[Bug] 启动后始终IP.SB是国内

[ChenEeeee]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

0.45.157

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

正常启动

Describe the Bug

启动后，IP.SB还是获取到国内IP地址，未获取到代理IP

OpenClash Log

2023-12-16 13:45:48 警告：OpenClash 启动成功，检测到您启用了IPv6的DHCP服务，可能会造成连接异常！ 2023-12-16 13:45:48 第九步: 添加计划任务,启动进程守护程序... 2023-12-16 13:45:47 第八步: 重启 Dnsmasq 程序... 2023-12-16 13:45:47 提示：开始添加自定义防火墙规则... 2023-12-16 13:45:47 提示：正在根据防火墙端口转发和防火墙通信规则添加端口绕过规则... 2023-12-16 13:45:47 警告：设置仅允许内网功能失败，无法获取 IPv4 的 WAN 接口名称，请确保防火墙设置中 IPv4 WAN 区域的名称为 wan，如设备无 WAN 口请忽略此提示... 2023-12-16 13:45:47 提示：DNS 劫持未开启... 2023-12-16 13:45:47 第七步: 设置防火墙规则... 2023-12-16 13:45:46 第六步: 等待主程序下载外部文件... 2023-12-16 13:45:43 第五步: 检查内核启动状态... 2023-12-16 13:45:42 配置文件【/etc/openclash/1696243420955.yaml】测试成功... 2023-12-16 13:45:41 启动前调用内核测试配置文件... 2023-12-16 13:45:41 提示：检测到配置了 TUN 内核专属功能，调用 TUN 内核启动... 2023-12-16 13:45:41 第四步: 启动主程序... 2023-12-16 13:45:40 第二步: 组件运行前检查... 2023-12-16 13:45:40 第一步: 获取配置... 2023-12-16 13:45:40 OpenClash 开始启动... 2023-12-16 13:45:40 第六步：删除 OpenClash 残留文件... 2023-12-16 13:45:40 第五步: 重启 Dnsmasq 程序... 2023-12-16 13:45:40 第四步: 关闭 Clash 主程序... 2023-12-16 13:45:40 第三步: 关闭 OpenClash 守护程序... 2023-12-16 13:45:38 第二步: 删除 OpenClash 防火墙规则... 2023-12-16 13:45:38 第一步: 备份当前策略组状态... 2023-12-16 13:45:38 OpenClash 开始关闭... 2023-12-16 13:45:38 OpenClash 重新启动中...

OpenClash Config

OpenClash 调试日志

生成时间: 2023-12-16 13:48:18
插件版本: v0.45.157-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: VMware - Intel(R) Celeron(R) J4125 CPU @ 2.00GHz : 1C4T
固件版本: OpenWrt SNAPSHOT lede-master
LuCI版本: git-23.291.46448-4898ed2-1
内核版本: 6.1.60
处理器架构: 

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server

DNS劫持: 停用
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：TUN
进程pid: 31397 26016
运行权限: 31397: =ep
26016: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: 
Meta内核文件: 不存在
Meta内核运行权限: 否

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/1696243420955.yaml
启动配置文件: /etc/openclash/1696243420955.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

mixed-port: 7893
allow-lan: true
bind-address: "*"
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
dns:
  enable: true
  ipv6: false
  default-nameserver:
  - 223.5.5.5
  - 119.29.29.29
  - 192.168.31.1
  - 114.114.114.114
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  use-hosts: true
  nameserver:
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  - 192.168.31.1
  - 114.114.114.114
  - 119.29.29.29
  fallback:
  - https://doh.dns.sb/dns-query
  - https://dns.cloudflare.com/dns-query
  - https://dns.twnic.tw/dns-query
  - tls://8.8.4.4:853
  fallback-filter:
    geoip: true
    ipcidr:
    - 240.0.0.0/4
    - 0.0.0.0/32
  listen: 0.0.0.0:7874
  fake-ip-filter:
  - "+.*"
#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.31.1    0.0.0.0         UG    0      0        0 eth0
192.168.31.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0

#ip route list
default via 192.168.31.1 dev eth0 proto static 
192.168.31.0/24 dev eth0 proto kernel scope link src 192.168.31.106 

