[Bug] openclash reload firewall on mode tun and mix repeatedly

[zero2black]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.155-beta

Bug on Environment

Other

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

Just start openclash and wait sometimes then openclash reload continues

Describe the Bug

Openclash suddenly reload firewall if network refresh due firewall trigger

OpenClash Log

OpenClash 调试日志

生成时间: 2023-11-27 22:46:29 插件版本: v0.45.155-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: HP HP t628 Thin Client
固件版本: ImmortalWrt 23.05.1 r27304-31bc47589e
LuCI版本: git-23.323.25576-ef326c3
内核版本: 5.15.137
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 未安装
coreutils-nohup: 未安装
bash: 未安装
curl: 未安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
kmod-nft-tproxy: 已安装

#===================== 内核检查 =====================#

运行状态: 未运行
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g8c3557e
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/z2b.yaml
启动配置文件: /etc/openclash/z2b.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

rule-providers:
  rl_combolite:
    type: file
    behavior: classical
    path: "./rule_provider/xl_combolite.yaml"
  rule_basicads:
    type: http
    behavior: domain
    url: https://raw.githubusercontent.com/malikshi/open_clash/main/rule_provider/rule_basicads.yaml
    path: "./rule_provider/rule_basicads.yaml"
    interval: 43200
  rule_personalads:
    type: http
    behavior: classical
    url: https://raw.githubusercontent.com/malikshi/open_clash/main/rule_provider/rule_personalads.yaml
    path: "./rule_provider/rule_personalads.yaml"
    interval: 86400
proxy-groups:
- name: lb_eth
  type: load-balance
  strategy: round-robin
  proxies:
  - u_0
  - u_1
  url: http://www.gstatic.com/generate_204
  interval: 300
- name: at_eth
  type: fallback
  proxies:
  - u_0
  - u_1
  url: http://www.gstatic.com/generate_204
  interval: 100
- name: game
  type: select
  disable-udp: false
  proxies:
  - u_0
  - u_1
  - at_eth
  url: http://www.gstatic.com/generate_204
  interval: 100
- name: e_1
  type: select
  disable-udp: false
  interface-name: eth1
  proxies:
  - DIRECT
- name: u_0
  type: select
  disable-udp: false
  interface-name: usb0
  proxies:
  - DIRECT
- name: u_1
  type: select
  disable-udp: false
  interface-name: usb1
  proxies:
  - DIRECT
- name: combolite
  type: select
  disable-udp: false
  proxies:
  - u_0
  - u_1
  - at_eth
- name: s_vpn
  type: select
  disable-udp: false
  use:
  - PP-vpn
- name: TrafficAds
  type: select
  proxies:
  - REJECT
  - u_0
  - u_1
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,rule_personalads,TrafficAds
- RULE-SET,rule_basicads,TrafficAds
- RULE-SET,rl_combolite,combolite
- MATCH,GLOBAL
unified-delay: true
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
interface-name: usb0
tcp-concurrent: true
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 8.8.8.8
  - 8.8.4.4
  - https://dns.google/dns-query
  - tls://dns.google
sniffer:
  enable: true
  parse-pure-ip: true
  force-domain:
  - "+.netflix.com"
  - "+.nflxvideo.net"
  - "+.amazonaws.com"
  - "+.media.dssott.com"
  skip-domain:
  - "+.apple.com"
  - Mijia Cloud
  - dlg.io.mi.com
  sniff:
    TLS:
      ports:
      - 443
      - 8443
    HTTP:
      ports:
      - 80
      - 8080-8880
      override-destination: true
tun:
  enable: true
  stack: system
  device: utun
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
authentication:
- Clash:h1WlmTnb

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.8 (nf_tables) on Mon Nov 27 22:46:32 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Nov 27 22:46:32 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.8 (nf_tables) on Mon Nov 27 22:46:32 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Nov 27 22:46:32 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.8 (nf_tables) on Mon Nov 27 22:46:32 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Mon Nov 27 22:46:32 2023

#IPv6 NAT chain

#IPv6 Mangle chain

#IPv6 Filter chain

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        iifname "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state established,related accept comment "!fw4: Allow inbound established and related flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname { "utun", "br-lan" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname { "usb0", "usb1", "eth1", "eth2" } jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy drop;
        meta l4proto { tcp, udp } flow add @ft
        ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
        iifname { "utun", "br-lan" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname { "usb0", "usb1", "eth1", "eth2" } jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        jump handle_reject
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        iifname { "usb0", "usb1", "eth1", "eth2" } jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic"
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname { "usb0", "usb1", "eth1", "eth2" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
    }
}

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.68.237  0.0.0.0         UG    1000   0        0 usb0
0.0.0.0         192.168.42.129  0.0.0.0         UG    2000   0        0 usb1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.42.0    0.0.0.0         255.255.255.0   U     2000   0        0 usb1
192.168.68.0    0.0.0.0         255.255.255.0   U     1000   0        0 usb0

