[Bug] rule分流时challenges.cloudflare.com人机验证出现反复加载问题

[chummumm]

Verify Steps

• [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
• [X] Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
• [X] Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题
• [X] Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.112-beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-amd64(x86-64)

To Reproduce

启用rule分流，打开ip.sb/ip/8.8.8.8时cloudflare的验证界面反复重新加载

Describe the Bug

启用了rule分流之后，所有需要cloudflare验证的网站例如ip.sb都会反复加载验证界面，此时ip.sb与challenges.cloudflare.com都匹配到final规则的，但是全局模式正常加载。 同时经过验证，passwall与同为meta内核的pharos pro使用相同分流规则则不会出现此问题

OpenClash Log

OpenClash 调试日志

生成时间: 2023-04-29 17:01:38 插件版本: v0.45.112-beta 隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (Q35 + ICH9, 2009)
固件版本: OpenWrt SNAPSHOT r22652-9a26669510
LuCI版本: git-23.051.66410-a505bb1
内核版本: 5.15.108
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
kmod-nft-tproxy: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 22487
运行权限: 22487: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.04.16-10-geb52785
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.15.1-7-g6eee226
Dev内核文件: 存在
Dev内核运行权限: 正常

Meta内核版本: alpha-gefcb278
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host-mix
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#

mode: rule
proxy-groups:
- name: Telegram
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
  - BWH
- name: Scholar
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: Bahamut
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: Facebook
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: Youtube
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: Google
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
  - BWH
- name: Netflix
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: Apple
  type: select
  proxies:
  - DIRECT
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: Microsoft
  type: select
  proxies:
  - DIRECT
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: OneDrive
  type: select
  proxies:
  - DIRECT
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
- name: Nintendo
  type: select
  proxies:
  - DIRECT
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
  - 长沙联通-AWS日本(game)
  - 广州移动-BGP香港(game)
  - 广州移动-HGC(game)
  - BWH(game)
- name: PSN
  type: select
  proxies:
  - DIRECT
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
  - 长沙联通-AWS日本(game)
  - BWH(game)
- name: OpenWrt
  type: select
  proxies:
  - DIRECT
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
  - BWH
- name: Proxy
  type: select
  proxies:
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
  - BWH
- name: Final
  type: select
  proxies:
  - DIRECT
  - 广州移动-AWS新加坡
  - 广州移动-BGP香港
  - 长沙联通-AWS新加坡
  - 长沙联通-AWS日本
  - 广州移动-HGC
  - AWS新加坡
  - BWH
rules:
- DST-PORT,7895,REJECT
- DST-PORT,7892,REJECT
- IP-CIDR,198.18.0.1/16,REJECT,no-resolve
- RULE-SET,private,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,apple,Apple
- RULE-SET,icloud,Apple
- RULE-SET,microsoft,Microsoft
- RULE-SET,telegramcidr,Telegram
- DOMAIN-SUFFIX,awesome-hd.me,DIRECT
- DOMAIN-SUFFIX,broadcasthe.net,DIRECT
- DOMAIN-SUFFIX,chdbits.co,DIRECT
- DOMAIN-SUFFIX,classix-unlimited.co.uk,DIRECT
- DOMAIN-SUFFIX,empornium.me,DIRECT
- DOMAIN-SUFFIX,gazellegames.net,DIRECT
- DOMAIN-SUFFIX,hdchina.org,DIRECT
- DOMAIN-SUFFIX,hdsky.me,DIRECT
- DOMAIN-SUFFIX,icetorrent.org,DIRECT
- DOMAIN-SUFFIX,jpopsuki.eu,DIRECT
- DOMAIN-SUFFIX,keepfrds.com,DIRECT
- DOMAIN-SUFFIX,madsrevolution.net,DIRECT
- DOMAIN-SUFFIX,m-team.cc,DIRECT
- DOMAIN-SUFFIX,nanyangpt.com,DIRECT
- DOMAIN-SUFFIX,ncore.cc,DIRECT
- DOMAIN-SUFFIX,open.cd,DIRECT
- DOMAIN-SUFFIX,ourbits.club,DIRECT
- DOMAIN-SUFFIX,passthepopcorn.me,DIRECT
- DOMAIN-SUFFIX,privatehd.to,DIRECT
- DOMAIN-SUFFIX,redacted.ch,DIRECT
- DOMAIN-SUFFIX,springsunday.net,DIRECT
- DOMAIN-SUFFIX,tjupt.org,DIRECT
- DOMAIN-SUFFIX,totheglory.im,DIRECT
- DOMAIN-SUFFIX,smtp,DIRECT
- DOMAIN-KEYWORD,announce,DIRECT
- DOMAIN-KEYWORD,torrent,DIRECT
- DOMAIN-KEYWORD,tracker,DIRECT
- DOMAIN-SUFFIX,1drv.com,OneDrive
- DOMAIN-SUFFIX,1drv.ms,OneDrive
- DOMAIN-SUFFIX,livefilestore.com,OneDrive
- DOMAIN-SUFFIX,onedrive.co,OneDrive
- DOMAIN-SUFFIX,onedrive.co.uk,OneDrive
- DOMAIN-SUFFIX,onedrive.com,OneDrive
- DOMAIN-SUFFIX,onedrive.eu,OneDrive
- DOMAIN-SUFFIX,onedrive.live.com,OneDrive
- DOMAIN-SUFFIX,onedrive.net,OneDrive
- DOMAIN-SUFFIX,onedrive.org,OneDrive
- DOMAIN-SUFFIX,storage.live.com,OneDrive
- DOMAIN-SUFFIX,apple-dns.net,Apple
- SRC-IP-CIDR,192.168.3.13/32,Nintendo
- DOMAIN-SUFFIX,playstation.net,PSN
- DOMAIN-SUFFIX,playstation.com,PSN
- DOMAIN-SUFFIX,wise.com,BWH
- DOMAIN-SUFFIX,kraken.com,BWH
- DOMAIN-SUFFIX,cloudflare.com,Final
- RULE-SET,private,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,apple,Apple
- RULE-SET,icloud,Apple
- RULE-SET,microsoft,Microsoft
- RULE-SET,telegramcidr,Telegram
- DOMAIN-SUFFIX,test-ipv6.com,DIRECT
- DOMAIN-SUFFIX,plex.tv,DIRECT
- DOMAIN-SUFFIX,plexapp.com,DIRECT
- DOMAIN-SUFFIX,plex.direct,DIRECT
- DOMAIN-SUFFIX,ozon.ru,DIRECT
- DOMAIN-SUFFIX,ghproxy.com,DIRECT
- DOMAIN,tv.apple.com,Proxy
