[Bug] 重启openWrt系统导致的openClash自启动时会自动添加一行“SOCKS5/HTTP(S) 认证信息”配置，每重启一次添加一行，导致有越来越多的行

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Relevant 我知道 OpenClash 与内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
[X] Definite 这确实是 OpenClash 出现的问题
[X] Contributors 我有能力协助 OpenClash 开发并解决此问题
[ ] Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.003-beta

Bug on Environment

Lean

OpenWrt Version

2024.03.16 OpenWrt Li [2024] Compiled by Li OpenWrt R24.2.2 / Lede - 18.06

Bug on Platform

Linux-amd64(x86-64)

Describe the Bug

如题，每重启一次openWrt，openclash会自动给“SOCKS5/HTTP(S) 认证信息”栏多添加一对用户名密码，且实际生效的是最后一次添加的认证，以前添加的虽然在UI中显示出来，但实际上无效。不重启openWrt，只重启openclash则功能正常。

ps: 由订阅地址下载的配置文件中默认没有配置authentication项，第一次运行openclash后自动添加了authentication，但我重启前没有手动删除过。

To Reproduce

不关openclash，直接重启openWrt，让openclash自启动。

OpenClash Log

OpenClash 调试日志

生成时间: 2024-03-17 13:32:35
插件版本: v0.46.003-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (i440FX + PIIX - Intel(R) Atom(TM) CPU C3538 @ 2.10GHz : 4C4T
固件版本: OpenWrt SNAPSHOT r6496-3b5f54d82
LuCI版本: git-24.071.74519-c79d23b-1
内核版本: 6.1.81
处理器架构: 

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：TUN
进程pid: 13489
运行权限: 13489: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-gb3db113
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/SSR.yaml
启动配置文件: /etc/openclash/SSR.yaml
运行模式: redir-host-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 启用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 自定义规则 一 =====================#
script:
##  shortcuts:
##    Notice: The core timezone is UTC
##    CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
##    北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
##    quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
##    time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
##    time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
  - DOMAIN,www.comicat.org,始终代理
  - DOMAIN,github.com,始终代理
  - DOMAIN,github.githubassets.com,始终代理
  - DOMAIN,raw.githubusercontent.com,始终代理
  - DOMAIN-SUFFIX,tmdb.org,始终代理
  - DOMAIN-SUFFIX,themoviedb.org,始终代理
  - DOMAIN-SUFFIX,githubusercontent.com,始终代理
  - DOMAIN,thetvdb.com,始终代理
  - DOMAIN-SUFFIX,docker.com,始终代理
  - DOMAIN-SUFFIX,docker.io,始终代理
  - DOMAIN-SUFFIX,fanart.tv,始终代理
  - DOMAIN-SUFFIX,bgm.tv,始终代理
  - DOMAIN-SUFFIX,thepiratebay.org,始终代理

##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule

##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

##排序在上的规则优先生效,如添加（去除规则前的#号）：
##IP段：192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT

##IP段：192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT

##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理（策略），其余客户端不走代理
##因为Fake-IP模式下，IP地址为192.168.1.1的路由器自身流量可走代理（策略），所以需要排除

##仅设置路由器自身直连：
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT

##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT

##在线IP段转CIDR地址：http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
##  shortcuts:
##    common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]

##  code: |
##    def main(ctx, metadata):
##        directkeywordlist = ["baidu"]
##        for directkeyword in directkeywordlist:
##          if directkeyword in metadata["host"]:
##            ctx.log('[Script] matched keyword %s use direct' % directkeyword)
##            return "DIRECT"

rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule

##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
redir-port: 7892
mixed-port: 7893
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
dns:
  enable: true
  ipv6: false
  fake-ip-range: 198.18.0.1/16
  use-hosts: true
  default-nameserver:
  - 223.5.5.5
  - 119.29.29.29
  nameserver:
  - https://dns.alidns.com/dns-query
  - https://doh.pub/dns-query
  fallback:
  - 1.1.1.1
  - 8.8.8.8
  fallback-filter:
    geoip: true
    ipcidr:
    - 240.0.0.0/4
    - 0.0.0.0/32
  enhanced-mode: fake-ip
  listen: 0.0.0.0:7874
  fake-ip-filter:
  - "+.*"
proxy-groups:
- name: "\U0001F680节点选择"
  type: select
  disable-udp: false
  proxies:
  - "\U0001F9F1直接连接"
  - 最快节点
  - 负载均衡 - 轮询（轮流使用全部代理）
  - 负载均衡 - 哈希匹配（访问相同网站时使用同一个代理）
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F30D国外媒体"
  type: select
  proxies:
  - "\U0001F680节点选择"
  - "\U0001F9F1直接连接"
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "✈️电报信息"
  type: select
  disable-udp: false
  proxies:
  - 最快节点
  - 负载均衡 - 轮询（轮流使用全部代理）
  - 负载均衡 - 哈希匹配（访问相同网站时使用同一个代理）
  - "\U0001F680节点选择"
  - "\U0001F9F1直接连接"
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F4E2谷歌fCM"
  type: select
  proxies:
  - "\U0001F680节点选择"
  - "\U0001F9F1直接连接"
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F41F漏网之鱼"
  type: select
  proxies:
  - "\U0001F680节点选择"
  - "\U0001F9F1直接连接"
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F3AC国内媒体"
  type: select
  proxies:
  - "\U0001F9F1直接连接"
  - "\U0001F680节点选择"
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: Ⓜ️微软服务
  type: select
  proxies:
  - "\U0001F9F1直接连接"
  - "\U0001F680节点选择"
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F34E苹果服务"
  type: select
  proxies:
  - "\U0001F9F1直接连接"
  - "\U0001F680节点选择"
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F6D1全球拦截"
  type: select
  proxies:
  - REJECT
  - DIRECT
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F343应用净化"
  type: select
  proxies:
  - REJECT
  - DIRECT
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: "\U0001F9F1直接连接"
  type: select
  proxies:
  - DIRECT
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
- name: 最快节点
  type: url-test
  disable-udp: false
  proxies:
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
  url: https://cp.cloudflare.com/generate_204
  interval: '300'
  tolerance: '100'
- name: 负载均衡 - 轮询（轮流使用全部代理）
  type: load-balance
  strategy: round-robin
  disable-udp: false
  proxies:
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
  url: https://cp.cloudflare.com/generate_204
  interval: '300'
- name: 负载均衡 - 哈希匹配（访问相同网站时使用同一个代理）
  type: load-balance
  strategy: consistent-hashing
  disable-udp: false
  proxies:
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
  url: https://cp.cloudflare.com/generate_204
  interval: '300'
- name: 始终代理
  type: select
  disable-udp: false
  proxies:
  - 最快节点
  - 负载均衡 - 轮询（轮流使用全部代理）
  - 负载均衡 - 哈希匹配（访问相同网站时使用同一个代理）
  - DIRECT
  - 香港01-IEPL-倍率1.0
  - 香港02-IEPL-倍率1.0
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- DOMAIN,www.comicat.org,始终代理
- DOMAIN,github.com,始终代理
- DOMAIN,github.githubassets.com,始终代理
- DOMAIN,raw.githubusercontent.com,始终代理
- DOMAIN-SUFFIX,tmdb.org,始终代理
- DOMAIN-SUFFIX,themoviedb.org,始终代理
- DOMAIN-SUFFIX,githubusercontent.com,始终代理
- DOMAIN,thetvdb.com,始终代理
- DOMAIN-SUFFIX,docker.com,始终代理
- DOMAIN-SUFFIX,docker.io,始终代理
- DOMAIN-SUFFIX,fanart.tv,始终代理
- DOMAIN-SUFFIX,bgm.tv,始终代理
- DOMAIN-SUFFIX,thepiratebay.org,始终代理
- "DOMAIN,xivanalysis.com,\U0001F9F1直接连接"
- "DOMAIN,picanalysis.vivo.com.cn,\U0001F9F1直接连接"
- "DOMAIN,fairplay.l.qq.com,\U0001F9F1直接连接"
- "DOMAIN,livew.l.qq.com,\U0001F9F1直接连接"
- "DOMAIN,vd.l.qq.com,\U0001F9F1直接连接"
- "DOMAIN,analytics.strava.com,\U0001F9F1直接连接"
- "DOMAIN,errlog.umeng.com,\U0001F9F1直接连接"
- "DOMAIN,msg.umeng.com,\U0001F9F1直接连接"
- "DOMAIN,msg.umengcloud.com,\U0001F9F1直接连接"
- "DOMAIN,tracking.miui.com,\U0001F9F1直接连接"
- "DOMAIN,app.adjust.com,\U0001F9F1直接连接"
- "DOMAIN,bdtj.tagtic.cn,\U0001F9F1直接连接"
- "DOMAIN-KEYWORD,admarvel,\U0001F6D1全球拦截"
- "DOMAIN-KEYWORD,admaster,\U0001F6D1全球拦截"
- "DOMAIN-KEYWORD,adsage,\U0001F6D1全球拦截"
- "DOMAIN-KEYWORD,adsensor,\U0001F6D1全球拦截"
- "DOMAIN-KEYWORD,adservice,\U0001F6D1全球拦截"
- "DOMAIN-SUFFIX,union.mi.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,wtradv.market.xiaomi.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,xmpush.xiaomi.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,ad.api.moji.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,app.moji001.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,cdn.moji002.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,cdn2.moji002.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,fds.api.moji.com,\U0001F343应用净化"
- "DOMAIN-SUFFIX,cm.steampowered.com,\U0001F9F1直接连接"
- "DOMAIN-SUFFIX,steamchina.com,\U0001F9F1直接连接"
- "DOMAIN-SUFFIX,steamusercontent.com,\U0001F9F1直接连接"
- DOMAIN-SUFFIX,1drv.ms,Ⓜ️微软服务
- DOMAIN-SUFFIX,a-msedge.net,Ⓜ️微软服务
- DOMAIN-SUFFIX,a1158.g.akamai.net,Ⓜ️微软服务
- DOMAIN-SUFFIX,a122.dscg3.akamai.net,Ⓜ️微软服务
- "IP-CIDR,101.198.128.0/18,\U0001F9F1直接连接,no-resolve"
- "IP-CIDR,101.198.192.0/19,\U0001F9F1直接连接,no-resolve"
- "IP-CIDR,101.199.196.0/22,\U0001F9F1直接连接,no-resolve"
- "GEOIP,CN,\U0001F9F1直接连接"
- "MATCH,\U0001F41F漏网之鱼"
tproxy-port: 7895
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
experimental:
  sniff-tls-sni: true
tun:
  enable: true
  stack: system
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
authentication:
- Clash:Pk46Ndfj
- Clash:u4UhiA5Y

