开启openclash后www.win-rar.com打不开提示ERR_CONNECTION_CLOSED[Bug]

Verify Steps

[X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
[X] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
[X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
[X] Relevant 我知道 OpenClash 与内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
[X] Definite 这确实是 OpenClash 出现的问题
[ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
[ ] Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.016beta

Bug on Environment

Official OpenWrt

OpenWrt Version

23.05

Bug on Platform

Linux-amd64(x86-64)

Describe the Bug

开启openclash后www.win-rar.com打不开提示ERR_CONNECTION_CLOSED 关闭openclash以后可以正常访问

To Reproduce

开启openclash后www.win-rar.com打不开提示ERR_CONNECTION_CLOSED 关闭openclash以后可以正常访问

OpenClash Log

OpenClash 调试日志

生成时间: 2024-06-26 20:57:52
插件版本: v0.46.016-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: VMware, Inc. VMware20,1
固件版本: OpenWrt 23.05-SNAPSHOT 06.08.2024
LuCI版本: 
内核版本: 5.15.158
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid

DNS劫持: 停用
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
iptables-mod-tproxy: 未安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 未安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 17436
运行权限: 17436: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-g9f4cd64
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/ikuuu.yaml
启动配置文件: /etc/openclash/ikuuu.yaml
运行模式: redir-host-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 停用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

port: 7890
socks-port: 7891
allow-lan: true
mode: rule
log-level: info
external-controller: 0.0.0.0:9090
hosts:
  time.facebook.com: 17.253.84.125
  time.android.com: 17.253.84.125
proxy-groups:
- name: "\U0001F530 选择节点"
  type: select

redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
dns:
  enable: true
  ipv6: true
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 114.114.114.114
  - 119.29.29.29
  - 223.5.5.5
  - https://doh.pub/dns-query
  - https://223.5.5.5/dns-query
  fallback:
  - https://dns.cloudflare.com/dns-query
  - https://public.dns.iij.jp/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
tun:
  enable: true
  stack: system
  device: utun
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
authentication:
- miaogongzi:990112990227htP

