OpenClash
OpenClash copied to clipboard
Published
20 hours ago •
vernesong
vernesong
[Bug] 升级到v0.45.112-beta版本后无法访问油管
Verify Steps
- [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [X] Core 这是 OpenClash 存在的问题,并非我所使用的 Clash 或 Meta 等内核的特定问题
- [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求
OpenClash Version
v0.45.112-beta
Bug on Environment
Official OpenWrt
Bug on Platform
Linux-amd64(x86-64)
To Reproduce
升级到v0.45.112-beta版本后无法正常访问外网
Describe the Bug
启动OpenClash服务但无法正常打开油管等外网应用
已再三检查设置并尝试重新下载配置文件但仍然无法正常使用 另外只要切换到“TUN模式”就会出现失败的提示
OpenClash Log
OpenClash 调试日志
生成时间: 2023-04-24 10:35:20 插件版本: v0.45.112-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Gigabyte Technology Co. - Intel(R) Xeon(R) CPU E31275 @ 3.40GHz : 2 Core 2 Thread
固件版本: OpenWrt SNAPSHOT r4213-2cef640d5
LuCI版本: git-22.046.49039-d9baa31-1
内核版本: 5.15.104-1-pve
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:TUN
进程pid: 57654
运行权限: 57654: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.04.16-5-g227e10d
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.15.1-4-g63770b3
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g40da191
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/maoy.yaml
启动配置文件: /etc/openclash/maoy.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 停用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 停用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 配置文件 =====================#
mixed-port: 7893
allow-lan: true
mode: rule
log-level: debug
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F680 节点选择"
type: select
proxies:
- "?? 自动选择"
- DIRECT
- "\U0001F1F7\U0001F1FA 俄罗斯"
- "\U0001F1F7\U0001F1FA 俄罗斯 2"
- "\U0001F1F7\U0001F1FA 俄罗斯 3"
- "↓↓↓↓↓↓以下是直连节点↓↓↓↓↓↓"
- "\U0001F1ED\U0001F1F0 HK"
- "\U0001F1ED\U0001F1F0 HK 2"
- "\U0001F1ED\U0001F1F0 HK 3"
- "\U0001F1ED\U0001F1F0 HK 4"
- name: "?? 自动选择"
type: url-test
url: http://www.gstatic.com/generate_204
interval: '180'
tolerance: '100'
proxies:
- "\U0001F1F7\U0001F1FA 俄罗斯"
- "\U0001F1F7\U0001F1FA 俄罗斯 2"
- "\U0001F1F7\U0001F1FA 俄罗斯 3"
- "↓↓↓↓↓↓以下是直连节点↓↓↓↓↓↓"
- "\U0001F1ED\U0001F1F0 HK"
- "\U0001F1ED\U0001F1F0 HK 2"
- "\U0001F1ED\U0001F1F0 HK 3"
- "\U0001F1ED\U0001F1F0 HK 4"
- name: "\U0001F3AF 全球直连"
type: select
proxies:
- DIRECT
- "\U0001F680 节点选择"
- "?? 自动选择"
- name: "\U0001F6D1 全球拦截"
type: select
proxies:
- REJECT
- DIRECT
- name: "\U0001F41F 漏网之鱼"
type: select
proxies:
- "\U0001F680 节点选择"
- "\U0001F3AF 全球直连"
- "?? 自动选择"
- "\U0001F1F7\U0001F1FA 俄罗斯"
- "\U0001F1F7\U0001F1FA 俄罗斯 2"
- "\U0001F1F7\U0001F1FA 俄罗斯 3"
- "↓↓↓↓↓↓以下是直连节点↓↓↓↓↓↓"
- "\U0001F1ED\U0001F1F0 HK"
- "\U0001F1ED\U0001F1F0 HK 2"
- "\U0001F1ED\U0001F1F0 HK 3"
- "\U0001F1ED\U0001F1F0 HK 4"
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,192.168.200.1/24,REJECT,no-resolve
- SRC-IP-CIDR,192.168.200.101/32,DIRECT
- SRC-IP-CIDR,192.168.200.1/24,DIRECT
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- "DOMAIN-SUFFIX,acl4.ssr,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,ip6-localhost,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,ip6-loopback,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,lan,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,local,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,localhost,\U0001F3AF 全球直连"
- "IP-CIDR,0.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,10.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,100.64.0.0/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,127.0.0.0/8,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,172.16.0.0/12,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,192.168.0.0/16,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,198.18.0.0/16,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,224.0.0.0/4,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,::1/128,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fc00::/7,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fe80::/10,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR6,fd00::/8,\U0001F3AF 全球直连,no-resolve"
- "DOMAIN,instant.arubanetworks.com,\U0001F3AF 全球直连"
- "DOMAIN,setmeup.arubanetworks.com,\U0001F3AF 全球直连"
- "DOMAIN,router.asus.com,\U0001F3AF 全球直连"
- "DOMAIN,www.asusrouter.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,hiwifi.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,leike.cc,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,miwifi.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,my.router,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,p.to,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,peiluyou.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,phicomm.me,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,router.ctc,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,routerlogin.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,tendawifi.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,zte.home,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,tplogin.cn,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,wifi.cmcc,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,ol.epicgames.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,dizhensubao.getui.com,\U0001F3AF 全球直连"