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#ruby_edit "$CONFIG_FILE" "['secret']" "tMd6Jgjw"
#uci -q set openclash.config.dashboard_password="tMd6Jgjw"

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Sun Mar 17 13:32:39 2024
*nat
:PREROUTING ACCEPT [488:53552]
:INPUT ACCEPT [329:21893]
:OUTPUT ACCEPT [498:41698]
:POSTROUTING ACCEPT [969:90764]
:DOCKER - [0:0]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_ipsecserver_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_ipsecserver_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_ipsecserver_postrouting - [0:0]
:zone_ipsecserver_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p tcp -m comment --comment "OpenClash TCP DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -j openclash_output
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A DOCKER -i docker0 -j RETURN
-A openclash -p tcp -m tcp --sport 1688 -j RETURN
-A openclash -p tcp -m tcp --sport 1194 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 1688 -j RETURN
-A openclash_output -p tcp -m tcp --sport 1194 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_ipsecserver_postrouting -m comment --comment "!fw3: Custom ipsecserver postrouting rule chain" -j postrouting_ipsecserver_rule
-A zone_ipsecserver_prerouting -m comment --comment "!fw3: Custom ipsecserver prerouting rule chain" -j prerouting_ipsecserver_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
COMMIT
# Completed on Sun Mar 17 13:32:39 2024

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Sun Mar 17 13:32:39 2024
*mangle
:PREROUTING ACCEPT [6231:2019523]
:INPUT ACCEPT [2758:363982]
:FORWARD ACCEPT [3469:1655162]
:OUTPUT ACCEPT [3242:657240]
:POSTROUTING ACCEPT [6708:2310772]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.1.32/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.32/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.100/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.100/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.50/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.50/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.51/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.51/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.104/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.104/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.130/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.130/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.142/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.142/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.215/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.215/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.143/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.143/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.136/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.136/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.145/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.145/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.146/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.146/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.226/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.226/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.2/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.2/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.170/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.170/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.5/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.5/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.99/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.99/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.238/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.238/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.159/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.159/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.189/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.189/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.1.10/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.1.10/32 -j RETURN
-A RRDIPT_INPUT -i eth0 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_OUTPUT -o eth0 -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A openclash -p udp -m udp --sport 1194 -j RETURN
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -p tcp -m comment --comment "OpenClash TCP DNS Hijack" -m tcp --dport 53 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Sun Mar 17 13:32:39 2024

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Sun Mar 17 13:32:39 2024
*filter
:INPUT ACCEPT [2:80]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-MAN - [0:0]
:DOCKER-USER - [0:0]
:MINIUPNPD - [0:0]
:SOCAT - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -j SOCAT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-MAN -i br-lan -o docker0 -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN
-A DOCKER-MAN -o docker0 -m conntrack --ctstate INVALID,NEW -j DROP
-A DOCKER-MAN -j RETURN
-A DOCKER-USER -j DOCKER-MAN
-A DOCKER-USER -j RETURN
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP
-A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Sun Mar 17 13:32:39 2024

