[Bug]OpenClash 无法正常接管 TCP 流量

[m0e16]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
• [X] Definite 这确实是 OpenClash 出现的问题
• [ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
• [ ] Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.45.157-beta、v0.46.001-beta

Bug on Environment

Immortalwrt

OpenWrt Version

ImmortalWrt 23.05.1 r27304-31bc47589e

Bug on Platform

Linux-amd64(x86-64)

Describe the Bug

OpenClash 启动后，有概率无法接管 TCP 流量，控制面板中仅有 UDP 连接（Tun(udp) 和 TProxy(udp)），无法访问任何网站，重新启动 OpenClash 数次后恢复正常。

To Reproduce

重新启动 OpenWrt。

OpenClash Log

OpenClash 调试日志

生成时间: 2024-03-01 19:43:14
插件版本: v0.45.157-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: VMware, Inc. VMware20,1
固件版本: ImmortalWrt 23.05.1 r27304-31bc47589e
LuCI版本: git-23.323.25576-ef326c3
内核版本: 5.15.137
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
kmod-nft-tproxy: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 8872
运行权限: 8872: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 
Tun内核文件: 不存在
Tun内核运行权限: 否

Dev内核版本: 
Dev内核文件: 不存在
Dev内核运行权限: 否

Meta内核版本: v1.18.1
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/SukkaRuleset.yaml
启动配置文件: /etc/openclash/SukkaRuleset.yaml
运行模式: fake-ip-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 自定义规则 一 =====================#
script:
##  shortcuts:
##    Notice: The core timezone is UTC
##    CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
##    北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
##    time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
##    time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule

##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT

##在线IP段转CIDR地址：http://ip2cidr.com
- AND,((PROCESS-NAME,smartdns),(NOT,((GEOIP,CN,no-resolve)))),✔ Optional Relay
- AND,((DOMAIN-KEYWORD,stun),(NETWORK,udp)),🐼 DIRECT
- DOMAIN-KEYWORD,zhina,🔒 Secret
- DOMAIN-SUFFIX,yahoo.co.jp,🔒 Secret
- DOMAIN-SUFFIX,yimg.jp,🔒 Secret
- DOMAIN-SUFFIX,trqjrp.xyz,🐼 DIRECT
- DOMAIN,amyconvert.com,🐼 DIRECT
- DOMAIN-SUFFIX,imgur.com,🌎 Proxy
- DOMAIN,cf.m16.run,🌎 Proxy
- DOMAIN-SUFFIX,m16.run,🐼 DIRECT
- DOMAIN-SUFFIX,moe16.org,🐼 DIRECT
- DOMAIN-SUFFIX,pairdrop.net,🐼 DIRECT
- DOMAIN-KEYWORD,qbittorrent,🔒 Secret
- DOMAIN,bili.bili.rip,🐼 DIRECT
#===================== 自定义规则 二 =====================#
script:
##  shortcuts:
##    common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