- "DOMAIN,dl.google.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,googletraveladservices.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,tracking-protection.cdn.mozilla.net,\U0001F3AF 全球直连"
- "DOMAIN,origin-a.akamaihd.net,\U0001F3AF 全球直连"
- "DOMAIN,rewards.hypixel.net,\U0001F3AF 全球直连"
- "DOMAIN-KEYWORD,admarvel,\U0001F6D1 全球拦截"
- "DOMAIN-KEYWORD,admaster,\U0001F6D1 全球拦截"
- "DOMAIN-KEYWORD,adsage,\U0001F6D1 全球拦截"
- "DOMAIN-KEYWORD,adsensor,\U0001F6D1 全球拦截"
- "DOMAIN-KEYWORD,adservice,\U0001F6D1 全球拦截"
- "DOMAIN-KEYWORD,adsmogo,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,image.gentags.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,its-dori.tumblr.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,log.outbrain.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,m.12306media.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,media.cheshi-img.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,media.cheshi.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,mobile-pubt.ele.me,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,mobileads.msn.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,n.cosbot.cn,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,newton-api.ele.me,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,ozone.10jqka.com.cn,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,pdl.gionee.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,pica-juicy.picacomic.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,pixel.wp.com,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,vaserviece.10jqka.com.cn,\U0001F6D1 全球拦截"
- "DOMAIN-SUFFIX,265.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,2mdn.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,alt1-mtalk.google.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,alt2-mtalk.google.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,alt3-mtalk.google.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,www-googletagmanager.l.google.com,\U0001F3AF 全球直连"
- "DOMAIN,csgo.wmsj.cn,\U0001F3AF 全球直连"
- "DOMAIN,dl.steam.clngaa.com,\U0001F3AF 全球直连"
- "DOMAIN,dl.steam.ksyna.com,\U0001F3AF 全球直连"
- "DOMAIN,dota2.wmsj.cn,\U0001F3AF 全球直连"
- "DOMAIN,st.dl.bscstorage.net,\U0001F3AF 全球直连"
- "DOMAIN,st.dl.eccdnx.com,\U0001F3AF 全球直连"
- "DOMAIN,st.dl.pinyuncloud.com,\U0001F3AF 全球直连"
- "DOMAIN,steampipe.steamcontent.tnkjmec.com,\U0001F3AF 全球直连"
- "DOMAIN,steampowered.com.8686c.com,\U0001F3AF 全球直连"
- "DOMAIN,steamstatic.com.8686c.com,\U0001F3AF 全球直连"
- "DOMAIN,wmsjsteam.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cm.steampowered.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,steamchina.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,steamcontent.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,steamusercontent.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,t.me,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,tdesktop.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telegra.ph,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telegram.me,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telegram.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telesco.pe,\U0001F680 节点选择"
- "IP-CIDR,91.108.0.0/16,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,109.239.140.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,149.154.160.0/20,\U0001F680 节点选择,no-resolve"
- "IP-CIDR6,2001:67c:4e8::/48,\U0001F680 节点选择,no-resolve"
- "IP-CIDR6,2001:b28:f23d::/48,\U0001F680 节点选择,no-resolve"
- "IP-CIDR6,2001:b28:f23f::/48,\U0001F680 节点选择,no-resolve"
- "DOMAIN-SUFFIX,edgedatg.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,go.com,\U0001F680 节点选择"
- "DOMAIN-KEYWORD,abematv.akamaized.net,\U0001F680 节点选择"
- "DOMAIN,api-abematv.bucketeer.jp,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,abema-tv.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,abema.io,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,abema.tv,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,ameba.jp,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,hayabusa.io,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,hayabusa.media,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,reddit.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,redhat.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,sonatype.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,sourcegraph.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,spring.io,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,spring.