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.8 on Wed Jun 26 20:57:54 2024
*nat
:PREROUTING ACCEPT [863:97292]
:INPUT ACCEPT [756:46246]
:OUTPUT ACCEPT [1249:88383]
:POSTROUTING ACCEPT [219:13876]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_ipsecserver_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_ipsecserver_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_ipsecserver_postrouting - [0:0]
:zone_ipsecserver_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -o utun -m comment --comment "OpenClash TUN Postrouting" -j RETURN
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_postrouting
-A POSTROUTING -s 192.168.100.0/24 -m comment --comment "IPSec VPN Server" -j MASQUERADE
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set ! --match-set common_ports dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A zone_ipsecserver_postrouting -m comment --comment "!fw3: Custom ipsecserver postrouting rule chain" -j postrouting_ipsecserver_rule
-A zone_ipsecserver_prerouting -m comment --comment "!fw3: Custom ipsecserver prerouting rule chain" -j prerouting_ipsecserver_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.3/32 -p tcp -m tcp --dport 62715 -m comment --comment "!fw3: sonobus (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.3/32 -p udp -m udp --dport 62715 -m comment --comment "!fw3: sonobus (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.7/32 -p tcp -m tcp --dport 5000:5001 -m comment --comment "!fw3: DSM920 (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.7/32 -p udp -m udp --dport 5000:5001 -m comment --comment "!fw3: DSM920 (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.8/32 -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: WIndows Server (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.8/32 -p udp -m udp --dport 3389 -m comment --comment "!fw3: WIndows Server (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.10/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: UbuntuServer (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.10/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: UbuntuServer (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p tcp -m tcp --dport 5212 -m comment --comment "!fw3: Cloudreve (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p udp -m udp --dport 5212 -m comment --comment "!fw3: Cloudreve (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p tcp -m tcp --dport 5244 -m comment --comment "!fw3: alsit (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p udp -m udp --dport 5244 -m comment --comment "!fw3: alsit (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: Ubuntu Server01 SSH (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.11/32 -p udp -m udp --dport 22 -m comment --comment "!fw3: Ubuntu Server01 SSH (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.12/32 -p tcp -m tcp --dport 22 -m comment --comment "!fw3: Ubuntu Server02 SSH (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.12/32 -p udp -m udp --dport 22 -m comment --comment "!fw3: Ubuntu Server02 SSH (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.11/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Ubuntu Server01 BT (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.11/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Ubuntu Server01 BT (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.12/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: Ubuntu Server02 BT (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.12/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: Ubuntu Server02 BT (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.13/32 -p tcp -m tcp --dport 3389 -m comment --comment "!fw3: WindowsServer 小恩 (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.13/32 -p udp -m udp --dport 3389 -m comment --comment "!fw3: WindowsServer 小恩 (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.10/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: MYSQL Server (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.10/32 -p udp -m udp --dport 3306 -m comment --comment "!fw3: MYSQL Server (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p tcp -m tcp --dport 14580 -m comment --comment "!fw3: 番茄API (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p udp -m udp --dport 14580 -m comment --comment "!fw3: 番茄API (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p tcp -m tcp --dport 4222 -m comment --comment "!fw3: remote (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.9/32 -p udp -m udp --dport 4222 -m comment --comment "!fw3: remote (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.3/32 -p tcp -m tcp --dport 32199 -m comment --comment "!fw3: BT (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_postrouting -s 192.168.3.0/24 -d 192.168.3.3/32 -p udp -m udp --dport 32199 -m comment --comment "!fw3: BT (reflection)" -j SNAT --to-source 192.168.3.1
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 62715 -m comment --comment "!fw3: sonobus (reflection)" -j DNAT --to-destination 192.168.3.3:62715
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 62715 -m comment --comment "!fw3: sonobus (reflection)" -j DNAT --to-destination 192.168.3.3:62715
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 5000:5001 -m comment --comment "!fw3: DSM920 (reflection)" -j DNAT --to-destination 192.168.3.7:5000-5001
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 5000:5001 -m comment --comment "!fw3: DSM920 (reflection)" -j DNAT --to-destination 192.168.3.7:5000-5001
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 13389 -m comment --comment "!fw3: WIndows Server (reflection)" -j DNAT --to-destination 192.168.3.8:3389
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 13389 -m comment --comment "!fw3: WIndows Server (reflection)" -j DNAT --to-destination 192.168.3.8:3389
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: UbuntuServer (reflection)" -j DNAT --to-destination 192.168.3.10:8888
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 8888 -m comment --comment "!fw3: UbuntuServer (reflection)" -j DNAT --to-destination 192.168.3.10:8888
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 5212 -m comment --comment "!fw3: Cloudreve (reflection)" -j DNAT --to-destination 192.168.3.9:5212
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 5212 -m comment --comment "!fw3: Cloudreve (reflection)" -j DNAT --to-destination 192.168.3.9:5212
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 5244 -m comment --comment "!fw3: alsit (reflection)" -j DNAT --to-destination 192.168.3.9:5244
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 5244 -m comment --comment "!fw3: alsit (reflection)" -j DNAT --to-destination 192.168.3.9:5244
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 23 -m comment --comment "!fw3: Ubuntu Server01 SSH (reflection)" -j DNAT --to-destination 192.168.3.11:22