#===================== 配置文件 =====================#

ntp:
  enable: true
  write-to-system: true
  server: ntp1.aliyun.com
  port: 123
  interval: 30
geox-url:
  geoip: https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat
  geosite: https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat
  mmdb: https://raw.githubusercontent.com/alecthw/mmdb_china_ip_list/release/lite/Country.mmdb
proxy-groups:
- name: "\U0001F30E Proxy"
  type: select
  proxies:
  - "\U0001F1ED\U0001F1F0 Hong Kong"
  - "\U0001F3F3️‍\U0001F308 Taiwan"
  - "\U0001F1EF\U0001F1F5 Japan"
  - "\U0001F1FA\U0001F1F8 America"
  - "\U0001F1F8\U0001F1EC Singapore"
  - "\U0001F4A8 Hysteria 2 Load Balance"
- name: "\U0001F512 Secret"
  type: select
  use:
  - Oracle Tokyo CloudFront
  proxies:
  - "⚡️ Relay"
  - "\U0001F4A8 Hysteria 2 Load Balance"
- name: "\U0001F3AC Streaming"
  type: select
  proxies:
  - "\U0001F1ED\U0001F1F0 Hong Kong"
  - "\U0001F3F3️‍\U0001F308 Taiwan"
  - "\U0001F1EF\U0001F1F5 Japan"
  - "\U0001F1FA\U0001F1F8 America"
  - "\U0001F1F8\U0001F1EC Singapore"
- name: "\U0001F37F Youtube"
  type: select
  use:
  - Oracle Tokyo CloudFront
  proxies:
  - "\U0001F30E Proxy"
  - "\U0001F3AC Streaming"
  - "\U0001F4A8 Hysteria 2 Load Balance"
- name: "\U0001F3B5 TikTok"
  type: select
  proxies:
  - "\U0001F1EF\U0001F1F5 Japan"
  - "\U0001F3F3️‍\U0001F308 Taiwan"
  - "\U0001F1FA\U0001F1F8 America"
- name: "\U0001F34E Apple"
  type: select
  proxies:
  - "\U0001F43C DIRECT"
  - "\U0001F30E Proxy"
- name: "\U0001F6A7 AdGuard"
  type: select
  proxies:
  - REJECT
  - "\U0001F43C DIRECT"
- name: "\U0001F4A8 Hysteria 2 Load Balance"
  type: load-balance
  use:
  - Oracle Tokyo Hysteria 2
  url: http://cp.cloudflare.com/generate_204
  interval: 300
  lazy: true
  strategy: round-robin
- name: "\U0001F1ED\U0001F1F0 Hong Kong"
  type: url-test
  use:
  - HK
  url: http://cp.cloudflare.com/generate_204
  interval: 300
- name: "\U0001F3F3️‍\U0001F308 Taiwan"
  type: url-test
  use:
  - TW
  url: http://cp.cloudflare.com/generate_204
  interval: 300
- name: "\U0001F1F8\U0001F1EC Singapore"
  type: url-test
  use:
  - SG
  url: http://cp.cloudflare.com/generate_204
  interval: 300
- name: "\U0001F1EF\U0001F1F5 Japan"
  type: url-test
  use:
  - JP
  url: http://cp.cloudflare.com/generate_204
  interval: 300
- name: "\U0001F1FA\U0001F1F8 America"
  type: url-test
  use:
  - US
  url: http://cp.cloudflare.com/generate_204
  interval: 300
- name: "✔ Optional Relay"
  type: url-test
  exclude-filter: "(?i)港|hk|hongkong|hong kong"
  use:
  - AnyTelecom
  url: http://cp.cloudflare.com/generate_204
  interval: 300
- name: "\U0001F6EC Landing Node"
  type: select
  use:
  - Oracle Tokyo
- name: "⚡️ Relay"
  type: relay
  proxies:
  - "✔ Optional Relay"
  - "\U0001F6EC Landing Node"
- name: "\U0001F43C DIRECT"
  type: select
  url: http://wifi.vivo.com.cn/generate_204
  proxies:
  - DIRECT
rule-providers:
  Spotify:
    type: http
    behavior: classical
    path: "./rule_provider/Spotify.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Spotify/Spotify_No_Resolve.yaml
    interval: 86400
  PayPal:
    type: http
    behavior: classical
    path: "./rule_provider/PayPal.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/PayPal/PayPal_No_Resolve.yaml
    interval: 86400
  Google:
    type: http
    behavior: classical
    path: "./rule_provider/Google.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Google/Google_No_Resolve.yaml
    interval: 86400
  WeChat:
    type: http
    behavior: classical
    path: "./rule_provider/WeChat.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/WeChat/WeChat_No_Resolve.yaml
    interval: 86400
  Youtube:
    type: http
    behavior: classical
    path: "./rule_provider/Youtube.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/YouTube/YouTube_No_Resolve.yaml
    interval: 86400
  TikTok:
    type: http
    behavior: classical
    path: "./rule_provider/TikTok.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/TikTok/TikTok_No_Resolve.yaml
    interval: 86400
  Epic:
    type: http
    behavior: classical
    path: "./rule_provider/Epic.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Epic/Epic_No_Resolve.yaml
    interval: 86400
  SteamCN:
    type: http
    behavior: classical
    path: "./rule_provider/SteamCN.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/SteamCN/SteamCN_No_Resolve.yaml
    interval: 86400