#IPv6 NAT chain

#IPv6 Mangle chain

#IPv6 Filter chain

#===================== IPSET状态 =====================#

Name: cn
Type: hash:net
Revision: 7
Header: family inet hashsize 4096 maxelem 65536 bucketsize 12 initval 0xeb0e8c6b
Size in memory: 257472
References: 0
Number of entries: 8618

Name: ct
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xffd8dc35
Size in memory: 59496
References: 0
Number of entries: 1962

Name: cnc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xe94f511d
Size in memory: 32040
References: 0
Number of entries: 915

Name: cmcc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x3039226e
Size in memory: 3096
References: 0
Number of entries: 55

Name: crtc
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x87b5741d
Size in memory: 1224
References: 0
Number of entries: 16

Name: cernet
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xe5409030
Size in memory: 8040
References: 0
Number of entries: 171

Name: gwbn
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x61ef23ef
Size in memory: 12984
References: 0
Number of entries: 290

Name: othernet
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 65536 bucketsize 12 initval 0x58dbb719
Size in memory: 150384
References: 0
Number of entries: 5209

Name: music
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb0aee46e
Size in memory: 880
References: 0
Number of entries: 17

Name: mwan3_connected_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xde4cc7bb
Size in memory: 936
References: 1
Number of entries: 10

Name: mwan3_connected_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x167c2439
Size in memory: 1384
References: 1
Number of entries: 2

Name: mwan3_source_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x27704272
Size in memory: 1312
References: 0
Number of entries: 1

Name: mwan3_dynamic_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x72bd6793
Size in memory: 456
References: 1
Number of entries: 0

Name: mwan3_dynamic_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x46e60294
Size in memory: 1240
References: 1
Number of entries: 0

Name: mwan3_custom_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb4e399e9
Size in memory: 456
References: 1
Number of entries: 0

Name: mwan3_custom_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xf1f55660
Size in memory: 1240
References: 1
Number of entries: 0

Name: localnetwork
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xe0517f48
Size in memory: 888
References: 3
Number of entries: 9

Name: china_ip_route
Type: hash:net
Revision: 7
Header: family inet hashsize 4096 maxelem 1000000 bucketsize 12 initval 0x986c1f25
Size in memory: 257088
References: 4
Number of entries: 8665

Name: china_ip_route_pass
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x826d605d
Size in memory: 456
References: 3
Number of entries: 0

Name: mwan3_connected
Type: list:set
Revision: 3
Header: size 8
Size in memory: 368
References: 0
Number of entries: 6

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.2     0.0.0.0         UG    0      0        0 br-lan
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun

#ip route list
default via 192.168.1.2 dev br-lan proto static 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.30 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 

#ip rule show
0:  from all lookup local
32765:  from all fwmark 0x162 lookup 354
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
fd27:1c6a:118c::/64                         ::                                      U     1024   1        0 br-lan  
fd27:1c6a:118c::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    4        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
fd27:1c6a:118c::/128                        ::                                      Un    0      3        0 br-lan  
fd27:1c6a:118c::1/128                       ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 utun    
fe80::11:32ff:fe22:cd1d/128                 ::                                      Un    0      6        0 br-lan  
fe80::7a1a:de69:732:13af/128                ::                                      Un    0      2        0 utun    
ff00::/8                                    ::                                      U     256    7        0 br-lan  
ff00::/8                                    ::                                      U     256    4        0 utun    
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list
fd27:1c6a:118c::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd27:1c6a:118c::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
32766:  from all lookup main
4200000001: from all iif lo failed_policy
4200000009: from all iif br-lan failed_policy

#===================== Tun设备状态 =====================#

utun: tun multi_queue vnet_hdr

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      13489/clash
tcp        0      0 :::9090                 :::*                    LISTEN      13489/clash
tcp        0      0 :::7891                 :::*                    LISTEN      13489/clash
tcp        0      0 :::7890                 :::*                    LISTEN      13489/clash
tcp        0      0 :::7893                 :::*                    LISTEN      13489/clash
tcp        0      0 :::7892                 :::*                    LISTEN      13489/clash
tcp        0      0 :::7895                 :::*                    LISTEN      13489/clash
udp        0      0 :::33431                :::*                                13489/clash
udp        0      0 :::7874                 :::*                                13489/clash
udp        0      0 :::7891                 :::*                                13489/clash
udp        0      0 :::7892                 :::*                                13489/clash
udp        0      0 :::7893                 :::*                                13489/clash
udp        0      0 :::7895                 :::*                                13489/clash
udp        0      0 :::32991                :::*                                13489/clash
udp        0      0 :::49477                :::*                                13489/clash
udp        0      0 :::58204                :::*                                13489/clash
udp        0      0 :::42863                :::*                                13489/clash
udp        0      0 :::48005                :::*                                13489/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 39.156.66.18
Name:   www.a.shifen.com
Address: 39.156.66.14