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,stackoverflow.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,discord.co,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,discord.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,discord.gg,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,discord.media,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,discordapp.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,discordapp.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,facebook.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,fb.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,fb.me,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,fbcdn.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,fbcdn.net,\U0001F680 节点选择"
- "IP-CIDR,31.13.24.0/21,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,31.13.64.0/18,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,45.64.40.0/22,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,66.220.144.0/20,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,69.63.176.0/20,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,69.171.224.0/19,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,74.119.76.0/22,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,103.4.96.0/22,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,129.134.0.0/17,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,157.240.0.0/17,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,173.252.64.0/18,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,179.60.192.0/22,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,185.60.216.0/22,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,204.15.20.0/22,\U0001F680 节点选择,no-resolve"
- "DOMAIN-SUFFIX,github.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,github.io,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,githubapp.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,githubassets.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,githubusercontent.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,1e100.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,2mdn.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,app-measurement.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,g.co,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,ggpht.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,goo.gl,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,googleapis.cn,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,googleapis.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,gstatic.cn,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,gstatic.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,gvt0.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,gvt1.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,gvt2.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,gvt3.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,xn--ngstr-lra8j.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,youtu.be,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,youtube-nocookie.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,youtube.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,yt.be,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,ytimg.com,\U0001F680 节点选择"
- "IP-CIDR,74.125.0.0/16,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,173.194.0.0/16,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,120.232.181.162/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,120.241.147.226/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,120.253.253.226/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,120.253.255.162/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,120.253.255.34/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,120.253.255.98/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,180.163.150.162/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,180.163.150.34/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,180.163.151.162/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,180.163.151.34/32,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,203.208.39.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,203.208.40.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,203.208.41.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,203.208.43.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,203.208.50.0/24,\U0001F680 节点选择,no-resolve"
- "DOMAIN-SUFFIX,lin.ee,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,line-apps.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,line-cdn.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,line-scdn.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,line.me,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,line.naver.jp,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,nhncorp.jp,\U0001F680 节点选择"