#ip rule show
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
fd88:8a62:c55e::/64                         ::                                      U     1024   1        0 eth0    
fd88:8a62:c55e::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    5        0 eth0    
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
fd88:8a62:c55e::/128                        ::                                      Un    0      3        0 eth0    
fd88:8a62:c55e::1/128                       ::                                      Un    0      3        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 eth0    
fe80::20c:29ff:fe53:c512/128                ::                                      Un    0      5        0 eth0    
ff00::/8                                    ::                                      U     256    7        0 eth0    
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list
fd88:8a62:c55e::/64 dev eth0 proto static metric 1024 pref medium
unreachable fd88:8a62:c55e::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main
4200000001: from all iif lo failed_policy
4200000004: from all iif eth0 failed_policy

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      26016/clash
tcp        0      0 :::7891                 :::*                    LISTEN      26016/clash
tcp        0      0 :::7895                 :::*                    LISTEN      26016/clash
tcp        0      0 :::7892                 :::*                    LISTEN      26016/clash
tcp        0      0 :::7893                 :::*                    LISTEN      26016/clash
tcp        0      0 :::9090                 :::*                    LISTEN      26016/clash
udp        0      0 :::7874                 :::*                                26016/clash
udp        0      0 :::7891                 :::*                                26016/clash
udp        0      0 :::7892                 :::*                                26016/clash
udp        0      0 :::7893                 :::*                                26016/clash
udp        0      0 :::7895                 :::*                                26016/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 120.232.145.144
Name:   www.a.shifen.com
Address: 120.232.145.185

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 2409:8c54:870:67:0:ff:b0c2:ad75
Name:   www.a.shifen.com
Address: 2409:8c54:870:34e:0:ff:b024:1916

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 2873
  data: geo-p42.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 1053
  data: z-p42-instagram.c10r.instagram.com.
  name: geo-p42.instagram.com.
  type: 5

  TTL: 60
  data: 157.240.199.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface lan
nameserver 192.168.31.1

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 16 Dec 2023 05:48:21 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

