OpenClash
OpenClash copied to clipboard
vernesong
访问部分网站证书不对应,页面指向到openwrt,关闭op后访问正常
Verify Steps
- [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [X] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中,或者我会手动下载并安装 Dev 分支的 OpenClash
- [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [X] Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系,仅相互调用
- [X] Definite 这确实是 OpenClash 出现的问题
- [ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
- [ ] Meaningless 我提交的是无意义的催促更新或修复请求
OpenClash Version
v0.46.014-beta
Bug on Environment
Other
OpenWrt Version
OpenWrt 08.23.2023 by Kiddin' / LuCI Master git-24.234.21016-c65420d
Bug on Platform
Linux-amd64(x86-64)
Describe the Bug
访问部分网站时,chrome提示如下: 您的连接不是私密连接 ,攻击者可能会试图从 www.uy5.net 窃取您的信息(例如:密码、通讯内容或信用卡信息)。了解详情 ,NET::ERR_CERT_COMMON_NAME_INVALID。www.uy5.net 通常会使用加密技术来保护您的信息。Chrome 此次尝试连接到 www.uy5.net 时,该网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充 www.uy5.net,或者 Wi-Fi 登录屏幕中断了此次连接。请放心,您的信息仍然是安全的,因为 Chrome 尚未进行任何数据交换便停止了连接。 您目前无法访问 www.uy5.net,因为此网站使用了 HSTS。网络错误和攻击通常是暂时的,因此,此网页稍后可能会恢复正常。
ping不通www.uy5.net,尝试使用nslookup,结果如下,DNS指向到op: 服务器: op Address: 10.0.0.2 名称: www.uy5.net Address: 198.18.1.205
尝试在op里调试日志测试连接,测试DNS,结果如下: 找不到任何连接日志!
- 可能是插件未在运行
- 可能是缓存导致浏览直接使用 IP 地址进行访问
- 可能是 DNS 未劫持成功,导致 Clash 无法正确反推出域名连接
- 可能是所填地址无法进行解析和连接
Status: 0 TC: false RD: true RA: true AD: false CD: false
Question: Name: www.uy5.net. Qtype: 1 Qclass: 1
Answer: TTL: 1 data: 61.160.148.90 name: www.uy5.net. type: 1
Status: 0 TC: false RD: true RA: true AD: false CD: false
Question: Name: www.uy5.net. Qtype: 28 Qclass: 1
Answer: TTL: 1 data: ::1 name: www.uy5.net. type: 28
To Reproduce
不清楚,只有部分网站一直出现该问题,如www.uy5.net和myavxx.xyz。当我关闭openclash后就可以正常访问了。
OpenClash Log
OpenClash 调试日志
生成时间: 2024-06-28 20:13:04
插件版本: v0.46.014-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: QEMU Standard PC (i440FX + PIIX, 1996)
固件版本: OpenWrt 23.05.0-rc3 08.22.2023
LuCI版本: git-23.051.66410-a505bb1
内核版本: 5.15.127
处理器架构: x86_64
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP:
DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874
#===================== 依赖检查 =====================#
dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:TUN
进程pid: 29370
运行权限: 29370: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-amd64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常
Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常
Meta内核版本: alpha-g0d4e57c
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/老猫云.yaml
启动配置文件: /etc/openclash/老猫云.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 停用
仅代理命中规则流量: 启用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 启用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 自定义规则 一 =====================#
script:
## shortcuts:
## Notice: The core timezone is UTC
## CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
## 内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
## 北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
## quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
## time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
## time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21
## code: |
## def main(ctx, metadata):
## directkeywordlist = ["baidu"]
## for directkeyword in directkeywordlist:
## if directkeyword in metadata["host"]:
## ctx.log('[Script] matched keyword %s use direct' % directkeyword)
## return "DIRECT"
rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule
##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)
##排序在上的规则优先生效,如添加(去除规则前的#号):
##IP段:192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT
##IP段:192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT
##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理
##因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除
##仅设置路由器自身直连:
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT
##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT
##在线IP段转CIDR地址:http://ip2cidr.com
##############################################################---PT站点
- DOMAIN-SUFFIX,themoviedb.org,Proxies #刮削
- DOMAIN-SUFFIX,m-team.cc,DIRECT #馒头
- DOMAIN-SUFFIX,m-team.io,DIRECT #馒头
- DOMAIN-SUFFIX,hddolby.com,DIRECT #高清
- DOMAIN-SUFFIX,hdatmos.club,DIRECT #阿童木
- DOMAIN-SUFFIX,btschool.club,DIRECT #学校
##############################################################---VPN
##- DOMAIN-SUFFIX,dler.io,DIRECT #订阅模板
##- DOMAIN-SUFFIX,xn--mest5a943ag8x.xyz,DIRECT #翻墙
- DOMAIN-SUFFIX,一元机场.com,DIRECT #一元机场
- DOMAIN-SUFFIX,patriot.ninja,DIRECT #BTW
##############################################################---小说
- DOMAIN-SUFFIX,360cdnjiasu.com,DIRECT
- DOMAIN-SUFFIX,zwwx.org,DIRECT
- DOMAIN-SUFFIX,yuzhaiwu.uk,DIRECT
- DOMAIN-SUFFIX,xsyq.cc,DIRECT
##############################################################---漫画
- DOMAIN-SUFFIX,18comic.vip,Netflix #禁漫天堂
- DOMAIN-SUFFIX,manhuagui.com,Netflix #漫画柜
- DOMAIN-SUFFIX,hanime1.me,Netflix #
##############################################################---影视剧
- DOMAIN-SUFFIX,zjtu.tv,DIRECT #追剧兔
- DOMAIN-SUFFIX,91porn.com,Proxies #91
##############################################################---游戏
- DOMAIN-SUFFIX,5eplay.com,DIRECT #5E
##############################################################---其他
- DOMAIN-SUFFIX,supes.top,DIRECT #OP固件
- DOMAIN-SUFFIX,openwrt.ai,DIRECT #OP固件
##- DOMAIN-SUFFIX,speedtest.net,Proxies #测速
- DOMAIN-SUFFIX,xtatcha.com,DIRECT #群晖&openclash
##- DOMAIN-SUFFIX,github.com,DIRECT #github
- DOMAIN-SUFFIX,githubusercontent.com,Proxies #github仓库
- DOMAIN-SUFFIX,ghproxy.com,Proxies #等待验证???
- DOMAIN-SUFFIX,debian.org,Proxies #debian
- DOMAIN-SUFFIX,snipaste.com,DIRECT #截图snipaste
- DOMAIN-SUFFIX,syncthing.net,DIRECT #syncthing同步
- DOMAIN-SUFFIX,pi-hole.net,DIRECT #pi-hole
##- DOMAIN-SUFFIX,axutongxue.net,DIRECT #阿虚同学的储物柜
##- DOMAIN-SUFFIX,uy5.net,DIRECT #克隆窝
- DOMAIN-SUFFIX,jnoljinugtfc12.buzz,Proxies #Bemoter跨境电商
- DOMAIN-SUFFIX,chatgpt.com,YouTube #ChatGPT
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#Simple Demo:
#General Demo
#1--config path
#2--key name
#3--value
#ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
#ruby_edit "$CONFIG_FILE" "['secret']" "123456"
#ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
#Hash Demo
#1--config path
#2--key name
#3--hash type value
#ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
#ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"
#Array Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value
#ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"
#Array Add From Yaml File Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value file path
#5--value key name in #4 file
#ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"
#Ruby Script Demo:
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.7 on Fri Jun 28 20:13:07 2024
*nat
:PREROUTING ACCEPT [10777:1239672]
:INPUT ACCEPT [8587:941418]
:OUTPUT ACCEPT [10205:639673]
:POSTROUTING ACCEPT [1273:84156]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
-A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A MINIUPNPD -p udp -m udp --dport 8568 -j DNAT --to-destination 10.0.0.64:8568
-A MINIUPNPD -p udp -m udp --dport 8629 -j DNAT --to-destination 10.0.0.11:8629
-A MINIUPNPD -p udp -m udp --dport 8567 -j DNAT --to-destination 10.0.0.11:8567