- "IP-CIDR,103.2.28.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,103.2.30.0/23,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,119.235.224.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,119.235.232.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,119.235.235.0/24,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,119.235.236.0/23,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,147.92.128.0/17,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,203.104.128.0/19,\U0001F680 节点选择,no-resolve"
- "DOMAIN-SUFFIX,openai.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,challenges.cloudflare.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,ai.com,\U0001F680 节点选择"
- "DOMAIN-KEYWORD,1drv,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,twitch.tv,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,ttvnw.net,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,jtvnw.net,\U0001F680 节点选择"
- "DOMAIN-KEYWORD,ttvnw,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,t.co,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,twimg.co,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,twimg.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,twimg.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,t.me,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,tdesktop.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telegra.ph,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telegram.me,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telegram.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,telesco.pe,\U0001F680 节点选择"
- "IP-CIDR,54.242.0.0/15,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,50.22.198.204/30,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,208.43.122.128/27,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,108.168.174.0/16,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,173.192.231.32/27,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,158.85.5.192/27,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,174.37.243.0/16,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,158.85.46.128/27,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,173.192.222.160/27,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,184.173.128.0/17,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,158.85.224.160/27,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,75.126.150.0/16,\U0001F680 节点选择,no-resolve"
- "IP-CIDR,69.171.235.0/16,\U0001F680 节点选择,no-resolve"
- "DOMAIN-SUFFIX,mediawiki.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikibooks.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikidata.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikileaks.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikimedia.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikinews.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikipedia.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikiquote.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikisource.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikiversity.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wikivoyage.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,wiktionary.org,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,neulion.com,\U0001F680 节点选择"
- "DOMAIN-SUFFIX,babytreeimg.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,baicizhan.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,baidupan.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,baike.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,biqudu.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,biquge.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,bitauto.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,c-ctrip.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,camera360.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cdnmama.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,chaoxing.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,che168.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,chinacache.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,chinaso.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,chinaz.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,chinaz.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,chuimg.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cibntv.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,clouddn.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cloudxns.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cn163.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cnblogs.com,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cnki.net,\U0001F3AF 全球直连"