#===================== 最近运行日志(自动切换为Debug模式) =====================#

2023-12-16 13:45:38 OpenClash Restart...
2023-12-16 13:45:38 OpenClash Stoping...
2023-12-16 13:45:38 Step 1: Backup The Current Groups State...
2023-12-16 13:45:38 Step 2: Delete OpenClash Firewall Rules...
2023-12-16 13:45:40 Step 3: Close The OpenClash Daemons...
2023-12-16 13:45:40 Step 4: Close The Clash Core Process...
2023-12-16 13:45:40 Step 5: Restart Dnsmasq...
2023-12-16 13:45:40 Step 6: Delete OpenClash Residue File...
2023-12-16 13:45:40 OpenClash Start Running...
2023-12-16 13:45:40 Step 1: Get The Configuration...
2023-12-16 13:45:40 Step 2: Check The Components...
2023-12-16 13:45:41 Step 4: Start Running The Clash Core...
2023-12-16 13:45:41 Tip: Detected The Exclusive Function of The TUN Core, Use TUN Core to Start...
2023-12-16 13:45:41 Test The Config File First...
13:45:41 INF [Config] initial compatible provider name=故障转移
13:45:41 INF [Config] initial compatible provider name=自动选择
13:45:41 INF [Config] initial compatible provider name=灵魂云
13:45:42 WRN [CacheFile] can't open cache file error=timeout
2023-12-16 13:45:42 configuration file【/etc/openclash/1696243420955.yaml】test is successful
2023-12-16 13:45:43 Step 5: Check The Core Status...
13:45:44 INF [Config] initial compatible provider name=故障转移
13:45:44 INF [Config] initial compatible provider name=自动选择
13:45:44 INF [Config] initial compatible provider name=灵魂云
13:45:44 INF [Auth] config updated
13:45:44 INF [DNS] server listening addr=[::]:7874
13:45:44 INF inbound create success inbound=http addr=:7890 network=tcp
13:45:44 INF [API] listening addr=[::]:9090
13:45:44 INF inbound create success inbound=socks addr=:7891 network=tcp
13:45:44 INF inbound create success inbound=socks addr=:7891 network=udp
13:45:44 INF inbound create success inbound=redir addr=:7892 network=tcp
13:45:44 INF inbound create success inbound=redir addr=:7892 network=udp
13:45:44 INF inbound create success inbound=tproxy addr=:7895 network=tcp
13:45:44 INF inbound create success inbound=tproxy addr=:7895 network=udp
13:45:44 INF inbound create success inbound=mixed addr=:7893 network=tcp
13:45:44 INF inbound create success inbound=mixed addr=:7893 network=udp
2023-12-16 13:45:46 Step 6: Wait For The File Downloading...
2023-12-16 13:45:47 Step 7: Set Firewall Rules...
2023-12-16 13:45:47 Tip: DNS Hijacking is Disabled...
2023-12-16 13:45:47 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces...
2023-12-16 13:45:47 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-12-16 13:45:47 Tip: Start Add Custom Firewall Rules...
2023-12-16 13:45:47 Step 8: Restart Dnsmasq...
2023-12-16 13:45:48 Step 9: Add Cron Rules, Start Daemons...
2023-12-16 13:45:48 Warning: OpenClash Start Successful, Please Note That Network May Abnormal With IPv6's DHCP Server
13:47:22 INF [TCP] connected lAddr=192.168.31.131:62383 rAddr=gateway.icloud.com.cn:443 mode=rule rule=DomainSuffix(cn) proxy=DIRECT
13:47:33 INF [TCP] connected lAddr=192.168.31.131:62384 rAddr=iadsdk.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:47:34 INF [TCP] connected lAddr=192.168.31.131:62385 rAddr=bag.itunes.apple.com:443 mode=rule rule=DomainSuffix(itunes.apple.com) proxy=DIRECT
13:47:36 INF [TCP] connected lAddr=192.168.31.131:62386 rAddr=gspe19-cn-ssl.ls.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:47:36 INF [TCP] connected lAddr=192.168.31.131:62387 rAddr=gspe19-cn-ssl.ls.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:48:09 INF [TCP] connected lAddr=192.168.31.131:62388 rAddr=configuration.ls.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:48:24 DBG [TCP] accept connection lAddr=192.168.31.131:62389 rAddr=fides-pol.apple.com:443 inbound=Redir
13:48:24 DBG [DNS] dns response source=192.168.31.1:53 qType=A name=fides-pol.apple.com. answer=["221.182.23.197","111.47.237.162"]
13:48:24 INF [TCP] connected lAddr=192.168.31.131:62389 rAddr=fides-pol.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:48:24 DBG [TCP] accept connection lAddr=192.168.31.131:62390 rAddr=ocsp2.apple.com:443 inbound=Redir
13:48:24 DBG [DNS] dns response source=192.168.31.1:53 qType=A name=ocsp2.apple.com. answer=["183.222.96.89"]
13:48:24 INF [TCP] connected lAddr=192.168.31.131:62390 rAddr=ocsp2.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:48:25 DBG [TCP] accept connection lAddr=192.168.31.131:62391 rAddr=fides-pol.apple.com:443 inbound=Redir
13:48:25 INF [TCP] connected lAddr=192.168.31.131:62391 rAddr=fides-pol.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:48:25 DBG [TCP] accept connection lAddr=192.168.31.131:62392 rAddr=fides-pol.apple.com:443 inbound=Redir
13:48:25 INF [TCP] connected lAddr=192.168.31.131:62392 rAddr=fides-pol.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:48:29 DBG [TCP] accept connection lAddr=192.168.31.131:62393 rAddr=fides-pol.apple.com:443 inbound=Redir
13:48:29 INF [TCP] connected lAddr=192.168.31.131:62393 rAddr=fides-pol.apple.com:443 mode=rule rule=DomainSuffix(apple.com) proxy=DIRECT
13:48:31 DBG [TCP] accept connection lAddr=192.168.31.131:62394 rAddr=gateway.icloud.com:443 inbound=Redir
13:48:31 DBG [TCP] accept connection lAddr=192.168.31.131:62395 rAddr=gateway.icloud.com.cn:443 inbound=Redir
13:48:31 INF [TCP] connected lAddr=192.168.31.131:62395 rAddr=gateway.icloud.com.cn:443 mode=rule rule=DomainSuffix(cn) proxy=DIRECT
13:48:31 DBG [DNS] dns response source=tcp-tls://8.8.4.4:853 qType=A name=gateway.icloud.com. answer=["17.248.226.64"]
13:48:31 INF [TCP] connected lAddr=192.168.31.131:62394 rAddr=gateway.icloud.com:443 mode=rule rule=DomainSuffix(icloud.com) proxy=DIRECT