  Ubisoft:
    type: http
    behavior: classical
    path: "./rule_provider/Ubisoft.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/UBI/UBI_No_Resolve.yaml
    interval: 86400
  microsoft_cdn_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt
    path: "./rule_provider/microsoft_cdn_non_ip.txt"
  microsoft_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/microsoft.txt
    path: "./rule_provider/microsoft_non_ip.txt"
  Steam:
    type: http
    behavior: classical
    path: "./rule_provider/Steam.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/Steam/Steam_No_Resolve.yaml
    interval: 86400
  EA:
    type: http
    behavior: classical
    path: "./rule_provider/EA.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@release/rule/Clash/EA/EA_No_Resolve.yaml
    interval: 86400
  OpenAI:
    type: http
    behavior: classical
    path: "./rule_provider/OpenAI.yaml"
    url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/OpenAI/OpenAI_No_Resolve.yaml
    interval: 86400
  GFW:
    type: http
    behavior: domain
    path: "./rule_provider/GFW.yaml"
    url: https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt
    interval: 86400
  apple_cdn:
    type: http
    behavior: domain
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt
    path: "./rule_provider/apple_cdn.txt"
  apple_services:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/apple_services.txt
    path: "./rule_provider/apple_services.txt"
  telegram_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/telegram.txt
    path: "./rule_provider/telegram_non_ip.txt"
  telegram_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/ip/telegram.txt
    path: "./rule_provider/telegram_ip.txt"
  reject_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/reject.txt
    path: "./rule_provider/reject_non_ip.txt"
  reject_domainset:
    type: http
    behavior: domain
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/domainset/reject.txt
    path: "./rule_provider/reject_domainset.txt"
  reject_phishing_domainset:
    type: http
    behavior: domain
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/domainset/reject_phishing.txt
    path: "./rule_provider/reject_phishing_domainset.txt"
  reject_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/ip/reject.txt
    path: "./rule_provider/reject_ip.txt"
  stream_us_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/stream_us.txt
    path: "./rule_provider/stream_us_non_ip.txt"
  stream_us_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/ip/stream_us.txt
    path: "./rule_provider/stream_ip.txt"
  stream_jp_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/stream_jp.txt
    path: "./rule_provider/stream_jp_non_ip.txt"
  stream_jp_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/ip/stream_jp.txt
    path: "./rule_provider/stream_jp_ip.txt"
  stream_hk_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/stream_hk.txt
    path: "./rule_provider/stream_hk_non_ip.txt"
  stream_hk_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/ip/stream_hk.txt
    path: "./rule_provider/stream_hk_ip.txt"
  stream_tw_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/stream_tw.txt
    path: "./rule_provider/stream_tw_non_ip.txt"
  stream_tw_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/ip/stream_tw.txt
    path: "./rule_provider/stream_tw_ip.txt"
  stream_non_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/non_ip/stream.txt
    path: "./rule_provider/stream_non_ip.txt"
  stream_ip:
    type: http
    behavior: classical
    format: text
    interval: 43200
    url: https://ruleset.skk.moe/Clash/ip/stream.txt
    path: "./rule_provider/stream_ip.txt"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- AND,((PROCESS-NAME,smartdns),(NOT,((GEOIP,CN,no-resolve)))),✔ Optional Relay
- "AND,((DOMAIN-KEYWORD,stun),(NETWORK,udp)),\U0001F43C DIRECT"
- "DOMAIN-KEYWORD,zhina,\U0001F512 Secret"
- "DOMAIN-SUFFIX,yahoo.co.jp,\U0001F512 Secret"
- "DOMAIN-SUFFIX,yimg.jp,\U0001F512 Secret"
- "DOMAIN-SUFFIX,trqjrp.xyz,\U0001F43C DIRECT"
- "DOMAIN,amyconvert.com,\U0001F43C DIRECT"
- "DOMAIN-SUFFIX,imgur.com,\U0001F30E Proxy"
- "DOMAIN,cf.m16.run,\U0001F30E Proxy"
- "DOMAIN-SUFFIX,m16.run,\U0001F43C DIRECT"
- "DOMAIN-SUFFIX,moe16.org,\U0001F43C DIRECT"
- "DOMAIN-SUFFIX,pairdrop.net,\U0001F43C DIRECT"
- "DOMAIN-KEYWORD,qbittorrent,\U0001F512 Secret"
- "DOMAIN,bili.bili.rip,\U0001F43C DIRECT"