-A MINIUPNPD -p udp -m udp --dport 8587 -j DNAT --to-destination 10.0.0.63:8568
-A MINIUPNPD -p udp -m udp --dport 8657 -j DNAT --to-destination 10.0.0.63:8567
-A MINIUPNPD -p udp -m udp --dport 8656 -j DNAT --to-destination 10.0.0.63:8567
-A MINIUPNPD -p udp -m udp --dport 8592 -j DNAT --to-destination 10.0.0.63:8567
-A MINIUPNPD -p udp -m udp --dport 8573 -j DNAT --to-destination 10.0.0.63:8567
-A MINIUPNPD -p udp -m udp --dport 8579 -j DNAT --to-destination 10.0.0.63:8567
-A MINIUPNPD -p udp -m udp --dport 8665 -j DNAT --to-destination 10.0.0.63:8567
-A MINIUPNPD -p tcp -m tcp --dport 41573 -j DNAT --to-destination 10.0.0.15:22000
-A MINIUPNPD -p tcp -m tcp --dport 26066 -j DNAT --to-destination 10.0.0.15:22000
-A MINIUPNPD -p udp -m udp --dport 8614 -j DNAT --to-destination 10.0.0.63:8567
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8568 -j MASQUERADE --to-ports 8587
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j MASQUERADE --to-ports 8657
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j MASQUERADE --to-ports 8656
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j MASQUERADE --to-ports 8592
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j MASQUERADE --to-ports 8573
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j MASQUERADE --to-ports 8579
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j MASQUERADE --to-ports 8665
-A MINIUPNPD-POSTROUTING -s 10.0.0.15/32 -p tcp -m tcp --sport 22000 -j MASQUERADE --to-ports 41573
-A MINIUPNPD-POSTROUTING -s 10.0.0.15/32 -p tcp -m tcp --sport 22000 -j MASQUERADE --to-ports 26066
-A MINIUPNPD-POSTROUTING -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j MASQUERADE --to-ports 8614
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -d 198.18.0.0/16 -p tcp -j REDIRECT --to-ports 7892
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -j MINIUPNPD
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Fri Jun 28 20:13:07 2024
#IPv4 Mangle chain
# Generated by iptables-save v1.8.7 on Fri Jun 28 20:13:07 2024
*mangle
:PREROUTING ACCEPT [1967458:1390469759]
:INPUT ACCEPT [656613:741235110]
:FORWARD ACCEPT [1328395:651042481]
:OUTPUT ACCEPT [606113:728530006]
:POSTROUTING ACCEPT [1877109:1372924368]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A OUTPUT -p udp -j openclash_output
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -d 198.18.0.0/16 -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash -m set --match-set china_ip_route dst -m set ! --match-set china_ip_route_pass dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_upnp -s 10.0.0.64/32 -p udp -m udp --sport 8568 -j RETURN
-A openclash_upnp -s 10.0.0.11/32 -p udp -m udp --sport 8629 -j RETURN
-A openclash_upnp -s 10.0.0.11/32 -p udp -m udp --sport 8567 -j RETURN
-A openclash_upnp -s 10.0.0.63/32 -p udp -m udp --sport 8568 -j RETURN
-A openclash_upnp -s 10.0.0.63/32 -p udp -m udp --sport 8567 -j RETURN
-A openclash_upnp -s 10.0.0.15/32 -p tcp -m tcp --sport 22000 -j RETURN
COMMIT
# Completed on Fri Jun 28 20:13:07 2024
#IPv4 Filter chain
# Generated by iptables-save v1.8.7 on Fri Jun 28 20:13:07 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LUCKY - [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A INPUT -j LUCKY
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A LUCKY -p tcp -m tcp --dport 9951 -j ACCEPT
-A LUCKY -p tcp -m tcp --dport 19951 -j ACCEPT
-A MINIUPNPD -d 10.0.0.64/32 -p udp -m udp --dport 8568 -j ACCEPT
-A MINIUPNPD -d 10.0.0.11/32 -p udp -m udp --dport 8629 -j ACCEPT
-A MINIUPNPD -d 10.0.0.11/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8568 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8567 -j ACCEPT