#ip route list
default via 192.168.68.237 dev usb0 proto static src 192.168.68.156 metric 1000 
default via 192.168.42.129 dev usb1 proto static src 192.168.42.105 metric 2000 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
192.168.42.0/24 dev usb1 proto static scope link metric 2000 
192.168.68.0/24 dev usb0 proto static scope link metric 1000 

#ip rule show
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
fdf2:c0b2:e998::/64                         ::                                      U     1024   5        0 br-lan  
fdf2:c0b2:e998::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    1        0 usb0    
fe80::/64                                   ::                                      U     256    1        0 usb1    
fe80::/64                                   ::                                      U     256    4        0 br-lan  
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
fdf2:c0b2:e998::/128                        ::                                      Un    0      3        0 br-lan  
fdf2:c0b2:e998::1/128                       ::                                      Un    0      7        0 br-lan  
fe80::/128                                  ::                                      Un    0      7        0 usb1    
fe80::/128                                  ::                                      Un    0      3        0 usb0    
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::50:52ff:fe59:6d32/128                 ::                                      Un    0      2        0 usb0    
fe80::1262:e5ff:fe0a:a7d7/128               ::                                      Un    0      5        0 br-lan  
fe80::6896:dff:fe57:28dd/128                ::                                      Un    0      2        0 usb1    
ff00::/8                                    ::                                      U     256    6        0 br-lan  
ff00::/8                                    ::                                      U     256    5        0 usb0    
ff00::/8                                    ::                                      U     256    5        0 usb1    
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list
fdf2:c0b2:e998::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdf2:c0b2:e998::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev usb0 proto kernel metric 256 pref medium
fe80::/64 dev usb1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main

#===================== Tun设备状态 =====================#

#===================== 端口占用状态 =====================#

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
www.a.shifen.com    canonical name = www.wshifen.com
Name:   www.wshifen.com
Address: 103.235.47.103

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
www.a.shifen.com    canonical name = www.wshifen.com

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.auto =====================#

# Interface m_usb0
nameserver 192.168.68.237
# Interface m_usb1
nameserver 192.168.42.129

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface m_usb0
nameserver 192.168.68.237
# Interface m_usb1
nameserver 192.168.42.129

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Mon, 27 Nov 2023 15:46:34 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 404 
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 9708:115F77:C49493:DB52A1:6564B9BC
accept-ranges: bytes
date: Mon, 27 Nov 2023 15:46:35 GMT
via: 1.1 varnish
x-served-by: cache-nrt-rjtf7700061-NRT
x-cache: HIT
x-cache-hits: 1
x-timer: S1701099995.146204,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: ef96852578a9ee0ed9ab3ac7681238b29fc5b463
expires: Mon, 27 Nov 2023 15:51:35 GMT
source-age: 30
content-length: 14