- DOMAIN-SUFFIX,openwrt.org,OpenWrt
- DOMAIN-SUFFIX,apple.com,Apple
- DOMAIN-SUFFIX,itunes.com,Apple
- DOMAIN,scholar.google.com,Scholar
- DOMAIN-KEYWORD,gamer2-cds.cdn.hinet.net,Bahamut
- DOMAIN-KEYWORD,gamer-cds.cdn.hinet.net,Bahamut
- DOMAIN-KEYWORD,gamer.com.tw,Bahamut
- DOMAIN-KEYWORD,i2.bahamut.com.tw,Bahamut
- DOMAIN-KEYWORD,cdninstagram.com,Facebook
- DOMAIN-KEYWORD,instagram.com,Facebook
- DOMAIN-KEYWORD,twitter.com,Facebook
- DOMAIN-KEYWORD,facebook.com,Facebook
- DOMAIN-KEYWORD,youtube,Youtube
- DOMAIN-KEYWORD,youtu.be,Youtube
- DOMAIN-KEYWORD,googlevideo.com,Youtube
- DOMAIN-KEYWORD,ytimg.com,Youtube
- DOMAIN-KEYWORD,gvt2.com,Youtube
- DOMAIN-SUFFIX,yt.be,Youtube
- DOMAIN-KEYWORD,google,Google
- DOMAIN-KEYWORD,gstatic.com,Google
- DOMAIN-KEYWORD,fast.com,Netflix
- DOMAIN-KEYWORD,netflix.com,Netflix
- DOMAIN-KEYWORD,netflix.net,Netflix
- DOMAIN-KEYWORD,nflxso.net,Netflix
- DOMAIN-KEYWORD,nflxext.com,Netflix
- DOMAIN-KEYWORD,nflximg.com,Netflix
- DOMAIN-KEYWORD,nflximg.net,Netflix
- DOMAIN-KEYWORD,nflxvideo.net,Netflix
- DOMAIN-KEYWORD,netflixdnstest0.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest1.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest2.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest3.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest4.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest5.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest6.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest7.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest8.com,Netflix
- DOMAIN-KEYWORD,netflixdnstest9.com,Netflix
- DOMAIN-KEYWORD,tiktok,Proxy
- DOMAIN,raw.githubusercontent.com,Proxy
- GEOSITE,category-games@cn,DIRECT
- GEOSITE,CN,DIRECT
- GEOIP,CN,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,BitComet,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,transmission-daemon,DIRECT
- PROCESS-NAME,transmission-qt,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,aria2c,DIRECT
- PROCESS-NAME,fdm,DIRECT
- PROCESS-NAME,Folx,DIRECT
- PROCESS-NAME,NetTransport,DIRECT
- PROCESS-NAME,qbittorrent,DIRECT
- PROCESS-NAME,Thunder,DIRECT
- PROCESS-NAME,Transmission,DIRECT
- PROCESS-NAME,transmission,DIRECT
- PROCESS-NAME,uTorrent,DIRECT
- PROCESS-NAME,WebTorrent,DIRECT
- PROCESS-NAME,WebTorrent Helper,DIRECT
- PROCESS-NAME,v2ray,DIRECT
- PROCESS-NAME,ss-local,DIRECT
- PROCESS-NAME,ssr-local,DIRECT
- PROCESS-NAME,ss-redir,DIRECT
- PROCESS-NAME,ssr-redir,DIRECT
- PROCESS-NAME,ss-server,DIRECT
- PROCESS-NAME,trojan-go,DIRECT
- PROCESS-NAME,xray,DIRECT
- PROCESS-NAME,hysteria,DIRECT
- PROCESS-NAME,UUBooster,DIRECT
- PROCESS-NAME,uugamebooster,DIRECT
- DST-PORT,80,Final
- DST-PORT,443,Final
- DST-PORT,22,Final
- MATCH,DIRECT
redir-port: 7892
tproxy-port: 7895
port: 7890
socks-port: 7891
mixed-port: 7893
log-level: silent
allow-lan: true
external-controller: 0.0.0.0:9090
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
interface-name: pppoe-WAN
geodata-mode: true
geodata-loader: standard
tcp-concurrent: true
global-client-fingerprint: random
dns:
  enable: true
  ipv6: true
  enhanced-mode: redir-host
  listen: 0.0.0.0:7874
  nameserver:
  - 223.5.5.5
  - 119.29.29.29
  - 114.215.126.16
  fallback:
  - https://doh.pub/dns-query
  - https://dns.alidns.com/dns-query
  - https://dns.cloudflare.com/dns-query
  - tls://dns.google:853
  - https://1.1.1.1/dns-query
  - tls://1.1.1.1:853
  - tls://8.8.8.8:853
  - https://public.dns.iij.jp/dns-query
  - https://jp.tiar.app/dns-query
  - https://jp.tiarap.org/dns-query
  - tls://jp.tiar.app
  - tls://dot.tiar.app
  default-nameserver:
  - 119.28.28.28
sniffer:
  enable: true
  force-dns-mapping: true
  parse-pure-ip: true
tun:
  enable: true
  stack: system
  device: utun
  auto-route: false
  auto-detect-interface: false
  dns-hijack:
  - tcp://any:53
profile:
  store-selected: true
  store-fake-ip: true
authentication:
- Clash:******
rule-providers:
  private:
    type: http
    behavior: domain
    path: "./rule_provider/private.yaml"
    url: https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/private.txt
    interval: 21600
  lancidr:
    type: http
    behavior: ipcidr
    path: "./rule_provider/lancidr.yaml"
    url: https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/lancidr.txt
    interval: 21600
  apple:
    type: http
    behavior: domain
    path: "./rule_provider/apple.yaml"
    url: https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/apple.txt
    interval: 21600
  icloud:
    type: http
    behavior: domain
    path: "./rule_provider/icloud.yaml"
    url: https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/icloud.txt
    interval: 21600
  microsoft:
    type: http
    behavior: classical
    path: "./rule_provider/microsoft.yaml"
    url: https://ghproxy.com/https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/release/rule/Clash/Microsoft/Microsoft.yaml
    interval: 21600
  telegramcidr:
    type: http
    behavior: ipcidr
    path: "./rule_provider/telegramcidr.yaml"
    url: https://ghproxy.com/https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/telegramcidr.txt
    interval: 21600

