zzz6839
commented
1 day ago @vernesong 在开启绕过CNip/ipv6之后,部分bilibili的ipv6地址依然会成为漏网之鱼进入内核,重启也无法解决,meta和openclash都是最新dev版本。
OpenClash 调试日志
生成时间: 2024-11-01 19:59:55 插件版本: 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: To be filled by O.E.M. To be filled by O.E.M.
固件版本: ImmortalWrt 21.02-SNAPSHOT r20074-a8bbadefaf
LuCI版本:
内核版本: 5.4.255
处理器架构:
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server
DNS劫持: 停用
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.*.*#5335
#===================== 依赖检查 =====================#
dnsmasq-full: 未安装
coreutils: 未安装
coreutils-nohup: 未安装
bash: 未安装
curl: 未安装
ca-certificates: 已安装
ipset: 未安装
ip-full: 未安装
libcap: 未安装
libcap-bin: 未安装
ruby: 未安装
ruby-yaml: 未安装
ruby-psych: 未安装
ruby-pstore: 未安装
kmod-tun(TUN模式): 未安装
luci-compat(Luci >= 19.07): 未安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 未安装
iptables-mod-tproxy: 未安装
kmod-ipt-tproxy: 未安装
iptables-mod-extra: 未安装
kmod-ipt-extra: 未安装
kmod-ipt-nat: 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:Meta
进程pid: 19695
运行权限: 19695: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Meta内核版本: alpha-g3e966e8
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/hy2.yaml
启动配置文件: /etc/openclash/hy2.yaml
运行模式: redir-host-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 停用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
redir-port: 7892
tproxy-port: 7895
mixed-port: 7893
allow-lan: true
bind-address: "*"
mode: rule
log-level: debug
ipv6: true
external-controller: 0.0.*.*:9090
hosts:
profile:
store-selected: true
store-fake-ip: true
dns:
enable: true
listen: 0.0.*.*:7874
cache-algorithm: arc
prefer-h3: false
respect-rules: false
enhanced-mode: redir-host
fake-ip-filter:
- "*.lan"
- localhost.ptlogin2.qq.com
- "+.srv.nintendo.net"
- "+.stun.playstation.net"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- "+.xboxlive.com"
- msftconnecttest.com
- xbox.*.microsoft.com
- "*.battlenet.com.cn"
- "*.battlenet.com"
- "*.blzstatic.cn"
- "*.battle.net"
- "*.wegame.com.cn"
- "*.localdomain"
- "*.example"
- "*.invalid"
- "*.localhost"
- "*.test"
- "*.local"
- "*.home.arpa"
- time.*.com
- time.*.edu.cn
- time.*.gov
- time.*.apple.com
- time-ios.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- "*.time.edu.cn"
- "*.ntp.org.cn"
- "+.pool.ntp.org"
- time1.cloud.tencent.com
- stun.*.*
- stun.*.*.*
- "+.stun.*.*"
- "+.stun.*.*.*"
- "+.stun.*.*.*.*"
- "+.stun.*.*.*.*.*"
- "+.dns.google"
default-nameserver:
- 223.6.*.*
- 211.140.*.*
nameserver:
- https://.cloudflare-gateway.com/dns-query#DNS&ecs=211.140.*.*/24&ecs-override=true
- https://dns.google/dns-query#DNS&ecs=211.140.*.*/24&ecs-override=true
proxy-server-nameserver:
- 211.140.*.*
- 223.6.*.*
nameserver-policy:
geosite:cn,private,microsoft@cn:
- 223.6.*.*
- 211.140.*.*
"rule-set:SteamCN,DomesticDNS,\U0001F34EApple_domain":
- 223.6.*.*
- 211.140.*.*
ipv6: true
fake-ip-filter-mode: blacklist
proxy-groups:
- name: "✈️PROXY"
type: select
proxies:
- Auto
- Manual
- name: Auto
type: fallback
proxies:
- main(Auto)
- free(Auto)
- backup(Auto)
url: https://clients3.google.com/generate_204
expected-status: 204
interval: 60
hidden: true
- name: main(Auto)
type: url-test
use:
- Airport A
url: https://clients3.google.com/generate_204
expected-status: 204
interval: 300
tolerance: 35
filter: Hong|Taiwan
hidden: true
lazy: false
- name: backup(Auto)
type: url-test
use:
- Airport B
url: https://redirector.googlevideo.com/generate_204
expected-status: 204
interval: 900
tolerance: 100
hidden: true
- name: free(Auto)
type: load-balance
strategy: round-robin
Proxies:
- Serv00_hy2
use:
- free
url: https://redirector.googlevideo.com/generate_204
expected-status: 204
interval: 900
tolerance: 100
hidden: true
- name: Manual
type: select
proxies:
- main (Manual)
- backup (Manual)
- free (Manual)
- name: main (Manual)
type: select
use:
- Airport A
- name: backup (Manual)
type: select
use:
- Airport B
- name: free (Manual)
type: select
proxies:
- Serv00_hy2
use:
- free
- name: "\U0001F1F9\U0001F1FCBaha"
type: url-test
use:
- Airport A
filter: "(?!.*(游戏)).*(台湾|taiwan|TW|Taiwan)"
url: https://ani.gamer.com.tw/
interval: 900
lazy: true
tolerance: 50
hidden: true
- name: e-hentai_auto
type: load-balance
strategy: round-robin
use:
- Airport A
url: https://e-hentai.org
interval: 900
tolerance: 50
hidden: true
- name: javdb
type: load-balance
strategy: round-robin
use:
- Airport A
filter: "^(?!.*(日|Japan|jp))"
url: https://javdb.com
interval: 900
tolerance: 50
hidden: true
- name: "\U0001F1EF\U0001F1F5DMM/Mgstage/Tiktok"
type: load-balance
strategy: round-robin
use:
- Airport A
filter: 日|Japan|jp
url: https://dmm.co.jp
interval: 900
tolerance: 50
hidden: true
- name: Vercel
type: load-balance
strategy: round-robin
use:
- Airport A
url: https://vercel.app
interval: 900
tolerance: 50
hidden: true
- name: Youtube_video
type: select
proxies:
- "\U0001F3A5 YouTube Auto"
- main(Auto)
- free (Manual)
- name: "\U0001F3A5 YouTube Auto"
type: load-balance
strategy: round-robin
use:
- free
- Airport B
url: https://redirector.googlevideo.com/generate_204
interval: 600
tolerance: 50
lazy: true
hidden: true
expected-status: 204
- name: "\U0001F3AEonline game"
type: select
use:
- Airport A
proxies:
- DIRECT
filter: 台湾|香港|TW|HK|Taiwan|Hong
- name: "\U0001F44ARiotGames"
type: select
proxies:
- "✈️PROXY"
- DIRECT
- backup(Auto)
- name: EsportsVid
type: select
proxies:
- main(Auto)
- backup(Auto)
- free(Auto)
- name: AI
type: select
proxies:
- "\U0001F1F9\U0001F1FCBaha"
- "\U0001F1EF\U0001F1F5DMM/Mgstage/Tiktok"
- name: "♿speedtest"
type: select
proxies:
- DIRECT
- "✈️PROXY"
- name: docker
type: select
proxies:
- "✈️PROXY"
- free(Auto)
- backup(Auto)
- DIRECT
- name: DNS
type: url-test
use:
- Airport A
- Airport B
- free
url: https://dns.google
expected-status: 200
interval: 900
tolerance: 20
hidden: true
- name: dialer
type: select
proxies:
- "✈️PROXY"
- Manual
- DIRECT
- name: DST-PORT
type: select
proxies:
- "✈️PROXY"
- DIRECT
rule-providers:
"\U0001F34EApple_domain":
type: http
behavior: classical
path: "./rule_provider/Apple_domain.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Apple_domain.yaml
interval: 86400
baha:
type: http
behavior: classical
path: "./rule_provider/baha.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Bahamut_domain.yaml
interval: 86400
bt-trackers:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Pioooooo/clash-rules-bt/main/anime_trackers.txt
path: "./rule_provider/bt-trackers.txt"
interval: 86400
DMM_domain:
type: http
behavior: classical
path: "./rule_provider/DMM_domain.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/DMM_domain.yaml
interval: 86400
docker:
type: http
behavior: classical
path: "./rule_provider/docker.yaml"
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/02e21190b7850bca9d6ad8946b27aa7548863e21/rule/Clash/Docker/Docker.yaml
interval: 86400
domestic:
type: http
behavior: classical
path: "./rule_provider/domestic.yaml"
url: https://raw.githubusercontent.com//PROXY-PROVIDERS-SYNC/-patch-1/domestic.yaml
interval: 86400
DomesticDNS:
type: http
behavior: classical
url: https://raw.githubusercontent.com//PROXY-PROVIDERS-SYNC/-patch-1/DomesticDNS.yaml
path: "./rule_provider/DomesticDNS.yaml"
interval: 86400
Epicgames:
type: http
behavior: classical
path: "./rule_provider/Epicgames.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/EPIC_domain.yaml
interval: 86400
E-Hentai_domain:
type: http
behavior: classical
path: "./rule_provider/Ehentai_domain.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Ehentai_domain.yaml
interval: 86400
GITHUB:
type: http
behavior: classical
path: "./rule_provider/GITHUB.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Github_domain.yaml
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/lancidr.txt
path: "./rule_provider/lancidr.yaml"
interval: 86400
Microsoft:
type: http
behavior: classical
