[Bug] OPENcalsh正常运行，除了GIIhub外的国外网站无法打开

[RobberZQ]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
• [X] Definite 这确实是 OpenClash 出现的问题
• [ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
• [ ] Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.45.157-beta

Bug on Environment

Istoreos

OpenWrt Version

iStoreOS 22.03.5 2023122916 / LuCI istoreos-22.03 branch git-23.363.24414-7aedb5e

Bug on Platform

Linux-arm64

Describe the Bug

如图示 在开启openclash的情况下 打开youtube网站 左边栏目可以显示 但主界面没有任何内容 其他国外网站全部无法打开

To Reproduce

网络环境：光猫桥接至主路由(MI AX6000)，负责拨号 DHCP，网关和DNS指向旁路由(OpenWrt),负责代理上网流量，网关和DNS指向主路由 OPENcalsh正常运行，但除了GIIhub以外的国外网站均无法打开 未使用ADgaurd插件 防火墙添加了规则 iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE IPV6相关设置已全部关闭

OpenClash Log

OpenClash 调试日志

生成时间: 2024-01-11 17:59:33
插件版本: v0.45.157-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: FriendlyElec NanoPi R2S
固件版本: iStoreOS 22.03.5 2023122916
LuCI版本: git-23.093.42303-d58cd69
内核版本: 5.10.176
处理器架构: aarch64_generic

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 未安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 4688
运行权限: 4688: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-arm64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-gcc64297
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/XXX.yaml
启动配置文件: /etc/openclash/XXX.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 停用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
proxy-groups:
- name: Proxies
  type: select
  proxies:
  - "[VMess] 巴林01原生线路"
  - "[VMess] 马斯喀特01原生线路"

rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,Special,DIRECT
- RULE-SET,ABC,GlobalTV
- RULE-SET,Abema%20TV,GlobalTV
- RULE-SET,Amazon,GlobalTV
- RULE-SET,Apple%20Music,Apple TV
- RULE-SET,Apple%20News,Apple TV
- RULE-SET,Apple%20TV,Apple TV
- RULE-SET,BBC%20iPlayer,GlobalTV
- RULE-SET,DAZN,GlobalTV
- RULE-SET,Discovery%20Plus,GlobalTV
- RULE-SET,encoreTVB,GlobalTV
- RULE-SET,F1%20TV,GlobalTV
- RULE-SET,Fox%20Now,GlobalTV
- RULE-SET,Fox%2B,GlobalTV
- RULE-SET,HBO%20Go,GlobalTV
- RULE-SET,HBO%20Max,GlobalTV
- RULE-SET,Hulu%20Japan,GlobalTV
- RULE-SET,Hulu,GlobalTV
- RULE-SET,Japonx,GlobalTV
- RULE-SET,JOOX,GlobalTV
- RULE-SET,KKBOX,GlobalTV
- RULE-SET,KKTV,GlobalTV
- RULE-SET,Line%20TV,GlobalTV
- RULE-SET,myTV%20SUPER,GlobalTV
- RULE-SET,Niconico,GlobalTV
- RULE-SET,Pandora,GlobalTV
- RULE-SET,PBS,GlobalTV
- RULE-SET,Pornhub,GlobalTV
- RULE-SET,Soundcloud,GlobalTV
- RULE-SET,ViuTV,GlobalTV
- RULE-SET,IQ,AsianTV
- RULE-SET,IQIYI,AsianTV
- RULE-SET,Letv,AsianTV
- RULE-SET,MOO,AsianTV
- RULE-SET,Tencent%20Video,AsianTV
- RULE-SET,Youku,AsianTV
- RULE-SET,WeTV,AsianTV
- RULE-SET,Netease%20Music,Netease Music
- RULE-SET,Netease%20Music%20IP,Netease Music
- RULE-SET,YouTube,YouTube
- RULE-SET,Bilibili,Bilibili
- RULE-SET,Bahamut,Bahamut
- RULE-SET,Apple,Apple
- RULE-SET,Microsoft,Microsoft
- RULE-SET,OpenAI,OpenAI
- RULE-SET,Netflix,Netflix
- RULE-SET,Disney%20Plus,Disney Plus
- RULE-SET,Telegram,Telegram
- RULE-SET,Proxy,Proxies
- RULE-SET,Domestic,Domestic
- RULE-SET,Domestic%20IPs,Domestic
- RULE-SET,LocalAreaNetwork,DIRECT
- GEOIP,CN,Domestic
- MATCH,Others
rule-providers:
  Special:
    type: http
    behavior: classical
    url: getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2RsZXItaW8vUnVsZXMvbWFzdGVyL1N1cmdlL1N1cmdlJTIwMy9Qcm92aWRlci9TcGVjaWFsLmxpc3Q
    path: "./rule_provider/rule-provider_Special.yaml"
    interval: 86400
  ABC:
    type: http
    behavior: classical
    url: getruleset?type=6&url=aHR0cHM6Ly9yYXcuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2RsZXItaW8vUnVsZXMvbWFzdGVyL1N1cmdlL1N1cmdlJTIwMy9Qcm92aWRlci9NZWRpYS9BQkMubGlzdA
    path: "./rule_provider/rule-provider_ABC.yaml"
    interval: 86400
    interval: 86400
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
interface-name: eth0
geodata-loader: standard
tcp-concurrent: true
unified-delay: true
dns:
  enable: true
  ipv6: false
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 119.28.28.28
  - 223.5.5.5
  fallback:
  - https://dns.cloudflare.com/dns-query
  - tls://dns.google:853
  - tls://8.8.8.8:853
sniffer:
  enable: true
  parse-pure-ip: true
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:71qysInd