-A MINIUPNPD -d 10.0.0.15/32 -p tcp -m tcp --dport 22000 -j ACCEPT
-A MINIUPNPD -d 10.0.0.15/32 -p tcp -m tcp --dport 22000 -j ACCEPT
-A MINIUPNPD -d 10.0.0.63/32 -p udp -m udp --dport 8567 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -p tcp -m comment --comment "!fw3: 旁路由" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -p udp -m comment --comment "!fw3: 旁路由" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Fri Jun 28 20:13:07 2024
#IPv6 NAT chain
# Generated by ip6tables-save v1.8.7 on Fri Jun 28 20:13:07 2024
*nat
:PREROUTING ACCEPT [2786:245423]
:INPUT ACCEPT [2756:241313]
:OUTPUT ACCEPT [4783:430353]
:POSTROUTING ACCEPT [4783:430353]
:openclash_output - [0:0]
-A PREROUTING -d 2001:4860:4860::8844/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -d 2001:4860:4860::8888/128 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A OUTPUT -j openclash_output
-A openclash_output -m set --match-set localnetwork6 dst -j RETURN
-A openclash_output -m owner ! --uid-owner 65534 -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
COMMIT
# Completed on Fri Jun 28 20:13:07 2024
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.7 on Fri Jun 28 20:13:07 2024
*mangle
:PREROUTING ACCEPT [65463:92607214]
:INPUT ACCEPT [64611:92536204]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [46194:6514554]
:POSTROUTING ACCEPT [46238:6520230]
:openclash - [0:0]
-A PREROUTING -j openclash
-A openclash -i lo -j RETURN
-A openclash -m set --match-set localnetwork6 dst -j RETURN
-A openclash -p udp -m udp --dport 53 -j RETURN
-A openclash -m set --match-set china_ip6_route dst -m set ! --match-set china_ip6_route_pass dst -j RETURN
-A openclash -p tcp -m comment --comment "OpenClash TCP Tproxy" -j TPROXY --on-port 7895 --on-ip :: --tproxy-mark 0x162/0xffffffff
-A openclash -p udp -m comment --comment "OpenClash UDP Tproxy" -j TPROXY --on-port 7895 --on-ip :: --tproxy-mark 0x162/0xffffffff
COMMIT
# Completed on Fri Jun 28 20:13:07 2024
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.7 on Fri Jun 28 20:13:07 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LUCKY - [0:0]
:MINIUPNPD - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
-A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip6_route dst -j REJECT --reject-with icmp6-port-unreachable
-A INPUT -j LUCKY
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A LUCKY -p tcp -m tcp --dport 19950 -j ACCEPT
-A LUCKY -p tcp -m tcp --dport 9951 -j ACCEPT
-A LUCKY -p tcp -m tcp --dport 19951 -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -p tcp -m comment --comment "!fw3: 旁路由" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -p udp -m comment --comment "!fw3: 旁路由" -j zone_lan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
COMMIT
# Completed on Fri Jun 28 20:13:07 2024
#===================== IPSET状态 =====================#
Name: localnetwork
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xea875668
Size in memory: 944
References: 3
Number of entries: 10
Name: china_ip_route
Type: hash:net
Revision: 7
Header: family inet hashsize 2048 maxelem 1000000 bucketsize 12 initval 0x838e5ca9
Size in memory: 195512
References: 4
Number of entries: 7088
Name: china_ip_route_pass
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x8918102a
Size in memory: 464
References: 3
Number of entries: 0
Name: china_ip6_route
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0x1a6572ec
Size in memory: 92544
References: 3
Number of entries: 2016
Name: china_ip6_route_pass