#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.8 (nf_tables) on Sat Apr 29 17:01:39 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Sat Apr 29 17:01:39 2023

#IPv4 Mangle chain

# Generated by iptables-save v1.8.8 (nf_tables) on Sat Apr 29 17:01:39 2023
*mangle
:PREROUTING ACCEPT [445381279:241020963740]
:INPUT ACCEPT [258952179:185223121460]
:FORWARD ACCEPT [186015050:55630515067]
:OUTPUT ACCEPT [231347198:263319313100]
:POSTROUTING ACCEPT [417337979:318946378876]
:qos_Default - [0:0]
:qos_Default_ct - [0:0]
-A qos_Default -j CONNMARK --restore-mark --nfmask 0xf --ctmask 0xf
-A qos_Default -m mark --mark 0x0/0xf -j qos_Default_ct
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m length --length 0:500 -j MARK --set-xmark 0x22/0xff
-A qos_Default -p icmp -j MARK --set-xmark 0x11/0xff
-A qos_Default -p tcp -m mark --mark 0x0/0xf0 -m tcp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -p udp -m mark --mark 0x0/0xf0 -m udp --sport 1024:65535 --dport 1024:65535 -j MARK --set-xmark 0x44/0xff
-A qos_Default -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 22,53 -m comment --comment "ssh, dns" -j MARK --set-xmark 0x11/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 20,21,25,80,110,443,993,995 -m comment --comment "ftp, smtp, http(s), imap" -j MARK --set-xmark 0x33/0xff
-A qos_Default_ct -p tcp -m mark --mark 0x0/0xf -m tcp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -p udp -m mark --mark 0x0/0xf -m udp -m multiport --ports 5190 -m comment --comment "AOL, iChat, ICQ" -j MARK --set-xmark 0x22/0xff
-A qos_Default_ct -j CONNMARK --save-mark --nfmask 0xff --ctmask 0xff
COMMIT
# Completed on Sat Apr 29 17:01:39 2023

#IPv4 Filter chain

# Generated by iptables-save v1.8.8 (nf_tables) on Sat Apr 29 17:01:39 2023
*filter
:INPUT ACCEPT [258696476:184901620813]
:FORWARD ACCEPT [186015050:55630515067]
:OUTPUT ACCEPT [231346776:263319270480]
:udp2rawDwrW_8e4ea391_C0 - [0:0]
:udp2rawDwrW_8e4ea391_C1 - [0:0]
-A INPUT -s 43.129.66.63/32 -p tcp -m tcp --sport 9090 -j udp2rawDwrW_8e4ea391_C0
-A INPUT -s 43.129.66.63/32 -p tcp -m tcp --sport 9090 -j udp2rawDwrW_8e4ea391_C1
-A udp2rawDwrW_8e4ea391_C0 -j DROP
-A udp2rawDwrW_8e4ea391_C1 -j DROP
COMMIT
# Completed on Sat Apr 29 17:01:39 2023