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Jan 11 17:59:39 2024
*nat
:PREROUTING ACCEPT [149:16792]
:INPUT ACCEPT [643:48855]
:OUTPUT ACCEPT [2790:176681]
:POSTROUTING ACCEPT [416:27662]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_post - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i utun -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o utun -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A POSTROUTING -m comment --comment "OpenClash Bypass Gateway Compatible" -j openclash_post
-A openclash -p tcp -m tcp --sport 8897 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 8897 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_post -m mark --mark 0x162 -j ACCEPT
-A openclash_post -m set --match-set localnetwork dst -j RETURN
-A openclash_post -m addrtype ! --src-type LOCAL -m owner ! --uid-owner 65534 -j MASQUERADE
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -i docker0 -m comment --comment "!fw3: DockerNAT" -j MASQUERADE
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Thu Jan 11 17:59:39 2024

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Jan 11 17:59:39 2024
*mangle
:PREROUTING ACCEPT [20701:6125388]
:INPUT ACCEPT [20632:6119524]
:FORWARD ACCEPT [253:26548]
:OUTPUT ACCEPT [23940:5737493]
:POSTROUTING ACCEPT [24205:5786262]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Thu Jan 11 17:59:39 2024

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Thu Jan 11 17:59:39 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to docker forwarding policy" -j zone_docker_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Jan 11 17:59:40 2024

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Thu Jan 11 17:59:40 2024
*nat
:PREROUTING ACCEPT [45:10061]
:INPUT ACCEPT [45:10061]
:OUTPUT ACCEPT [633:56818]
:POSTROUTING ACCEPT [633:56818]
COMMIT
# Completed on Thu Jan 11 17:59:40 2024

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Thu Jan 11 17:59:40 2024
*mangle
:PREROUTING ACCEPT [5418:1358600]
:INPUT ACCEPT [5387:1356292]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2648:269190]
:POSTROUTING ACCEPT [2675:276447]
COMMIT
# Completed on Thu Jan 11 17:59:40 2024

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Thu Jan 11 17:59:40 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_ACCEPT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i eth0 -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to docker forwarding policy" -j zone_docker_dest_ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_ACCEPT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Thu Jan 11 17:59:40 2024

#===================== IPSET状态 =====================#

Name: china
Type: hash:net
Revision: 6
Header: family inet hashsize 2048 maxelem 65536
Size in memory: 187160
References: 0
Number of entries: 8612

Name: localnetwork
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 1024
References: 4
Number of entries: 9

Name: china_ip_route
Type: hash:net
Revision: 6
Header: family inet hashsize 2048 maxelem 1000000
Size in memory: 188184
References: 1
Number of entries: 8656