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2023-11-27T22:41:19.305858456+07:00" level=info msg="Initial configuration complete, total time: 1ms"
time="2023-11-27T22:41:19.307698618+07:00" level=info msg="RESTful API listening at: [::]:9090"
time="2023-11-27T22:41:19.368471175+07:00" level=info msg="Authentication of local server updated"
time="2023-11-27T22:41:19.368533107+07:00" level=info msg="Sniffer is loaded and working"
time="2023-11-27T22:41:19.368558139+07:00" level=info msg="Use tcp concurrent"
time="2023-11-27T22:41:19.368756225+07:00" level=info msg="DNS server listening at: [::]:7874"
time="2023-11-27T22:41:19.368887745+07:00" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-11-27T22:41:19.369028302+07:00" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-11-27T22:41:19.369276019+07:00" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-11-27T22:41:19.369525669+07:00" level=info msg="TProxy server listening at: [::]:7895"
time="2023-11-27T22:41:19.369654921+07:00" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-11-27T22:41:19.373623979+07:00" level=info msg="[TUN] Tun adapter listening at: utun([198.18.0.1/30],[]), mtu: 9000, auto route: false, ip stack: System"
time="2023-11-27T22:41:19.373917789+07:00" level=info msg="Start initial compatible provider u_0"
time="2023-11-27T22:41:19.374000445+07:00" level=info msg="Start initial compatible provider u_1"
time="2023-11-27T22:41:19.374170714+07:00" level=info msg="Start initial compatible provider at_eth"
time="2023-11-27T22:41:19.374241587+07:00" level=info msg="Start initial compatible provider e_1"
time="2023-11-27T22:41:19.374309639+07:00" level=info msg="Start initial compatible provider game"
time="2023-11-27T22:41:19.374382599+07:00" level=info msg="Start initial compatible provider combolite"
time="2023-11-27T22:41:19.374451744+07:00" level=info msg="Start initial compatible provider TrafficAds"
time="2023-11-27T22:41:19.374501148+07:00" level=info msg="Start initial provider PP-vpn"
time="2023-11-27T22:41:19.374725165+07:00" level=info msg="Start initial compatible provider lb_eth"
time="2023-11-27T22:41:19.37482239+07:00" level=info msg="Start initial compatible provider default"
time="2023-11-27T22:41:19.375321449+07:00" level=info msg="Start initial provider rule_personalads"
time="2023-11-27T22:41:19.375327857+07:00" level=info msg="Start initial provider rl_combolite"
time="2023-11-27T22:41:19.375358529+07:00" level=info msg="Start initial provider rule_basicads"
2023-11-27 22:41:21 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-11-27 22:41:21 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-11-27 22:41:22 Tip: Waiting for TUN Interface Start...
2023-11-27 22:41:22 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-11-27 22:41:22 Tip: Start Add Custom Firewall Rules...
2023-11-27 22:41:23 Reload OpenClash Firewall Rules...
2023-11-27 22:41:25 Test The Config File First...
time="2023-11-27T22:41:26.511587872+07:00" level=info msg="Start initial configuration in progress"
time="2023-11-27T22:41:26.512973976+07:00" level=info msg="Geodata Loader mode: memconservative"
time="2023-11-27T22:41:26.513353586+07:00" level=info msg="Initial configuration complete, total time: 1ms"
2023-11-27 22:41:26 configuration file【/etc/openclash/z2b.yaml】test is successful
time="2023-11-27T22:41:26.984062045+07:00" level=info msg="Start initial configuration in progress"
time="2023-11-27T22:41:26.987900254+07:00" level=info msg="Geodata Loader mode: memconservative"
time="2023-11-27T22:41:26.988823791+07:00" level=info msg="Initial configuration complete, total time: 4ms"
time="2023-11-27T22:41:34.132454134+07:00" level=info msg="Start initial configuration in progress"
time="2023-11-27T22:41:34.133763977+07:00" level=info msg="Geodata Loader mode: memconservative"
time="2023-11-27T22:41:34.134146299+07:00" level=info msg="Initial configuration complete, total time: 1ms"
time="2023-11-27T22:41:34.136602773+07:00" level=info msg="RESTful API listening at: [::]:9090"
time="2023-11-27T22:41:34.182312223+07:00" level=info msg="Authentication of local server updated"
time="2023-11-27T22:41:34.182368648+07:00" level=info msg="Sniffer is loaded and working"
time="2023-11-27T22:41:34.18238936+07:00" level=info msg="Use tcp concurrent"
time="2023-11-27T22:41:34.182635301+07:00" level=info msg="DNS server listening at: [::]:7874"
time="2023-11-27T22:41:34.182706738+07:00" level=info msg="HTTP proxy listening at: [::]:7890"
time="2023-11-27T22:41:34.182887087+07:00" level=info msg="SOCKS proxy listening at: [::]:7891"
time="2023-11-27T22:41:34.183202064+07:00" level=info msg="Redirect proxy listening at: [::]:7892"
time="2023-11-27T22:41:34.183372633+07:00" level=info msg="TProxy server listening at: [::]:7895"
time="2023-11-27T22:41:34.183709475+07:00" level=info msg="Mixed(http+socks) proxy listening at: [::]:7893"
time="2023-11-27T22:41:34.188256444+07:00" level=info msg="[TUN] Tun adapter listening at: utun([198.18.0.1/30],[]), mtu: 9000, auto route: false, ip stack: System"
time="2023-11-27T22:41:34.188941984+07:00" level=info msg="Start initial compatible provider combolite"
time="2023-11-27T22:41:34.188950252+07:00" level=info msg="Start initial compatible provider default"
time="2023-11-27T22:41:34.18901204+07:00" level=info msg="Start initial provider PP-vpn"
time="2023-11-27T22:41:34.189147005+07:00" level=info msg="Start initial compatible provider lb_eth"
time="2023-11-27T22:41:34.189265841+07:00" level=info msg="Start initial compatible provider e_1"
time="2023-11-27T22:41:34.189359178+07:00" level=info msg="Start initial compatible provider at_eth"
time="2023-11-27T22:41:34.189423258+07:00" level=info msg="Start initial compatible provider game"
time="2023-11-27T22:41:34.18940137+07:00" level=info msg="Start initial compatible provider u_0"
time="2023-11-27T22:41:34.189088397+07:00" level=info msg="Start initial compatible provider TrafficAds"
time="2023-11-27T22:41:34.189052276+07:00" level=info msg="Start initial compatible provider u_1"
time="2023-11-27T22:41:34.190196651+07:00" level=info msg="Start initial provider rule_personalads"
time="2023-11-27T22:41:34.190309235+07:00" level=info msg="Start initial provider rule_basicads"
time="2023-11-27T22:41:34.190900526+07:00" level=info msg="Start initial provider rl_combolite"
2023-11-27 22:41:36 Tip: DNS Hijacking Mode is Dnsmasq Redirect...
2023-11-27 22:41:36 Tip: Firewall4 was Detected, Use NFTABLE Rules...
2023-11-27 22:41:37 Tip: Waiting for TUN Interface Start...
2023-11-27 22:41:37 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-11-27 22:41:37 Tip: Start Add Custom Firewall Rules...
2023-11-27 22:41:38 Reload OpenClash Firewall Rules...
2023-11-27 22:41:40 Test The Config File First...
time="2023-11-27T22:41:41.375308758+07:00" level=info msg="Start initial configuration in progress"
time="2023-11-27T22:41:41.376657613+07:00" level=info msg="Geodata Loader mode: memconservative"
time="2023-11-27T22:41:41.377001091+07:00" level=info msg="Initial configuration complete, total time: 1ms"
2023-11-27 22:41:41 configuration file【/etc/openclash/z2b.yaml】test is successful
time="2023-11-27T22:41:41.894027241+07:00" level=info msg="Start initial configuration in progress"
time="2023-11-27T22:41:41.895886099+07:00" level=info msg="Geodata Loader mode: memconservative"
time="2023-11-27T22:41:41.89637635+07:00" level=info msg="Initial configuration complete, total time: 2ms"
2023-11-27 22:41:11【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 30002 ms: Error】
2023-11-27 22:41:45 OpenClash Stoping...
2023-11-27 22:41:45 Step 1: Backup The Current Groups State...
2023-11-27 22:41:45 Step 2: Delete OpenClash Firewall Rules...
2023-11-27 22:41:45 Step 3: Close The OpenClash Daemons...
2023-11-27 22:41:46 Step 4: Close The Clash Core Process...
2023-11-27 22:41:47 Step 5: Restart Dnsmasq...
2023-11-27 22:41:48 Step 6: Delete OpenClash Residue File...
2023-11-27 22:41:48 OpenClash Already Stop!
2023-11-27 22:41:46【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】
2023-11-27 22:41:46【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】
2023-11-27 22:41:46【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】
2023-11-27 22:41:11【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 30002 ms: Error】
2023-11-27 22:41:44【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 30002 ms: Error】
2023-11-27 22:41:11【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】
2023-11-27 22:42:20【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】
2023-11-27 22:42:20【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】
2023-11-27 22:42:20【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】
2023-11-27 22:41:44【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 30002 ms: Error】
2023-11-27 22:41:44【/tmp/openclash_last_version】Download Failed:【curl: (6) Could not resolve host: raw.githubusercontent.com】