#IPv6 NAT chain


#IPv6 Mangle chain


#IPv6 Filter chain


#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
	chain input {
		type filter hook input priority filter; policy accept;
		iifname "pppoe-WAN" ip6 saddr != @localnetwork6 counter packets 1151446 bytes 1202774053 jump openclash_wan6_input
		udp dport 443 ip6 daddr != @china_ip6_route counter packets 331 bytes 448938 reject with icmpv6 port-unreachable comment "OpenClash QUIC REJECT"
		iifname "pppoe-WAN" ip saddr != @localnetwork counter packets 21388736 bytes 12718152862 jump openclash_wan_input
		iifname "lo" accept comment "!fw4: Accept traffic from loopback"
		ct state established,related accept comment "!fw4: Allow inbound established and related flows"
		tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
		iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
		iifname "pppoe-WAN" jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
		iifname "eth0" jump input_MODEM comment "!fw4: Handle MODEM IPv4/IPv6 input traffic"
		iifname "pppoe-IPTV" jump input_IPTV comment "!fw4: Handle IPTV IPv4/IPv6 input traffic"
	}
}
table inet fw4 {
	chain forward {
		type filter hook forward priority filter; policy accept;
		oifname "utun" udp dport 443 ip daddr != @china_ip_route counter packets 187 bytes 245186 reject with icmp port-unreachable comment "OpenClash QUIC REJECT"
		meta l4proto { tcp, udp } oifname "utun" counter packets 384243 bytes 34214273 accept comment "OpenClash TUN Forward"
		meta l4proto { tcp, udp } flow add @ft
		ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
		iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
		iifname "pppoe-WAN" jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
		iifname "eth0" jump forward_MODEM comment "!fw4: Handle MODEM IPv4/IPv6 forward traffic"
		iifname "pppoe-IPTV" jump forward_IPTV comment "!fw4: Handle IPTV IPv4/IPv6 forward traffic"
		jump upnp_forward comment "Hook into miniupnpd forwarding chain"
	}
}
table inet fw4 {
	chain dstnat {
		type nat hook prerouting priority dstnat; policy accept;
		ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
		meta nfproto ipv4 tcp dport 53 counter packets 2 bytes 84 accept comment "OpenClash TCP DNS Hijack"
		udp dport 53 counter packets 72203 bytes 5952806 redirect to :53 comment "OpenClash DNS Hijack"
		tcp dport 53 counter packets 0 bytes 0 redirect to :53 comment "OpenClash DNS Hijack"
		iifname "br-lan" jump dstnat_lan comment "!fw4: Handle lan IPv4/IPv6 dstnat traffic"
		iifname "pppoe-WAN" jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic"
		jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
		ip protocol tcp counter packets 122631 bytes 33657130 jump openclash
	}
}
table inet fw4 {
	chain srcnat {
		type nat hook postrouting priority srcnat; policy accept;
		oifname "br-lan" jump srcnat_lan comment "!fw4: Handle lan IPv4/IPv6 srcnat traffic"
		oifname "pppoe-WAN" jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
		oifname "eth0" jump srcnat_MODEM comment "!fw4: Handle MODEM IPv4/IPv6 srcnat traffic"
		jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
	}
}
table inet fw4 {
	chain nat_output {
		type nat hook output priority filter - 1; policy accept;
		ip protocol tcp counter packets 349219 bytes 20954580 jump openclash_output
	}
}
table inet fw4 {
	chain mangle_prerouting {
		type filter hook prerouting priority mangle; policy accept;
		ip protocol udp counter packets 29569134 bytes 9025170812 jump openclash_mangle
		meta nfproto ipv4 tcp dport 53 counter packets 2 bytes 84 jump openclash_dns_hijack
		meta nfproto ipv6 counter packets 1565870 bytes 1263764261 jump openclash_mangle_v6
	}
}
table inet fw4 {
	chain mangle_output {
		type route hook output priority mangle; policy accept;
		meta l4proto { tcp, udp } counter packets 26442874 bytes 28164526553 jump openclash_mangle_output
	}
}
table inet fw4 {
	chain openclash {
		ip daddr @localnetwork counter packets 73702 bytes 30829431 return
		ip protocol tcp counter packets 48930 bytes 2827747 redirect to :7892
	}
}
table inet fw4 {
	chain openclash_mangle {
		meta nfproto ipv4 udp sport 19981 counter packets 953 bytes 73584 return
		meta nfproto ipv4 udp sport 500 counter packets 1 bytes 448 return
		meta nfproto ipv4 udp sport 68 counter packets 68 bytes 23058 return
		ip saddr 192.168.3.2 udp sport 32400 counter packets 0 bytes 0 return
		meta l4proto { tcp, udp } iifname "utun" counter packets 14187836 bytes 4397736275 return
		ip daddr @localnetwork counter packets 14982245 bytes 4592100494 return
		ip protocol udp counter packets 398092 bytes 35242723 jump openclash_upnp
		meta l4proto { tcp, udp } th dport 0-65535 meta mark set 0x00000162 counter packets 398092 bytes 35242723
	}
}
table inet fw4 {
	chain openclash_mangle_output {
		meta nfproto ipv4 udp sport 19981 counter packets 947 bytes 72784 return
		meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
		ip saddr 192.168.3.2 udp sport 32400 counter packets 0 bytes 0 return
		ip daddr @localnetwork counter packets 2037106 bytes 7338967303 return
	}
}
table inet fw4 {
	chain openclash_output {
		ip saddr 192.168.3.2 tcp sport 32400 counter packets 0 bytes 0 return
		ip daddr @localnetwork counter packets 236 bytes 15600 return
		ip protocol tcp meta skuid != 65534 counter packets 82 bytes 4920 redirect to :7892
	}
}
table inet fw4 {
	chain openclash_wan_input {
		udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
		tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 22 bytes 888 reject
	}
}
table inet fw4 {
	chain openclash_dns_hijack {
	}
}
table inet fw4 {
	chain openclash_mangle_v6 {
		meta nfproto ipv6 udp sport 19981 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 546 counter packets 18 bytes 2034 return
		ip6 daddr @localnetwork6 counter packets 1274532 bytes 1213654119 return
		meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 258201 bytes 42775260 accept comment "OpenClash TCP Tproxy"
		meta nfproto ipv6 udp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 32956 bytes 7277294 accept comment "OpenClash UDP Tproxy"
	}
}
table inet fw4 {
	chain openclash_mangle_output_v6 {
		meta nfproto ipv6 udp sport 19981 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return
		ip6 daddr @localnetwork6 counter packets 0 bytes 0 return
		meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 0 bytes 0 accept comment "OpenClash TCP Tproxy"
	}
}
table inet fw4 {
	chain openclash_wan6_input {
		udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
		tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
	}
}