path: "./rule_provider/Microsoft.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Microsoft_domain.yaml
interval: 86400
reject_ip:
type: http
behavior: ipcidr
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Reject_ip.yaml
path: "./rule_provider/reject_ip.yaml"
interval: 86400
Refuse:
type: http
behavior: classical
path: "./rule_provider/Refuse.yaml"
url: https://raw.githubusercontent.com//PROXY-PROVIDERS-SYNC/-patch-1/refuse.yaml
interval: 86400
RiotGames:
type: http
behavior: classical
path: "./rule_provider/RiotGames.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/RiotGames.yaml
interval: 86400
Rockstar:
type: http
behavior: classical
path: "./rule_provider/Rockstar.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Rockstar_domain.yaml
interval: 86400
Vercel:
type: http
behavior: classical
path: "./rule_provider/Vercel.yaml"
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Vercel/Vercel.yaml
interval: 86400
SteamCN:
type: http
behavior: classical
path: "./rule_provider/SteamCN.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/SteamCN_domain.yaml
interval: 86400
Steam:
type: http
behavior: classical
path: "./rule_provider/Steam.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Steam_domain.yaml
interval: 86400
Speedtest:
type: http
behavior: classical
path: "./rule_provider/Speedtest.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Speedtest.yaml
interval: 86400
Twitch:
type: http
behavior: classical
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Twitch.yaml
path: "./rule_provider/Twitch.yaml"
interval: 86400
Telegram_ip:
type: http
behavior: ipcidr
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Telegram_ip.yaml
path: "./rule_provider/Telegram_ip.yaml"
interval: 86400
TikTok:
type: http
behavior: classical
path: "./rule_provider/TikTok.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/Tiktok_domain.yaml
interval: 86400
private:
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/private.txt
path: "./rule_provider/private.yaml"
interval: 86400
Proxy:
type: http
behavior: classical
path: "./rule_provider/Proxy.yaml"
url: https://raw.githubusercontent.com//PROXY-PROVIDERS-SYNC/-patch-1/Proxy.yaml
interval: 86400
ProxyDNS:
type: http
behavior: classical
url: https://raw.githubusercontent.com//PROXY-PROVIDERS-SYNC/-patch-1/ProxyDNS.yaml
path: "./rule_provider/ProxyDNS.yaml"
interval: 86400
"\U0001F3AEonline game":
type: http
behavior: ipcidr
path: "./rule_provider/onlinegame.yaml"
url: https://raw.githubusercontent.com//PROXY-PROVIDERS-SYNC/-patch-1/onlinegame.yaml
interval: 86400
"\U0001F9F1gfw":
type: http
behavior: domain
url: https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/gfw.txt
path: "./rule_provider/gfw.txt"
interval: 86400
YouTube:
type: http
behavior: classical
path: "./rule_provider/YouTube.yaml"
url: https://raw.githubusercontent.com//CUSTOM_CLASH_RULESET/release/YouTube.yaml
interval: 86400
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.*.*/16,REJECT,no-resolve
- RULE-SET,Refuse,REJECT
- DOMAIN,connectivitycheck.gstatic.com,✈️PROXY
- RULE-SET,private,DIRECT
- RULE-SET,domestic,DIRECT
- "RULE-SET,baha,\U0001F1F9\U0001F1FCBaha"
- "RULE-SET,TikTok,\U0001F1EF\U0001F1F5DMM/Mgstage/Tiktok"
- "DOMAIN-SUFFIX,mgstage.com,\U0001F1EF\U0001F1F5DMM/Mgstage/Tiktok"
- "DOMAIN-SUFFIX,prestige-av.com,\U0001F1EF\U0001F1F5DMM/Mgstage/Tiktok"
- "RULE-SET,DMM_domain,\U0001F1EF\U0001F1F5DMM/Mgstage/Tiktok"
- RULE-SET,E-Hentai_domain,e-hentai_auto
- RULE-SET,Vercel,Vercel
- GEOSITE,javdb,javdb
- RULE-SET,SteamCN,DIRECT
- RULE-SET,Steam,✈️PROXY
- RULE-SET,Epicgames,✈️PROXY
- RULE-SET,Rockstar,✈️PROXY
- GEOSITE,openai,AI
- DOMAIN,bard.google.com,AI
- DOMAIN-SUFFIX,gemini.google.com,AI
- DOMAIN-SUFFIX,anthropic.com,AI
- DOMAIN-SUFFIX,claude.ai,AI
- RULE-SET,docker,docker
- GEOSITE,twitch,EsportsVid
- AND,((DOMAIN-KEYWORD,ttvnw),(DOMAIN-SUFFIX,akamaized.net)),EsportsVid
- RULE-SET,YouTube,Youtube_video
- "RULE-SET,\U0001F9F1gfw,✈️PROXY"
- RULE-SET,Proxy,✈️PROXY
- "RULE-SET,RiotGames,\U0001F44ARiotGames"
- RULE-SET,Speedtest,♿speedtest
- RULE-SET,bt-trackers,DIRECT
- GEOSITE,microsoft@cn,DIRECT
- DOMAIN,time.windows.com,DIRECT
- RULE-SET,Microsoft,✈️PROXY
- "RULE-SET,\U0001F34EApple_domain,DIRECT"
- IP-CIDR,198.18.*.*/16,REJECT,no-resolve
- RULE-SET,reject_ip,REJECT,no-resolve
- RULE-SET,lancidr,DIRECT,no-resolve
- "RULE-SET,\U0001F3AEonline game,\U0001F3AEonline game,no-resolve"
- IP-CIDR,76.76.*.*/32,Vercel
- RULE-SET,Telegram_ip,✈️PROXY,no-resolve
- GEOIP,CN,DIRECT
- AND,((DOMAIN-KEYWORD,DERP),(DOMAIN-SUFFIX,tailscale.com)),DIRECT
- DST-PORT,80,DST-PORT
- DST-PORT,443,DST-PORT
- DST-PORT,22,DST-PORT
- DST-PORT,9993,DIRECT
- SRC-PORT,9993,DIRECT
- MATCH,✈️PROXY
external-ui: "/usr/share/openclash/ui"
geodata-loader: memconservative
tcp-concurrent: true
unified-delay: true
keep-alive-interval: 1800
global-client-fingerprint: random
sniffer:
enable: true
force-dns-mapping: true
parse-pure-ip: true
override-destination: false
sniff:
QUIC:
ports:
- 443
TLS:
ports:
- 443
- 8443
HTTP:
ports:
- 80
- 8080-8880
override-destination: true
force-domain:
- "+.netflix.com"
- "+.nflxvideo.net"
- "+.amazonaws.com"
- "+.media.dssott.com"
skip-domain:
- "+.apple.com"
- Mijia Cloud
- dlg.io.mi.com
- "+.oray.com"
- "+.sunlogin.net"
authentication:
- Clash:GfWeEbwi
tun:
enable: true
stack: mixed
device: utun
dns-hijack:
- tcp://any:53
auto-route: false
auto-detect-interface: false
auto-redirect: false
strict-route: false
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
# This script is called by /etc/init.d/openclash
#iptables -t mangle -I openclash -s 192.168.*.*/32 -j RETURN
#nft 'insert rule inet fw4 openclash_dns_redirect position 0 ip saddr {192.168.*.*} counter return' 2>/dev/null
#nft 'insert rule inet fw4 openclash_dns_redirect position 0 ether saddr 00:*:*:*:36:9A counter return' 2>/dev/null
#nft 'insert rule inet fw4 openclash_mangle ip saddr {192.168.*.*} counter return' 2>/dev/null
#iptables -t mangle -A openclash -m set --match-set 00:*:*:*:36:9A src -j RETURN >/dev/null 2>&1
#iptables -t nat -A openclash -m set --match-set 00:*:*:*:36:9A src -j RETURN >/dev/null 2>&1
#iptables -t nat -A openclash -m set --match-set 192.168.*.*/32 src -j RETURN >/dev/null 2>&1
#iptables -t mangle -A openclash -m set --match-set 192.168.*.*/32 src -j RETURN >/dev/null 2>&1
#nft 'add rule inet fw4 openclash ip saddr [fd8f:2de7:b000::2a2] counter return' 2>/dev/null
#nft 'add rule inet fw4 openclash ip saddr [240e:*:*:*::2a2] counter return' 2>/dev/null
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Fri Nov 1 19:59:57 2024
*nat
:PREROUTING ACCEPT [159421:12916234]
:INPUT ACCEPT [69923:3782096]
:OUTPUT ACCEPT [414487:29129074]
:POSTROUTING ACCEPT [308364:21848952]
:DOCKER - [0:0]
:netease_cloud_music - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:ts-postrouting - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p tcp -m set --match-set neteasemusic dst -j netease_cloud_music
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth3 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT ! -d 127.0.*.*/8 -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -j openclash_output
-A POSTROUTING -o utun -m comment --comment "OpenClash TUN Postrouting" -j RETURN
-A POSTROUTING -j ts-postrouting
-A POSTROUTING -s 172.17.*.*/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.18.*.*/16 ! -o br-9cd2dde67055 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth3 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A POSTROUTING -s 172.17.*.*/32 -d 172.17.*.*/32 -p tcp -m tcp --dport 3001 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A DOCKER -i br-9cd2dde67055 -j RETURN
-A DOCKER ! -i docker0 -p tcp -m tcp --dport 13001 -j DNAT --to-destination 172.17.*.*:3001
-A netease_cloud_music -d 0.0.*.*/8 -j RETURN