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

OpenClash Config

No response

Expected Behavior

I dont know why this happen

Screenshots

[phb1253439]

me to

[lux5am]

isn't it intended. openclash directly add firewall to inet fw4 table so it need to reload when the firewall reloaded.

[zero2black]

isn't it intended. openclash directly add firewall to inet fw4 table so it need to reload when the firewall reloaded.

I know about that after enabled openclash. But firewall reload more time

[lux5am]

isn't it intended. openclash directly add firewall to inet fw4 table so it need to reload when the firewall reloaded.

I know about that after enabled openclash. But firewall reload more time

of course it's reloaded after enabled. that's how it works

[zero2black]

isn't it intended. openclash directly add firewall to inet fw4 table so it need to reload when the firewall reloaded.

I know about that after enabled openclash. But firewall reload more time

of course it's reloaded after enabled. that's how it works

[lux5am]

isn't it intended. openclash directly add firewall to inet fw4 table so it need to reload when the firewall reloaded.

I know about that after enabled openclash. But firewall reload more time

of course it's reloaded after enabled. that's how it works

that's normal if your network keep changing. I got that too when I had an issue with my cable.

[zero2black]

isn't it intended. openclash directly add firewall to inet fw4 table so it need to reload when the firewall reloaded.

I know about that after enabled openclash. But firewall reload more time

of course it's reloaded after enabled. that's how it works

that's normal if your network keep changing. I got that too when I had an issue with my cable.

My network not changing..this is cause utun restart repeatedly..i know we need reload firewall but this is many time

[zero2black]

Os : immortalwrt 23.05.1 Device : x86_64 Step reproduce this issue

1. Enable meta core
2. Enable openclash wait until finish process
3. Go interface
4. Restart interface utun
5. Now you can get reload firewall repeatedly until you disable or enable openclash again

Thanks before

I solved my problem sed -i '\|/etc/init.d/openclash reload "firewall" >/dev/null 2>&1| s|^|#|' /etc/init.d/openclash echo "temporary fix reload firewall4 openclash"

[zero2black]

Fix on latest

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days