- "RULE-SET,reject_non_ip,\U0001F6A7 AdGuard"
- "RULE-SET,reject_domainset,\U0001F6A7 AdGuard"
- "RULE-SET,reject_phishing_domainset,\U0001F6A7 AdGuard"
- RULE-SET,reject_ip,REJECT-DROP
- "RULE-SET,apple_cdn,\U0001F43C DIRECT"
- "RULE-SET,apple_services,\U0001F34E Apple"
- "RULE-SET,OpenAI,\U0001F1F8\U0001F1EC Singapore"
- "RULE-SET,microsoft_cdn_non_ip,\U0001F43C DIRECT"
- "RULE-SET,microsoft_non_ip,\U0001F30E Proxy"
- "RULE-SET,telegram_non_ip,\U0001F1F8\U0001F1EC Singapore"
- "RULE-SET,telegram_ip,\U0001F1F8\U0001F1EC Singapore"
- "RULE-SET,PayPal,\U0001F512 Secret"
- "RULE-SET,Epic,\U0001F43C DIRECT"
- "RULE-SET,Ubisoft,\U0001F43C DIRECT"
- "RULE-SET,SteamCN,\U0001F43C DIRECT"
- "RULE-SET,Steam,\U0001F30E Proxy"
- "RULE-SET,EA,\U0001F30E Proxy"
- "RULE-SET,Youtube,\U0001F37F Youtube"
- "RULE-SET,Google,\U0001F512 Secret"
- "RULE-SET,Spotify,\U0001F1ED\U0001F1F0 Hong Kong"
- "RULE-SET,TikTok,\U0001F3B5 TikTok"
- "RULE-SET,WeChat,\U0001F43C DIRECT"
- "RULE-SET,stream_us_non_ip,\U0001F1FA\U0001F1F8 America"
- "RULE-SET,stream_jp_non_ip,\U0001F1EF\U0001F1F5 Japan"
- "RULE-SET,stream_hk_non_ip,\U0001F1ED\U0001F1F0 Hong Kong"
- "RULE-SET,stream_tw_non_ip,\U0001F3F3️‍\U0001F308 Taiwan"
- "RULE-SET,stream_non_ip,\U0001F3AC Streaming"
- "RULE-SET,stream_us_ip,\U0001F1FA\U0001F1F8 America"
- "RULE-SET,stream_jp_ip,\U0001F1EF\U0001F1F5 Japan"
- "RULE-SET,stream_hk_ip,\U0001F1ED\U0001F1F0 Hong Kong"
- "RULE-SET,stream_tw_ip,\U0001F3F3️‍\U0001F308 Taiwan"
- "RULE-SET,stream_ip,\U0001F3AC Streaming"
- "RULE-SET,GFW,\U0001F512 Secret"
- "GEOSITE,CN,\U0001F43C DIRECT"
- "GEOIP,CN,\U0001F43C DIRECT"
- "MATCH,\U0001F30E Proxy"
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
mode: rule
log-level: info
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
interface-name: pppoe-wan
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
unified-delay: true
find-process-mode: strict
dns:
  enable: true
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  listen: 0.0.0.0:7874
  nameserver:
  - 127.0.0.1:6053
  fake-ip-filter:
  - "*.lan"
  - "*.localdomain"
  - "*.example"
  - "*.invalid"
  - "*.localhost"
  - "*.test"
  - "*.local"
  - "*.home.arpa"
  - time.*.com
  - time.*.gov
  - time.*.edu.cn
  - time.*.apple.com
  - time-ios.apple.com
  - time1.*.com
  - time2.*.com
  - time3.*.com
  - time4.*.com
  - time5.*.com
  - time6.*.com
  - time7.*.com
  - ntp.*.com
  - ntp1.*.com
  - ntp2.*.com
  - ntp3.*.com
  - ntp4.*.com
  - ntp5.*.com
  - ntp6.*.com
  - ntp7.*.com
  - "*.time.edu.cn"
  - "*.ntp.org.cn"
  - "+.pool.ntp.org"
  - time1.cloud.tencent.com
  - ntp.ntsc.ac.cn
  - music.163.com
  - "*.music.163.com"
  - "*.126.net"
  - musicapi.taihe.com
  - music.taihe.com
  - songsearch.kugou.com
  - trackercdn.kugou.com
  - "*.kuwo.cn"
  - api-jooxtt.sanook.com
  - api.joox.com
  - joox.com
  - y.qq.com
  - "*.y.qq.com"
  - streamoc.music.tc.qq.com
  - mobileoc.music.tc.qq.com
  - isure.stream.qqmusic.qq.com
  - dl.stream.qqmusic.qq.com
  - aqqmusic.tc.qq.com
  - amobile.music.tc.qq.com
  - "*.xiami.com"
  - "*.music.migu.cn"
  - music.migu.cn
  - "+.msftconnecttest.com"
  - "+.msftncsi.com"
  - localhost.ptlogin2.qq.com
  - localhost.sec.qq.com
  - "+.qq.com"
  - "+.tencent.com"
  - "+.srv.nintendo.net"
  - "*.n.n.srv.nintendo.net"
  - "+.stun.playstation.net"
  - xbox.*.*.microsoft.com
  - "*.*.xboxlive.com"
  - xbox.*.microsoft.com
  - xnotify.xboxlive.com
  - "+.battlenet.com.cn"
  - "+.wotgame.cn"
  - "+.wggames.cn"
  - "+.wowsgame.cn"
  - "+.wargaming.net"
  - proxy.golang.org
  - stun.*.*
  - stun.*.*.*
  - "+.stun.*.*"
  - "+.stun.*.*.*"
  - "+.stun.*.*.*.*"
  - "+.stun.*.*.*.*.*"
  - heartbeat.belkin.com
  - "*.linksys.com"
  - "*.linksyssmartwifi.com"
  - "*.router.asus.com"
  - mesu.apple.com
  - swscan.apple.com
  - swquery.apple.com
  - swdownload.apple.com
  - swcdn.apple.com
  - swdist.apple.com
  - lens.l.google.com
  - stun.l.google.com
  - na.b.g-tun.com
  - "+.nflxvideo.net"
  - "*.square-enix.com"
  - "*.finalfantasyxiv.com"
  - "*.ffxiv.com"
  - "*.ff14.sdo.com"
  - ff.dorado.sdo.com
  - "*.mcdn.bilivideo.cn"
  - "+.media.dssott.com"
  - shark007.net
  - Mijia Cloud
  - "+.cmbchina.com"
  - "+.cmbimg.com"
  - local.adguard.org
  - "+.sandai.net"
  - "+.n0808.com"
  - "+.m16.run"
  - "+.moe16.org"
tun:
  enable: true
  stack: system
  device: utun
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
  store-fake-ip: true