-A netease_cloud_music -d 10.0.*.*/8 -j RETURN
-A netease_cloud_music -d 127.0.*.*/8 -j RETURN
-A netease_cloud_music -d 169.254.*.*/16 -j RETURN
-A netease_cloud_music -d 172.16.*.*/12 -j RETURN
-A netease_cloud_music -d 192.168.*.*/16 -j RETURN
-A netease_cloud_music -d 224.0.*.*/4 -j RETURN
-A netease_cloud_music -d 240.0.*.*/4 -j RETURN
-A netease_cloud_music -p tcp -m set ! --match-set acl_neteasemusic_http src -m tcp --dport 80 -j REDIRECT --to-ports 5200
-A netease_cloud_music -p tcp -m set ! --match-set acl_neteasemusic_https src -m tcp --dport 443 -j REDIRECT --to-ports 5205
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash -m set --match-set lan_ac_black_macs src -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A ts-postrouting -m mark --mark 0x40000/0xff0000 -j MASQUERADE
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Fri Nov 1 19:59:57 2024
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Fri Nov 1 19:59:57 2024
*mangle
:PREROUTING ACCEPT [13121303:12131097036]
:INPUT ACCEPT [6602458:6261551829]
:FORWARD ACCEPT [4790641:5507875671]
:OUTPUT ACCEPT [5791011:1972712515]
:POSTROUTING ACCEPT [10579612:7480468731]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -m set --match-set localnetwork src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash -m set --match-set lan_ac_black_macs src -j RETURN
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Fri Nov 1 19:59:57 2024
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Fri Nov 1 19:59:57 2024
*filter
:INPUT ACCEPT [5:200]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [620:48078]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:openclash_wan_input - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:ts-forward - [0:0]
:ts-input - [0:0]
:unm_input_rule - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i utun -m comment --comment "OpenClash TUN Input" -j ACCEPT
-A INPUT -i eth3 -m set ! --match-set localnetwork src -j openclash_wan_input
-A INPUT -i pppoe-wan -m set ! --match-set localnetwork src -j openclash_wan_input
-A INPUT -j ts-input
-A INPUT -j unm_input_rule
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth3 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -i utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -j ts-forward
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-9cd2dde67055 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-9cd2dde67055 -j DOCKER
-A FORWARD -i br-9cd2dde67055 ! -o br-9cd2dde67055 -j ACCEPT
-A FORWARD -i br-9cd2dde67055 -o br-9cd2dde67055 -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth3 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth3 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A DOCKER -d 172.17.*.*/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 3001 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-9cd2dde67055 ! -o br-9cd2dde67055 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-9cd2dde67055 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -i eth3 -o docker0 -j REJECT --reject-with icmp-port-unreachable
-A DOCKER-USER -j RETURN
-A openclash_wan_input -p udp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A openclash_wan_input -p tcp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A ts-forward -i tailscale0 -j MARK --set-xmark 0x40000/0xff0000
-A ts-forward -m mark --mark 0x40000/0xff0000 -j ACCEPT
-A ts-forward -s 100.64.*.*/10 -o tailscale0 -j DROP
-A ts-forward -o tailscale0 -m conntrack ! --ctstate RELATED,ESTABLISHED -j DROP
-A ts-forward -o tailscale0 -j ACCEPT
-A ts-input -s 100.73.*.*/32 -i lo -j ACCEPT
-A ts-input -s 100.115.*.*/23 ! -i tailscale0 -j RETURN
-A ts-input -s 100.64.*.*/10 ! -i tailscale0 -j DROP
-A ts-input -i tailscale0 -j ACCEPT
-A ts-input -p udp -m udp --dport 41641 -j ACCEPT
-A unm_input_rule -p tcp -m tcp --dport 5200 -j ACCEPT
-A unm_input_rule -p tcp -m tcp --dport 5205 -j ACCEPT
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth3 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth3 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth3 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth3 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Fri Nov 1 19:59:57 2024
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Fri Nov 1 19:59:57 2024
*nat
:PREROUTING ACCEPT [293932:27847931]
:INPUT ACCEPT [67104:5301471]
:OUTPUT ACCEPT [10394:900023]
:POSTROUTING ACCEPT [253672:23889008]
:openclash - [0:0]
:openclash_output - [0:0]
:ts-postrouting - [0:0]
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m comment --comment DNSMASQ -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -o utun -m comment --comment "OpenClash TUN Postrouting" -j RETURN
-A POSTROUTING -j ts-postrouting
-A openclash -m set --match-set localnetwork6 dst -j RETURN
-A openclash -m set --match-set localnetwork6 src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash -m set --match-set lan_ac_black_macs src -j RETURN
-A openclash -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork6 dst -j RETURN
-A openclash_output -m set --match-set localnetwork6 src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A ts-postrouting -m mark --mark 0x40000/0xff0000 -j MASQUERADE
COMMIT
# Completed on Fri Nov 1 19:59:57 2024
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Fri Nov 1 19:59:57 2024
*mangle
:PREROUTING ACCEPT [8408599:6082266332]
:INPUT ACCEPT [1519429:147325722]
:FORWARD ACCEPT [6514854:5845347610]
:OUTPUT ACCEPT [1401020:4696097562]
:POSTROUTING ACCEPT [7891976:10538612920]
:openclash - [0:0]
-A PREROUTING -j openclash
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth3 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 546 -j RETURN
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork6 dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -m set --match-set localnetwork6 src -m set --match-set lan_ac_black_ports src -j RETURN
-A openclash -m set --match-set lan_ac_black_macs src -j RETURN
-A openclash -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash -p udp -m comment --comment "OpenClash UDP TUN" -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Fri Nov 1 19:59:57 2024
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Fri Nov 1 19:59:57 2024
*filter
:INPUT ACCEPT [3:180]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [4:304]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:openclash_wan_input - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:ts-forward - [0:0]
:ts-input - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i eth3 -m set ! --match-set localnetwork6 src -j openclash_wan_input
-A INPUT -i pppoe-wan -m set ! --match-set localnetwork6 src -j openclash_wan_input
-A INPUT -i utun -m comment --comment "OpenClash TUN Input" -j ACCEPT
-A INPUT -j ts-input
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth3 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -i utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -j ts-forward
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth3 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth3 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A openclash_wan_input -p udp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp6-port-unreachable
-A openclash_wan_input -p tcp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp6-port-unreachable
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A ts-forward -i tailscale0 -j MARK --set-xmark 0x40000/0xff0000
-A ts-forward -m mark --mark 0x40000/0xff0000 -j ACCEPT
-A ts-forward -o tailscale0 -m conntrack ! --ctstate RELATED,ESTABLISHED -j DROP
-A ts-forward -o tailscale0 -j ACCEPT
-A ts-input -s fd7a:*:*:*:4843:cd96:6249:4d07/128 -i lo -j ACCEPT
-A ts-input -i tailscale0 -j ACCEPT
-A ts-input -p udp -m udp --dport 41641 -j ACCEPT