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.31.131】 - Host:【fides-pol.apple.com】 - DestinationIP:【221.182.23.197】 - Network:【tcp】 - RulePayload:【apple.com】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.31.131】 - Host:【gateway.icloud.com.cn】 - DestinationIP:【117.135.154.116】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.31.131】 - Host:【gateway.icloud.com】 - DestinationIP:【17.248.226.66】 - Network:【tcp】 - RulePayload:【icloud.com】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.31.131】 - Host:【gateway.icloud.com.cn】 - DestinationIP:【117.135.154.116】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.31.131】 - Host:【fides-pol.apple.com】 - DestinationIP:【221.182.23.197】 - Network:【tcp】 - RulePayload:【apple.com】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.31.131】 - Host:【ocsp2.apple.com】 - DestinationIP:【183.222.96.89】 - Network:【tcp】 - RulePayload:【apple.com】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.31.131】 - Host:【fides-pol.apple.com】 - DestinationIP:【221.182.23.197】 - Network:【tcp】 - RulePayload:【apple.com】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.31.131】 - Host:【fides-pol.apple.com】 - DestinationIP:【221.182.23.197】 - Network:【tcp】 - RulePayload:【apple.com】 - Lastchain:【DIRECT】

Expected Behavior

正常启动

Screenshots

正常启动

[vernesong]

跟你规则相关的，写规则让他代理就行了

[ChenEeeee]

这咋写啊 能求求教一教嘛。。。

[ghost]

能很简单就通过搜索引擎得到的内容最好还是别求教了，尤其你还特意把日志里配置文件部分基本都删完了。

https://clash.wiki/configuration/rules.html

https://google.com/search?q=clash%E6%96%87%E6%A1%A3 https://google.com/search?q=clash%E8%A7%84%E5%88%99%E6%95%99%E7%A8%8B https://google.com/search?q=clash%E8%87%AA%E5%AE%9A%E4%B9%89%E8%A7%84%E5%88%99

[ChenEeeee]

不是 他说我超出最大长度了 我就把最长的配置文件删了。。。

[ChenEeeee]

OpenClash 调试日志

生成时间: 2023-12-16 19:58:59 插件版本: v0.45.157-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: VMware - Intel(R) Celeron(R) J4125 CPU @ 2.00GHz : 1C4T
固件版本: OpenWrt SNAPSHOT lede-master
LuCI版本: git-23.291.46448-4898ed2-1
内核版本: 6.1.60
处理器架构: 

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server

DNS劫持: 停用
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 未安装
luci-compat(Luci >= 19.07): 未安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 未安装
iptables-mod-tproxy: 未安装
kmod-ipt-tproxy: 未安装
iptables-mod-extra: 未安装
kmod-ipt-extra: 未安装
kmod-ipt-nat: 未安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：TUN
进程pid: 8144
运行权限: 8144: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: 
Meta内核文件: 不存在
Meta内核运行权限: 否