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 23 -m comment --comment "!fw3: Ubuntu Server01 SSH (reflection)" -j DNAT --to-destination 192.168.3.11:22
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 24 -m comment --comment "!fw3: Ubuntu Server02 SSH (reflection)" -j DNAT --to-destination 192.168.3.12:22
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 24 -m comment --comment "!fw3: Ubuntu Server02 SSH (reflection)" -j DNAT --to-destination 192.168.3.12:22
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 8891 -m comment --comment "!fw3: Ubuntu Server01 BT (reflection)" -j DNAT --to-destination 192.168.3.11:8888
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 8891 -m comment --comment "!fw3: Ubuntu Server01 BT (reflection)" -j DNAT --to-destination 192.168.3.11:8888
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 8892 -m comment --comment "!fw3: Ubuntu Server02 BT (reflection)" -j DNAT --to-destination 192.168.3.12:8888
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 8892 -m comment --comment "!fw3: Ubuntu Server02 BT (reflection)" -j DNAT --to-destination 192.168.3.12:8888
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 63389 -m comment --comment "!fw3: WindowsServer 小恩 (reflection)" -j DNAT --to-destination 192.168.3.13:3389
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 63389 -m comment --comment "!fw3: WindowsServer 小恩 (reflection)" -j DNAT --to-destination 192.168.3.13:3389
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: MYSQL Server (reflection)" -j DNAT --to-destination 192.168.3.10:3306
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 3306 -m comment --comment "!fw3: MYSQL Server (reflection)" -j DNAT --to-destination 192.168.3.10:3306
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 14580 -m comment --comment "!fw3: 番茄API (reflection)" -j DNAT --to-destination 192.168.3.9:14580
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 14580 -m comment --comment "!fw3: 番茄API (reflection)" -j DNAT --to-destination 192.168.3.9:14580
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 4222 -m comment --comment "!fw3: remote (reflection)" -j DNAT --to-destination 192.168.3.9:4222
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 4222 -m comment --comment "!fw3: remote (reflection)" -j DNAT --to-destination 192.168.3.9:4222
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p tcp -m tcp --dport 32199 -m comment --comment "!fw3: BT (reflection)" -j DNAT --to-destination 192.168.3.3:32199
-A zone_lan_prerouting -s 192.168.3.0/24 -d *WAN IP*.142/32 -p udp -m udp --dport 32199 -m comment --comment "!fw3: BT (reflection)" -j DNAT --to-destination 192.168.3.3:32199
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 62715 -m comment --comment "!fw3: sonobus" -j DNAT --to-destination 192.168.3.3:62715
-A zone_wan_prerouting -p udp -m udp --dport 62715 -m comment --comment "!fw3: sonobus" -j DNAT --to-destination 192.168.3.3:62715
-A zone_wan_prerouting -p tcp -m tcp --dport 5000:5001 -m comment --comment "!fw3: DSM920" -j DNAT --to-destination 192.168.3.7:5000-5001
-A zone_wan_prerouting -p udp -m udp --dport 5000:5001 -m comment --comment "!fw3: DSM920" -j DNAT --to-destination 192.168.3.7:5000-5001
-A zone_wan_prerouting -p tcp -m tcp --dport 13389 -m comment --comment "!fw3: WIndows Server" -j DNAT --to-destination 192.168.3.8:3389
-A zone_wan_prerouting -p udp -m udp --dport 13389 -m comment --comment "!fw3: WIndows Server" -j DNAT --to-destination 192.168.3.8:3389
-A zone_wan_prerouting -p tcp -m tcp --dport 8888 -m comment --comment "!fw3: UbuntuServer" -j DNAT --to-destination 192.168.3.10:8888
-A zone_wan_prerouting -p udp -m udp --dport 8888 -m comment --comment "!fw3: UbuntuServer" -j DNAT --to-destination 192.168.3.10:8888
-A zone_wan_prerouting -p tcp -m tcp --dport 5212 -m comment --comment "!fw3: Cloudreve" -j DNAT --to-destination 192.168.3.9:5212
-A zone_wan_prerouting -p udp -m udp --dport 5212 -m comment --comment "!fw3: Cloudreve" -j DNAT --to-destination 192.168.3.9:5212
-A zone_wan_prerouting -p tcp -m tcp --dport 5244 -m comment --comment "!fw3: alsit" -j DNAT --to-destination 192.168.3.9:5244
-A zone_wan_prerouting -p udp -m udp --dport 5244 -m comment --comment "!fw3: alsit" -j DNAT --to-destination 192.168.3.9:5244
-A zone_wan_prerouting -p tcp -m tcp --dport 23 -m comment --comment "!fw3: Ubuntu Server01 SSH" -j DNAT --to-destination 192.168.3.11:22
-A zone_wan_prerouting -p udp -m udp --dport 23 -m comment --comment "!fw3: Ubuntu Server01 SSH" -j DNAT --to-destination 192.168.3.11:22
-A zone_wan_prerouting -p tcp -m tcp --dport 24 -m comment --comment "!fw3: Ubuntu Server02 SSH" -j DNAT --to-destination 192.168.3.12:22
-A zone_wan_prerouting -p udp -m udp --dport 24 -m comment --comment "!fw3: Ubuntu Server02 SSH" -j DNAT --to-destination 192.168.3.12:22
-A zone_wan_prerouting -p tcp -m tcp --dport 8891 -m comment --comment "!fw3: Ubuntu Server01 BT" -j DNAT --to-destination 192.168.3.11:8888
-A zone_wan_prerouting -p udp -m udp --dport 8891 -m comment --comment "!fw3: Ubuntu Server01 BT" -j DNAT --to-destination 192.168.3.11:8888
-A zone_wan_prerouting -p tcp -m tcp --dport 8892 -m comment --comment "!fw3: Ubuntu Server02 BT" -j DNAT --to-destination 192.168.3.12:8888
-A zone_wan_prerouting -p udp -m udp --dport 8892 -m comment --comment "!fw3: Ubuntu Server02 BT" -j DNAT --to-destination 192.168.3.12:8888
-A zone_wan_prerouting -p tcp -m tcp --dport 63389 -m comment --comment "!fw3: WindowsServer 小恩" -j DNAT --to-destination 192.168.3.13:3389
-A zone_wan_prerouting -p udp -m udp --dport 63389 -m comment --comment "!fw3: WindowsServer 小恩" -j DNAT --to-destination 192.168.3.13:3389
-A zone_wan_prerouting -p tcp -m tcp --dport 3306 -m comment --comment "!fw3: MYSQL Server" -j DNAT --to-destination 192.168.3.10:3306
-A zone_wan_prerouting -p udp -m udp --dport 3306 -m comment --comment "!fw3: MYSQL Server" -j DNAT --to-destination 192.168.3.10:3306
-A zone_wan_prerouting -p tcp -m tcp --dport 14580 -m comment --comment "!fw3: 番茄API" -j DNAT --to-destination 192.168.3.9:14580
-A zone_wan_prerouting -p udp -m udp --dport 14580 -m comment --comment "!fw3: 番茄API" -j DNAT --to-destination 192.168.3.9:14580
-A zone_wan_prerouting -p tcp -m tcp --dport 4222 -m comment --comment "!fw3: remote" -j DNAT --to-destination 192.168.3.9:4222
-A zone_wan_prerouting -p udp -m udp --dport 4222 -m comment --comment "!fw3: remote" -j DNAT --to-destination 192.168.3.9:4222
-A zone_wan_prerouting -p tcp -m tcp --dport 32199 -m comment --comment "!fw3: BT" -j DNAT --to-destination 192.168.3.3:32199
-A zone_wan_prerouting -p udp -m udp --dport 32199 -m comment --comment "!fw3: BT" -j DNAT --to-destination 192.168.3.3:32199
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
COMMIT
# Completed on Wed Jun 26 20:57:54 2024