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth3 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth3 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth3 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth3 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Fri Nov 1 19:59:57 2024
#===================== IPSET状态 =====================#
Name: china_ip_route
Type: hash:net
Revision: 6
Header: family inet hashsize 4096 maxelem 1000000
Size in memory: 246664
References: 3
Number of entries: 8661
Name: china_ip_route_pass
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1000000
Size in memory: 448
References: 3
Number of entries: 0
Name: lan_ac_black_macs
Type: hash:mac
Revision: 0
Header: hashsize 1024 maxelem 65536
Size in memory: 256
References: 4
Number of entries: 1
Name: lan_ac_black_ports
Type: bitmap:port
Revision: 3
Header: range 0-65535
Size in memory: 8264
References: 6
Number of entries: 1
Name: localnetwork
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 18048
References: 8
Number of entries: 320
Name: china_ip6_route
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1000000
Size in memory: 105504
References: 3
Number of entries: 2025
Name: china_ip6_route_pass
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1000000
Size in memory: 3024
References: 3
Number of entries: 16
Name: acl_neteasemusic_http
Type: hash:mac
Revision: 0
Header: hashsize 1024 maxelem 65536
Size in memory: 192
References: 1
Number of entries: 0
Name: acl_neteasemusic_https
Type: hash:mac
Revision: 0
Header: hashsize 1024 maxelem 65536
Size in memory: 192
References: 1
Number of entries: 0
Name: neteasemusic
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 4520
References: 1
Number of entries: 92
Name: localnetwork6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 65536
Size in memory: 16352
References: 8
Number of entries: 148
#===================== 路由表状态 =====================#
#IPv4
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.*.* 10.210.*.* 0.0.*.* UG 0 0 0 pppoe-wan
10.210.*.* 0.0.*.* 255.255.*.* UH 0 0 0 pppoe-wan
172.17.*.* 0.0.*.* 255.255.*.* U 0 0 0 docker0
172.18.*.* 0.0.*.* 255.255.*.* U 0 0 0 br-9cd2dde67055
192.168.*.* 0.0.*.* 255.255.*.* U 0 0 0 br-lan
198.18.*.* 0.0.*.* 255.255.*.* U 0 0 0 utun
#ip route list
default via 10.210.*.* dev pppoe-wan proto static
10.210.*.* dev pppoe-wan proto kernel scope link src 10.210.*.*
172.17.*.*/16 dev docker0 proto kernel scope link src 172.17.*.*
172.18.*.*/16 dev br-9cd2dde67055 proto kernel scope link src 172.18.*.* linkdown
192.168.*.*/24 dev br-lan proto kernel scope link src 192.168.*.*
198.18.*.*/30 dev utun proto kernel scope link src 198.18.*.*
#ip rule show
0: from all lookup local
5210: from all fwmark 0x80000/0xff0000 lookup main
5230: from all fwmark 0x80000/0xff0000 lookup default
5250: from all fwmark 0x80000/0xff0000 unreachable
5270: from all lookup 52
8000: from all fwmark 0x162 ipproto icmp lookup main
8001: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#IPv6
#route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
fd7a:115c:a1e0::53/128 :: U 1024 1 0 tailscale0
fd7a:115c:a1e0::/48 :: U 1024 5 0 tailscale0
::/0 :: !n -1 2 0 lo
::/0 :: U 1024 5 0 utun
::/0 :: !n -1 2 0 lo
::/0 :: !n -1 2 0 lo
::/0 fe80::*:*:*:5c48 UG 512 6 0 pppoe-wan
::/0 fe80::*:*:*:5c48 UG 512 5 0 pppoe-wan
2409:*:*:*::/64 :: U 1024 5 0 br-lan
2409:*:*:*::/60 :: !n 2147483647 2 0 lo
2409:*:*:*::/64 :: !n 2147483647 1 0 lo
fd7a:*:*:*:4843:cd96:6249:4d07/128 :: U 256 2 0 tailscale0
fd8f:2de7:b000::/48 :: !n 2147483647 3 0 lo
fdfe:dcba:9876::/126 :: U 256 1 0 utun
fe80::*:*:*:5c48/128 :: U 1 1 0 pppoe-wan
fe80::*:*:*:687f/128 :: U 256 2 0 pppoe-wan
fe80::/64 :: U 256 1 0 ifb4eth3
fe80::/64 :: U 256 1 0 eth3
fe80::/64 :: U 256 1 0 docker0
fe80::/64 :: U 256 5 0 br-lan
fe80::/64 :: U 256 1 0 tailscale0
fe80::/64 :: U 256 1 0 veth89a49cb
fe80::/64 :: U 256 1 0 utun
::/0 :: !n -1 2 0 lo
::1/128 :: Un 0 7 0 lo
2409:*:*:*::/128 :: Un 0 3 0 br-lan
2409:*:*:*::1/128 :: Un 0 8 0 br-lan
2409:*:*:*::/128 :: Un 0 3 0 pppoe-wan
2409:*:*:*:7c74:6a4d:fe91:687f/128 :: Un 0 7 0 pppoe-wan
fd7a:*:*:*:4843:cd96:6249:4d07/128 :: Un 0 8 0 tailscale0
fdfe:dcba:9876::/128 :: Un 0 3 0 utun
fdfe:dcba:9876::1/128 :: Un 0 3 0 utun
fe80::/128 :: Un 0 7 0 ifb4eth3
fe80::/128 :: Un 0 3 0 eth3
fe80::/128 :: Un 0 3 0 docker0
fe80::/128 :: Un 0 3 0 br-lan
fe80::/128 :: Un 0 3 0 tailscale0
fe80::/128 :: Un 0 3 0 veth89a49cb
fe80::/128 :: Un 0 3 0 utun
fe80::*:*:*:8151/128 :: Un 0 2 0 docker0
fe80::*:*:*:7a04/128 :: Un 0 6 0 br-lan
fe80::*:*:*:7a07/128 :: Un 0 3 0 eth3
fe80::*:*:*:da5a/128 :: Un 0 4 0 tailscale0
fe80::*:*:*:b39e/128 :: Un 0 3 0 ifb4eth3
fe80::*:*:*:687f/128 :: Un 0 3 0 pppoe-wan
fe80::*:*:*:8c2a/128 :: Un 0 3 0 veth89a49cb
fe80::*:*:*:1229/128 :: Un 0 2 0 utun
ff00::/8 :: U 256 1 0 ifb4eth3
ff00::/8 :: U 256 5 0 eth3
ff00::/8 :: U 256 1 0 docker0
ff00::/8 :: U 256 5 0 br-lan
ff00::/8 :: U 256 5 0 pppoe-wan
ff00::/8 :: U 256 1 0 tailscale0
ff00::/8 :: U 256 1 0 veth89a49cb
ff00::/8 :: U 256 2 0 utun
::/0 :: !n -1 2 0 lo
#ip -6 route list
default from 2409:*:*:*::/60 via fe80::3aeb:47ff:fe3a:5c48 dev pppoe-wan proto static metric 512 pref medium
default from 2409:*:*:*::/64 via fe80::3aeb:47ff:fe3a:5c48 dev pppoe-wan proto static metric 512 pref medium
2409:*:*:*::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2409:*:*:*::/60 dev lo proto static metric 2147483647 pref medium
unreachable 2409:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
fd7a:*:*:*:4843:cd96:6249:4d07 dev tailscale0 proto kernel metric 256 pref medium
unreachable fd8f:2de7:b000::/48 dev lo proto static metric 2147483647 pref medium
fdfe:dcba:9876::/126 dev utun proto kernel metric 256 pref medium
fe80::*:*:*:5c48 dev pppoe-wan metric 1 pref medium
fe80::*:*:*:687f dev pppoe-wan proto kernel metric 256 pref medium
fe80::/64 dev ifb4eth3 proto kernel metric 256 pref medium
fe80::/64 dev eth3 proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev tailscale0 proto kernel metric 256 pref medium
fe80::/64 dev veth89a49cb proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium
#ip -6 rule show
0: from all lookup local
5210: from all fwmark 0x80000/0xff0000 lookup main
5230: from all fwmark 0x80000/0xff0000 lookup default
5250: from all fwmark 0x80000/0xff0000 unreachable
5270: from all lookup 52
8000: from all fwmark 0x162 ipproto icmp lookup main
8001: from all fwmark 0x162 lookup 354
32766: from all lookup main
4200000000: from 2409:*:*:*::1/64 iif br-lan unreachable
4200000001: from all iif lo failed_policy
4200000026: from all iif br-lan failed_policy
4200000046: from all iif pppoe-wan failed_policy
4200000046: from all iif pppoe-wan failed_policy
#===================== Tun设备状态 =====================#
tailscale0: tun vnet_hdr
utun: tun
#===================== 端口占用状态 =====================#
tcp 0 0 198.18.*.*:41845 0.0.*.*:* LISTEN 19695/clash
tcp 0 0 :::9090 :::* LISTEN 19695/clash
tcp 0 0 fdfe:dcba:9876::1:43685 :::* LISTEN 19695/clash
tcp 0 0 :::7890 :::* LISTEN 19695/clash
tcp 0 0 :::7891 :::* LISTEN 19695/clash
tcp 0 0 :::7892 :::* LISTEN 19695/clash
tcp 0 0 :::7893 :::* LISTEN 19695/clash
tcp 0 0 :::7895 :::* LISTEN 19695/clash
udp 0 0 :::42519 :::* 19695/clash
udp 0 0 :::37491 :::* 19695/clash
udp 0 0 :::7874 :::* 19695/clash
udp 0 0 :::7891 :::* 19695/clash
udp 0 0 :::7892 :::* 19695/clash
udp 0 0 :::7893 :::* 19695/clash
udp 0 0 :::7895 :::* 19695/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 100.100.*.*
Address: 100.100.*.*#53
Name: www.baidu.com
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address 1: 36.155.*.*
Address 2: 36.155.*.*
www.baidu.com canonical name = www.a.shifen.com
Address 3: 2409:*:*:*:0:ff:b027:210c
Address 4: 2409:*:*:*:0:ff:b09c:7d77
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 1
Qclass: 1
Answer:
TTL: 3600
data: z-p42-instagram.c10r.instagram.com.