#===================== IPSET状态 =====================#

Name: laniplist
Name: vpsiplist
Name: whitelist
Name: laniplist6
Name: vpsiplist6
Name: whitelist6

#===================== 路由表状态 =====================#

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         58.**.**.1      0.0.0.0         UG    0      0        0 pppoe-WAN
10.126.32.1     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-IPTV
58.**.**.1     0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-WAN
192.168.1.0     192.168.1.1     255.255.255.0   UG    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 eth0
192.168.2.1     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.3     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.4     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.5     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.2.6     0.0.0.0         255.255.255.255 UH    0      0        0 WireGuard
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 br-lan
192.168.188.0   0.0.0.0         255.255.255.0   U     0      0        0 WireGuard
198.18.0.0      0.0.0.0         255.255.255.252 U     0      0        0 utun
#ip route list
default via 58.**.**.1 dev pppoe-WAN proto static 
10.126.32.1 dev pppoe-IPTV proto kernel scope link src 10.126.45.108 
58.**.**.1 dev pppoe-WAN proto kernel scope link src *WAN IP*.207 
192.168.1.0/24 via 192.168.1.1 dev eth0 proto static 
192.168.1.0/24 dev eth0 proto static scope link metric 100 
192.168.2.1 dev WireGuard proto static scope link 
192.168.2.3 dev WireGuard proto static scope link 
192.168.2.4 dev WireGuard proto static scope link 
192.168.2.5 dev WireGuard proto static scope link 
192.168.2.6 dev WireGuard proto static scope link 
192.168.3.0/24 dev br-lan proto kernel scope link src 192.168.3.1 
192.168.188.0/24 dev WireGuard proto static scope link 
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1 
#ip rule show
0:	from all lookup local
32765:	from all fwmark 0x162 lookup 354
32766:	from all lookup main
32767:	from all lookup default

