OpenClash
OpenClash copied to clipboard
vernesong
[Bug] 开启后各个模式docker、uu加速器、pubg反作弊系统等问题
Verify Steps
- [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [X] Core 这是 OpenClash 存在的问题,并非我所使用的 Clash 或 Meta 等内核的特定问题
- [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求
OpenClash Version
v0.45.51 beta
Bug on Environment
Official OpenWrt
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
openclash的各个模式都会出现不同的问题,之前使用redir-host【TUN模式】使用 Meta 内核,绕过大陆IP/☑启用 TCP 并发/☑启用流量(域名)探测,好用过一段时间 (可能是bug)重启后失效。出现过几次docker与uu都好用但是pubg进入游戏一会后就会提示反作弊系统未正常运行。
Describe the Bug
redir-host【兼容模式】 1.☑UDP/☑绕过大陆IP DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时) 2.☒UDP/☒绕过大陆IP DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时) 3.☑UDP/☒绕过大陆IP DOCKER网络正常,代理不可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时) 4.☒UDP/☑绕过大陆IP DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时)
redir-host【TUN】 1.☒绕过大陆IP DOCKER网络正常,代理可用;UU加速器不可用(节点全部超时,海外节点可用);手游(王者)可用 2.☑绕过大陆IP DOCKER网络正常,代理可用;UU加速器不可用(节点全部超时,海外节点可用);手游(王者)可用
redir-host【TUN混合】 1.☒绕过大陆IP DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时) 2.☑绕过大陆IP DOCKER网络正常,代理不可用;UU加速器不可用(节点全部超时,海外节点可用);手游(王者)可用
Fake-IP【增强模式】 1.☑UDP DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时) 2.☒UDP DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时)
Fake-IP【TUN模式】 DOCKER网络正常,代理可用,代理不可用;UU加速器可用;手游(王者)可用
Fake-IP【混合模式】 DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时)
redir-host【兼容模式】使用 Meta 内核 1.☑UDP/☑绕过大陆IP DOCKER网络正常,代理可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时) 2.☑UDP/☑绕过大陆IP/☑启用 TCP 并发/☑启用流量(域名)探测 DOCKER网络正常,代理不可用;UU加速器不可用(普通节点时而可用,海外节点时而可用。加速完就超时)
redir-host【TUN模式】使用 Meta 内核 ☑绕过大陆IP/☑启用 TCP 并发/☑启用流量(域名)探测 DOCKER网络正常,代理不可用;UU加速器可用
redir-host【TUN模式】使用 Meta 内核 1.☑启用 TCP 并发/☑启用流量(域名)探测 DOCKER网络正常,代理不可用;UU加速器可用 2.☑启用 TCP 并发 DOCKER网络正常,代理不可用;UU加速器可用 3.☑启用流量(域名)探测 DOCKER网络正常,代理不可用;UU加速器可用 4.仅启用内核 DOCKER网络正常,代理不可用;UU加速器可用
redir-host【混合模式】使用 Meta 内核 1.☑启用 TCP 并发/☑启用流量(域名)探测 DOCKER网络正常,代理正常;UU加速器可用(反复测试过几次有时不可用>可用,最后一次重启可用)
Fake-IP【增强模式】使用 Meta 内核* DOCKER网络正常,代理可用;UU加速器不可用(节点全部超时,海外节点可用)
Fake-IP【TUN】使用 Meta 内核* DOCKER网络正常,代理不可用;UU加速器不可用(节点全部超时,海外节点可用)
Fake-IP【混合模式】使用 Meta 内核* DOCKER网络正常,代理不可用;UU加速器不可用(节点全部超时,海外节点可用)
不完整测试 后期增加
OpenClash Log
OpenClash 调试日志
#===================== 系统信息 =====================#
主机型号: Default string Default string/Default string - Intel(R) Celeron(R) J4125 CPU @ 2.00GHz : 4 Core 4 Thread 固件版本: OpenWrt GDQ SUMMER[2022] LuCI版本: git-22.200.61437-0c3c82f-1 内核版本: 5.15.57 处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP:
#此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装 coreutils: 已安装 coreutils-nohup: 已安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 未安装 ip-full: 未安装 iptables-mod-tproxy: 未安装 kmod-ipt-tproxy: 未安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci-19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 已安装 unzip: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中 进程pid: 18150 运行权限: 18150: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2022.07.07-7-g56f0a92 Tun内核文件: 存在 Tun内核运行权限: 正常
Dev内核版本: v1.11.4-6-gbec4df7 Dev内核文件: 存在 Dev内核运行权限: 正常
Meta内核版本: alpha-g2899a12 Meta内核文件: 存在 Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/config.yaml 启动配置文件: /etc/openclash/config.yaml 运行模式: redir-host-tun 默认代理模式: rule UDP流量转发(tproxy): 停用 DNS劫持: 启用 自定义DNS: 启用 IPV6代理: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 停用 自定义规则: 停用 仅允许内网: 停用 仅代理命中规则流量: 停用 仅允许常用端口流量: 停用 绕过中国大陆IP: 启用 DNS远程解析: 停用 路由本机代理: 启用
#启动异常时建议关闭此项后重试 混合节点: 停用 保留配置: 停用
#启动异常时建议关闭此项后重试 第三方规则: 停用
#===================== IPSET状态 =====================#
Name: mwan3_dynamic_ipv6 Name: mwan3_connected_ipv4 Name: mwan3_connected_ipv6 Name: mwan3_custom_ipv4 Name: mwan3_custom_ipv6 Name: mwan3_rule_ipv4_https Name: mwan3_rule_ipv6_https Name: music Name: china_ip_route Name: china_ip_route_pass Name: localnetwork Name: mwan3_dynamic_ipv4
#===================== 路由表状态 =====================#