name: www.instagram.com.
type: 5
TTL: 60
data: 163.70.*.*
name: z-p42-instagram.c10r.instagram.com.
type: 1
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 28
Qclass: 1
Answer:
TTL: 255
data: z-p42-instagram.c10r.instagram.com.
name: www.instagram.com.
type: 5
TTL: 60
data: 2a03:*:*:*:face:b00c:0:4420
name: z-p42-instagram.c10r.instagram.com.
type: 28
Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto
#===================== /tmp/resolv.conf.auto =====================#
# Interface wan
nameserver 211.140.*.*
nameserver 211.140.*.*
# Interface wan_6
nameserver 2409:8028:
nameserver 2409:8028:
#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#
# Interface wan
nameserver 211.140.*.*
nameserver 211.140.*.*
# Interface wan_6
nameserver 2409:8028:
nameserver 2409:8028:
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Bdpagetype: 1
Bdqid: 0xfe2b21e50037bc32
Connection: keep-alive
Content-Length: 414296
Content-Type: text/html; charset=utf-8
Date: Fri, 01 Nov 2024 11:59:59 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=D0A0FBB08ADB291690BDDD6B1B77B76F; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1730462399; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDSVRTM=0; path=/
Set-Cookie: BD_HOME=1; path=/
Set-Cookie: BAIDUID=D0A0FBB08ADB291690BDDD6B1B77B76F:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=D0A0FBB08ADB291690BDDD6B1B77B76F:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1730462399165682945018314769577067134002
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
X-Xss-Protection: 1;mode=block
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
HTTP/2 200
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "f6037a93c68519d7041a3b4df325b61c424ec255b45dfeb063371319e39b0d96"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 2F62:300D4D:4F41FF:5D8520:6724C2BF
accept-ranges: bytes
date: Fri, 01 Nov 2024 12:00:00 GMT
via: 1.1 varnish
x-served-by: cache-hkg17934-HKG
x-cache: MISS
x-cache-hits: 0
x-timer: S1730462400.075575,VS0,VE315
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 47dc3d20114fed318c6c51ecf9064bb743f2aae4
expires: Fri, 01 Nov 2024 12:05:00 GMT
source-age: 0
content-length: 1071
#===================== 最近运行日志(自动切换为Debug模式) =====================#
time="2024-11-01T11:59:57.665789087Z" level=debug msg="Start New Health Checking {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T11:59:57.665925997Z" level=debug msg="Health Checking, proxy: backup(Auto), url: https://clients3.google.com/generate_204, id: {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T11:59:57.666083224Z" level=debug msg="[DNS] cache hit hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com --> [23.143.*.*] A, expire at 2024-11-01 11:58:58"
time="2024-11-01T11:59:57.666253135Z" level=debug msg="[DNS] cache hit hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com --> [] AAAA, expire at 2024-11-01 11:58:58"
time="2024-11-01T11:59:57.666504575Z" level=debug msg="[DNS] resolve hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com A from udp://211.140.*.*:53"
time="2024-11-01T11:59:57.66680638Z" level=debug msg="[DNS] resolve hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com A from udp://223.6.*.*:53"
time="2024-11-01T11:59:57.667058768Z" level=debug msg="Health Checking, proxy: main(Auto), url: https://clients3.google.com/generate_204, id: {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T11:59:57.667229231Z" level=debug msg="Health Checking, proxy: free(Auto), url: https://clients3.google.com/generate_204, id: {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T11:59:57.667548712Z" level=debug msg="[DNS] resolve hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com AAAA from udp://223.6.*.*:53"
time="2024-11-01T11:59:57.667825917Z" level=debug msg="[DNS] resolve hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com AAAA from udp://211.140.*.*:53"
time="2024-11-01T11:59:57.668074429Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [163.177.*.*] A, expire at 2024-11-01 12:05:57"
time="2024-11-01T11:59:57.668168331Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [] AAAA, expire at 2024-11-01 12:00:23"
time="2024-11-01T11:59:57.672864489Z" level=debug msg="[DNS] hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com --> [23.143.*.*] A from udp://223.6.*.*:53"
time="2024-11-01T11:59:57.673753308Z" level=debug msg="[DNS] hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com --> [] AAAA from udp://223.6.*.*:53"
time="2024-11-01T11:59:57.704249864Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T11:59:57.716070986Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T11:59:57.805896213Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T11:59:57.857499035Z" level=debug msg="[DNS] hk2.6b6cc10b-5198-c313-b8b6-68a1a82dd29d.24ba0f77.the-best-airport.com --> [] AAAA from udp://211.140.*.*:53"
time="2024-11-01T11:59:57.872846032Z" level=debug msg="[DNS] resolve www.instagram.com A from https://dns.google:443/dns-query"
time="2024-11-01T11:59:57.873239615Z" level=debug msg="[DNS] resolve www.instagram.com A from https://.cloudflare-gateway.com:443/dns-query"
time="2024-11-01T11:59:57.989299514Z" level=debug msg="[DNS] www.instagram.com --> [163.70.*.*] A from https://.cloudflare-gateway.com:443/dns-query"
time="2024-11-01T11:59:57.99718871Z" level=debug msg="Health Checked, proxy: free(Auto), url: https://clients3.google.com/generate_204, alive: true, delay: 42 ms uid: {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T11:59:58.552162824Z" level=debug msg="[DNS] resolve www.instagram.com AAAA from https://dns.google:443/dns-query"
time="2024-11-01T11:59:58.55261882Z" level=debug msg="[DNS] resolve www.instagram.com AAAA from https://.cloudflare-gateway.com:443/dns-query"
time="2024-11-01T11:59:58.60487054Z" level=debug msg="[DNS] www.instagram.com --> [2a03:*:*:*:face:b00c:0:4420] AAAA from https://dns.google:443/dns-query"
time="2024-11-01T11:59:59.006141312Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T11:59:59.006602204Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [] AAAA, expire at 2024-11-01 12:00:23"
time="2024-11-01T11:59:59.006713794Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [163.177.*.*] A, expire at 2024-11-01 12:05:57"
time="2024-11-01T11:59:59.050183767Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T11:59:59.097712593Z" level=info msg="[TCP] 192.168.*.*:50623 --> github.com:443 match RuleSet(🧱gfw) using ✈️PROXY[🇭🇰 Hong Kong | 04]"
time="2024-11-01T11:59:59.338222295Z" level=debug msg="Health Checked, proxy: backup(Auto), url: https://clients3.google.com/generate_204, alive: true, delay: 139 ms uid: {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T11:59:59.884436262Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [185.199.*.* 185.199.*.* 185.199.*.* 185.199.*.*] A, expire at 2024-11-01 12:32:32"
time="2024-11-01T11:59:59.884562781Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [185.199.*.* 185.199.*.* 185.199.*.* 185.199.*.*] A, expire at 2024-11-01 12:32:32"
time="2024-11-01T11:59:59.887874008Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [2606:50c0:8002::154 2606:50c0:8001::154 2606:50c0:8003::154 2606:50c0:8000::154] AAAA, expire at 2024-11-01 12:33:20"
time="2024-11-01T11:59:59.888175909Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [2606:50c0:8002::154 2606:50c0:8001::154 2606:50c0:8003::154 2606:50c0:8000::154] AAAA, expire at 2024-11-01 12:33:20"
time="2024-11-01T11:59:59.917239041Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T11:59:59.91767874Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [] AAAA, expire at 2024-11-01 12:00:23"
time="2024-11-01T11:59:59.917779758Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [163.177.*.*] A, expire at 2024-11-01 12:05:57"
time="2024-11-01T11:59:59.959674861Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T12:00:00.005530222Z" level=info msg="[TCP] [2409:*:*:*::1]:59054 --> raw.githubusercontent.com:443 match RuleSet(🧱gfw) using ✈️PROXY[🇭🇰 Hong Kong | 04]"
time="2024-11-01T12:00:00.344592958Z" level=debug msg="Health Checked, proxy: main(Auto), url: https://clients3.google.com/generate_204, alive: true, delay: 56 ms uid: {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T12:00:00.344698992Z" level=debug msg="Finish A Health Checking {4499a68e-3002-413b-8534-acc6d340e398}"
time="2024-11-01T12:00:03.947367139Z" level=debug msg="[DNS] cache hit sukebei.nyaa.si --> [] AAAA, expire at 2024-11-01 12:28:04"
time="2024-11-01T12:00:03.947590763Z" level=debug msg="[DNS] cache hit sukebei.nyaa.si --> [] AAAA, expire at 2024-11-01 12:28:04"