#IPv4 Mangle chain

# Generated by iptables-save v1.8.8 on Wed Jun 26 20:57:54 2024
*mangle
:PREROUTING ACCEPT [50339:21426652]
:INPUT ACCEPT [28586:17629558]
:FORWARD ACCEPT [21200:3723872]
:OUTPUT ACCEPT [21646:20089533]
:POSTROUTING ACCEPT [42813:23812025]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set ! --match-set common_ports dst -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Wed Jun 26 20:57:54 2024

#IPv4 Filter chain

# Generated by iptables-save v1.8.8 on Wed Jun 26 20:57:54 2024
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i utun -m comment --comment "OpenClash TUN Input" -j ACCEPT
-A INPUT -p udp -m multiport --dports 500,4500 -m comment --comment "IPSec VPN Server" -j ACCEPT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A INPUT -m comment --comment "!fw3" -j reject
-A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A forwarding_rule -m policy --dir out --pol ipsec --proto esp -m comment --comment "IPSec VPN Server" -j ACCEPT
-A forwarding_rule -m policy --dir in --pol ipsec --proto esp -m comment --comment "IPSec VPN Server" -j ACCEPT
-A forwarding_rule -s 192.168.100.0/24 -m comment --comment "IPSec VPN Server" -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Zone wan to ipsecserver forwarding policy" -j zone_ipsecserver_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Zone wan to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Wed Jun 26 20:57:54 2024

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.8 on Wed Jun 26 20:57:54 2024
*nat
:PREROUTING ACCEPT [3367:273413]
:INPUT ACCEPT [455:39886]
:OUTPUT ACCEPT [402:34701]
:POSTROUTING ACCEPT [3591:289801]
-A PREROUTING -d 2001:4860:4860::8844/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 2001:4860:4860::8888/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m comment --comment DNSMASQ -m tcp --dport 53 -j REDIRECT --to-ports 53
-A POSTROUTING -o utun -m comment --comment "OpenClash TUN Postrouting" -j RETURN
COMMIT
# Completed on Wed Jun 26 20:57:54 2024