#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 221.0.124.1 0.0.0.0 UG 0 0 0 pppoe-wan 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.5.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan 192.168.192.0 0.0.0.0 255.255.255.0 U 0 0 0 ztzlgp2igm 198.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 utun 221.0.124.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan #ip route list default via 221.0.124.1 dev pppoe-wan proto static 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 192.168.5.0/24 dev br-lan proto kernel scope link src 192.168.5.1 192.168.192.0/24 dev ztzlgp2igm proto kernel scope link src 192.168.192.92 198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 221.0.124.1 dev pppoe-wan proto kernel scope link src WAN IP #ip rule show 0: from all lookup local 32765: from all fwmark 0x162 lookup 354 32766: from all lookup main 32767: from all lookup default
#===================== Tun设备状态 =====================#
ztzlgp2igm: tap utun: tun
#===================== 端口占用状态 =====================#
tcp 0 0 0.0.0.0:42489 0.0.0.0:* LISTEN 18150/clash tcp 0 0 :::7890 :::* LISTEN 18150/clash tcp 0 0 :::7891 :::* LISTEN 18150/clash tcp 0 0 :::7895 :::* LISTEN 18150/clash tcp 0 0 :::7892 :::* LISTEN 18150/clash tcp 0 0 :::7893 :::* LISTEN 18150/clash tcp 0 0 :::9090 :::* LISTEN 18150/clash udp 0 0 0.0.0.0:56112 0.0.0.0:* 18150/clash udp 0 0 0.0.0.0:44387 0.0.0.0:* 18150/clash udp 0 0 0.0.0.0:45450 0.0.0.0:* 18150/clash udp 0 0 :::7874 :::* 18150/clash udp 0 0 :::7891 :::* 18150/clash udp 0 0 :::7892 :::* 18150/clash udp 0 0 :::7893 :::* 18150/clash udp 0 0 :::7895 :::* 18150/clash
OpenClash Config
edir-host【TUN模式】
绕过大陆IP
☑本地 DNS 劫持/☑自定义上游 DNS 服务器(默认)/☑追加上游 DNS
☑使用 Meta 内核☑启用 TCP 并发/☑启用流量(域名)探测/☑启用 GeoIP Dat 版数据库
Expected Behavior
docker容器内网络与uu加速器网络可以一起正常使用
Screenshots
#===================== 防火墙设置 =====================#
#IPv4 NAT chain
Generated by iptables-save v1.8.7 on Fri Aug 26 09:29:17 2022
*nat :PREROUTING ACCEPT [13456:830050] :INPUT ACCEPT [33323:2623591] :OUTPUT ACCEPT [46535:3878500] :POSTROUTING ACCEPT [6952:482629] :DOCKER - [0:0] :MINIUPNPD - [0:0] :MINIUPNPD-POSTROUTING - [0:0] :postrouting_docker_rule - [0:0] :postrouting_ipsecserver_rule - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_vpn_rule - [0:0] :postrouting_wan_rule - [0:0] :prerouting_docker_rule - [0:0] :prerouting_ipsecserver_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_vpn_rule - [0:0] :prerouting_wan_rule - [0:0] :zone_docker_postrouting - [0:0] :zone_docker_prerouting - [0:0] :zone_ipsecserver_postrouting - [0:0] :zone_ipsecserver_prerouting - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_vpn_postrouting - [0:0] :zone_vpn_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] -A PREROUTING -p tcp -m comment --comment "OpenClash TCP DNS Hijack" -m tcp --dport 53 -j ACCEPT -A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i ztppire4vj -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting -A PREROUTING -i eth0 -m comment --comment "!fw3" -j zone_wan_prerouting -A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting -A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting -A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_prerouting -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE -A POSTROUTING -o ztppire4vj -j MASQUERADE -A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 5700 -j MASQUERADE -A POSTROUTING -s 172.17.0.3/32 -d 172.17.0.3/32 -p tcp -m tcp --dport 5700 -j MASQUERADE -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o ztppire4vj -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting -A POSTROUTING -o eth0 -m comment --comment "!fw3" -j zone_wan_postrouting -A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting -A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting -A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_postrouting -A DOCKER -i docker0 -j RETURN -A DOCKER ! -i docker0 -p tcp -m tcp --dport 3010 -j DNAT --to-destination 172.17.0.2:5700 -A DOCKER ! -i docker0 -p tcp -m tcp --dport 3020 -j DNAT --to-destination 172.17.0.3:5700 -A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule -A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule -A zone_ipsecserver_postrouting -m comment --comment "!fw3: Custom ipsecserver postrouting rule chain" -j postrouting_ipsecserver_rule -A zone_ipsecserver_prerouting -m comment --comment "!fw3: Custom ipsecserver prerouting rule chain" -j prerouting_ipsecserver_rule -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule -A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule -A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE -A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule -A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE -A zone_wan_prerouting -j MINIUPNPD -A zone_wan_prerouting -j MINIUPNPD -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule -A zone_wan_prerouting -p tcp -m comment --comment "!fw3: Forward" -j DNAT --to-destination 192.168.5.1 -A zone_wan_prerouting -p udp -m comment --comment "!fw3: Forward" -j DNAT --to-destination 192.168.5.1 COMMIT