- "DOMAIN-SUFFIX,cnmstl.net,\U0001F3AF 全球直连"
- "IP-CIDR,114.113.196.0/22,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,114.113.200.0/22,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,115.236.112.0/20,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,115.238.76.0/22,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,123.58.160.0/19,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,223.252.192.0/19,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,101.198.128.0/18,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,101.198.192.0/19,\U0001F3AF 全球直连,no-resolve"
- "IP-CIDR,101.199.196.0/22,\U0001F3AF 全球直连,no-resolve"
- "GEOIP,CN,\U0001F3AF 全球直连"
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- "DST-PORT,80,\U0001F41F 漏网之鱼"
- "DST-PORT,443,\U0001F41F 漏网之鱼"
- "DST-PORT,22,\U0001F41F 漏网之鱼"
- MATCH,DIRECT
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: false
interface-name: br-lan
dns:
enable: true
ipv6: true
enhanced-mode: fake-ip
fake-ip-range: 192.168.200.1/24
listen: 0.0.0.0:7874
nameserver:
- 202.96.128.166
- 202.96.128.86
- 192.168.200.1
- 114.114.114.114
- 119.29.29.29
- 119.28.28.28
- 223.5.5.5
fallback:
- https://1.1.1.1/dns-query
- tls://1.1.1.1:853
- tls://8.8.8.8:853
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.google.com"
- "+.facebook.com"
- "+.youtube.com"
- "+.githubusercontent.com"
- "+.googlevideo.com"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- msftconnecttest.com
- msftncsi.com
experimental:
sniff-tls-sni: true
profile:
store-selected: true
authentication:
- Clash:xcopy123
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#Simple Demo:
#General Demo
#1--config path
#2--key name
#3--value
#ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
#ruby_edit "$CONFIG_FILE" "['secret']" "123456"
#ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
#Hash Demo
#1--config path
#2--key name
#3--hash type value
#ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
#ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"
#Array Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value
#ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"
#Array Add From Yaml File Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value file path
#5--value key name in #4 file
#ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"
#Ruby Script Demo:
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Mon Apr 24 10:35:22 2023
*nat
:PREROUTING ACCEPT [71:7412]
:INPUT ACCEPT [421:22153]
:OUTPUT ACCEPT [700:42799]
:POSTROUTING ACCEPT [730:48304]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 192.168.200.0/24 -p tcp -j REDIRECT --to-ports 7892
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -d 192.168.200.0/24 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
COMMIT
# Completed on Mon Apr 24 10:35:22 2023
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Mon Apr 24 10:35:22 2023
*mangle
:PREROUTING ACCEPT [4310:719944]
:INPUT ACCEPT [4150:689498]
:FORWARD ACCEPT [171:31142]
:OUTPUT ACCEPT [5280:1246342]
:POSTROUTING ACCEPT [5453:1277548]
:openclash - [0:0]
:openclash_output - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -d 192.168.200.0/24 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -d 192.168.200.0/24 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Mon Apr 24 10:35:22 2023
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Mon Apr 24 10:35:22 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Mon Apr 24 10:35:22 2023
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Mon Apr 24 10:35:22 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [12:913]
:POSTROUTING ACCEPT [12:913]
COMMIT
# Completed on Mon Apr 24 10:35:22 2023
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Mon Apr 24 10:35:22 2023
*mangle
:PREROUTING ACCEPT [290:37081]
:INPUT ACCEPT [231:32649]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [169:24361]
:POSTROUTING ACCEPT [169:24361]
COMMIT
# Completed on Mon Apr 24 10:35:22 2023
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Mon Apr 24 10:35:22 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Mon Apr 24 10:35:22 2023
#===================== IPSET状态 =====================#
Name: localnetwork
Name: china_ip_route
Name: china_ip_route_pass
#===================== 路由表状态 =====================#
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.200.1 0.0.0.0 UG 0 0 0 br-lan
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 192.168.200.1 dev br-lan proto static
192.168.200.0/24 dev br-lan proto kernel scope link src 192.168.200.101
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#===================== 端口占用状态 =====================#
tcp 0 0 :::9090 :::* LISTEN 57654/clash
tcp 0 0 :::7891 :::* LISTEN 57654/clash
tcp 0 0 :::7890 :::* LISTEN 57654/clash
tcp 0 0 :::7895 :::* LISTEN 57654/clash