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 95
  data: 69.63.184.14
  name: www.instagram.com.
  type: 1

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface lan
nameserver 114.114.114.114

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sun, 17 Mar 2024 05:32:40 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 404 
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 8C86:1DEA03:16FE4B:1D88A2:65F6805D
accept-ranges: bytes
date: Sun, 17 Mar 2024 05:32:41 GMT
via: 1.1 varnish
x-served-by: cache-qpg1243-QPG
x-cache: HIT
x-cache-hits: 2
x-timer: S1710653561.142239,VS0,VE0
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 85229716f1f74e4e848eb33c07fe36a630f993ba
expires: Sun, 17 Mar 2024 05:37:41 GMT
source-age: 26
content-length: 14

#===================== 最近运行日志(自动切换为Debug模式) =====================#

13:32:50 DBG [TCP] accept connection lAddr=192.168.1.10:41791 rAddr=36.234.223.128:11143 inbound=Redir
13:32:50 WRN [TCP] dial failed error=dial tcp4 223.18.255.164:52043: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:33720 rAddr=223.18.255.164:52043 rule=Match rulePayload=
13:32:50 DBG [Matcher] find process failed error=process not found addr=99.241.198.149
13:32:50 WRN [TCP] dial failed error=dial tcp4 111.252.198.19:25451: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:51384 rAddr=111.252.198.19:25451 rule=Match rulePayload=
13:32:50 WRN [TCP] dial failed error=dial tcp4 180.75.246.223:11976: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:60422 rAddr=180.75.246.223:11976 rule=Match rulePayload=
13:32:50 DBG [Matcher] find process failed error=process not found addr=36.234.223.128
13:32:50 WRN [TCP] dial failed error=dial tcp4 191.96.240.142:65535: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:48924 rAddr=191.96.240.142:65535 rule=Match rulePayload=
13:32:50 WRN [TCP] dial failed error=dial tcp4 112.119.174.248:9440: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:33358 rAddr=112.119.174.248:9440 rule=Match rulePayload=
13:32:50 DBG [Matcher] find process failed error=process not found addr=69.49.86.44
13:32:50 DBG [TCP] accept connection lAddr=192.168.1.10:32901 rAddr=5.15.218.103:46785 inbound=Redir
13:32:50 DBG [TCP] accept connection lAddr=192.168.1.10:49825 rAddr=218.250.188.76:3977 inbound=Redir
13:32:50 DBG [Matcher] find process failed error=process not found addr=5.15.218.103
13:32:50 DBG [Matcher] find process failed error=process not found addr=218.250.188.76
13:32:50 WRN [TCP] dial failed error=dial tcp4 129.213.88.72:9489: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:40978 rAddr=129.213.88.72:9489 rule=Match rulePayload=
13:32:50 WRN [TCP] dial failed error=dial tcp4 180.75.239.37:36225: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:52269 rAddr=180.75.239.37:36225 rule=Match rulePayload=
13:32:50 WRN [TCP] dial failed error=dial tcp4 49.159.1.19:52211: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:50901 rAddr=49.159.1.19:52211 rule=Match rulePayload=
13:32:50 WRN [TCP] dial failed error=dial tcp4 113.210.51.140:6255: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:54930 rAddr=113.210.51.140:6255 rule=Match rulePayload=
13:32:50 DBG [Matcher] find process failed error=process not found addr=46.20.109.77
13:32:50 WRN [TCP] dial failed error=dial tcp4 180.75.239.37:5216: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:49003 rAddr=180.75.239.37:5216 rule=Match rulePayload=
13:32:50 WRN [TCP] dial failed error=dial tcp4 125.229.154.238:1673: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:46600 rAddr=125.229.154.238:1673 rule=Match rulePayload=
13:32:50 INF [TCP] connected lAddr=192.168.1.100:11709 rAddr=signalrs2-relayhub-prod-as01-1.service.signalr.net:443 mode=rule rule=DomainSuffix(signalr.net) proxy=Ⓜ️微软服务[DIRECT]
13:32:50 DBG [TCP] accept connection lAddr=192.168.1.100:11711 rAddr=signalrs2-relayhub-prod-as01-1.service.signalr.net:443 inbound=Redir
13:32:50 INF [TCP] connected lAddr=192.168.1.10:45305 rAddr=51.159.107.184:54697 mode=rule rule=Match() proxy=🐟漏网之鱼[DIRECT]
13:32:50 INF [TCP] connected lAddr=192.168.1.100:11711 rAddr=signalrs2-relayhub-prod-as01-1.service.signalr.net:443 mode=rule rule=DomainSuffix(signalr.net) proxy=Ⓜ️微软服务[DIRECT]
13:32:50 WRN [TCP] dial failed error=dial tcp4 172.217.163.42:443: i/o timeout proxy=🚀节点选择 lAddr=192.168.1.142:58552 rAddr=gmscompliance-pa.googleapis.com:443 rule=DomainKeyword rulePayload=google
