256 pref medium fe80::/64 dev vethd2dc31a proto kernel metric 256 pref medium fe80::/64 dev veth118cc1b proto kernel metric 256 pref medium fe80::/64 dev veth2928583 proto kernel metric 256 pref medium fe80::/64 dev veth07615a2 proto kernel metric 256 pref medium fe80::/64 dev utun proto kernel metric 256 pref medium #ip -6 rule show 0: from all lookup local 32766: from all lookup main 4200000001: from all iif lo failed_policy 4200000004: from all iif eth0.17 failed_policy 4200000005: from all iif eth0.24 failed_policy 4200000043: from all iif utun failed_policy #===================== Tun设备状态 =====================# utun: tun #===================== 端口占用状态 =====================# tcp 0 0 198.18.0.1:39731 0.0.0.0:* LISTEN 5930/clash tcp 0 0 :::19090 :::* LISTEN 5930/clash tcp 0 0 :::7895 :::* LISTEN 5930/clash tcp 0 0 :::7892 :::* LISTEN 5930/clash tcp 0 0 :::7893 :::* LISTEN 5930/clash tcp 0 0 :::7890 :::* LISTEN 5930/clash tcp 0 0 :::7891 :::* LISTEN 5930/clash udp 0 0 :::38994 :::* 5930/clash udp 0 0 :::7874 :::* 5930/clash udp 0 0 :::7891 :::* 5930/clash udp 0 0 :::7892 :::* 5930/clash udp 0 0 :::7893 :::* 5930/clash udp 0 0 :::7895 :::* 5930/clash #===================== 测试本机DNS查询(www.baidu.com) =====================# Server: 127.0.0.1 Address: 127.0.0.1:53 www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com Address: 110.242.68.4 Name: www.a.shifen.com Address: 110.242.68.3 Non-authoritative answer: www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com Address: 2408:871a:2100:3:0:ff:b025:348d Name: www.a.shifen.com Address: 2408:871a:2100:2:0:ff:b09f:237 #===================== 测试内核DNS查询(www.instagram.com) =====================# Status: 0 TC: false RD: true RA: true AD: false CD: false Question: Name: www.instagram.com. Qtype: 1 Qclass: 1 Answer: TTL: 3564 data: geo-p42.instagram.com. name: www.instagram.com. type: 5 TTL: 3564 data: z-p42-instagram.c10r.instagram.com. name: geo-p42.instagram.com. type: 5 TTL: 24 data: 157.240.22.174 name: z-p42-instagram.c10r.instagram.com. type: 1 Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto #===================== /tmp/resolv.conf.d/resolv.conf.auto =====================# # Interface lan nameserver 202.106.195.68 ### OpenClash Config ```shell 1
能连上就行了
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
这有没有可能是交换机的问题?
Verify Steps
OpenClash Version
v0.45.152-beta
Bug on Environment
Lean
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
fake-ip混合模式,旁路由
Describe the Bug
这类问题很多场景出现了。
OpenClash Log
OpenClash 调试日志
生成时间: 2023-11-26 13:20:15 插件版本: v0.45.152-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
Expected Behavior
能连上就行了
Screenshots