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.8 on Wed Jun 26 20:57:54 2024
*mangle
:PREROUTING ACCEPT [134776:131086048]
:INPUT ACCEPT [2926:920497]
:FORWARD ACCEPT [131636:130146247]
:OUTPUT ACCEPT [4499:888499]
:POSTROUTING ACCEPT [136132:131034511]
:openclash - [0:0]
:openclash_output - [0:0]
-A PREROUTING -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 546 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork6 dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -m set ! --match-set common_ports dst -j RETURN
-A openclash -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash -p tcp -j MARK --set-xmark 0x162/0xffffffff
-A openclash -p udp -m comment --comment "OpenClash UDP TUN" -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 546 -j RETURN
-A openclash_output -m set --match-set localnetwork6 dst -j RETURN
COMMIT
# Completed on Wed Jun 26 20:57:54 2024

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.8 on Wed Jun 26 20:57:54 2024
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1:60]
:MINIUPNPD - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i utun -m comment --comment "OpenClash TUN Input" -j ACCEPT
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A INPUT -m comment --comment "!fw3" -j reject
-A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip6_route dst -j REJECT --reject-with icmp6-port-unreachable
-A FORWARD -i utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Zone wan to ipsecserver forwarding policy" -j zone_ipsecserver_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Zone wan to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -j MINIUPNPD
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Wed Jun 26 20:57:54 2024

#===================== IPSET状态 =====================#

Name: localnetwork
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa1cb1de2
Size in memory: 1856
References: 3
Number of entries: 30

Name: common_ports
Type: bitmap:port
Revision: 3
Header: range 0-65535
Size in memory: 8272
References: 3
Number of entries: 31

Name: china_ip_route
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 1000000 bucketsize 12 initval 0x6d5375ae
Size in memory: 195032
References: 3
Number of entries: 7090

Name: china_ip_route_pass
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x493c5bee
Size in memory: 464
References: 2
Number of entries: 0

Name: china_ip6_route
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x48a5d28e
Size in memory: 91464
References: 2
Number of entries: 2016

Name: china_ip6_route_pass
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0xcaeb71ed
Size in memory: 1248
References: 1
Number of entries: 0

Name: localnetwork6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xc8b45fab
Size in memory: 2616
References: 2
Number of entries: 19

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         42.86.192.1     0.0.0.0         UG    0      0        0 pppoe-wan
42.86.192.1     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 ipsec0
198.18.0.0      0.0.0.0         255.255.255.252 U     0      0        0 utun

#ip route list
default via 42.86.192.1 dev pppoe-wan proto static 
42.86.192.1 dev pppoe-wan proto kernel scope link src *WAN IP*.142 
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1 
192.168.100.0/24 dev ipsec0 proto kernel scope link src 192.168.100.1 
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1 