13:32:50 DBG [TCP] accept connection lAddr=192.168.1.142:58564 rAddr=gmscompliance-pa.googleapis.com:443 inbound=Redir
13:32:50 DBG [Matcher] find process failed error=process not found addr=gmscompliance-pa.googleapis.com
13:32:50 DBG [DNS] dns response source=8.8.8.8:53 qType=A name=24-courier.push.apple.com. answer=["17.57.145.133","17.57.145.134","17.57.145.137","17.57.145.132","17.57.145.136","17.57.145.138","17.57.145.135"]
13:32:50 DBG [TCP] accept connection lAddr=192.168.1.99:65119 rAddr=24-courier.push.apple.com:5223 inbound=Redir
13:32:50 DBG [Matcher] find process failed error=process not found addr=24-courier.push.apple.com
13:32:50 INF [TCP] connected lAddr=192.168.1.99:65119 rAddr=24-courier.push.apple.com:5223 mode=rule rule=DomainSuffix(apple.com) proxy=🍎苹果服务[DIRECT]
13:32:51 WRN [TCP] dial failed error=dial tcp4 184.146.125.152:17935: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:36142 rAddr=184.146.125.152:17935 rule=Match rulePayload=
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:58272 rAddr=160.237.117.161:43920 inbound=Redir
13:32:51 WRN [TCP] dial failed error=dial tcp4 1.163.7.141:41584: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:55743 rAddr=1.163.7.141:41584 rule=Match rulePayload=
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:52569 rAddr=194.26.74.61:6666 inbound=Redir
13:32:51 DBG [Matcher] find process failed error=process not found addr=160.237.117.161
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:54036 rAddr=157.254.20.71:51413 inbound=Redir
13:32:51 DBG [Matcher] find process failed error=process not found addr=194.26.74.61
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:40160 rAddr=38.59.242.65:6881 inbound=Redir
13:32:51 DBG [Matcher] find process failed error=process not found addr=157.254.20.71
13:32:51 DBG [Matcher] find process failed error=process not found addr=38.59.242.65
13:32:51 WRN [TCP] dial failed error=dial tcp4 123.192.189.20:32802: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:54137 rAddr=123.192.189.20:32802 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 125.59.190.11:16605: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:51540 rAddr=125.59.190.11:16605 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 36.239.239.69:57477: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:58244 rAddr=36.239.239.69:57477 rule=Match rulePayload=
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:40839 rAddr=113.210.102.18:63040 inbound=Redir
13:32:51 WRN [TCP] dial failed error=dial tcp4 31.171.154.115:54521: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:58911 rAddr=31.171.154.115:54521 rule=Match rulePayload=
13:32:51 DBG [Matcher] find process failed error=process not found addr=113.210.102.18
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:50334 rAddr=131.246.233.73:51637 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:48249 rAddr=144.202.68.211:36729 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:45693 rAddr=181.41.202.160:8922 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:36384 rAddr=105.107.174.80:46785 inbound=Redir
13:32:51 DBG [Matcher] find process failed error=process not found addr=105.107.174.80
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:45165 rAddr=184.146.125.152:17951 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:41092 rAddr=218.250.188.76:29570 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:47554 rAddr=107.189.4.70:6881 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:34958 rAddr=185.209.198.72:53032 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:58688 rAddr=121.200.6.152:63353 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:58066 rAddr=89.213.164.71:6098 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:41480 rAddr=108.181.255.9:12622 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:37043 rAddr=36.234.223.128:33999 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:41126 rAddr=112.120.89.229:39466 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:50348 rAddr=172.111.38.128:13999 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:43891 rAddr=18.183.161.223:22223 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:54924 rAddr=154.16.81.85:46273 inbound=Redir
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:40590 rAddr=178.51.169.59:18831 inbound=Redir