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

#IPv4 Mangle chain

#IPv4 Filter chain

#IPv6 NAT chain

#IPv6 Mangle chain

#IPv6 Filter chain

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
    chain input {
        type filter hook input priority filter; policy accept;
        iifname "pppoe-wan" ip6 saddr != @localnetwork6 counter packets 7 bytes 2286 jump openclash_wan6_input
        iifname "eth3" ip6 saddr != @localnetwork6 counter packets 0 bytes 0 jump openclash_wan6_input
        udp dport 443 ip6 daddr != @china_ip6_route counter packets 0 bytes 0 reject with icmpv6 port-unreachable comment "OpenClash QUIC REJECT"
        iifname "lo" accept comment "!fw4: Accept traffic from loopback"
        ct state established,related accept comment "!fw4: Allow inbound established and related flows"
        tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
        iifname { "utun", "br-lan" } jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
        iifname { "eth3", "pppoe-wan" } jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
        iifname "eth3.99" jump input_iptv comment "!fw4: Handle iptv IPv4/IPv6 input traffic"
    }
}
table inet fw4 {
    chain forward {
        type filter hook forward priority filter; policy drop;
        oifname "utun" udp dport 443 ip daddr != @china_ip_route counter packets 0 bytes 0 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
        meta l4proto { tcp, udp } oifname "utun" counter packets 28 bytes 3271 accept comment "OpenClash TUN Forward"
        meta l4proto { tcp, udp } flow add @ft
        ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
        iifname { "utun", "br-lan" } jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
        iifname { "eth3", "pppoe-wan" } jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
        iifname "eth3.99" jump forward_iptv comment "!fw4: Handle iptv IPv4/IPv6 forward traffic"
        jump handle_reject
    }
}
table inet fw4 {
    chain dstnat {
        type nat hook prerouting priority dstnat; policy accept;
        ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
        meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        meta nfproto ipv6 tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
        meta nfproto ipv4 tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash TCP DNS Hijack"
        iifname { "eth3", "pppoe-wan" } jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic"
    }
}
table inet fw4 {
    chain srcnat {
        type nat hook postrouting priority srcnat; policy accept;
        oifname { "eth3", "pppoe-wan" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
    }
}
table inet fw4 {
    chain nat_output {
        type nat hook output priority filter - 1; policy accept;
    }
}
table inet fw4 {
    chain mangle_prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip protocol udp counter packets 529 bytes 48864 jump openclash_mangle
        meta nfproto ipv4 tcp dport 53 counter packets 0 bytes 0 jump openclash_dns_hijack
        meta nfproto ipv6 counter packets 74 bytes 7649 jump openclash_mangle_v6
    }
}
table inet fw4 {
    chain mangle_output {
        type route hook output priority mangle; policy accept;
        meta nfproto ipv4 meta l4proto { tcp, udp } counter packets 2816 bytes 3285377 jump openclash_mangle_output
    }
}
table inet fw4 {
    chain openclash {
    }
}
table inet fw4 {
    chain openclash_mangle {
        meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
        meta l4proto { tcp, udp } iifname "utun" counter packets 5 bytes 234 return
        ip daddr @localnetwork counter packets 496 bytes 45359 return
        ip protocol udp counter packets 28 bytes 3271 jump openclash_upnp
        meta l4proto { tcp, udp } th dport 0-65535 meta mark set 0x00000162 counter packets 28 bytes 3271
    }
}
table inet fw4 {
    chain openclash_mangle_output {
        meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
        ip daddr @localnetwork counter packets 2677 bytes 3269105 return
        meta skuid != 65534 udp dport 0-65535 ip daddr 198.18.0.0/16 meta mark set 0x00000162 counter packets 0 bytes 0
    }
}
table inet fw4 {
    chain openclash_output {
    }
}
table inet fw4 {
    chain openclash_wan_input {
    }
}
table inet fw4 {
    chain openclash_dns_hijack {
    }
}
table inet fw4 {
    chain openclash_mangle_v6 {
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return
        ip6 daddr @localnetwork6 counter packets 62 bytes 6641 return
        meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
        meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 10 bytes 744 accept comment "OpenClash TCP Tproxy"
        meta nfproto ipv6 udp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 2 bytes 264 accept comment "OpenClash UDP Tproxy"
    }
}
table inet fw4 {
    chain openclash_mangle_output_v6 {
        meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
        meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return
        ip6 daddr @localnetwork6 counter packets 0 bytes 0 return
        meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 0 bytes 0 accept comment "OpenClash TCP Tproxy"
    }
}
table inet fw4 {
    chain openclash_wan6_input {
        udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
        tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
    }
}

#===================== IPSET状态 =====================#

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.164.0.1      0.0.0.0         UG    10     0        0 pppoe-wan
0.0.0.0         10.252.0.1      0.0.0.0         UG    20     0        0 eth3.99
10.164.0.1      0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
10.252.0.0      0.0.0.0         255.255.248.0   U     20     0        0 eth3.99
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth3
192.168.0.1     192.168.0.2     255.255.255.255 UGH   0      0        0 eth3
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.255.252 U     0      0        0 utun