#ip rule show
0:  from all lookup local
219:    from all fwmark 0x162 lookup 354
220:    from all lookup 220
32766:  from all lookup main
32767:  from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   3        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      
::/0                                        ::                                      !n    -1     2        0 lo      
::/0                                        fe80::ce1a:faff:feec:b7e0               UG    512    3        0 pppoe-wan
::/0                                        fe80::ce1a:faff:feec:b7e0               UG    512    4        0 pppoe-wan
2408:822e:2075:a7d2::/64                    ::                                      !n    2147483647 2        0 lo      
2408:822e:20d6:bbb0::/64                    ::                                      U     1024   4        0 br-lan  
2408:822e:20d6:bbb4::/62                    fe80::1651:20ff:fe92:2169               UG    1024   1        0 br-lan  
2408:822e:20d6:bbb8::/62                    fe80::20c:29ff:fe2e:88f7                UG    1024   1        0 br-lan  
2408:822e:20d6:bbbc::/62                    fe80::20c:29ff:feef:8841                UG    1024   2        0 br-lan  
2408:822e:20d6:bbb0::/60                    ::                                      !n    2147483647 1        0 lo      
fd6f:6186:1e36::/64                         ::                                      U     1024   5        0 br-lan  
fd6f:6186:1e36:4::/62                       fe80::1651:20ff:fe92:2169               UG    1024   1        0 br-lan  
fd6f:6186:1e36:8::/62                       fe80::20c:29ff:fe2e:88f7                UG    1024   1        0 br-lan  
fd6f:6186:1e36:c::/62                       fe80::20c:29ff:feef:8841                UG    1024   2        0 br-lan  
fd6f:6186:1e36::/48                         ::                                      !n    2147483647 3        0 lo      
fdfe:dcba:9876::/126                        ::                                      U     256    3        0 utun    
fe80::aab8:e068:4600:a41a/128               ::                                      U     256    2        0 pppoe-wan
fe80::ce1a:faff:feec:b7e0/128               ::                                      U     256    2        0 pppoe-wan
fe80::/64                                   ::                                      U     256    3        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 eth5    
fe80::/64                                   ::                                      U     256    1        0 ipsec0  
fe80::/64                                   ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      
::1/128                                     ::                                      Un    0      5        0 lo      
2408:822e:2075:a7d2::/128                   ::                                      Un    0      3        0 pppoe-wan
*WAN IP*:a41a/128 ::                                      Un    0      6        0 pppoe-wan
2408:822e:20d6:bbb0::/128                   ::                                      Un    0      3        0 br-lan  
2408:822e:20d6:bbb0::1/128                  ::                                      Un    0      5        0 br-lan  
fd6f:6186:1e36::/128                        ::                                      Un    0      3        0 br-lan  
fd6f:6186:1e36::1/128                       ::                                      Un    0      7        0 br-lan  
fdfe:dcba:9876::/128                        ::                                      Un    0      3        0 utun    
fdfe:dcba:9876::1/128                       ::                                      Un    0      5        0 utun    
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 eth5    
fe80::/128                                  ::                                      Un    0      3        0 ipsec0  
fe80::/128                                  ::                                      Un    0      3        0 utun    
fe80::20c:29ff:feae:671a/128                ::                                      Un    0      7        0 br-lan  
fe80::22c4:e4f1:d5d6:ad92/128               ::                                      Un    0      2        0 utun    
fe80::aab8:e068:4600:a41a/128               ::                                      Un    0      6        0 pppoe-wan
fe80::aab8:e0ff:fe00:a41a/128               ::                                      Un    0      2        0 eth5    
fe80::cacd:63ac:7690:ad3a/128               ::                                      Un    0      2        0 ipsec0  
ff00::/8                                    ::                                      U     256    4        0 br-lan  
ff00::/8                                    ::                                      U     256    2        0 eth5    
ff00::/8                                    ::                                      U     256    2        0 pppoe-wan
ff00::/8                                    ::                                      U     256    1        0 ipsec0  
ff00::/8                                    ::                                      U     256    2        0 utun    
::/0                                        ::                                      !n    -1     2        0 lo      

#ip -6 route list
default from 2408:822e:2075:a7d2::/64 via fe80::ce1a:faff:feec:b7e0 dev pppoe-wan proto static metric 512 pref medium
default from 2408:822e:20d6:bbb0::/60 via fe80::ce1a:faff:feec:b7e0 dev pppoe-wan proto static metric 512 pref medium
unreachable 2408:822e:2075:a7d2::/64 dev lo proto static metric 2147483647 pref medium
2408:822e:20d6:bbb0::/64 dev br-lan proto static metric 1024 pref medium
2408:822e:20d6:bbb4::/62 via fe80::1651:20ff:fe92:2169 dev br-lan proto static metric 1024 pref medium
2408:822e:20d6:bbb8::/62 via fe80::20c:29ff:fe2e:88f7 dev br-lan proto static metric 1024 pref medium
2408:822e:20d6:bbbc::/62 via fe80::20c:29ff:feef:8841 dev br-lan proto static metric 1024 pref medium
unreachable 2408:822e:20d6:bbb0::/60 dev lo proto static metric 2147483647 pref medium
fd6f:6186:1e36::/64 dev br-lan proto static metric 1024 pref medium
fd6f:6186:1e36:4::/62 via fe80::1651:20ff:fe92:2169 dev br-lan proto static metric 1024 pref medium
fd6f:6186:1e36:8::/62 via fe80::20c:29ff:fe2e:88f7 dev br-lan proto static metric 1024 pref medium
fd6f:6186:1e36:c::/62 via fe80::20c:29ff:feef:8841 dev br-lan proto static metric 1024 pref medium
unreachable fd6f:6186:1e36::/48 dev lo proto static metric 2147483647 pref medium
fdfe:dcba:9876::/126 dev utun proto kernel metric 256 pref medium
fe80::aab8:e068:4600:a41a dev pppoe-wan proto kernel metric 256 pref medium
fe80::ce1a:faff:feec:b7e0 dev pppoe-wan proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth5 proto kernel metric 256 pref medium
fe80::/64 dev ipsec0 proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium

#ip -6 rule show
0:  from all lookup local
219:    from all fwmark 0x162 lookup 354
220:    from all lookup 220
32766:  from all lookup main
4200000000: from 2408:822e:20d6:bbb0::1/60 iif br-lan unreachable

#===================== Tun设备状态 =====================#

ipsec0: tun
utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:42847        0.0.0.0:*               LISTEN      17436/clash
tcp        0      0 :::9090                 :::*                    LISTEN      17436/clash
tcp        0      0 fdfe:dcba:9876::1:34813 :::*                    LISTEN      17436/clash
tcp        0      0 :::7890                 :::*                    LISTEN      17436/clash
tcp        0      0 :::7891                 :::*                    LISTEN      17436/clash
tcp        0      0 :::7892                 :::*                    LISTEN      17436/clash
tcp        0      0 :::7893                 :::*                    LISTEN      17436/clash
tcp        0      0 :::7895                 :::*                    LISTEN      17436/clash
udp        0      0 :::7874                 :::*                                17436/clash
udp        0      0 :::7891                 :::*                                17436/clash
udp        0      0 :::7892                 :::*                                17436/clash
udp        0      0 :::7893                 :::*                                17436/clash
udp        0      0 :::7895                 :::*                                17436/clash
udp        0      0 :::34324                :::*                                17436/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:     127.0.0.1
Address:    127.0.0.1:53

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 110.242.68.4
Name:   www.a.shifen.com
Address: 110.242.68.3

Non-authoritative answer:
www.baidu.com   canonical name = www.a.shifen.com
Name:   www.a.shifen.com
Address: 2408:871a:2100:2:0:ff:b09f:237
Name:   www.a.shifen.com
Address: 2408:871a:2100:3:0:ff:b025:348d

#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 3577
  data: z-p42-instagram.c10r.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 37
  data: 157.240.11.174
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 28
  Qclass: 1

Answer: 
  TTL: 607
  data: z-p42-instagram.c10r.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 46
  data: 2a03:2880:f20f:1e7:face:b00c:0:4420
  name: z-p42-instagram.c10r.instagram.com.
  type: 28

Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface wan
nameserver 202.96.69.38
nameserver 202.96.64.68
# Interface wan_6
nameserver 2408:8000:6001:7000::8888

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Bdpagetype: 1
Bdqid: 0xc423cb6100707288
Connection: keep-alive
Content-Length: 409046
Content-Type: text/html; charset=utf-8
Date: Wed, 26 Jun 2024 12:57:55 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=C49B8BAD1D0A81E1A17CA73E86ECA850; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1719406675; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDSVRTM=2; path=/
Set-Cookie: BD_HOME=1; path=/
Set-Cookie: BAIDUID=C49B8BAD1D0A81E1A17CA73E86ECA850:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=C49B8BAD1D0A81E1A17CA73E86ECA850:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1719406675343167207414133363673098384008
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
X-Xss-Protection: 1;mode=block

#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 404 
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: 9BBA:44AE4:3108A3:37D567:667C1053
accept-ranges: bytes
date: Wed, 26 Jun 2024 12:57:55 GMT
via: 1.1 varnish
x-served-by: cache-itm1220029-ITM
x-cache: MISS
x-cache-hits: 0
x-timer: S1719406675.477524,VS0,VE257
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 207ac4a3cf934ed2a9bec9d98c8d2b7a2d20f2cb
expires: Wed, 26 Jun 2024 13:02:55 GMT
source-age: 0
content-length: 14

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#



### OpenClash Config

_No response_

### Expected Behavior

开启openclash后能正常访问

### Additional Context

_No response_

vernesong / OpenClash

开启openclash后www.win-rar.com打不开提示ERR_CONNECTION_CLOSED[Bug] #3936

Verify Steps

OpenClash Version

Bug on Environment

OpenWrt Version

Bug on Platform

Describe the Bug

To Reproduce

OpenClash Log