13:32:51 WRN [TCP] dial failed error=dial tcp4 168.70.17.237:15672: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:51535 rAddr=168.70.17.237:15672 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 164.68.127.100:11999: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:42267 rAddr=164.68.127.100:11999 rule=Match rulePayload=
13:32:51 DBG [Matcher] find process failed error=process not found addr=184.146.125.152
13:32:51 DBG [Matcher] find process failed error=process not found addr=218.250.188.76
13:32:51 DBG [Matcher] find process failed error=process not found addr=107.189.4.70
13:32:51 DBG [Matcher] find process failed error=process not found addr=185.209.198.72
13:32:51 DBG [Matcher] find process failed error=process not found addr=121.200.6.152
13:32:51 DBG [Matcher] find process failed error=process not found addr=89.213.164.71
13:32:51 DBG [Matcher] find process failed error=process not found addr=108.181.255.9
13:32:51 DBG [Matcher] find process failed error=process not found addr=36.234.223.128
13:32:51 DBG [Matcher] find process failed error=process not found addr=112.120.89.229
13:32:51 DBG [Matcher] find process failed error=process not found addr=172.111.38.128
13:32:51 DBG [Matcher] find process failed error=process not found addr=18.183.161.223
13:32:51 DBG [Matcher] find process failed error=process not found addr=154.16.81.85
13:32:51 DBG [Matcher] find process failed error=process not found addr=178.51.169.59
13:32:51 WRN [TCP] dial failed error=dial tcp4 176.215.62.2:57477: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:33368 rAddr=176.215.62.2:57477 rule=Match rulePayload=
13:32:51 DBG [Matcher] find process failed error=process not found addr=131.246.233.73
13:32:51 WRN [TCP] dial failed error=dial tcp4 115.134.106.154:15000: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:54418 rAddr=115.134.106.154:15000 rule=Match rulePayload=
13:32:51 DBG [Matcher] find process failed error=process not found addr=144.202.68.211
13:32:51 WRN [TCP] dial failed error=dial tcp4 218.250.188.76:2734: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:59028 rAddr=218.250.188.76:2734 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 180.75.233.61:54625: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:51196 rAddr=180.75.233.61:54625 rule=Match rulePayload=
13:32:51 DBG [Matcher] find process failed error=process not found addr=181.41.202.160
13:32:51 WRN [TCP] dial failed error=dial tcp4 185.135.76.54:22223: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:44517 rAddr=185.135.76.54:22223 rule=Match rulePayload=
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.10:54786 rAddr=62.72.188.50:33500 inbound=Redir
13:32:51 WRN [TCP] dial failed error=dial tcp4 115.135.96.129:1171: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:59566 rAddr=115.135.96.129:1171 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 165.3.122.205:34588: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:48403 rAddr=165.3.122.205:34588 rule=Match rulePayload=
13:32:51 DBG [Matcher] find process failed error=process not found addr=62.72.188.50
13:32:51 WRN [TCP] dial failed error=dial tcp4 95.17.113.197:22904: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:37041 rAddr=95.17.113.197:22904 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 108.6.96.101:3773: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:47575 rAddr=108.6.96.101:3773 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 24.77.1.180:7527: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:39996 rAddr=24.77.1.180:7527 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 43.155.101.172:55639: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:39377 rAddr=43.155.101.172:55639 rule=Match rulePayload=
13:32:51 WRN [TCP] dial failed error=dial tcp4 95.17.113.197:5310: i/o timeout proxy=🐟漏网之鱼 lAddr=192.168.1.10:60382 rAddr=95.17.113.197:5310 rule=Match rulePayload=
13:32:51 DBG [TCP] accept connection lAddr=192.168.1.100:11712 rAddr=business.bing.com:443 inbound=Redir
13:32:51 INF [TCP] connected lAddr=192.168.1.100:11712 rAddr=business.bing.com:443 mode=rule rule=DomainSuffix(bing.com) proxy=Ⓜ️微软服务[DIRECT]
13:32:51 WRN [TCP] dial failed error=dial tcp4 144.202.68.211:36729: connect: no route to host proxy=🐟漏网之鱼 lAddr=192.168.1.10:48249 rAddr=144.202.68.211:36729 rule=Match rulePayload=