#ip route list
default via 10.164.0.1 dev pppoe-wan proto static metric 10 
default via 10.252.0.1 dev eth3.99 proto static src 10.252.4.133 metric 20 
10.164.0.1 dev pppoe-wan proto kernel scope link src *WAN IP*.229 
10.252.0.0/21 dev eth3.99 proto static scope link metric 20 
192.168.0.0/24 dev eth3 proto kernel scope link src 192.168.0.2 
192.168.0.1 via 192.168.0.2 dev eth3 proto static 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   2        0 lo      
::/0                                        ::                                      U     1024   1        0 utun    
::/0                                        fe80::1ade:d7ff:feaa:1deb               UG    512    2        0 pppoe-wan
::/0                                        fe80::1ade:d7ff:feaa:1deb               UG    512    2        0 pppoe-wan
2408:825c:280:63ac::/64                     ::                                      !n    2147483647 2        0 lo      
2408:825c:2a3:4745::/64                     ::                                      U     1024   2        0 br-lan  
2408:825c:2a3:4745::/64                     ::                                      !n    2147483647 1        0 lo      
fdfe:dcba:9876::/126                        ::                                      U     256    1        0 utun    
fe80::1161:31b5:6f2b:5b7/128                ::                                      U     256    2        0 pppoe-wan
fe80::1ade:d7ff:feaa:1deb/128               ::                                      U     256    1        0 pppoe-wan
fe80::/64                                   ::                                      U     256    3        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 eth3    
fe80::/64                                   ::                                      U     256    1        0 eth3.99 
fe80::/64                                   ::                                      U     256    1        0 eth3.666
fe80::/64                                   ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      
::1/128                                     ::                                      Un    0      4        0 lo      
2408:825c:280:63ac::/128                    ::                                      Un    0      3        0 pppoe-wan
*WAN IP*:5b7/128   ::                                      Un    0      4        0 pppoe-wan
2408:825c:2a3:4745::/128                    ::                                      Un    0      3        0 br-lan  
2408:825c:2a3:4745::1/128                   ::                                      Un    0      4        0 br-lan  
fdfe:dcba:9876::/128                        ::                                      Un    0      3        0 utun    
fdfe:dcba:9876::1/128                       ::                                      Un    0      3        0 utun    
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 eth3    
fe80::/128                                  ::                                      Un    0      3        0 eth3.99 
fe80::/128                                  ::                                      Un    0      3        0 eth3.666
fe80::/128                                  ::                                      Un    0      3        0 utun    
fe80::20c:29ff:fe62:c30/128                 ::                                      Un    0      10       0 br-lan  
fe80::1161:31b5:6f2b:5b7/128                ::                                      Un    0      3        0 pppoe-wan
fe80::2289:8aff:fe7d:2ae7/128               ::                                      Un    0      2        0 eth3.99 
fe80::7e2b:e1ff:fe12:eca8/128               ::                                      Un    0      2        0 eth3    
fe80::7e2b:e1ff:fe12:eca8/128               ::                                      Un    0      2        0 eth3.666
fe80::e16f:d780:2e2a:bede/128               ::                                      Un    0      2        0 utun    
ff00::/8                                    ::                                      U     256    2        0 br-lan  
ff00::/8                                    ::                                      U     256    1        0 eth3    
ff00::/8                                    ::                                      U     256    1        0 eth3.99 
ff00::/8                                    ::                                      U     256    1        0 eth3.666
ff00::/8                                    ::                                      U     256    2        0 pppoe-wan
ff00::/8                                    ::                                      U     256    2        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      

#ip -6 route list
default from 2408:825c:280:63ac::/64 via fe80::1ade:d7ff:feaa:1deb dev pppoe-wan proto static metric 512 pref medium
default from 2408:825c:2a3:4745::/64 via fe80::1ade:d7ff:feaa:1deb dev pppoe-wan proto static metric 512 pref medium
unreachable 2408:825c:280:63ac::/64 dev lo proto static metric 2147483647 pref medium
2408:825c:2a3:4745::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2408:825c:2a3:4745::/64 dev lo proto static metric 2147483647 pref medium
fdfe:dcba:9876::/126 dev utun proto kernel metric 256 pref medium
fe80::1161:31b5:6f2b:5b7 dev pppoe-wan proto kernel metric 256 pref medium
fe80::1ade:d7ff:feaa:1deb dev pppoe-wan proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth3 proto kernel metric 256 pref medium
fe80::/64 dev eth3.99 proto kernel metric 256 pref medium
fe80::/64 dev eth3.666 proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32763:  from all fwmark 0x162 lookup 354
32764:  from all oif utun lookup 2022
32765:  from all oif utun lookup 2022
32766:  from all lookup main
4200000000: from 2408:825c:2a3:4745::1/64 iif br-lan unreachable

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:37235        0.0.0.0:*               LISTEN      8872/clash
tcp        0      0 :::7891                 :::*                    LISTEN      8872/clash
tcp        0      0 :::7890                 :::*                    LISTEN      8872/clash
tcp        0      0 :::7893                 :::*                    LISTEN      8872/clash
tcp        0      0 :::7892                 :::*                    LISTEN      8872/clash
tcp        0      0 :::7895                 :::*                    LISTEN      8872/clash
tcp        0      0 :::9090                 :::*                    LISTEN      8872/clash
tcp        0      0 fdfe:dcba:9876::1:37873 :::*                    LISTEN      8872/clash
udp        0      0 :::7891                 :::*                                8872/clash
udp        0      0 :::7892                 :::*                                8872/clash
udp        0      0 :::7893                 :::*                                8872/clash
udp        0      0 :::7895                 :::*                                8872/clash
udp        0      0 :::52561                :::*                                8872/clash
udp        0      0 :::38814                :::*                                8872/clash
udp        0      0 :::47667                :::*                                8872/clash
udp        0      0 :::33976                :::*                                8872/clash
udp        0      0 :::7874                 :::*                                8872/clash
udp        0      0 :::51911                :::*                                8872/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Name:   www.baidu.com
Address: 198.18.0.7

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 3600
  data: z-p42-instagram.c10r.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 3600
  data: 31.13.87.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.auto =====================#

# Interface wan_6
nameserver 2408:8001:4000:9000:221:7:128:68
nameserver 2408:8001:4010:9000:221:7:136:68
# Interface wan
nameserver 221.7.128.68
nameserver 221.7.136.68
# Interface iptv
nameserver 221.7.128.68
nameserver 221.7.136.68

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface wan_6
nameserver 2408:8001:4000:9000:221:7:128:68
nameserver 2408:8001:4010:9000:221:7:136:68
# Interface wan
nameserver 221.7.128.68
nameserver 221.7.136.68
# Interface iptv
nameserver 221.7.128.68
nameserver 221.7.136.68