tcp 0 0 :::7893 :::* LISTEN 57654/clash
tcp 0 0 :::7892 :::* LISTEN 57654/clash
udp 0 0 :::7874 :::* 57654/clash
udp 0 0 :::7891 :::* 57654/clash
udp 0 0 :::7892 :::* 57654/clash
udp 0 0 :::7893 :::* 57654/clash
udp 0 0 :::7895 :::* 57654/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
#===================== 测试内核DNS查询(www.instagram.com) =====================#
#===================== resolv.conf.d =====================#
# Interface lan
nameserver 192.168.200.1
nameserver 202.96.128.166
nameserver 202.96.128.86
#===================== 测试本机网络连接(www.baidu.com) =====================#
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
#===================== 最近运行日志(自动切换为Debug模式) =====================#
02:35:20 WRN [TCP] dial failed error=dial tcp4 149.154.167.91:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6237 rAddr=149.154.167.91:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:20 WRN [TCP] dial failed error=dial tcp4 149.154.167.91:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6239 rAddr=149.154.167.91:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:21 DBG [TCP] accept connection lAddr=192.168.200.111:6271 rAddr=www.google.com:443 inbound=Redir
02:35:21 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6242 rAddr=91.108.56.186:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:21 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6243 rAddr=91.108.56.186:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:21 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6247 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:21 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6246 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:21 DBG [TCP] accept connection lAddr=192.168.200.111:6274 rAddr=91.108.56.186:80 inbound=Redir
02:35:22 DBG [TCP] accept connection lAddr=192.168.200.111:6275 rAddr=google.com:443 inbound=Redir
02:35:22 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.101 missing
02:35:22 WRN [TCP] dial failed error=dial tcp4 8.8.8.8:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6250 rAddr=dns.google.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:22 DBG [TCP] accept connection lAddr=192.168.200.111:6277 rAddr=google.ru:443 inbound=Redir
02:35:22 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6252 rAddr=91.108.56.186:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:22 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6254 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:22 WRN [TCP] dial failed error=dial tcp4 104.16.248.249:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6256 rAddr=mozilla.cloudflare-dns.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:23 WRN [TCP] dial failed error=dial tcp4 172.217.12.106:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6260 rAddr=firebaseremoteconfig.googleapis.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:23 DBG [DNS] dns response source=https://1.1.1.1/dns-query qType=A name=firebaseremoteconfig.googleapis.com. answer=["142.250.191.74","172.217.12.106","142.251.214.138","172.217.164.106","142.251.46.202","142.250.189.202","142.250.189.234","142.251.46.170","142.250.191.42","142.251.32.42","142.250.188.10","142.250.189.170","142.251.46.234"]
02:35:23 DBG [TCP] accept connection lAddr=192.168.200.111:6278 rAddr=91.108.56.186:443 inbound=Redir
02:35:23 DBG [TCP] accept connection lAddr=192.168.200.111:6280 rAddr=91.108.56.186:80 inbound=Redir
02:35:24 WRN [TCP] dial failed error=dial tcp4 142.250.189.227:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6262 rAddr=www.google.ru:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:24 DBG [TCP] accept connection lAddr=192.168.200.111:6285 rAddr=91.108.56.186:443 inbound=Redir
02:35:24 DBG [TCP] accept connection lAddr=192.168.200.111:6290 rAddr=91.108.56.186:80 inbound=Redir
02:35:24 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6263 rAddr=91.108.56.186:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:24 DBG [TCP] accept connection lAddr=192.168.200.111:6286 rAddr=149.154.175.57:443 inbound=Redir
02:35:24 DBG [TCP] accept connection lAddr=192.168.200.111:6288 rAddr=149.154.175.55:443 inbound=Redir
02:35:24 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6265 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:24 DBG [TCP] accept connection lAddr=192.168.200.111:6292 rAddr=149.154.175.57:80 inbound=Redir
02:35:24 DBG [TCP] accept connection lAddr=192.168.200.111:6293 rAddr=149.154.175.55:80 inbound=Redir
02:35:25 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.101 missing
02:35:25 DBG [TCP] accept connection lAddr=192.168.200.111:6295 rAddr=dns.google.com:443 inbound=Redir
02:35:25 DBG [DNS Server] exchange failed error=all DNS requests failed, first error: context deadline exceeded question=;pve.com. IN MX