Completed on Fri Aug 26 09:29:17 2022
#IPv4 Mangle chain
Generated by iptables-save v1.8.7 on Fri Aug 26 09:29:17 2022
*mangle :PREROUTING ACCEPT [41861038:45522666094] :INPUT ACCEPT [263730:49032766] :FORWARD ACCEPT [41597523:45473679202] :OUTPUT ACCEPT [394301:75009665] :POSTROUTING ACCEPT [41995317:45550433910] :RRDIPT_FORWARD - [0:0] :RRDIPT_INPUT - [0:0] :RRDIPT_OUTPUT - [0:0] :openclash - [0:0] :openclash_dns_hijack - [0:0] :openclash_output - [0:0] -A PREROUTING -j openclash -A INPUT -j RRDIPT_INPUT -A FORWARD -j RRDIPT_FORWARD -A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A OUTPUT -j RRDIPT_OUTPUT -A OUTPUT -j openclash_output -A RRDIPT_FORWARD -s 192.168.192.114/32 -j RETURN -A RRDIPT_FORWARD -d 192.168.192.114/32 -j RETURN -A RRDIPT_FORWARD -s 192.168.5.215/32 -j RETURN -A RRDIPT_FORWARD -d 192.168.5.215/32 -j RETURN -A RRDIPT_FORWARD -s 172.17.0.2/32 -j RETURN -A RRDIPT_FORWARD -d 172.17.0.2/32 -j RETURN -A RRDIPT_FORWARD -s 172.17.0.3/32 -j RETURN -A RRDIPT_FORWARD -d 172.17.0.3/32 -j RETURN -A RRDIPT_INPUT -i eth0 -j RETURN -A RRDIPT_INPUT -i pppoe-wan -j RETURN -A RRDIPT_OUTPUT -o eth0 -j RETURN -A RRDIPT_OUTPUT -o pppoe-wan -j RETURN -A openclash -p tcp -m tcp --sport 1688 -j RETURN -A openclash -p tcp -m tcp --sport 1723 -j RETURN -A openclash -p udp -m udp --sport 1194 -j RETURN -A openclash -p tcp -m tcp --sport 1194 -j RETURN -A openclash -p tcp -m tcp --sport 8897 -j RETURN -A openclash -p udp -m udp --sport 500 -j RETURN -A openclash -p udp -m udp --sport 68 -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash -j MARK --set-xmark 0x162/0xffffffff -A openclash_output -p tcp -m tcp --sport 1688 -j RETURN -A openclash_output -p tcp -m tcp --sport 1723 -j RETURN -A openclash_output -p udp -m udp --sport 1194 -j RETURN -A openclash_output -p tcp -m tcp --sport 1194 -j RETURN -A openclash_output -p tcp -m tcp --sport 8897 -j RETURN -A openclash_output -p udp -m udp --sport 500 -j RETURN -A openclash_output -p udp -m udp --sport 68 -j RETURN -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff COMMIT
Completed on Fri Aug 26 09:29:17 2022
#IPv4 Filter chain
Generated by iptables-save v1.8.7 on Fri Aug 26 09:29:17 2022
*filter :INPUT ACCEPT [2299:132415] :FORWARD ACCEPT [883:43191] :OUTPUT ACCEPT [16391:2493159] :DOCKER - [0:0] :DOCKER-ISOLATION-STAGE-1 - [0:0] :DOCKER-ISOLATION-STAGE-2 - [0:0] :DOCKER-MAN - [0:0] :DOCKER-USER - [0:0] :MINIUPNPD - [0:0] :SOCAT - [0:0] :forwarding_docker_rule - [0:0] :forwarding_ipsecserver_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_vpn_rule - [0:0] :forwarding_wan_rule - [0:0] :input_docker_rule - [0:0] :input_ipsecserver_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_vpn_rule - [0:0] :input_wan_rule - [0:0] :output_docker_rule - [0:0] :output_ipsecserver_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_vpn_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_docker_dest_ACCEPT - [0:0] :zone_docker_forward - [0:0] :zone_docker_input - [0:0] :zone_docker_output - [0:0] :zone_docker_src_ACCEPT - [0:0] :zone_ipsecserver_dest_ACCEPT - [0:0] :zone_ipsecserver_forward - [0:0] :zone_ipsecserver_input - [0:0] :zone_ipsecserver_output - [0:0] :zone_ipsecserver_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_vpn_dest_ACCEPT - [0:0] :zone_vpn_forward - [0:0] :zone_vpn_input - [0:0] :zone_vpn_output - [0:0] :zone_vpn_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -j SOCAT -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -i lo -p tcp -m tcp --dport 37377 -j DROP -A INPUT -i br-lan -p tcp -m tcp --dport 16363 -j ACCEPT -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i ztppire4vj -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_wan_input -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input -A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input -A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input -A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT -A FORWARD -j DOCKER-USER -A FORWARD -j