Name: china_ip_route_pass
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1000000
Size in memory: 448
References: 0
Number of entries: 0

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.200.123 0.0.0.0         UG    0      0        0 eth0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.200.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

#ip route list
default via 192.168.200.123 dev eth0 proto static 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.200.0/24 dev eth0 proto kernel scope link src 192.168.200.223 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
fd5f:ef3c:1f90::/64                         ::                                      U     1024   1        0 eth0    
fd5f:ef3c:1f90::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    1        0 eth0    
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
fd5f:ef3c:1f90::/128                        ::                                      Un    0      3        0 eth0    
fd5f:ef3c:1f90::1/128                       ::                                      Un    0      3        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 eth0    
fe80::1031:4fff:fef1:45e5/128               ::                                      Un    0      4        0 eth0    
ff00::/8                                    ::                                      U     256    6        0 eth0    
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list
fd5f:ef3c:1f90::/64 dev eth0 proto static metric 1024 pref medium
unreachable fd5f:ef3c:1f90::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main

#===================== 端口占用状态 =====================#

tcp        0      0 :::7890                 :::*                    LISTEN      4688/clash
tcp        0      0 :::7891                 :::*                    LISTEN      4688/clash
tcp        0      0 :::7892                 :::*                    LISTEN      4688/clash
tcp        0      0 :::7893                 :::*                    LISTEN      4688/clash
tcp        0      0 :::7895                 :::*                    LISTEN      4688/clash
tcp        0      0 :::9090                 :::*                    LISTEN      4688/clash
udp        0      0 :::7874                 :::*                                4688/clash
udp        0      0 :::7891                 :::*                                4688/clash
udp        0      0 :::7892                 :::*                                4688/clash
udp        0      0 :::7893                 :::*                                4688/clash
udp        0      0 :::7895                 :::*                                4688/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Name:   www.baidu.com
Address: 198.18.0.31

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Thu, 11 Jan 2024 09:59:43 GMT
Etag: "575e1f71-115"
Last-Modified: Mon, 13 Jun 2016 02:50:25 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 404 
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 9CB8:EFB86:39C093:4612D7:659FBC15
accept-ranges: bytes
date: Thu, 11 Jan 2024 09:59:49 GMT
via: 1.1 varnish
x-served-by: cache-bne12525-BNE
x-cache: MISS
x-cache-hits: 0
x-timer: S1704967189.220490,VS0,VE288
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: a2fa05d7f3f2bfee8dd7d54b2ecf8966d029e0df
expires: Thu, 11 Jan 2024 10:04:49 GMT
source-age: 0
content-length: 14