02:35:25 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.38 missing
02:35:25 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.38 missing
02:35:25 WRN [TCP] dial failed error=dial tcp4 142.250.189.170:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6268 rAddr=firestore.googleapis.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:25 DBG [TCP] accept connection lAddr=192.168.200.111:6298 rAddr=149.154.175.55:443 inbound=Redir
02:35:25 DBG [TCP] accept connection lAddr=192.168.200.111:6297 rAddr=149.154.175.57:443 inbound=Redir
02:35:25 DBG [TCP] accept connection lAddr=192.168.200.111:6300 rAddr=149.154.175.57:80 inbound=Redir
02:35:25 DBG [TCP] accept connection lAddr=192.168.200.111:6301 rAddr=149.154.175.55:80 inbound=Redir
02:35:25 DBG [TCP] accept connection lAddr=192.168.200.111:6303 rAddr=mozilla.cloudflare-dns.com:443 inbound=Redir
02:35:26 WRN [TCP] dial failed error=dial tcp4 142.250.189.164:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6271 rAddr=www.google.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:26 DBG [TCP] accept connection lAddr=192.168.200.111:6305 rAddr=firebaseremoteconfig.googleapis.com:443 inbound=Redir
02:35:26 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6274 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:27 WRN [TCP] dial failed error=dial tcp4 142.251.32.46:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6275 rAddr=google.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:27 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.38 missing
02:35:27 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.38 missing
02:35:27 DBG [TCP] accept connection lAddr=192.168.200.111:6309 rAddr=firestore.googleapis.com:443 inbound=Redir
02:35:27 WRN [TCP] dial failed error=dial tcp4 142.251.32.35:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6277 rAddr=google.ru:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:27 DBG [TCP] accept connection lAddr=192.168.200.111:6310 rAddr=149.154.175.57:443 inbound=Redir
02:35:27 DBG [TCP] accept connection lAddr=192.168.200.111:6311 rAddr=149.154.175.55:443 inbound=Redir
02:35:27 DBG [TCP] accept connection lAddr=192.168.200.111:6313 rAddr=149.154.175.57:80 inbound=Redir
02:35:27 DBG [TCP] accept connection lAddr=192.168.200.111:6315 rAddr=149.154.175.55:80 inbound=Redir
02:35:28 DBG [TCP] accept connection lAddr=192.168.200.111:6317 rAddr=www.google.ru:443 inbound=Redir
02:35:28 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6278 rAddr=91.108.56.186:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:28 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6280 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:29 DBG [TCP] accept connection lAddr=192.168.200.111:6319 rAddr=www.google.com:443 inbound=Redir
02:35:29 DBG [DNS] dns response source=https://1.1.1.1/dns-query qType=A name=www.google.com. answer=["142.250.191.68"]
02:35:29 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6285 rAddr=91.108.56.186:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:29 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6290 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:29 DBG [TCP] accept connection lAddr=192.168.200.111:6321 rAddr=91.108.56.186:80 inbound=Redir
02:35:29 WRN [TCP] dial failed error=dial tcp4 149.154.175.57:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6292 rAddr=149.154.175.57:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:29 WRN [TCP] dial failed error=dial tcp4 149.154.175.57:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6286 rAddr=149.154.175.57:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:29 WRN [TCP] dial failed error=dial tcp4 149.154.175.55:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6288 rAddr=149.154.175.55:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:29 WRN [TCP] dial failed error=dial tcp4 149.154.175.55:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6293 rAddr=149.154.175.55:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:30 DBG [TCP] accept connection lAddr=192.168.200.111:6322 rAddr=google.ru:443 inbound=Redir
02:35:30 WRN [TCP] dial failed error=dial tcp4 8.8.4.4:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6295 rAddr=dns.google.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:30 DBG [TCP] accept connection lAddr=192.168.200.111:6326 rAddr=google.com:443 inbound=Redir