DOCKER-ISOLATION-STAGE-1 -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o docker0 -j DOCKER -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT -A FORWARD -o ztppire4vj -j ACCEPT -A FORWARD -i ztppire4vj -j ACCEPT -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i ztppire4vj -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_wan_forward -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward -A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward -A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o ztppire4vj -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_wan_output -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output -A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output -A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output -A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5700 -j ACCEPT -A DOCKER -d 172.17.0.3/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 5700 -j ACCEPT -A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2 -A DOCKER-ISOLATION-STAGE-1 -j RETURN -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP -A DOCKER-ISOLATION-STAGE-2 -j RETURN -A DOCKER-MAN -i br-lan -o docker0 -j RETURN -A DOCKER-MAN -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j RETURN -A DOCKER-MAN -o docker0 -m conntrack --ctstate INVALID,NEW -j DROP -A DOCKER-MAN -j RETURN -A DOCKER-USER -j DOCKER-MAN -A DOCKER-USER -j RETURN -A forwarding_rule -i pppoe+ -j RETURN -A forwarding_rule -o pppoe+ -j RETURN -A forwarding_rule -i ppp+ -m conntrack --ctstate NEW -j ACCEPT -A forwarding_rule -o ppp+ -m conntrack --ctstate NEW -j ACCEPT -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable -A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT -A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule -A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule -A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT -A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule -A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT -A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule -A zone_ipsecserver_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT -A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule -A zone_ipsecserver_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT -A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule -A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT -A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o ztppire4vj -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_src_ACCEPT -i ztppire4vj -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT -A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule -A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT -A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT -A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule -A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT -A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule -A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT -A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_wan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject -A zone_wan_dest_REJECT -o eth0 -m comment --comment "!fw3" -j reject -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP -A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT -A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT -A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT -A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject -A zone_wan_src_REJECT -i eth0 -m comment --comment "!fw3" -j reject COMMIT
Completed on Fri Aug 26 09:29:17 2022
#IPv6 NAT chain
Generated by ip6tables-save v1.8.7 on Fri Aug 26 09:29:17 2022
*nat :PREROUTING ACCEPT [12920:1776322] :INPUT ACCEPT [37:3117] :OUTPUT ACCEPT [22152:2883634] :POSTROUTING ACCEPT [27637:3547029] -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53 COMMIT
Completed on Fri Aug 26 09:29:17 2022
#IPv6 Mangle chain
Generated by ip6tables-save v1.8.7 on Fri Aug 26 09:29:17 2022
*mangle :PREROUTING ACCEPT [182655:211207626] :INPUT ACCEPT [17419:6622466] :FORWARD ACCEPT [165276:204590112] :OUTPUT ACCEPT [30869:4759720] :POSTROUTING ACCEPT [195840:209330744] -A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -o eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -i eth0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu COMMIT