time="2024-11-01T12:00:03.951561269Z" level=debug msg="[DNS] cache hit sukebei.nyaa.si --> [] AAAA, expire at 2024-11-01 12:28:04"
time="2024-11-01T12:00:03.951755816Z" level=debug msg="[DNS] cache hit sukebei.nyaa.si --> [] AAAA, expire at 2024-11-01 12:28:04"
time="2024-11-01T12:00:03.960234499Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T12:00:03.96067601Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [] AAAA, expire at 2024-11-01 12:00:23"
time="2024-11-01T12:00:03.960778636Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [163.177.*.*] A, expire at 2024-11-01 12:05:57"
time="2024-11-01T12:00:04.968879967Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:04.969112675Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:04.969221697Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:04.969240369Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:04.984152683Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:04.984387359Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:04.984582195Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:04.98464072Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:05.009737677Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T12:00:05.093309659Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:05.093506018Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:05.093516818Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:05.093531591Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:05.096992341Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [185.199.*.* 185.199.*.* 185.199.*.* 185.199.*.*] A, expire at 2024-11-01 12:32:32"
time="2024-11-01T12:00:05.097287786Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [185.199.*.* 185.199.*.* 185.199.*.* 185.199.*.*] A, expire at 2024-11-01 12:32:32"
time="2024-11-01T12:00:05.101058332Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [2606:50c0:8002::154 2606:50c0:8001::154 2606:50c0:8003::154 2606:50c0:8000::154] AAAA, expire at 2024-11-01 12:33:20"
time="2024-11-01T12:00:05.101253708Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [2606:50c0:8002::154 2606:50c0:8001::154 2606:50c0:8003::154 2606:50c0:8000::154] AAAA, expire at 2024-11-01 12:33:20"
time="2024-11-01T12:00:05.108417588Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:05.108688277Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [76.76.*.* 76.76.*.*] A, expire at 2024-11-01 12:22:03"
time="2024-11-01T12:00:05.108829087Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:05.109005958Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:05.12296548Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:05.123216572Z" level=debug msg="[DNS] cache hit zds.vercel.app --> [] AAAA, expire at 2024-11-01 12:17:02"
time="2024-11-01T12:00:05.131457843Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T12:00:05.131770844Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [163.177.*.*] A, expire at 2024-11-01 12:05:57"
time="2024-11-01T12:00:05.131865165Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [] AAAA, expire at 2024-11-01 12:00:23"
time="2024-11-01T12:00:05.175775702Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T12:00:05.225007152Z" level=info msg="[TCP] [2409:*:*:*::1]:55364 --> raw.githubusercontent.com:443 match RuleSet(🧱gfw) using ✈️PROXY[🇭🇰 Hong Kong | 04]"
time="2024-11-01T12:00:05.30621579Z" level=info msg="[TCP] 192.168.*.*:49968 --> sukebei.nyaa.si:443 match RuleSet(🧱gfw) using ✈️PROXY[🇭🇰 Hong Kong | 04]"
time="2024-11-01T12:00:06.15343934Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [185.199.*.* 185.199.*.* 185.199.*.* 185.199.*.*] A, expire at 2024-11-01 12:32:32"
time="2024-11-01T12:00:06.153625847Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [185.199.*.* 185.199.*.* 185.199.*.* 185.199.*.*] A, expire at 2024-11-01 12:32:32"
time="2024-11-01T12:00:06.157102233Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [2606:50c0:8002::154 2606:50c0:8001::154 2606:50c0:8003::154 2606:50c0:8000::154] AAAA, expire at 2024-11-01 12:33:20"
time="2024-11-01T12:00:06.157280652Z" level=debug msg="[DNS] cache hit raw.githubusercontent.com --> [2606:50c0:8002::154 2606:50c0:8001::154 2606:50c0:8003::154 2606:50c0:8000::154] AAAA, expire at 2024-11-01 12:33:20"
time="2024-11-01T12:00:06.187317348Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T12:00:06.187643814Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [163.177.*.*] A, expire at 2024-11-01 12:05:57"
time="2024-11-01T12:00:06.187782128Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [] AAAA, expire at 2024-11-01 12:00:23"
time="2024-11-01T12:00:06.229780325Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T12:00:06.778439837Z" level=info msg="[TCP] [2409:*:*:*::1]:55380 --> raw.githubusercontent.com:443 match RuleSet(🧱gfw) using ✈️PROXY[🇭🇰 Hong Kong | 04]"
time="2024-11-01T12:00:07.252750878Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T12:00:07.271454488Z" level=info msg="[TCP] [2409:*:*:*:ea:7544:f5bb:3d22]:50829 --> [2409:8c38:c40:100::242]:443 match GeoIP(cn) using DIRECT"
time="2024-11-01T12:00:07.846733748Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T12:00:07.852296237Z" level=info msg="[TCP] [2409:*:*:*:ea:7544:f5bb:3d22]:50875 --> [2409:8c28:202:8::203]:443 match GeoIP(cn) using DIRECT"
time="2024-11-01T12:00:08.241939246Z" level=debug msg="[Rule] use default rules"
time="2024-11-01T12:00:08.242387861Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [] AAAA, expire at 2024-11-01 12:00:23"
time="2024-11-01T12:00:08.242480215Z" level=debug msg="[DNS] cache hit oss-cn-guangzhou.solidigm-qwer.com --> [163.177.*.*] A, expire at 2024-11-01 12:05:57"
time="2024-11-01T12:00:10.308813289Z" level=debug msg="use initial random HelloID:iOS"
time="2024-11-01T12:00:10.363434917Z" level=info msg="[TCP] 192.168.*.*:50882 --> github.com:443 match RuleSet(🧱gfw) using ✈️PROXY[🇭🇰 Hong Kong | 04]"
time="2024-11-01T12:00:10.887325485Z" level=debug msg="[DNS] resolve assets.grammarly.com AAAA from https://dns.google:443/dns-query"
time="2024-11-01T12:00:10.887682803Z" level=debug msg="[DNS] resolve assets.grammarly.com AAAA from https://.cloudflare-gateway.com:443/dns-query"
time="2024-11-01T12:00:10.89107502Z" level=debug msg="[DNS] resolve assets.grammarly.com A from https://dns.google:443/dns-query"
time="2024-11-01T12:00:10.891187906Z" level=debug msg="[DNS] resolve assets.grammarly.com A from https://.cloudflare-gateway.com:443/dns-query"
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
1. SourceIP:【2409:*:*:*:647f:4b38:4a00:c031】 - Host:【Empty】 - DestinationIP:【2409:8c28:202:8::196】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
2. SourceIP:【192.168.*.*】 - Host:【alive.github.com】 - DestinationIP:【140.82.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
3. SourceIP:【192.168.*.*】 - Host:【avatars2.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
4. SourceIP:【2409:*:*:*:e099:e829:41a3:9e96】 - Host:【log.tailscale.io】 - DestinationIP:【2600:1f18:429f:9305:823d:72c0:16da:fb33】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
5. SourceIP:【192.168.*.*】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
6. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【Empty】 - DestinationIP:【2409:8c38:c40:100::242】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
7. SourceIP:【192.168.*.*】 - Host:【www-www.bing.com.trafficmanager.net】 - DestinationIP:【13.107.*.*】 - Network:【tcp】 - RulePayload:【Proxy】 - Lastchain:【🇭🇰 Hong Kong | 04】
8. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【205.147.*.*】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 Hong Kong | 04】
9. SourceIP:【192.168.*.*】 - Host:【private-user-images.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
10. SourceIP:【192.168.*.*】 - Host:【private-user-images.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
11. SourceIP:【192.168.*.*】 - Host:【cmp3-hkg1.steamserver.net】 - DestinationIP:【103.28.*.*】 - Network:【tcp】 - RulePayload:【SteamCN】 - Lastchain:【DIRECT】
12. SourceIP:【192.168.*.*】 - Host:【www.google.com】 - DestinationIP:【142.250.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
13. SourceIP:【192.168.*.*】 - Host:【ecs.office.com】 - DestinationIP:【52.113.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
14. SourceIP:【192.168.*.*】 - Host:【www.bing.com】 - DestinationIP:【13.107.*.*】 - Network:【tcp】 - RulePayload:【Proxy】 - Lastchain:【🇭🇰 Hong Kong | 04】
15. SourceIP:【192.168.*.*】 - Host:【feapp.tw2.lol.pvp.net】 - DestinationIP:【18.143.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