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 停用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 停用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sat Dec 16 19:59:01 2023
*nat
:PREROUTING ACCEPT [5:260]
:INPUT ACCEPT [5:260]
:OUTPUT ACCEPT [39:2389]
:POSTROUTING ACCEPT [39:2389]
:DOCKER - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_ipsecserver_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_ipsecserver_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_ipsecserver_postrouting - [0:0]
:zone_ipsecserver_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i utun -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o utun -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A DOCKER -i docker0 -j RETURN
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_ipsecserver_postrouting -m comment --comment "!fw3: Custom ipsecserver postrouting rule chain" -j postrouting_ipsecserver_rule
-A zone_ipsecserver_prerouting -m comment --comment "!fw3: Custom ipsecserver prerouting rule chain" -j prerouting_ipsecserver_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sat Dec 16 19:59:01 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sat Dec 16 19:59:01 2023
*mangle
:PREROUTING ACCEPT [50206:12284763]
:INPUT ACCEPT [50206:12284763]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [50493:11290424]
:POSTROUTING ACCEPT [52065:11673937]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
:qos_Default - [0:0]
:qos_Default_ct - [0:0]
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.31.120/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.120/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.31.131/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.131/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.31.1/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.1/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.31.26/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.31.26/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A qos_Default -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf
-A qos_Default -m mark --mark 0x0/0xf -j qos_Default_ct
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m length --length 0:500 -j MARK --set-xmark 0x22/0xff
-A qos_Default -p icmp -j MARK --set-xmark 0x11/0xff
-A qos_Default -p tcp -m mark --mark 0x0/0xf0 -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment "ftp, smtp, http(s), imap" -j MARK --set-xmark 0x33/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
COMMIT
# Completed on Sat Dec 16 19:59:01 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sat Dec 16 19:59:01 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-MAN - [0:0]
:DOCKER-USER - [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -o sb-tun+ -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-MAN -i br-lan -o docker0 -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate INVALID,NEW -j DROP
-A DOCKER-MAN -j RETURN
-A DOCKER-USER -j DOCKER-MAN
-A DOCKER-USER -j RETURN
-A forwarding_rule -i pppoe+ -j RETURN
-A forwarding_rule -o pppoe+ -j RETURN
-A forwarding_rule -i ppp+ -m conntrack --ctstate NEW -j ACCEPT
-A forwarding_rule -o ppp+ -m conntrack --ctstate NEW -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT
-A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Sat Dec 16 19:59:01 2023

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Sat Dec 16 19:59:01 2023
*nat
:PREROUTING ACCEPT [790:107049]
:INPUT ACCEPT [790:107049]
:OUTPUT ACCEPT [583:71389]
:POSTROUTING ACCEPT [583:71389]
COMMIT
# Completed on Sat Dec 16 19:59:01 2023

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Sat Dec 16 19:59:01 2023
*mangle
:PREROUTING ACCEPT [1231:140625]
:INPUT ACCEPT [1231:140625]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [747:88758]
:POSTROUTING ACCEPT [759:91756]
:qos_Default - [0:0]
:qos_Default_ct - [0:0]
-A qos_Default -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf
-A qos_Default -m mark --mark 0x0/0xf -j qos_Default_ct
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m length --length 0:500 -j MARK --set-xmark 0x22/0xff
-A qos_Default -p icmp -j MARK --set-xmark 0x11/0xff
-A qos_Default -p tcp -m mark --mark 0x0/0xf0 -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment "ftp, smtp, http(s), imap" -j MARK --set-xmark 0x33/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
COMMIT
# Completed on Sat Dec 16 19:59:01 2023

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Sat Dec 16 19:59:01 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT
-A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Sat Dec 16 19:59:01 2023

#===================== IPSET状态 =====================#

Name: cn
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 65536 bucketsize 12 initval 0x8dbbd3bc
Size in memory: 231464
References: 0
Number of entries: 8618

Name: ct
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xc80e534b
Size in memory: 59552
References: 0
Number of entries: 1962

Name: cnc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x0b21b662
Size in memory: 32576
References: 0
Number of entries: 915

Name: cmcc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x7fe3087b
Size in memory: 3056
References: 0
Number of entries: 55

Name: crtc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x7f5aa67f
Size in memory: 1232
References: 0
Number of entries: 16

Name: cernet
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x9fd2f488
Size in memory: 8240
References: 0
Number of entries: 171

Name: gwbn
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xfe2a3bc9
Size in memory: 12848
References: 0
Number of entries: 290

Name: othernet
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 65536 bucketsize 12 initval 0x1382fd60
Size in memory: 149432
References: 0
Number of entries: 5209

Name: music
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xe6d25ada
Size in memory: 208
References: 0
Number of entries: 0

Name: mwan3_connected_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x16a74e0f
Size in memory: 752
References: 1
Number of entries: 7