#===================== 最近运行日志(自动切换为Debug模式) =====================#

WARN[2024-01-11T09:55:53.201061406Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:52038 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:56:10.743012807Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:52039 --> 18-courier.push.apple.com:443 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:56:35.528941355Z] [TCP] 192.168.200.200:50440 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:56:37.824304874Z] [TCP] 192.168.200.200:50441 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:56:39.335753132Z] [TCP] 192.168.200.111:52773 --> itunes.apple.com:443 match RuleSet(Apple) using Apple[DIRECT] 
WARN[2024-01-11T09:56:44.325454695Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:52774 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.4.4:853: i/o timeout 
WARN[2024-01-11T09:56:48.157994993Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:52775 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:56:49.324808246Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:52774 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:56:53.16976943Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:52776 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:56:54.336695425Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:52777 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.4.4:853: i/o timeout 
WARN[2024-01-11T09:56:59.337876987Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:52777 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:57:15.80482667Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:53598 --> 8-courier.push.apple.com:5223 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.8.8:853: i/o timeout 
WARN[2024-01-11T09:57:20.805485414Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:53598 --> 8-courier.push.apple.com:5223 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:57:32.329621255Z] [TCP] 192.168.200.200:50442 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:57:34.615737596Z] [TCP] 192.168.200.200:50443 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:57:36.350012765Z] [TCP] 192.168.200.111:57682 --> itunes.apple.com:443 match RuleSet(Apple) using Apple[DIRECT] 
WARN[2024-01-11T09:57:41.331297493Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:57683 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.8.8:853: i/o timeout 
WARN[2024-01-11T09:57:44.999948019Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:57684 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:57:46.330952588Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:57683 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:57:48.924201721Z] [TCP] 192.168.200.200:50444 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
WARN[2024-01-11T09:57:50.010711774Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:57685 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:57:51.34505031Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:57686 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:57:53.275470213Z] [TCP] 192.168.200.200:50445 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:57:54.35068571Z] [TCP] 192.168.200.111:50448 --> itunes.apple.com:443 match RuleSet(Apple) using Apple[DIRECT] 
WARN[2024-01-11T09:58:02.912044274Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:50450 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:58:04.347310849Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:50449 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:58:06.477974147Z] [TCP] 192.168.200.80:60044 --> api.insight.synology.com:443 match Match using Others[[VMess] 巴林01原生线路] 
WARN[2024-01-11T09:58:07.923318765Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:50451 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:58:25.83884336Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:50452 --> 12-courier.push.apple.com:443 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.8.8:853: i/o timeout 
WARN[2024-01-11T09:58:30.838983509Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:50452 --> 12-courier.push.apple.com:443 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:58:39.567473104Z] [TCP] 192.168.200.200:50446 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:58:41.867323003Z] [TCP] 192.168.200.200:50447 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:59:18.223093372Z] [TCP] 192.168.200.200:50448 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:59:21.386454282Z] [TCP] 192.168.200.111:58776 --> itunes.apple.com:443 match RuleSet(Apple) using Apple[DIRECT] 