16. SourceIP:【2409:*:*:*:e099:e829:41a3:9e96】 - Host:【skydrive.wns.windows.com】 - DestinationIP:【2603:1040:5:8::2】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
17. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【205.147.*.*】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 Hong Kong | 04】
18. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【nleditor.osi.office.net】 - DestinationIP:【2603:1046:1402:1::11】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
19. SourceIP:【192.168.*.*】 - Host:【api.ipify.org】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
20. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【91.108.*.*】 - Network:【tcp】 - RulePayload:【Telegram_ip】 - Lastchain:【🇭🇰 Hong Kong | 04】
21. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【205.147.*.*】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 Hong Kong | 04】
22. SourceIP:【192.168.*.*】 - Host:【avatars2.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
23. SourceIP:【192.168.*.*】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
24. SourceIP:【192.168.*.*】 - Host:【log.tailscale.io】 - DestinationIP:【54.161.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
25. SourceIP:【192.168.*.*】 - Host:【nyaa.si】 - DestinationIP:【186.2.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
26. SourceIP:【2409:*:*:*:e099:e829:41a3:9e96】 - Host:【log.tailscale.io】 - DestinationIP:【2600:1f18:429f:9305:823d:72c0:16da:fb33】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
27. SourceIP:【192.168.*.*】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
28. SourceIP:【192.168.*.*】 - Host:【nyaa.si】 - DestinationIP:【186.2.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
29. SourceIP:【192.168.*.*】 - Host:【us.edge.rms.si.riotgames.com】 - DestinationIP:【104.18.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
30. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【videocardz.com】 - DestinationIP:【2606:4700:20::681a:b8a】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
31. SourceIP:【192.168.*.*】 - Host:【support.sms.playstation.com】 - DestinationIP:【216.198.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
32. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【103.6.*.*】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 Hong Kong | 04】
33. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【edge.microsoft.com】 - DestinationIP:【2620:1ec:c11::239】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
34. SourceIP:【192.168.*.*】 - Host:【github.com】 - DestinationIP:【20.205.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
35. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【Empty】 - DestinationIP:【2409:8c28:202:8::203】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
36. SourceIP:【192.168.*.*】 - Host:【broadcast2.distill.io】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
37. SourceIP:【2409:*:*:*:647f:4b38:4a00:c031】 - Host:【Empty】 - DestinationIP:【2409:8c28:202:8::199】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
38. SourceIP:【192.168.*.*】 - Host:【entitlements.auth.riotgames.com】 - DestinationIP:【104.16.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
39. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【cdn.jsdelivr.net】 - DestinationIP:【2a04:4e42:400::485】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
40. SourceIP:【192.168.*.*】 - Host:【fp.msedge.net】 - DestinationIP:【204.79.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
41. SourceIP:【192.168.*.*】 - Host:【prod-eastasia.access-point.cloudmessaging.edge.microsoft.com】 - DestinationIP:【20.187.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
42. SourceIP:【2409:*:*:*:e099:e829:41a3:9e96】 - Host:【ecs.office.com】 - DestinationIP:【2620:1ec:42::132】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
43. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【192.73.*.*】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 Hong Kong | 04】
44. SourceIP:【192.168.*.*】 - Host:【www.bing.com】 - DestinationIP:【204.79.*.*】 - Network:【tcp】 - RulePayload:【Proxy】 - Lastchain:【🇭🇰 Hong Kong | 04】
45. SourceIP:【2409:*:*:*:556a:db86:de43:7460】 - Host:【ecs.office.com】 - DestinationIP:【2620:1ec:42::132】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
46. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【2606:50c0:8002::154】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
47. SourceIP:【192.168.*.*】 - Host:【log.tailscale.io】 - DestinationIP:【54.161.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
48. SourceIP:【192.168.*.*】 - Host:【lol.secure.dyn.riotcdn.net】 - DestinationIP:【23.46.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
49. SourceIP:【】 - Host:【dns.google】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇨🇳 Taiwan | 07】
50. SourceIP:【192.168.*.*】 - Host:【javdb.com】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【javdb】 - Lastchain:【🇨🇳 Taiwan | 01】
51. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【91.108.*.*】 - Network:【tcp】 - RulePayload:【Telegram_ip】 - Lastchain:【🇭🇰 Hong Kong | 04】
52. SourceIP:【192.168.*.*】 - Host:【ecs.office.com】 - DestinationIP:【52.113.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
53. SourceIP:【192.168.*.*】 - Host:【ecs.office.com】 - DestinationIP:【52.113.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
54. SourceIP:【192.168.*.*】 - Host:【skydrive.wns.windows.com】 - DestinationIP:【20.198.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
55. SourceIP:【2409:*:*:*:5df3:9f5e:61a8:648c】 - Host:【Empty】 - DestinationIP:【2409:8c38:c40:100::2】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
56. SourceIP:【192.168.*.*】 - Host:【client.wns.windows.com】 - DestinationIP:【20.197.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
57. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【tw2-red.lol.sgp.pvp.net】 - DestinationIP:【2606:4700:4400::6812:29b7】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
58. SourceIP:【192.168.*.*】 - Host:【bacon.secure.dyn.riotcdn.net】 - DestinationIP:【23.46.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
59. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【91.189.*.*】 - Network:【udp】 - RulePayload:【】 - Lastchain:【🇭🇰 Hong Kong | 04】
60. SourceIP:【2409:*:*:*:556a:db86:de43:7460】 - Host:【substrate.office.com】 - DestinationIP:【2603:1046:c01:2004::2】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
61. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【riot-geo.pas.si.riotgames.com】 - DestinationIP:【2606:4700:4400::6812:2819】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
62. SourceIP:【192.168.*.*】 - Host:【avatars2.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
63. SourceIP:【192.168.*.*】 - Host:【nyaa.si】 - DestinationIP:【186.2.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
64. SourceIP:【192.168.*.*】 - Host:【www.youtube.com】 - DestinationIP:【142.250.*.*】 - Network:【tcp】 - RulePayload:【YouTube】 - Lastchain:【🇭🇰 HK 2】
65. SourceIP:【192.168.*.*】 - Host:【santamonicastudio.zendesk.com】 - DestinationIP:【216.198.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
66. SourceIP:【192.168.*.*】 - Host:【raw.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
67. SourceIP:【2409:*:*:*:556a:db86:de43:7460】 - Host:【skydrive.wns.windows.com】 - DestinationIP:【2603:1040:5:8::2】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
68. SourceIP:【】 - Host:【.cloudflare-gateway.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【🇨🇳 Taiwan | 07】
69. SourceIP:【192.168.*.*】 - Host:【dsadata.intel.com】 - DestinationIP:【23.46.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
70. SourceIP:【192.168.*.*】 - Host:【avatars2.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
71. SourceIP:【192.168.*.*】 - Host:【data.riotgames.com】 - DestinationIP:【104.16.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
72. SourceIP:【192.168.*.*】 - Host:【client.wns.windows.com】 - DestinationIP:【20.197.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
73. SourceIP:【192.168.*.*】 - Host:【telemetry.sgp.pvp.net】 - DestinationIP:【104.18.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
74. SourceIP:【】 - Host:【Empty】 - DestinationIP:【::ffff:31.186.*.*】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
75. SourceIP:【192.168.*.*】 - Host:【ios.cfw.guide】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
76. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【cdn.jsdelivr.net】 - DestinationIP:【2a04:4e42:200::485】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
77. SourceIP:【192.168.*.*】 - Host:【github.com】 - DestinationIP:【20.205.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
78. SourceIP:【192.168.*.*】 - Host:【api.ipify.org】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