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 1000000 bucketsize 12 initval 0xfbddc031
Size in memory: 1248
References: 2
Number of entries: 0
Name: localnetwork6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x39ecb137
Size in memory: 2400
References: 2
Number of entries: 16
#===================== 路由表状态 =====================#
#IPv4
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 br-lan
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
#ip route list
default via 10.0.0.1 dev br-lan proto static
10.0.0.0/24 dev br-lan proto kernel scope link src 10.0.0.2
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#IPv6
#route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 :: U 1024 1 0 lo
::/0 fe80::c877:6ff:fefb:bc95 UG 512 5 0 br-lan
::/0 fe80::c877:6ff:fefb:bc95 UG 512 1 0 br-lan
240e:3a1:8438:e190::/64 :: !n 2147483647 6 0 lo
240e:3a1:8439:ef00::/64 :: U 256 5 0 br-lan
240e:3a1:8439:ef00::/64 :: !n 2147483647 1 0 lo
fd56:b34c:1a0e::/64 :: U 256 5 0 br-lan
fd56:b34c:1a0e::/64 :: !n 2147483647 1 0 lo
fe80::/64 :: U 256 6 0 br-lan
::/0 :: !n -1 2 0 lo
::1/128 :: Un 0 7 0 lo
240e:3a1:8439:ef00::/128 :: Un 0 3 0 br-lan
240e:3a1:8439:ef00:2c4a:99ff:feaa:2233/128 :: Un 0 7 0 br-lan
fd56:b34c:1a0e::/128 :: Un 0 3 0 br-lan
*WAN IP*:2233/128 :: Un 0 4 0 br-lan
fe80::/128 :: Un 0 3 0 br-lan
fe80::2c4a:99ff:feaa:2233/128 :: Un 0 7 0 br-lan
ff00::/8 :: U 256 7 0 br-lan
::/0 :: !n -1 2 0 lo
#ip -6 route list
default from 240e:3a1:8439:ef00::/64 via fe80::c877:6ff:fefb:bc95 dev br-lan proto static metric 512 pref medium
default from fd56:b34c:1a0e::/64 via fe80::c877:6ff:fefb:bc95 dev br-lan proto static metric 512 pref medium
unreachable 240e:3a1:8438:e190::/64 dev lo proto static metric 2147483647 pref medium
240e:3a1:8439:ef00::/64 dev br-lan proto static metric 256 pref medium
unreachable 240e:3a1:8439:ef00::/64 dev lo proto static metric 2147483647 pref medium
fd56:b34c:1a0e::/64 dev br-lan proto static metric 256 pref medium
unreachable fd56:b34c:1a0e::/64 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
#ip -6 rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
#===================== 端口占用状态 =====================#
tcp 0 0 :::7891 :::* LISTEN 29370/clash
tcp 0 0 :::7890 :::* LISTEN 29370/clash
tcp 0 0 :::7893 :::* LISTEN 29370/clash
tcp 0 0 :::7892 :::* LISTEN 29370/clash
tcp 0 0 :::7895 :::* LISTEN 29370/clash
tcp 0 0 :::9090 :::* LISTEN 29370/clash
udp 0 0 :::37435 :::* 29370/clash
udp 0 0 :::43649 :::* 29370/clash
udp 0 0 :::47745 :::* 29370/clash
udp 0 0 :::58048 :::* 29370/clash
udp 0 0 :::7874 :::* 29370/clash
udp 0 0 :::7891 :::* 29370/clash
udp 0 0 :::7892 :::* 29370/clash
udp 0 0 :::7893 :::* 29370/clash
udp 0 0 :::7895 :::* 29370/clash
udp 0 0 :::55037 :::* 29370/clash
udp 0 0 :::48968 :::* 29370/clash
udp 0 0 :::49163 :::* 29370/clash
udp 0 0 :::32834 :::* 29370/clash
udp 0 0 :::41100 :::* 29370/clash
udp 0 0 :::57521 :::* 29370/clash
udp 0 0 :::41140 :::* 29370/clash
udp 0 0 :::41145 :::* 29370/clash
udp 0 0 :::37080 :::* 29370/clash
udp 0 0 :::53501 :::* 29370/clash
udp 0 0 :::51504 :::* 29370/clash
udp 0 0 :::35172 :::* 29370/clash
udp 0 0 :::55770 :::* 29370/clash
udp 0 0 :::54816 :::* 29370/clash
udp 0 0 :::38436 :::* 29370/clash
udp 0 0 :::58920 :::* 29370/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 180.101.50.242
Name: www.a.shifen.com
Address: 180.101.50.188
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 240e:e9:6002:15c:0:ff:b015:146f
Name: www.a.shifen.com
Address: 240e:e9:6002:15a:0:ff:b05c:1278
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 1
Qclass: 1
Answer:
TTL: 1
data: 31.13.87.34
name: www.instagram.com.