INFO[2024-01-11T09:59:21.964995305Z] [TCP] 192.168.200.200:50449 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
WARN[2024-01-11T09:59:26.379859425Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:58777 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.4.4:853: i/o timeout 
WARN[2024-01-11T09:59:30.852314131Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:58778 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:59:31.378788517Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:58777 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:59:33.730412189Z] [TCP] 192.168.200.80:60402 --> api.insight.synology.com:443 match Match using Others[[VMess] 巴林01原生线路] 
WARN[2024-01-11T09:59:35.883616403Z] [TCP] dial DIRECT (match RuleSet/Special) 192.168.200.111:58779 --> gspe1-ssl.ls.apple.com:443 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.8.8:853: i/o timeout 
WARN[2024-01-11T09:59:35.889998231Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:58780 --> 48-courier.push.apple.com:5223 error: dns resolve failed: all DNS requests failed, first error: dial tcp 8.8.8.8:853: i/o timeout 
WARN[2024-01-11T09:59:40.88986148Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:58780 --> 48-courier.push.apple.com:5223 error: dns resolve failed: context deadline exceeded 
WARN[2024-01-11T09:59:41.391080228Z] [TCP] dial Apple (match RuleSet/Apple) 192.168.200.111:58781 --> p16-buy.itunes.apple.com:443 error: dns resolve failed: context deadline exceeded 
INFO[2024-01-11T09:59:43.470647313Z] [TCP] 192.168.200.223:43740(curl) --> www.baidu.com:80 match RuleSet(Domestic) using Domestic[DIRECT] 
INFO[2024-01-11T09:59:45.146377688Z] [TCP] 192.168.200.80:60448 --> api.insight.synology.com:443 match Match using Others[[VMess] 巴林01原生线路] 
INFO[2024-01-11T09:59:48.669964879Z] [TCP] 192.168.200.223:47864(curl) --> raw.githubusercontent.com:443 match RuleSet(Proxy) using Proxies[[VMess] 巴林01原生线路] 
INFO[2024-01-11T09:59:48.6711412Z] [TCP] 192.168.200.223:47878(curl) --> raw.githubusercontent.com:443 match RuleSet(Proxy) using Proxies[[VMess] 巴林01原生线路] 
DEBU[2024-01-11T09:59:50.320115424Z] re-creating the http client due to requesting https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ: Get "https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dwlpbnN0YWdyYW0DY29tAAABAAE": context deadline exceeded 
DEBU[2024-01-11T09:59:50.320352263Z] [https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAAAA3JhdxFnaXRodWJ1c2VyY29udGVudANjb20AAAEAAQ] using HTTP/2 for this upstream: <nil> 
DEBU[2024-01-11T09:59:50.32177009Z] re-creating the http client due to requesting https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dwlpbnN0YWdyYW0DY29tAAABAAE: Get "https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dwlpbnN0YWdyYW0DY29tAAABAAE": context deadline exceeded 
DEBU[2024-01-11T09:59:50.321914761Z] [https://dns.cloudflare.com:443/dns-query?dns=AAABAAABAAAAAAAAA3d3dwlpbnN0YWdyYW0DY29tAAABAAE] using HTTP/2 for this upstream: <nil> 
DEBU[2024-01-11T09:59:54.220912728Z] [Rule] use default rules                     
DEBU[2024-01-11T09:59:54.222264054Z] [Process] find process n-cwm-device.tplinkcloud.com.cn error: process not found 
DEBU[2024-01-11T09:59:54.222797233Z] [DNS] n-cwm-device.tplinkcloud.com.cn --> 175.24.155.126 
INFO[2024-01-11T09:59:54.26592501Z] [TCP] 192.168.200.200:50450 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
DEBU[2024-01-11T09:59:55.077537943Z] [Rule] use default rules                     
DEBU[2024-01-11T09:59:55.078626762Z] [Process] find process api.insight.synology.com error: process not found 
DEBU[2024-01-11T09:59:55.0791614Z] [DNS] resolve api.insight.synology.com from udp://223.5.5.5:53 
DEBU[2024-01-11T09:59:55.079760207Z] [DNS] resolve api.insight.synology.com from udp://119.29.29.29:53 
DEBU[2024-01-11T09:59:55.080169717Z] [DNS] resolve api.insight.synology.com from udp://114.114.114.114:53 
DEBU[2024-01-11T09:59:55.080240302Z] [DNS] resolve api.insight.synology.com from udp://119.28.28.28:53 
DEBU[2024-01-11T09:59:55.103316373Z] [DNS] api.insight.synology.com --> [159.100.4.215] A from udp://223.5.5.5:53 
DEBU[2024-01-11T09:59:55.10393618Z] [DNS] resolve api.insight.synology.com from tls://8.8.8.8:853 
DEBU[2024-01-11T09:59:55.104045266Z] [DNS] resolve api.insight.synology.com from tls://dns.google:853 
DEBU[2024-01-11T09:59:55.104063933Z] [DNS] resolve api.insight.synology.com from https://dns.cloudflare.com:443/dns-query 