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

#===================== 活动连接信息 =====================#

1. SourceIP:【192.168.1.10】 - Host:【Empty】 - DestinationIP:【107.175.78.232】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.1.10】 - Host:【Empty】 - DestinationIP:【193.32.87.148】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
3. SourceIP:【192.168.1.100】 - Host:【api.ipify.org】 - DestinationIP:【172.67.74.152】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
4. SourceIP:【192.168.1.100】 - Host:【edge.microsoft.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【microsoft.com】 - Lastchain:【DIRECT】
5. SourceIP:【192.168.1.100】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.13.31】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
6. SourceIP:【192.168.1.100】 - Host:【prod-eastasia.access-point.cloudmessaging.edge.microsoft.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【microsoft.com】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.1.10】 - Host:【Empty】 - DestinationIP:【210.209.139.206】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
8. SourceIP:【192.168.1.142】 - Host:【mtalk.google.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【mtalk.google.com】 - Lastchain:【DIRECT】
9. SourceIP:【192.168.1.99】 - Host:【bzib.nelreports.net】 - DestinationIP:【23.32.238.91】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
10. SourceIP:【192.168.1.10】 - Host:【Empty】 - DestinationIP:【125.168.251.53】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
11. SourceIP:【192.168.1.99】 - Host:【business.bing.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【bing.com】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.1.100】 - Host:【signalrs2-relayhub-prod-as01-1.service.signalr.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【signalr.net】 - Lastchain:【DIRECT】
13. SourceIP:【192.168.1.99】 - Host:【24-courier.push.apple.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【apple.com】 - Lastchain:【DIRECT】
14. SourceIP:【192.168.1.10】 - Host:【Empty】 - DestinationIP:【61.62.144.104】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
15. SourceIP:【192.168.1.100】 - Host:【qqwry.api.skk.moe】 - DestinationIP:【172.67.148.227】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
16. SourceIP:【192.168.1.100】 - Host:【Empty】 - DestinationIP:【91.108.56.141】 - Network:【tcp】 - RulePayload:【91.108.0.0/16】 - Lastchain:【香港01-IEPL-倍率1.0】
17. SourceIP:【192.168.1.10】 - Host:【api.telegram.org】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【telegram.org】 - Lastchain:【香港01-IEPL-倍率1.0】
18. SourceIP:【192.168.1.100】 - Host:【Empty】 - DestinationIP:【103.28.54.173】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
19. SourceIP:【192.168.1.142】 - Host:【signalrs2-relayhub-prod-as01-1.service.signalr.net】 - DestinationIP:【20.195.84.12】 - Network:【tcp】 - RulePayload:【signalr.net】 - Lastchain:【DIRECT】
20. SourceIP:【192.168.1.142】 - Host:【business.bing.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【bing.com】 - Lastchain:【DIRECT】
21. SourceIP:【192.168.1.100】 - Host:【signalrs2-relayhub-prod-as01-1.service.signalr.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【signalr.net】 - Lastchain:【DIRECT】
22. SourceIP:【192.168.1.100】 - Host:【graph.oculus.com】 - DestinationIP:【157.240.211.54】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
23. SourceIP:【192.168.1.100】 - Host:【github.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【github.com】 - Lastchain:【香港01-IEPL-倍率1.0】
24. SourceIP:【192.168.1.10】 - Host:【Empty】 - DestinationIP:【88.198.55.6】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
25. SourceIP:【192.168.1.100】 - Host:【avatars3.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【香港01-IEPL-倍率1.0】
26. SourceIP:【192.168.1.142】 - Host:【signalrs2-relayhub-prod-as01-1.service.signalr.net】 - DestinationIP:【20.195.84.12】 - Network:【tcp】 - RulePayload:【signalr.net】 - Lastchain:【DIRECT】
27. SourceIP:【192.168.1.99】 - Host:【edge.microsoft.com】 - DestinationIP:【204.79.197.239】 - Network:【tcp】 - RulePayload:【microsoft.com】 - Lastchain:【DIRECT】
28. SourceIP:【192.168.1.10】 - Host:【t.nyaatracker.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【tracker】 - Lastchain:【DIRECT】
29. SourceIP:【192.168.1.10】 - Host:【Empty】 - DestinationIP:【183.179.193.172】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
30. SourceIP:【192.168.1.100】 - Host:【business.bing.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【bing.com】 - Lastchain:【DIRECT】
31. SourceIP:【192.168.1.100】 - Host:【edge.microsoft.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【microsoft.com】 - Lastchain:【DIRECT】
32. SourceIP:【192.168.1.99】 - Host:【copilot.microsoft.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【microsoft.com】 - Lastchain:【DIRECT】
33. SourceIP:【192.168.1.100】 - Host:【d.skk.moe】 - DestinationIP:【172.67.187.219】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
34. SourceIP:【192.168.1.100】 - Host:【business.bing.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【bing.com】 - Lastchain:【DIRECT】
35. SourceIP:【192.168.1.5】 - Host:【Empty】 - DestinationIP:【199.165.76.11】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】



### OpenClash Config

_No response_

### Expected Behavior

openclash自启动时会检测“SOCKS5/HTTP(S) 认证信息”是否有配置项，如果没有则自动添加一行，如果有则不自动新增，只读取配置并写入yaml配置文件。

### Additional Context

_No response_

vernesong / OpenClash

[Bug] 重启openWrt系统导致的openClash自启动时会自动添加一行“SOCKS5/HTTP(S) 认证信息”配置，每重启一次添加一行，导致有越来越多的行 #3812