type: 1
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 28
Qclass: 1
Answer:
TTL: 1
data: 2a03:2880:f112:83:face:b00c:0:25de
name: www.instagram.com.
type: 28
Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto
#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#
# Interface IPV6
nameserver fd56:b34c:1a0e::1
# Interface lan
nameserver 223.5.5.5
nameserver 119.29.29.29
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Bdpagetype: 1
Bdqid: 0xac03f7bd002353e5
Connection: keep-alive
Content-Length: 409479
Content-Type: text/html; charset=utf-8
Date: Fri, 28 Jun 2024 12:13:07 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=A3A2BB9C132015C319103F629EB041E8; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1719576787; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDSVRTM=0; path=/
Set-Cookie: BD_HOME=1; path=/
Set-Cookie: BAIDUID=A3A2BB9C132015C319103F629EB041E8:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=A3A2BB9C132015C319103F629EB041E8:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1719576787061319988212395022990576931813
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
X-Xss-Protection: 1;mode=block
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
HTTP/2 404
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
content-type: text/plain; charset=utf-8
x-github-request-id: F7EC:BBEB7:2B4973:32FFE0:667EA8B2
accept-ranges: bytes
date: Fri, 28 Jun 2024 12:13:08 GMT
via: 1.1 varnish
x-served-by: cache-nrt-rjtf7700077-NRT
x-cache: HIT
x-cache-hits: 1
x-timer: S1719576788.267217,VS0,VE1
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 4587b7a64bd18e3caeafc0fc570d131c715c11a4
expires: Fri, 28 Jun 2024 12:18:08 GMT
source-age: 33
content-length: 14
#===================== 最近运行日志(自动切换为Debug模式) =====================#
12:13:12 DBG [Matcher] find process failed error=process not found addr=173.24.72.216
12:13:12 INF [TCP] connected lAddr=10.0.0.4:40732 rAddr=45.9.62.29:23333 mode=rule rule=Match() proxy=DIRECT
12:13:12 WRN [TCP] dial failed error=dial tcp4 74.48.66.71:5675: connect: connection refused proxy=DIRECT lAddr=10.0.0.4:58778 rAddr=74.48.66.71:5675 rule=Match rulePayload=
12:13:12 DBG [UDP] accept session lAddr=10.0.0.15:52088 rAddr=5.5.5.5:55555 inbound=TProxy
12:13:12 DBG [Matcher] find process failed error=process not found addr=5.5.5.5
12:13:12 INF [UDP] connected lAddr=10.0.0.15:52088 rAddr=5.5.5.5:55555 mode=rule rule=Match() proxy=DIRECT
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:46799 rAddr=129.154.201.4:8999 inbound=Redir
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:49485 rAddr=20.212.33.239:51413 inbound=Redir
12:13:13 DBG [Matcher] find process failed error=process not found addr=129.154.201.4
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:33373 rAddr=149.88.26.162:42076 inbound=Redir
12:13:13 DBG [Matcher] find process failed error=process not found addr=20.212.33.239
12:13:13 DBG [Matcher] find process failed error=process not found addr=149.88.26.162
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:58967 rAddr=131.186.43.131:32836 inbound=Redir
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:34734 rAddr=114.24.98.134:9833 inbound=Redir