79. SourceIP:【192.168.*.*】 - Host:【telemetry.vg.ac.pvp.net】 - DestinationIP:【13.33.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
80. SourceIP:【192.168.*.*】 - Host:【www-www.bing.com.trafficmanager.net】 - DestinationIP:【13.107.*.*】 - Network:【tcp】 - RulePayload:【Proxy】 - Lastchain:【🇭🇰 Hong Kong | 04】
81. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【134.122.*.*】 - Network:【tcp】 - RulePayload:【((DomainKeyword,derp) && (DomainSuffix,tailscale.com))】 - Lastchain:【DIRECT】
82. SourceIP:【192.168.*.*】 - Host:【sieve.services.riotcdn.net】 - DestinationIP:【172.64.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
83. SourceIP:【192.168.*.*】 - Host:【kr1.chat.si.riotgames.com】 - DestinationIP:【172.65.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
84. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【205.147.*.*】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 Hong Kong | 04】
85. SourceIP:【192.168.*.*】 - Host:【broadcast2.distill.io】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
86. SourceIP:【192.168.*.*】 - Host:【data.riotgames.com】 - DestinationIP:【104.16.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
87. SourceIP:【192.168.*.*】 - Host:【dsadata.intel.com】 - DestinationIP:【23.46.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
88. SourceIP:【192.168.*.*】 - Host:【ecs.office.com】 - DestinationIP:【52.113.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
89. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【apse1-red.pp.sgp.pvp.net】 - DestinationIP:【2606:4700:4400::ac40:9249】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
90. SourceIP:【192.168.*.*】 - Host:【www.youtube.com】 - DestinationIP:【142.250.*.*】 - Network:【tcp】 - RulePayload:【YouTube】 - Lastchain:【🇭🇰 HK 2】
91. SourceIP:【2409:*:*:*:556a:db86:de43:7460】 - Host:【ecs.office.com】 - DestinationIP:【2620:1ec:42::132】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
92. SourceIP:【192.168.*.*】 - Host:【config.extension.grammarly.com】 - DestinationIP:【13.224.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
93. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【edge.microsoft.com】 - DestinationIP:【2620:1ec:c11::239】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
94. SourceIP:【192.168.*.*】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
95. SourceIP:【2409:*:*:*::1】 - Host:【Empty】 - DestinationIP:【2403:2500:400:20::b79】 - Network:【tcp】 - RulePayload:【((DomainKeyword,derp) && (DomainSuffix,tailscale.com))】 - Lastchain:【DIRECT】
96. SourceIP:【192.168.*.*】 - Host:【www.pkavi.com】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
97. SourceIP:【192.168.*.*】 - Host:【nav-edge.smartscreen.microsoft.com】 - DestinationIP:【52.139.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
98. SourceIP:【2409:*:*:*:e099:e829:41a3:9e96】 - Host:【log.tailscale.io】 - DestinationIP:【2600:1f18:429f:9305:823d:72c0:16da:fb33】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
99. SourceIP:【192.168.*.*】 - Host:【data.riotgames.com】 - DestinationIP:【104.16.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
100. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【Empty】 - DestinationIP:【2409:8c28:202:8::202】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
101. SourceIP:【192.168.*.*】 - Host:【client.wns.windows.com】 - DestinationIP:【20.197.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
102. SourceIP:【192.168.*.*】 - Host:【us.edge.rms.si.riotgames.com】 - DestinationIP:【172.64.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
103. SourceIP:【192.168.*.*】 - Host:【nyaa.si】 - DestinationIP:【186.2.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
104. SourceIP:【192.168.*.*】 - Host:【raw.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
105. SourceIP:【192.168.*.*】 - Host:【js-eu1.hs-banner.com】 - DestinationIP:【172.65.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
106. SourceIP:【192.168.*.*】 - Host:【bvc-hac-lp1.cdn.nintendo.net】 - DestinationIP:【23.11.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
107. SourceIP:【192.168.*.*】 - Host:【bacon.secure.dyn.riotcdn.net】 - DestinationIP:【23.46.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
108. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【edge.microsoft.com】 - DestinationIP:【2620:1ec:c11::239】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
109. SourceIP:【2409:*:*:*:556a:db86:de43:7460】 - Host:【ecs.office.com】 - DestinationIP:【2620:1ec:42::132】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
110. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【156.231.*.*】 - Network:【udp】 - RulePayload:【🎮online game】 - Lastchain:【DIRECT】
111. SourceIP:【192.168.*.*】 - Host:【private-user-images.githubusercontent.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
112. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【broadcast2.distill.io】 - DestinationIP:【2606:4700:20::681a:2cc】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
113. SourceIP:【192.168.*.*】 - Host:【log.tailscale.io】 - DestinationIP:【54.161.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
114. SourceIP:【192.168.*.*】 - Host:【clientconfig.rpg.riotgames.com】 - DestinationIP:【104.18.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
115. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【telemetry.sgp.pvp.net】 - DestinationIP:【2606:4700:4400::6812:29b7】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
116. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【43.245.*.*】 - Network:【tcp】 - RulePayload:【80】 - Lastchain:【🇭🇰 Hong Kong | 04】
117. SourceIP:【192.168.*.*】 - Host:【Empty】 - DestinationIP:【91.108.*.*】 - Network:【tcp】 - RulePayload:【Telegram_ip】 - Lastchain:【🇭🇰 Hong Kong | 04】
118. SourceIP:【192.168.*.*】 - Host:【13-courier.push.apple.com】 - DestinationIP:【17.57.*.*】 - Network:【tcp】 - RulePayload:【🍎Apple_domain】 - Lastchain:【DIRECT】
119. SourceIP:【192.168.*.*】 - Host:【c0.jdbstatic.com】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【javdb】 - Lastchain:【🇨🇳 Taiwan | 02】
120. SourceIP:【192.168.*.*】 - Host:【javdb.com】 - DestinationIP:【172.67.*.*】 - Network:【tcp】 - RulePayload:【javdb】 - Lastchain:【🇭🇰 Hong Kong | 08】
121. SourceIP:【192.168.*.*】 - Host:【content.publishing.riotgames.com】 - DestinationIP:【104.18.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
122. SourceIP:【192.168.*.*】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
123. SourceIP:【192.168.*.*】 - Host:【capi.grammarly.com】 - DestinationIP:【3.234.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
124. SourceIP:【192.168.*.*】 - Host:【www.youtube.com】 - DestinationIP:【142.250.*.*】 - Network:【tcp】 - RulePayload:【YouTube】 - Lastchain:【🇭🇰 HK 2】
125. SourceIP:【192.168.*.*】 - Host:【nyaa.si】 - DestinationIP:【186.2.*.*】 - Network:【tcp】 - RulePayload:【🧱gfw】 - Lastchain:【🇭🇰 Hong Kong | 04】
126. SourceIP:【192.168.*.*】 - Host:【clientconfig.rpg.riotgames.com】 - DestinationIP:【104.18.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
127. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【qqwry.api.skk.moe】 - DestinationIP:【2606:4700:3033::ac43:94e3】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
128. SourceIP:【192.168.*.*】 - Host:【ota.nvidia.com】 - DestinationIP:【152.199.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
129. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【Empty】 - DestinationIP:【2409:8c28:202:8::196】 - Network:【tcp】 - RulePayload:【cn】 - Lastchain:【DIRECT】
130. SourceIP:【192.168.*.*】 - Host:【valorant.secure.dyn.riotcdn.net】 - DestinationIP:【104.91.*.*】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
131. SourceIP:【192.168.*.*】 - Host:【weatheroffer.com】 - DestinationIP:【52.8.*.*】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【🇭🇰 Hong Kong | 04】
132. SourceIP:【192.168.*.*】 - Host:【functional.events.data.microsoft.com】 - DestinationIP:【52.168.*.*】 - Network:【tcp】 - RulePayload:【Microsoft】 - Lastchain:【🇭🇰 Hong Kong | 04】
133. SourceIP:【2409:*:*:*:ea:7544:f5bb:3d22】 - Host:【apse1-red.pp.sgp.pvp.net】 - DestinationIP:【2606:4700:4400::6812:29b7】 - Network:【tcp】 - RulePayload:【RiotGames】 - Lastchain:【🇭🇰 Hong Kong | 04】
CC-3301
Verify Steps
OpenClash Version
v0.46.047
Bug on Environment
Immortalwrt
OpenWrt Version
ImmortalWrt SNAPSHOT / LuCI Master 24.299.53074~4b66bf5
Bug on Platform
Linux-amd64-v3(x86-64)
Describe the Bug
如题所述,最近升级了ImmortalWrt和OpenClash Firewall版本升级到了2024-10-18 OpenClash升级到了v0.46.047
在OpenClash v0.46.033版本Fake-IP+绕过CN地址功能 即使自动重拨PPPoE后也是正常的,在047版本异常,在重新拨号后必须手动重启OpenClash才能正常绕过CN地址
To Reproduce
自动或手动重新PPPoE拨号
OpenClash Log
OpenClash Config
Expected Behavior
绕过CN功能在重新拨号后依旧能正常运行,控制面板不出现“直连”的连接
Additional Context