#===================== Tun设备状态 =====================#

utun: tun

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:40725        0.0.0.0:*               LISTEN      22487/clash
tcp        0      0 :::7893                 :::*                    LISTEN      22487/clash
tcp        0      0 :::7892                 :::*                    LISTEN      22487/clash
tcp        0      0 :::7895                 :::*                    LISTEN      22487/clash
tcp        0      0 :::7891                 :::*                    LISTEN      22487/clash
tcp        0      0 :::7890                 :::*                    LISTEN      22487/clash
tcp        0      0 fdfe:dcba:9876::1:37317 :::*                    LISTEN      22487/clash
tcp        0      0 :::9090                 :::*                    LISTEN      22487/clash
udp        0      0 :::35504                :::*                                22487/clash
udp        0      0 :::41657                :::*                                22487/clash
udp        0      0 :::45764                :::*                                22487/clash
udp        0      0 :::49871                :::*                                22487/clash
udp        0      0 :::41681                :::*                                22487/clash
udp        0      0 :::47841                :::*                                22487/clash
udp        0      0 :::39656                :::*                                22487/clash
udp        0      0 :::37614                :::*                                22487/clash
udp        0      0 :::39666                :::*                                22487/clash
udp        0      0 :::49938                :::*                                22487/clash
udp        0      0 :::56167                :::*                                22487/clash
udp        0      0 :::60265                :::*                                22487/clash
udp        0      0 :::52088                :::*                                22487/clash
udp        0      0 :::56196                :::*                                22487/clash
udp        0      0 :::39825                :::*                                22487/clash
udp        0      0 :::43946                :::*                                22487/clash
udp        0      0 :::33707                :::*                                22487/clash
udp        0      0 :::56238                :::*                                22487/clash
udp        0      0 :::37839                :::*                                22487/clash
udp        0      0 :::52182                :::*                                22487/clash
udp        0      0 :::58375                :::*                                22487/clash
udp        0      0 :::50190                :::*                                22487/clash
udp        0      0 :::50223                :::*                                22487/clash
udp        0      0 :::39984                :::*                                22487/clash
udp        0      0 :::33915                :::*                                22487/clash
udp        0      0 :::54401                :::*                                22487/clash
udp        0      0 :::46242                :::*                                22487/clash
udp        0      0 :::52414                :::*                                22487/clash
udp        0      0 :::52420                :::*                                22487/clash
udp        0      0 :::54476                :::*                                22487/clash
udp        0      0 :::42214                :::*                                22487/clash
udp        0      0 :::38122                :::*                                22487/clash
udp        0      0 :::52471                :::*                                22487/clash
udp        0      0 :::40196                :::*                                22487/clash
udp        0      0 :::56645                :::*                                22487/clash
udp        0      0 :::58749                :::*                                22487/clash
udp        0      0 :::60827                :::*                                22487/clash
udp        0      0 :::34219                :::*                                22487/clash
udp        0      0 :::52678                :::*                                22487/clash
udp        0      0 :::58844                :::*                                22487/clash
udp        0      0 :::60899                :::*                                22487/clash
udp        0      0 :::60909                :::*                                22487/clash
udp        0      0 :::40432                :::*                                22487/clash
udp        0      0 :::60946                :::*                                22487/clash
udp        0      0 :::54810                :::*                                22487/clash
udp        0      0 :::42536                :::*                                22487/clash
udp        0      0 :::42558                :::*                                22487/clash
udp        0      0 :::56906                :::*                                22487/clash
udp        0      0 :::44690                :::*                                22487/clash
udp        0      0 :::7874                 :::*                                22487/clash
udp        0      0 :::7891                 :::*                                22487/clash
udp        0      0 :::7892                 :::*                                22487/clash
udp        0      0 :::7893                 :::*                                22487/clash
udp        0      0 :::7895                 :::*                                22487/clash
udp        0      0 :::44770                :::*                                22487/clash
udp        0      0 :::40681                :::*                                22487/clash
udp        0      0 :::53028                :::*                                22487/clash
udp        0      0 :::57128                :::*                                22487/clash
udp        0      0 :::36658                :::*                                22487/clash
udp        0      0 :::53094                :::*                                22487/clash
udp        0      0 :::53097                :::*                                22487/clash
udp        0      0 :::49014                :::*                                22487/clash
udp        0      0 :::40822                :::*                                22487/clash
udp        0      0 :::59359                :::*                                22487/clash
udp        0      0 :::51197                :::*                                22487/clash
udp        0      0 :::40959                :::*                                22487/clash
udp        0      0 :::51200                :::*                                22487/clash
udp        0      0 :::43013                :::*                                22487/clash
udp        0      0 :::59409                :::*                                22487/clash
udp        0      0 :::40987                :::*                                22487/clash
udp        0      0 :::43043                :::*                                22487/clash
udp        0      0 :::47141                :::*                                22487/clash
udp        0      0 :::45095                :::*                                22487/clash
udp        0      0 :::36918                :::*                                22487/clash
udp        0      0 :::34899                :::*                                22487/clash
udp        0      0 :::34925                :::*                                22487/clash
udp        0      0 :::57455                :::*                                22487/clash
udp        0      0 :::55413                :::*                                22487/clash
udp        0      0 :::57480                :::*                                22487/clash
udp        0      0 :::49292                :::*                                22487/clash
udp        0      0 :::39072                :::*                                22487/clash
udp        0      0 :::59581                :::*                                22487/clash
udp        0      0 :::51389                :::*                                22487/clash
udp        0      0 :::59600                :::*                                22487/clash
udp        0      0 :::57560                :::*                                22487/clash
udp        0      0 :::55552                :::*                                22487/clash
udp        0      0 :::59659                :::*                                22487/clash
udp        0      0 :::43282                :::*                                22487/clash
udp        0      0 :::51489                :::*                                22487/clash
udp        0      0 :::57652                :::*                                22487/clash
udp        0      0 :::59758                :::*                                22487/clash
udp        0      0 :::51589                :::*                                22487/clash
udp        0      0 :::35323                :::*                                22487/clash
udp        0      0 :::53774                :::*                                22487/clash
udp        0      0 :::41494                :::*                                22487/clash
udp        0      0 :::55834                :::*                                22487/clash
udp        0      0 :::47670                :::*                                22487/clash
udp        0      0 :::51781                :::*                                22487/clash
udp        0      0 :::33350                :::*                                22487/clash
udp        0      0 :::51785                :::*                                22487/clash
udp        0      0 :::45682                :::*                                22487/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:		127.0.0.1
Address:	127.0.0.1:53

www.baidu.com	canonical name = www.a.shifen.com
Name:	www.a.shifen.com
Address: 14.119.104.189
Name:	www.a.shifen.com
Address: 14.119.104.254

www.baidu.com	canonical name = www.a.shifen.com


#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 1
  data: 31.13.95.34
  name: www.instagram.com.
  type: 1

Additional: 
  TTL: 0
  data: ON:; EDNS: version 0; flags:; udp: 4096
  name: .
  type: 41


#===================== resolv.conf.auto =====================#

# Interface lan
nameserver 114.114.114.114
nameserver 119.29.29.29

#===================== resolv.conf.d =====================#

# Interface IPTV
nameserver 10.255.5.48
nameserver 222.246.129.80
# Interface WAN
nameserver 222.246.129.80
nameserver 59.51.78.210

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Sat, 29 Apr 2023 09:01:39 GMT
Etag: "575e1f65-115"
Last-Modified: Mon, 13 Jun 2016 02:50:13 GMT
Pragma: no-cache
Server: bfe/1.0.8.18


#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "c4bb90ae438326968603faec1fb27380615fa6040485f63636e70d4cbfae644b"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 95EE:527A:D13B8:EBFE5:6446C563
accept-ranges: bytes
date: Sat, 29 Apr 2023 09:01:39 GMT
via: 1.1 varnish
x-served-by: cache-tyo11953-TYO
x-cache: HIT
x-cache-hits: 1
x-timer: S1682758900.905382,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
x-fastly-request-id: 8a2e315652bd724d53cf7beb31bb68c36bd3c43e
expires: Sat, 29 Apr 2023 09:06:39 GMT
source-age: 5
content-length: 83