Name: mwan3_connected_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x5198cce7
Size in memory: 1392
References: 1
Number of entries: 2

Name: mwan3_source_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xcc3d9c26
Size in memory: 1320
References: 0
Number of entries: 1

Name: mwan3_dynamic_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xca5ae77c
Size in memory: 464
References: 1
Number of entries: 0

Name: mwan3_dynamic_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x50c195bd
Size in memory: 1248
References: 1
Number of entries: 0

Name: mwan3_custom_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x016f6963
Size in memory: 464
References: 1
Number of entries: 0

Name: mwan3_custom_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x0e784041
Size in memory: 1248
References: 1
Number of entries: 0

Name: china
Type: hash:net
Revision: 7
Header: family inet hashsize 262144 maxelem 1000000 bucketsize 12 initval 0xcd04d62f
Size in memory: 16528328
References: 0
Number of entries: 559354

Name: mwan3_connected
Type: list:set
Revision: 3
Header: size 8
Size in memory: 376
References: 0
Number of entries: 6

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.31.1    0.0.0.0         UG    0      0        0 eth0
192.168.31.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0

#ip route list
default via 192.168.31.1 dev eth0 proto static 
192.168.31.0/24 dev eth0 proto kernel scope link src 192.168.31.106 

#ip rule show
0:  from all lookup local
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
fd88:8a62:c55e::/64                         ::                                      U     1024   1        0 eth0    
fd88:8a62:c55e::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    5        0 eth0    
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
fd88:8a62:c55e::/128                        ::                                      Un    0      3        0 eth0    
fd88:8a62:c55e::1/128                       ::                                      Un    0      3        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 eth0    
fe80::20c:29ff:fe53:c512/128                ::                                      Un    0      6        0 eth0    
ff00::/8                                    ::                                      U     256    6        0 eth0    
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list
fd88:8a62:c55e::/64 dev eth0 proto static metric 1024 pref medium
unreachable fd88:8a62:c55e::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main
4200000001: from all iif lo failed_policy
4200000004: from all iif eth0 failed_policy

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      8144/clash
tcp        0      0 :::7891                 :::*                    LISTEN      8144/clash
tcp        0      0 :::7895                 :::*                    LISTEN      8144/clash
tcp        0      0 :::7892                 :::*                    LISTEN      8144/clash
tcp        0      0 :::7893                 :::*                    LISTEN      8144/clash
tcp        0      0 :::9090                 :::*                    LISTEN      8144/clash
udp        0      0 :::7874                 :::*                                8144/clash
udp        0      0 :::7891                 :::*                                8144/clash
udp        0      0 :::7892                 :::*                                8144/clash
udp        0      0 :::7893                 :::*                                8144/clash
udp        0      0 :::7895                 :::*                                8144/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 120.232.145.185
Name:   www.a.shifen.com
Address: 120.232.145.144

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 2409:8c54:870:67:0:ff:b0c2:ad75
Name:   www.a.shifen.com
Address: 2409:8c54:870:34e:0:ff:b024:1916

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 3301
  data: geo-p42.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 1955
  data: z-p42-instagram.c10r.instagram.com.
  name: geo-p42.instagram.com.
  type: 5

  TTL: 54
  data: 157.240.199.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface lan
nameserver 192.168.31.1

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 16 Dec 2023 11:59:02 GMT
Etag: "575e1f6f-115"
Last-Modified: Mon, 13 Jun 2016 02:50:23 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