DEBU[2024-01-11T09:59:56.560105184Z] [Rule] use default rules                     
DEBU[2024-01-11T09:59:56.561425008Z] [Process] find process n-cwm-device.tplinkcloud.com.cn error: process not found 
DEBU[2024-01-11T09:59:56.561996398Z] [DNS] n-cwm-device.tplinkcloud.com.cn --> 175.24.155.126 
INFO[2024-01-11T09:59:56.603679802Z] [TCP] 192.168.200.200:50451 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
DEBU[2024-01-11T09:59:56.831776063Z] [DNS] resolve time.apple.com from udp://223.5.5.5:53 
DEBU[2024-01-11T09:59:56.831945817Z] [DNS] resolve time.apple.com from udp://119.28.28.28:53 
DEBU[2024-01-11T09:59:56.831962151Z] [DNS] resolve time.apple.com from udp://119.29.29.29:53 
DEBU[2024-01-11T09:59:56.831970609Z] [DNS] resolve time.apple.com from udp://114.114.114.114:53 
DEBU[2024-01-11T09:59:56.857373362Z] [DNS] time.apple.com --> [17.253.84.125 17.253.116.253 17.253.84.253] A from udp://223.5.5.5:53 
DEBU[2024-01-11T09:59:56.858038378Z] [DNS] resolve time.apple.com from tls://8.8.8.8:853 
DEBU[2024-01-11T09:59:56.858770188Z] [DNS] resolve time.apple.com from tls://dns.google:853 
DEBU[2024-01-11T09:59:56.859018694Z] [DNS] resolve time.apple.com from https://dns.cloudflare.com:443/dns-query 
DEBU[2024-01-11T09:59:57.020192426Z] [Rule] use default rules                     
DEBU[2024-01-11T09:59:57.022633153Z] [Process] find process n-cwm-device.tplinkcloud.com.cn error: process not found 
DEBU[2024-01-11T09:59:57.023470257Z] [DNS] n-cwm-device.tplinkcloud.com.cn --> 175.24.155.126 
INFO[2024-01-11T09:59:57.071459983Z] [TCP] 192.168.200.200:50452 --> n-cwm-device.tplinkcloud.com.cn:50556 match RuleSet(Domestic) using Domestic[DIRECT] 
DEBU[2024-01-11T09:59:57.816431198Z] [Rule] use default rules                     
DEBU[2024-01-11T09:59:57.818528042Z] [Process] find process itunes.apple.com error: process not found 
DEBU[2024-01-11T09:59:57.819293102Z] [DNS] itunes.apple.com --> 101.96.148.154    
DEBU[2024-01-11T09:59:57.819691821Z] [DNS] resolve itunes.apple.com from udp://223.5.5.5:53 
DEBU[2024-01-11T09:59:57.819889867Z] [DNS] resolve itunes.apple.com from udp://119.28.28.28:53 
DEBU[2024-01-11T09:59:57.819941202Z] [DNS] resolve itunes.apple.com from udp://114.114.114.114:53 
DEBU[2024-01-11T09:59:57.819963661Z] [DNS] resolve itunes.apple.com from udp://119.29.29.29:53 
DEBU[2024-01-11T09:59:57.831660949Z] [Rule] use default rules                     
DEBU[2024-01-11T09:59:57.833611956Z] [Process] find process p16-buy.itunes.apple.com error: process not found 
DEBU[2024-01-11T09:59:57.834489311Z] [DNS] resolve p16-buy.itunes.apple.com from udp://223.5.5.5:53 
DEBU[2024-01-11T09:59:57.83467219Z] [DNS] resolve p16-buy.itunes.apple.com from udp://119.29.29.29:53 
DEBU[2024-01-11T09:59:57.834692316Z] [DNS] resolve p16-buy.itunes.apple.com from udp://114.114.114.114:53 
DEBU[2024-01-11T09:59:57.834704858Z] [DNS] resolve p16-buy.itunes.apple.com from udp://119.28.28.28:53 
DEBU[2024-01-11T09:59:57.844890401Z] [DNS] itunes.apple.com --> [101.96.148.154 220.177.176.109] A from udp://223.5.5.5:53 
INFO[2024-01-11T09:59:57.849029253Z] [TCP] 192.168.200.111:50619 --> itunes.apple.com:443 match RuleSet(Apple) using Apple[DIRECT] 
DEBU[2024-01-11T09:59:57.858271814Z] [DNS] p16-buy.itunes.apple.com --> [17.120.252.48] A from udp://223.5.5.5:53 
DEBU[2024-01-11T09:59:57.859231421Z] [DNS] resolve p16-buy.itunes.apple.com from tls://8.8.8.8:853 
DEBU[2024-01-11T09:59:57.859400009Z] [DNS] resolve p16-buy.itunes.apple.com from tls://dns.google:853 
DEBU[2024-01-11T09:59:57.859427426Z] [DNS] resolve p16-buy.itunes.apple.com from https://dns.cloudflare.com:443/dns-query 

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.200.111】 - Host:【itunes.apple.com】 - DestinationIP:【101.96.148.154】 - Network:【tcp】 - RulePayload:【Apple】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.200.80】 - Host:【api.insight.synology.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【[VMess] 巴林01原生线路】

### OpenClash Config

_No response_

### Expected Behavior

能够正常访问国外网站

### Additional Context

_No response_

[vernesong]

让fallback走代理

[RobberZQ]

让fallback走代理

额 小白不太懂 意思是要把fallback里的全部启用么？

[vernesong]

[D3ee]

能麻烦问下，这个图路径在哪吗？谢谢

[RobberZQ]

感谢回复 按照你说的找到了这个设置 但没有Auto-Urtest这个规则 随便找了个Proxies试了下 Google 和 GIthub 都能打开 但youtube还是不行 是Dns被污染了？还是旁路由的HOSTs有问题呢？

[Noctiro]

有没有可能是你所使用的节点有限制 不让使用youtube

[phoenix13023]

楼主，你这问题解决了吗？！

我不确定，我现在也有访问问题，不过是整体性的，似乎是dns这方面。如果有解决，还请分享下

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days