#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2023-04-29T09:01:45.251002211Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:45.25116257Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:45.254005171Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:45.254105711Z" level=debug msg="[Process] find process query-node.yfscdn.net: process not found"
time="2023-04-29T09:01:45.254208587Z" level=debug msg="[Process] find process query-node.yfscdn.net: process not found"
time="2023-04-29T09:01:45.254314337Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from udp://114.215.126.16:53"
time="2023-04-29T09:01:45.254377368Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from udp://119.29.29.29:53"
time="2023-04-29T09:01:45.254423586Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from udp://223.5.5.5:53"
time="2023-04-29T09:01:45.258567594Z" level=info msg="[TCP] 192.168.3.18:56392 --> prepush-valipl.cp31.ott.cibntv.net:80 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:45.277587438Z" level=info msg="[TCP] 192.168.3.3:46498 --> query-node.yfscdn.net:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:45.27985476Z" level=debug msg="[DNS] query-node.yfscdn.net --> [], from udp://223.5.5.5:53"
time="2023-04-29T09:01:45.27993836Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from tls://dot.tiar.app:853"
time="2023-04-29T09:01:45.279992651Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from https://jp.tiarap.org:443/dns-query"
time="2023-04-29T09:01:45.280204856Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from tls://1.1.1.1:853"
time="2023-04-29T09:01:45.280257905Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from https://doh.pub:443/dns-query"
time="2023-04-29T09:01:45.280389542Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from https://dns.alidns.com:443/dns-query"
time="2023-04-29T09:01:45.280481255Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from https://dns.cloudflare.com:443/dns-query"
time="2023-04-29T09:01:45.280585911Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from tls://dns.google:853"
time="2023-04-29T09:01:45.28063378Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from https://1.1.1.1:443/dns-query"
time="2023-04-29T09:01:45.280707139Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from https://jp.tiar.app:443/dns-query"
time="2023-04-29T09:01:45.280866664Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from tls://8.8.8.8:853"
time="2023-04-29T09:01:45.280904174Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from https://public.dns.iij.jp:443/dns-query"
time="2023-04-29T09:01:45.280990537Z" level=debug msg="[DNS] resolve query-node.yfscdn.net from tls://jp.tiar.app:853"
time="2023-04-29T09:01:45.301447642Z" level=debug msg="[DNS] query-node.yfscdn.net --> [], from https://dns.alidns.com:443/dns-query"
time="2023-04-29T09:01:45.327459879Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:45.327738932Z" level=debug msg="[Process] find process cloudcfg.yfp2p.net: process not found"
time="2023-04-29T09:01:45.327910753Z" level=debug msg="[Process] find process cloudcfg.yfp2p.net: process not found"
time="2023-04-29T09:01:45.332792529Z" level=info msg="[TCP] 192.168.3.3:37548 --> cloudcfg.yfp2p.net:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:45.473908498Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:45.474131441Z" level=debug msg="[Process] find process cloudcfg.yfp2p.net: process not found"
time="2023-04-29T09:01:45.474257402Z" level=debug msg="[Process] find process cloudcfg.yfp2p.net: process not found"
time="2023-04-29T09:01:45.485987999Z" level=info msg="[TCP] 192.168.3.3:37550 --> cloudcfg.yfp2p.net:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:46.247408171Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:46.247597023Z" level=debug msg="[Process] find process cloudcfg.yfp2p.net: process not found"
time="2023-04-29T09:01:46.247751921Z" level=debug msg="[Process] find process cloudcfg.yfp2p.net: process not found"
time="2023-04-29T09:01:46.256419723Z" level=info msg="[TCP] 192.168.3.3:37552 --> cloudcfg.yfp2p.net:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:46.298886387Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:46.299000137Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:46.299137461Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:46.304184376Z" level=info msg="[TCP] 192.168.3.18:56402 --> prepush-valipl.cp31.ott.cibntv.net:80 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:46.407716179Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:46.407966629Z" level=debug msg="[Process] find process api-ecn-kingdata.ksyun.com: process not found"
time="2023-04-29T09:01:46.408187814Z" level=debug msg="[Process] find process api-ecn-kingdata.ksyun.com: process not found"
time="2023-04-29T09:01:46.452530426Z" level=info msg="[TCP] 192.168.3.3:44490 --> api-ecn-kingdata.ksyun.com:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:46.91707748Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:46.91732281Z" level=debug msg="[Process] find process galaxy-access.onethingpcs.com: process not found"
time="2023-04-29T09:01:46.917546031Z" level=debug msg="[Process] find process galaxy-access.onethingpcs.com: process not found"
time="2023-04-29T09:01:46.939399228Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:46.939551265Z" level=debug msg="[Process] find process 61.184.70.134: process not found"
time="2023-04-29T09:01:46.939702457Z" level=debug msg="[Process] find process 61.184.70.134: process not found"
time="2023-04-29T09:01:46.939787669Z" level=info msg="[UDP] 192.168.3.3:50254 --> 61.184.70.134:6916 match GeoIP(CN) using DIRECT"
time="2023-04-29T09:01:46.957597503Z" level=info msg="[TCP] 192.168.3.3:48308 --> galaxy-access.onethingpcs.com:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:47.341843108Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:47.342062113Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:47.342189787Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:47.349057937Z" level=info msg="[TCP] 192.168.3.18:56410 --> prepush-valipl.cp31.ott.cibntv.net:80 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:47.640515053Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:47.640619396Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:47.640798634Z" level=debug msg="[Process] find process vod251-a01a-vip-lixian.xunlei.com: process not found"
time="2023-04-29T09:01:47.641019052Z" level=debug msg="[Process] find process vod251-a01a-vip-lixian.xunlei.com: process not found"
time="2023-04-29T09:01:47.641275491Z" level=debug msg="[Process] find process vod251-a01a-vip-lixian.xunlei.com: process not found"
time="2023-04-29T09:01:47.641390194Z" level=debug msg="[Process] find process vod251-a01a-vip-lixian.xunlei.com: process not found"
time="2023-04-29T09:01:47.719396414Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:47.719509782Z" level=debug msg="[Process] find process 223.11.109.197: process not found"
time="2023-04-29T09:01:47.71956943Z" level=debug msg="[Process] find process 223.11.109.197: process not found"
time="2023-04-29T09:01:47.719625762Z" level=info msg="[UDP] 192.168.3.3:23476 --> 223.11.109.197:13349 match GeoIP(CN) using DIRECT"
time="2023-04-29T09:01:48.415460751Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:48.4156705Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:48.415814545Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:48.424311377Z" level=info msg="[TCP] 192.168.3.18:56416 --> prepush-valipl.cp31.ott.cibntv.net:80 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:48.685537468Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:48.685702019Z" level=debug msg="[Process] find process query-node.yfscdn.net: process not found"
time="2023-04-29T09:01:48.685911692Z" level=debug msg="[Process] find process query-node.yfscdn.net: process not found"
time="2023-04-29T09:01:48.686717136Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:48.686820658Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:48.686902556Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:48.692276801Z" level=info msg="[TCP] 192.168.3.18:56420 --> prepush-valipl.cp31.ott.cibntv.net:80 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:48.71155165Z" level=info msg="[TCP] 192.168.3.3:46522 --> query-node.yfscdn.net:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:48.749641687Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:48.749837578Z" level=debug msg="[Process] find process ynuf.aliapp.org: process not found"
time="2023-04-29T09:01:48.749957912Z" level=debug msg="[Process] find process ynuf.aliapp.org: process not found"
time="2023-04-29T09:01:48.777195527Z" level=info msg="[TCP] 192.168.3.3:32683 --> vod251-a01a-vip-lixian.xunlei.com:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:48.777931844Z" level=info msg="[TCP] 192.168.3.3:28731 --> vod251-a01a-vip-lixian.xunlei.com:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:48.792975287Z" level=info msg="[TCP] [dd2a:2d32:39d4:0:844d:5d49:317c:b62b]:65367 --> ynuf.aliapp.org:443 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:49.005587531Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:49.005801703Z" level=debug msg="[Process] find process pssm.alicdn.com: process not found"
time="2023-04-29T09:01:49.005921779Z" level=debug msg="[Process] find process pssm.alicdn.com: process not found"
time="2023-04-29T09:01:49.034555899Z" level=info msg="[TCP] 192.168.3.18:52828 --> pssm.alicdn.com:80 match GeoSite(CN) using DIRECT"
time="2023-04-29T09:01:49.500113815Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:49.500244756Z" level=debug msg="[Process] find process 118.183.241.47: process not found"
time="2023-04-29T09:01:49.500343875Z" level=debug msg="[Process] find process 118.183.241.47: process not found"
time="2023-04-29T09:01:49.500400101Z" level=info msg="[UDP] 192.168.3.3:21247 --> 118.183.241.47:62324 match GeoIP(CN) using DIRECT"
time="2023-04-29T09:01:49.506271765Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:49.506406753Z" level=debug msg="[Process] find process 120.7.245.40: process not found"
time="2023-04-29T09:01:49.506524256Z" level=debug msg="[Process] find process 120.7.245.40: process not found"
time="2023-04-29T09:01:49.506594402Z" level=info msg="[UDP] 192.168.3.3:42804 --> 120.7.245.40:58957 match GeoIP(CN) using DIRECT"
time="2023-04-29T09:01:49.579340708Z" level=debug msg="[Rule] use default rules"
time="2023-04-29T09:01:49.579512311Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:49.579609911Z" level=debug msg="[Process] find process prepush-valipl.cp31.ott.cibntv.net: process not found"
time="2023-04-29T09:01:49.588237066Z" level=info msg="[TCP] 192.168.3.18:56426 --> prepush-valipl.cp31.ott.cibntv.net:80 match GeoSite(CN) using DIRECT"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#