#===================== 最近运行日志(自动切换为Debug模式) =====================#

17:52:05 INF [Config] initial rule provider name=国内域名白名单
17:52:05 INF [Auth] config updated
17:52:05 INF [DNS] server listening addr=[::]:7874
17:52:05 INF inbound create success inbound=http addr=:7890 network=tcp
17:52:05 INF [API] listening addr=[::]:9090
17:52:05 INF inbound create success inbound=socks addr=:7891 network=tcp
17:52:05 INF inbound create success inbound=socks addr=:7891 network=udp
17:52:05 INF inbound create success inbound=redir addr=:7892 network=tcp
17:52:05 INF inbound create success inbound=redir addr=:7892 network=udp
17:52:05 INF inbound create success inbound=tproxy addr=:7895 network=tcp
17:52:05 INF inbound create success inbound=tproxy addr=:7895 network=udp
17:52:05 INF inbound create success inbound=mixed addr=:7893 network=tcp
17:52:05 INF inbound create success inbound=mixed addr=:7893 network=udp
2023-12-16 17:52:07 Step 6: Wait For The File Downloading...
2023-12-16 17:52:07 Step 7: Set Firewall Rules...
2023-12-16 17:52:07 Tip: DNS Hijacking is Disabled...
2023-12-16 17:52:07 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces...
2023-12-16 17:52:08 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-12-16 17:52:08 Tip: Start Add Custom Firewall Rules...
2023-12-16 17:52:08 Step 8: Restart Dnsmasq...
2023-12-16 17:52:08 Step 9: Add Cron Rules, Start Daemons...
2023-12-16 17:52:08 Warning: OpenClash Start Successful, Please Note That Network May Abnormal With IPv6's DHCP Server
2023-12-16 17:52:43 OpenClash Restart...
2023-12-16 17:52:43 OpenClash Stoping...
2023-12-16 17:52:43 Step 1: Backup The Current Groups State...
2023-12-16 17:52:43 Step 2: Delete OpenClash Firewall Rules...
2023-12-16 17:52:45 Step 3: Close The OpenClash Daemons...
2023-12-16 17:52:45 Step 4: Close The Clash Core Process...
2023-12-16 17:52:45 Step 5: Restart Dnsmasq...
2023-12-16 17:52:45 Step 6: Delete OpenClash Residue File...
2023-12-16 17:52:45 OpenClash Start Running...
2023-12-16 17:52:45 Step 1: Get The Configuration...
2023-12-16 17:52:45 Step 2: Check The Components...
2023-12-16 17:52:45 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2023-12-16 17:52:45 Step 3: Modify The Config File...
2023-12-16 17:52:46 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:vhLTnN51】
2023-12-16 17:52:47 Tip: Start Running Custom Overwrite Scripts...
2023-12-16 17:52:47 Step 4: Start Running The Clash Core...
2023-12-16 17:52:47 Tip: Detected The Exclusive Function of The TUN Core, Use TUN Core to Start...
2023-12-16 17:52:47 Test The Config File First...
17:52:47 INF [Config] initial compatible provider name=故障转移
17:52:47 INF [Config] initial compatible provider name=自动选择
17:52:47 INF [Config] initial compatible provider name=灵魂云
17:52:47 INF [Config] initial rule provider name=国内域名白名单
17:52:48 WRN [CacheFile] can't open cache file error=timeout
2023-12-16 17:52:48 configuration file【/etc/openclash/1696243420955.yaml】test is successful
2023-12-16 17:52:49 Step 5: Check The Core Status...
17:52:50 INF [Config] initial compatible provider name=灵魂云
17:52:50 INF [Config] initial compatible provider name=故障转移
17:52:50 INF [Config] initial compatible provider name=自动选择
17:52:50 INF [Config] initial rule provider name=国内域名白名单
17:52:50 INF [Auth] config updated
17:52:50 INF [DNS] server listening addr=[::]:7874
17:52:50 INF inbound create success inbound=http addr=:7890 network=tcp
17:52:50 INF [API] listening addr=[::]:9090
17:52:50 INF inbound create success inbound=socks addr=:7891 network=tcp
17:52:50 INF inbound create success inbound=socks addr=:7891 network=udp
17:52:50 INF inbound create success inbound=redir addr=:7892 network=tcp