#===================== 测试本机网络连接(www.baidu.com) =====================#

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2024-03-01T11:42:07.786733763Z" level=info msg="Start initial provider Oracle Tokyo"
time="2024-03-01T11:42:07.787171874Z" level=info msg="Start initial provider US"
time="2024-03-01T11:42:07.789393512Z" level=info msg="Start initial provider HK"
time="2024-03-01T11:42:07.792292052Z" level=warning msg="[Provider] SG not updated for a long time, force refresh"
time="2024-03-01T11:42:07.792509391Z" level=warning msg="[Provider] JP not updated for a long time, force refresh"
time="2024-03-01T11:42:07.792698475Z" level=warning msg="[Provider] HK not updated for a long time, force refresh"
time="2024-03-01T11:42:07.801662885Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.810492853Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.81103426Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.811557011Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.811988145Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812370018Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812396709Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812424503Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812443365Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812462017Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812482581Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812500695Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.812516829Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.815223277Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.817389824Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.821870611Z" level=info msg="Start initial provider Ubisoft"
time="2024-03-01T11:42:07.825382029Z" level=info msg="Start initial provider stream_us_ip"
time="2024-03-01T11:42:07.825444075Z" level=info msg="Start initial provider stream_hk_ip"
time="2024-03-01T11:42:07.825482215Z" level=info msg="Start initial provider reject_domainset"
time="2024-03-01T11:42:07.836807353Z" level=info msg="Start initial provider stream_jp_non_ip"
time="2024-03-01T11:42:07.83690259Z" level=info msg="Start initial provider stream_tw_ip"
time="2024-03-01T11:42:07.836940573Z" level=info msg="Start initial provider stream_hk_non_ip"
time="2024-03-01T11:42:07.837005127Z" level=info msg="Start initial provider stream_ip"
time="2024-03-01T11:42:07.837042426Z" level=info msg="Start initial provider Spotify"
time="2024-03-01T11:42:07.837527604Z" level=info msg="Start initial provider TikTok"
time="2024-03-01T11:42:07.837926447Z" level=info msg="Start initial provider reject_non_ip"
time="2024-03-01T11:42:07.838023482Z" level=info msg="Start initial provider Steam"
time="2024-03-01T11:42:07.838617154Z" level=info msg="Start initial provider WeChat"
time="2024-03-01T11:42:07.839050373Z" level=info msg="Start initial provider EA"
time="2024-03-01T11:42:07.841264208Z" level=info msg="Start initial provider Google"
time="2024-03-01T11:42:07.852794587Z" level=info msg="Start initial provider OpenAI"
time="2024-03-01T11:42:07.853256145Z" level=info msg="Start initial provider reject_ip"
time="2024-03-01T11:42:07.853391319Z" level=info msg="Start initial provider GFW"
time="2024-03-01T11:42:07.867050529Z" level=info msg="Start initial provider stream_tw_non_ip"
time="2024-03-01T11:42:07.867172051Z" level=info msg="Start initial provider apple_services"
time="2024-03-01T11:42:07.867222136Z" level=info msg="Start initial provider reject_phishing_domainset"
time="2024-03-01T11:42:07.867282973Z" level=info msg="Start initial provider telegram_ip"
time="2024-03-01T11:42:07.867333442Z" level=info msg="Start initial provider stream_jp_ip"
time="2024-03-01T11:42:07.867367304Z" level=info msg="Start initial provider stream_us_non_ip"
time="2024-03-01T11:42:07.867416314Z" level=info msg="Start initial provider Epic"
time="2024-03-01T11:42:07.867682618Z" level=info msg="Start initial provider microsoft_cdn_non_ip"
time="2024-03-01T11:42:07.867751304Z" level=info msg="Start initial provider telegram_non_ip"
time="2024-03-01T11:42:07.867804231Z" level=info msg="Start initial provider PayPal"
time="2024-03-01T11:42:07.871054262Z" level=info msg="Start initial provider apple_cdn"
time="2024-03-01T11:42:07.87173024Z" level=info msg="Start initial provider microsoft_non_ip"
time="2024-03-01T11:42:07.871799837Z" level=info msg="Start initial provider stream_non_ip"
time="2024-03-01T11:42:07.871979287Z" level=info msg="Start initial provider SteamCN"
time="2024-03-01T11:42:07.872257331Z" level=info msg="Start initial provider Youtube"
time="2024-03-01T11:42:07.925141779Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.925434016Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.925472449Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.937929989Z" level=error msg="[Provider] SG pull error: Get \"https://gist.githubusercontent.com/m0e16/b79719bce200cd0913bb85a063e847dd/raw/AmyTelecom\": EOF"