#===================== 活动连接信息 =====================#

OpenClash Config

No response

Expected Behavior

challenges.cloudflare.com人机验证不会反复重新加载

Screenshots

No response

[chummumm]

经过反复测试时cf人机验证会使用quic，有没有什么办法可以单独为cf人机验证开放quic或者单独屏蔽youtube的quic

[Karmylr]

经过反复测试时cf人机验证会使用quic，有没有什么办法可以单独为cf人机验证开放quic或者单独屏蔽youtube的quic

取消勾选“禁用 QUIC”，用and规则禁用YouTube的quic

[chummumm]

经过反复测试时cf人机验证会使用quic，有没有什么办法可以单独为cf人机验证开放quic或者单独屏蔽youtube的quic

取消勾选“禁用 QUIC”，用and规则禁用YouTube的quic

meta内核貌似没法写脚本

[Karmylr]

经过反复测试时cf人机验证会使用quic，有没有什么办法可以单独为cf人机验证开放quic或者单独屏蔽youtube的quic

取消勾选“禁用 QUIC”，用and规则禁用YouTube的quic

meta内核貌似没法写脚本

用AND逻辑规则。性能比script好

[Karmylr]

话说没必要禁用quic吧，我这边quic能跑满100M家宽

[chummumm]

话说没必要禁用quic吧，我这边quic能跑满100M家宽

我这千兆的，区别有点大

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 5 days

[FanxJK]

解决了 https://rushb.pro/article/openclash-cloudflare_challenges.html

[chummumm]

解决了 https://rushb.pro/article/openclash-cloudflare_challenges.html

试了下，redir模式下关掉禁止quic就好了，但是fakeip模式下还是有问题