12:13:13 DBG [Matcher] find process failed error=process not found addr=114.24.98.134
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:56270 rAddr=172.247.123.11:13780 inbound=Redir
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:40040 rAddr=178.238.229.54:40888 inbound=Redir
12:13:13 DBG [Matcher] find process failed error=process not found addr=172.247.123.11
12:13:13 DBG [TCP] accept connection lAddr=10.0.0.4:58443 rAddr=107.172.79.141:60012 inbound=Redir
12:13:13 DBG [Matcher] find process failed error=process not found addr=178.238.229.54
12:13:13 DBG [Matcher] find process failed error=process not found addr=107.172.79.141
12:13:13 DBG [Matcher] find process failed error=process not found addr=131.186.43.131
12:13:13 INF [TCP] connected lAddr=10.0.0.4:49485 rAddr=20.212.33.239:51413 mode=rule rule=Match() proxy=DIRECT
12:13:14 WRN [TCP] dial failed error=dial tcp4 168.70.70.144:38708: i/o timeout proxy=DIRECT lAddr=10.0.0.4:51460 rAddr=168.70.70.144:38708 rule=Match rulePayload=
12:13:14 WRN [TCP] dial failed error=dial tcp4 147.122.43.76:56459: i/o timeout proxy=DIRECT lAddr=10.0.0.4:60130 rAddr=147.122.43.76:56459 rule=Match rulePayload=
12:13:14 DBG [TCP] accept connection lAddr=10.0.0.4:40114 rAddr=107.182.30.5:33913 inbound=Redir
12:13:14 DBG [TCP] accept connection lAddr=10.0.0.4:59886 rAddr=132.226.231.217:51413 inbound=Redir
12:13:14 DBG [Matcher] find process failed error=process not found addr=132.226.231.217
12:13:14 DBG [Matcher] find process failed error=process not found addr=107.182.30.5
12:13:14 DBG [TCP] accept connection lAddr=10.0.0.4:47166 rAddr=192.9.241.40:58799 inbound=Redir
12:13:14 DBG [Matcher] find process failed error=process not found addr=192.9.241.40
12:13:14 WRN [TCP] dial failed error=dial tcp4 192.9.241.40:58799: connect: connection refused proxy=DIRECT lAddr=10.0.0.4:47166 rAddr=192.9.241.40:58799 rule=Match rulePayload=
12:13:14 INF [TCP] connected lAddr=10.0.0.4:58443 rAddr=107.172.79.141:60012 mode=rule rule=Match() proxy=DIRECT
12:13:15 WRN [TCP] dial failed error=dial tcp4 142.171.65.158:37420: i/o timeout proxy=DIRECT lAddr=10.0.0.4:42686 rAddr=142.171.65.158:37420 rule=Match rulePayload=
12:13:15 DBG [TCP] accept connection lAddr=10.0.0.4:38827 rAddr=221.124.194.171:35583 inbound=Redir
12:13:15 DBG [TCP] accept connection lAddr=10.0.0.4:57471 rAddr=42.98.167.113:49293 inbound=Redir
12:13:15 DBG [Matcher] find process failed error=process not found addr=221.124.194.171
12:13:15 DBG [TCP] accept connection lAddr=10.0.0.4:53375 rAddr=20.212.33.239:51413 inbound=Redir
12:13:15 DBG [Matcher] find process failed error=process not found addr=42.98.167.113
12:13:15 DBG [Matcher] find process failed error=process not found addr=20.212.33.239
12:13:15 DBG [TCP] accept connection lAddr=10.0.0.4:44427 rAddr=221.124.194.171:35583 inbound=Redir
12:13:15 DBG [TCP] accept connection lAddr=10.0.0.4:33057 rAddr=142.171.46.31:38621 inbound=Redir
12:13:15 DBG [Matcher] find process failed error=process not found addr=221.124.194.171
12:13:15 DBG [TCP] accept connection lAddr=10.0.0.4:60642 rAddr=213.35.127.250:51413 inbound=Redir