17:52:50 INF inbound create success inbound=redir addr=:7892 network=udp
17:52:50 INF inbound create success inbound=tproxy addr=:7895 network=tcp
17:52:50 INF inbound create success inbound=tproxy addr=:7895 network=udp
17:52:50 INF inbound create success inbound=mixed addr=:7893 network=tcp
17:52:50 INF inbound create success inbound=mixed addr=:7893 network=udp
2023-12-16 17:52:52 Step 6: Wait For The File Downloading...
2023-12-16 17:52:53 Step 7: Set Firewall Rules...
2023-12-16 17:52:53 Tip: DNS Hijacking is Disabled...
2023-12-16 17:52:53 Warning: Can't Settting Only Intranet Allowed Function, Get IPv4 WAN Interfaces error, Please Verify The Firewall's WAN Zone Name is wan, Ignore This IF The Device Does not Have a WAN Interfaces...
2023-12-16 17:52:53 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2023-12-16 17:52:53 Tip: Start Add Custom Firewall Rules...
2023-12-16 17:52:53 Step 8: Restart Dnsmasq...
2023-12-16 17:52:53 Step 9: Add Cron Rules, Start Daemons...
2023-12-16 17:52:53 Warning: OpenClash Start Successful, Please Note That Network May Abnormal With IPv6's DHCP Server
2023-12-16 19:56:14 Start Updating Config File【ling】...
2023-12-16 19:56:14【/tmp/yaml_sub_tmp_config.yaml】Download Failed:【curl: (6) Could not resolve host: rsslinghun1.xyz】
2023-12-16 19:56:14【/tmp/yaml_sub_tmp_config.yaml】Download Failed:【curl: (6) Could not resolve host: rsslinghun1.xyz】
2023-12-16 19:56:14【/tmp/yaml_sub_tmp_config.yaml】Download Failed:【curl: (6) Could not resolve host: rsslinghun1.xyz】
2023-12-16 19:56:17 Error: Config File【ling】Subscribed Failed, Trying to Download Without Agent...
2023-12-16 19:56:17 Error:【ling】Update Error, Please Try Again Later...
2023-12-16 19:57:05 Start Updating Config File【ling】...
2023-12-16 19:57:06 Config File Download Successful, Test If There is Any Errors...
19:57:07 INF [MMDB] can't find DB, start download path=/tmp/Country.mmdb
19:57:17 FTL [Config] initial configuration directory error=can't initial MMDB: can't download MMDB: Get "https://cdn.jsdelivr.net/gh/Dreamacro/maxmind-geoip@release/Country.mmdb": net/http: TLS handshake timeout path=/tmp
2023-12-16 19:57:18 Error: Updated Config【ling】Has No Proxy Field, Trying To Download Without Agent...
2023-12-16 19:57:18 Error:【ling】Update Error, Please Try Again Later...
2023-12-16 19:57:22 Start Updating Config File【ling】...
2023-12-16 19:57:24 Config File Download Successful, Test If There is Any Errors...
19:57:24 INF [MMDB] can't find DB, start download path=/tmp/Country.mmdb
2023-12-16 19:57:33 configuration file【/etc/openclash/config/ling.yaml】test is successful
2023-12-16 19:57:34 Error: Updated Config【ling】Has No Proxy Field, Trying To Download Without Agent...
2023-12-16 19:57:34 Error:【ling】Update Error, Please Try Again Later...
2023-12-16 19:58:20 OpenClash Restart...
2023-12-16 19:58:20 OpenClash Stoping...
2023-12-16 19:58:20 Step 1: Backup The Current Groups State...
2023-12-16 19:58:20 Step 2: Delete OpenClash Firewall Rules...
2023-12-16 19:58:22 Step 3: Close The OpenClash Daemons...
2023-12-16 19:58:22 Step 4: Close The Clash Core Process...
2023-12-16 19:58:22 Step 5: Restart Dnsmasq...
2023-12-16 19:58:22 Step 6: Delete OpenClash Residue File...
2023-12-16 19:58:22 OpenClash Start Running...
2023-12-16 19:58:22 Error: Config Not Found

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

[ghost]

就简单说吧，覆写设置-自定义规则里添加- DOMAIN-SUFFIX,ip.sb,你的代理组

展开说的话你还是跟着教程自己学习一下吧，两句话说不清，所以大家都不喜欢回复这类问题

另，为何拘泥于ip.sb呢？网站能正常访问不就是目的吗？ 再另。日志可以上传，不必全部复制粘贴

[ChenEeeee]

我看明白如何配置规则了，但是这个获取IP.SB的域名以及IPFY是应该配什么呢

[ChenEeeee]

好像配好了，我可行了

[ChenEeeee]

感谢教学

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days