time="2024-03-01T11:42:07.939034205Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.939190613Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.939221055Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.939244614Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.939269391Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.939301493Z" level=warning msg="[TCP] dial 🌎 Proxy (match Match/) mihomo --> gist.githubusercontent.com:443 error: 2c3ca66.aqmixt.xyz:18355 connect error: dns resolve failed: couldn't find ip"
time="2024-03-01T11:42:07.93976353Z" level=error msg="[Provider] JP pull error: Get \"https://gist.githubusercontent.com/m0e16/b79719bce200cd0913bb85a063e847dd/raw/AmyTelecom\": EOF"
time="2024-03-01T11:42:07.939778104Z" level=error msg="[Provider] HK pull error: Get \"https://gist.githubusercontent.com/m0e16/b79719bce200cd0913bb85a063e847dd/raw/AmyTelecom\": EOF"
time="2024-03-01T11:42:07.963502788Z" level=warning msg="because 🏳️\u200d🌈 Taiwan failed multiple times, active health check"
2024-03-01 19:41:40【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30000 ms: Error】
2024-03-01 19:42:12 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2024-03-01 19:42:12 Tip: Start Add Custom Firewall Rules...
2024-03-01 19:42:12 Step 8: Restart Dnsmasq...
time="2024-03-01T11:42:12.654251215Z" level=info msg="Start initial Compatible provider 🔒 Secret"
time="2024-03-01T11:42:12.654314576Z" level=info msg="Start initial Compatible provider ⚡️ Relay"
time="2024-03-01T11:42:12.654323286Z" level=info msg="Start initial Compatible provider 🎬 Streaming"
time="2024-03-01T11:42:12.654332448Z" level=info msg="Start initial Compatible provider 🌎 Proxy"
time="2024-03-01T11:42:12.65433898Z" level=info msg="Start initial Compatible provider 🎵 TikTok"
time="2024-03-01T11:42:12.654346678Z" level=info msg="Start initial Compatible provider 🍿 Youtube"
time="2024-03-01T11:42:12.654353024Z" level=info msg="Start initial Compatible provider default"
time="2024-03-01T11:42:12.654366577Z" level=info msg="Start initial Compatible provider 🐼 DIRECT"
time="2024-03-01T11:42:12.654373238Z" level=info msg="Start initial Compatible provider 🚧 AdGuard"
time="2024-03-01T11:42:12.654381313Z" level=info msg="Start initial Compatible provider 🍎 Apple"
time="2024-03-01T11:42:13.775117773Z" level=info msg="[UDP] 192.168.1.195:54321 --> 58.254.154.6:8053 match GeoIP(CN) using 🐼 DIRECT[DIRECT]"
time="2024-03-01T11:42:14.564688937Z" level=info msg="[UDP] 192.168.1.118:39029 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]"
2024-03-01 19:42:15 Step 9: Add Cron Rules, Start Daemons...
2024-03-01 19:42:15 OpenClash Start Successful!
time="2024-03-01T11:42:15.69959971Z" level=info msg="[UDP] 192.168.1.118:43375 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]"
time="2024-03-01T11:42:26.570305145Z" level=info msg="[UDP] [2408:825c:2a3:4745:68b9:d0d1:cf28:46d6]:52721 --> [2408:825c:2a2:faa5:1c8e:8500:c306:c1f3]:58627 match GeoIP(CN) using 🐼 DIRECT[DIRECT]"
2024-03-01 19:41:37【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30000 ms: Error】
2024-03-01 19:41:40【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30001 ms: Error】
2024-03-01 19:41:37【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30001 ms: Error】
time="2024-03-01T11:43:11.206307449Z" level=info msg="[UDP] 192.168.1.118:39326 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]"
time="2024-03-01T11:43:12.660049064Z" level=info msg="[UDP] 192.168.1.118:58022 --> 60.28.217.96:6666 match GeoIP(CN) using 🐼 DIRECT[DIRECT]"
2024-03-01 19:41:40【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to cdn.jsdelivr.net port 443 after 30001 ms: Error】
time="2024-03-01T11:43:16.838523663Z" level=info msg="[UDP] 192.168.1.138:54321 --> 45.124.124.122:8053 match GeoIP(CN) using 🐼 DIRECT[DIRECT]"
time="2024-03-01T11:43:34.499673704Z" level=debug msg="[DNS] resolve mesu.apple.com from udp://127.0.0.1:6053"
time="2024-03-01T11:43:34.500579268Z" level=debug msg="[DNS] resolve mesu.apple.com from udp://127.0.0.1:6053"
time="2024-03-01T11:43:34.511012213Z" level=debug msg="[DNS] mesu.apple.com --> [182.91.255.213] A from udp://127.0.0.1:6053"
time="2024-03-01T11:43:34.570194355Z" level=debug msg="[DNS] mesu.apple.com --> [] AAAA from udp://127.0.0.1:6053"
time="2024-03-01T11:43:41.664110485Z" level=debug msg="[DNS] resolve lb._dns-sd._udp.0.1.168.192.in-addr.arpa from udp://127.0.0.1:6053"
time="2024-03-01T11:43:41.729217031Z" level=debug msg="[DNS] lb._dns-sd._udp.0.1.168.192.in-addr.arpa --> [] PTR from udp://127.0.0.1:6053"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

1. SourceIP:【2408:825c:2a3:4745:68b9:d0d1:cf28:46d6】 - Host:【Empty】 - DestinationIP:【2408:825c:2a2:faa5:1c8e:8500:c306:c1f3】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【60.28.217.96】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【60.28.217.96】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.1.195】 - Host:【Empty】 - DestinationIP:【58.254.154.6】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.1.138】 - Host:【Empty】 - DestinationIP:【45.124.124.122】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.1.118】 - Host:【Empty】 - DestinationIP:【60.28.217.96】 - Network:【udp】 - RulePayload:【CN】 - Lastchain:【DIRECT】

### OpenClash Config

_No response_

### Expected Behavior

...

### Additional Context

_No response_

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days