Completed on Fri Aug 26 09:29:17 2022
#IPv6 Filter chain
Generated by ip6tables-save v1.8.7 on Fri Aug 26 09:29:17 2022
*filter :INPUT ACCEPT [445:53572] :FORWARD ACCEPT [37:2532] :OUTPUT ACCEPT [12:2044] :MINIUPNPD - [0:0] :SOCAT - [0:0] :forwarding_docker_rule - [0:0] :forwarding_ipsecserver_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_vpn_rule - [0:0] :forwarding_wan_rule - [0:0] :input_docker_rule - [0:0] :input_ipsecserver_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_vpn_rule - [0:0] :input_wan_rule - [0:0] :output_docker_rule - [0:0] :output_ipsecserver_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_vpn_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_docker_dest_ACCEPT - [0:0] :zone_docker_forward - [0:0] :zone_docker_input - [0:0] :zone_docker_output - [0:0] :zone_docker_src_ACCEPT - [0:0] :zone_ipsecserver_dest_ACCEPT - [0:0] :zone_ipsecserver_forward - [0:0] :zone_ipsecserver_input - [0:0] :zone_ipsecserver_output - [0:0] :zone_ipsecserver_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_vpn_dest_ACCEPT - [0:0] :zone_vpn_forward - [0:0] :zone_vpn_input - [0:0] :zone_vpn_output - [0:0] :zone_vpn_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -j SOCAT -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i ztppire4vj -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input -A INPUT -i eth0 -m comment --comment "!fw3" -j zone_wan_input -A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input -A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input -A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i ztppire4vj -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward -A FORWARD -i eth0 -m comment --comment "!fw3" -j zone_wan_forward -A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward -A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward -A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o ztppire4vj -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output -A OUTPUT -o eth0 -m comment --comment "!fw3" -j zone_wan_output -A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output -A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output -A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable -A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT -A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule -A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule -A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT -A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule -A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT -A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT -A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule -A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT -A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule -A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT -A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule -A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT -A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o ztppire4vj -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_src_ACCEPT -i ztppire4vj -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT -A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule -A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT -A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT -A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule -A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT -A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule -A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT -A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_ACCEPT -o eth0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_wan_dest_ACCEPT -o eth0 -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject -A zone_wan_dest_REJECT -o eth0 -m comment --comment "!fw3" -j reject -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP -A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT -A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT -A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT -A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject -A zone_wan_src_REJECT -i eth0 -m comment --comment "!fw3" -j reject COMMIT
Completed on Fri Aug 26 09:29:17 2022
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}