02:35:30 WRN [TCP] dial failed error=dial tcp4 149.154.175.55:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6298 rAddr=149.154.175.55:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:30 WRN [TCP] dial failed error=dial tcp4 149.154.175.57:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6300 rAddr=149.154.175.57:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:30 WRN [TCP] dial failed error=dial tcp4 149.154.175.57:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6297 rAddr=149.154.175.57:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:30 WRN [TCP] dial failed error=dial tcp4 149.154.175.55:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6301 rAddr=149.154.175.55:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:30 WRN [TCP] dial failed error=dial tcp4 104.16.248.249:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6303 rAddr=mozilla.cloudflare-dns.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:31 WRN [TCP] dial failed error=dial tcp4 142.250.189.202:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6305 rAddr=firebaseremoteconfig.googleapis.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:31 DBG [TCP] accept connection lAddr=192.168.200.111:6329 rAddr=149.154.175.55:443 inbound=Redir
02:35:31 DBG [TCP] accept connection lAddr=192.168.200.111:6328 rAddr=149.154.175.57:443 inbound=Redir
02:35:31 DBG [TCP] accept connection lAddr=192.168.200.111:6331 rAddr=149.154.175.57:80 inbound=Redir
02:35:31 DBG [TCP] accept connection lAddr=192.168.200.111:6332 rAddr=149.154.175.55:80 inbound=Redir
02:35:32 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.38 missing
02:35:32 DBG [Metadata] prehandle failed error=fake DNS record 192.168.200.38 missing
02:35:32 WRN [TCP] dial failed error=dial tcp4 142.250.189.170:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6309 rAddr=firestore.googleapis.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:32 DBG [TCP] accept connection lAddr=192.168.200.111:6335 rAddr=91.108.56.186:443 inbound=Redir
02:35:32 DBG [TCP] accept connection lAddr=192.168.200.111:6340 rAddr=91.108.56.186:80 inbound=Redir
02:35:32 WRN [TCP] dial failed error=dial tcp4 149.154.175.57:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6310 rAddr=149.154.175.57:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:32 WRN [TCP] dial failed error=dial tcp4 149.154.175.55:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6311 rAddr=149.154.175.55:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:32 WRN [TCP] dial failed error=dial tcp4 149.154.175.57:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6313 rAddr=149.154.175.57:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:32 DBG [TCP] accept connection lAddr=192.168.200.111:6338 rAddr=149.154.167.41:443 inbound=Redir
02:35:32 DBG [TCP] accept connection lAddr=192.168.200.111:6337 rAddr=149.154.167.51:443 inbound=Redir
02:35:32 DBG [TCP] accept connection lAddr=192.168.200.111:6342 rAddr=149.154.167.51:80 inbound=Redir
02:35:32 DBG [TCP] accept connection lAddr=192.168.200.111:6343 rAddr=149.154.167.41:80 inbound=Redir
02:35:32 WRN [TCP] dial failed error=dial tcp4 149.154.175.55:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6315 rAddr=149.154.175.55:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:33 DBG [TCP] accept connection lAddr=192.168.200.111:6345 rAddr=mozilla.cloudflare-dns.com:443 inbound=Redir
02:35:33 WRN [TCP] dial failed error=dial tcp4 142.250.189.227:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6317 rAddr=www.google.ru:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:33 DBG [TCP] accept connection lAddr=192.168.200.111:6349 rAddr=149.154.167.51:443 inbound=Redir
02:35:33 DBG [TCP] accept connection lAddr=192.168.200.111:6350 rAddr=149.154.167.41:443 inbound=Redir
02:35:33 DBG [TCP] accept connection lAddr=192.168.200.111:6352 rAddr=149.154.167.51:80 inbound=Redir
02:35:33 DBG [TCP] accept connection lAddr=192.168.200.111:6354 rAddr=149.154.167.41:80 inbound=Redir
02:35:33 DBG [TCP] accept connection lAddr=192.168.200.111:6355 rAddr=dns.google.com:443 inbound=Redir
02:35:34 WRN [TCP] dial failed error=dial tcp4 142.250.189.164:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6319 rAddr=www.google.com:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:34 DBG [TCP] accept connection lAddr=192.168.200.111:6357 rAddr=firebaseremoteconfig.googleapis.com:443 inbound=Redir
02:35:34 WRN [TCP] dial failed error=dial tcp4 91.108.56.186:80: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6321 rAddr=91.108.56.186:80 rule=SrcIPCIDR rulePayload=192.168.200.1/24
02:35:35 WRN [TCP] dial failed error=dial tcp4 142.251.32.35:443: i/o timeout proxy=DIRECT lAddr=192.168.200.111:6322 rAddr=google.ru:443 rule=SrcIPCIDR rulePayload=192.168.200.1/24
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
Expected Behavior
希望能恢复正常使用
Screenshots
- 覆写设置--DNS设置--勾选“自定义上游 DNS 服务器”
- 在下面的“设置自定义上游 DNS 服务器(在上方设置中启用本功能后生效)“中去掉114.114.114.114的勾选,勾选或添加”119.28.28.28“和”223.5.5.5“
- 应用配置,重启服务
- 覆写设置--DNS设置--勾选“自定义上游 DNS 服务器”
- 在下面的“设置自定义上游 DNS 服务器(在上方设置中启用本功能后生效)“中去掉114.114.114.114的勾选,勾选或添加”119.28.28.28“和”223.5.5.5“
- 应用配置,重启服务
此为正解是也!
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}