12:13:15 DBG [Matcher] find process failed error=process not found addr=142.171.46.31
12:13:15 DBG [Matcher] find process failed error=process not found addr=213.35.127.250
12:13:15 WRN [TCP] dial failed error=dial tcp4 42.98.167.113:49293: connect: connection refused proxy=DIRECT lAddr=10.0.0.4:57471 rAddr=42.98.167.113:49293 rule=Match rulePayload=
12:13:15 INF [TCP] connected lAddr=10.0.0.4:53375 rAddr=20.212.33.239:51413 mode=rule rule=Match() proxy=DIRECT
12:13:15 INF [TCP] connected lAddr=10.0.0.4:33057 rAddr=142.171.46.31:38621 mode=rule rule=Match() proxy=DIRECT
12:13:15 INF [TCP] connected lAddr=10.0.0.4:60642 rAddr=213.35.127.250:51413 mode=rule rule=Match() proxy=DIRECT
12:13:15 INF [TCP] connected lAddr=10.0.0.4:38827 rAddr=221.124.194.171:35583 mode=rule rule=Match() proxy=DIRECT
12:13:15 INF [TCP] connected lAddr=10.0.0.4:44427 rAddr=221.124.194.171:35583 mode=rule rule=Match() proxy=DIRECT
12:13:15 DBG [UDP] accept session lAddr=10.0.0.15:55489 rAddr=5.5.5.5:55555 inbound=TProxy
12:13:15 DBG [Matcher] find process failed error=process not found addr=5.5.5.5
12:13:15 INF [UDP] connected lAddr=10.0.0.15:55489 rAddr=5.5.5.5:55555 mode=rule rule=Match() proxy=DIRECT
12:13:16 DBG [TCP] accept connection lAddr=10.0.0.4:51898 rAddr=107.172.79.141:60012 inbound=Redir
12:13:16 DBG [TCP] accept connection lAddr=10.0.0.4:48340 rAddr=142.171.46.31:38621 inbound=Redir
12:13:16 DBG [TCP] accept connection lAddr=10.0.0.4:38723 rAddr=125.199.241.115:63219 inbound=Redir
12:13:16 DBG [TCP] accept connection lAddr=10.0.0.4:54764 rAddr=118.161.143.211:58919 inbound=Redir
12:13:16 DBG [TCP] accept connection lAddr=10.0.0.4:42681 rAddr=143.198.63.21:45705 inbound=Redir
12:13:16 DBG [Matcher] find process failed error=process not found addr=125.199.241.115
12:13:16 DBG [Matcher] find process failed error=process not found addr=107.172.79.141
12:13:16 DBG [Matcher] find process failed error=process not found addr=142.171.46.31
12:13:16 DBG [Matcher] find process failed error=process not found addr=143.198.63.21
12:13:16 DBG [Matcher] find process failed error=process not found addr=118.161.143.211
12:13:16 INF [TCP] connected lAddr=10.0.0.4:54764 rAddr=118.161.143.211:58919 mode=rule rule=Match() proxy=DIRECT
12:13:16 INF [TCP] connected lAddr=10.0.0.4:51898 rAddr=107.172.79.141:60012 mode=rule rule=Match() proxy=DIRECT
12:13:16 WRN [TCP] dial failed error=dial tcp4 143.198.63.21:45705: connect: connection refused proxy=DIRECT lAddr=10.0.0.4:42681 rAddr=143.198.63.21:45705 rule=Match rulePayload=
12:13:16 INF [TCP] connected lAddr=10.0.0.4:48340 rAddr=142.171.46.31:38621 mode=rule rule=Match() proxy=DIRECT
12:13:17 WRN [TCP] dial failed error=dial tcp4 24.4.59.106:36922: i/o timeout proxy=DIRECT lAddr=10.0.0.4:56128 rAddr=24.4.59.106:36922 rule=Match rulePayload=
12:13:17 WRN [TCP] dial failed error=dial tcp4 13.231.128.231:27985: i/o timeout proxy=DIRECT lAddr=10.0.0.4:34827 rAddr=13.231.128.231:27985 rule=Match rulePayload=
12:13:17 WRN [TCP] dial failed error=dial tcp4 173.24.72.216:51413: i/o timeout proxy=DIRECT lAddr=10.0.0.4:56247 rAddr=173.24.72.216:51413 rule=Match rulePayload=
12:13:17 DBG [TCP] accept connection lAddr=10.0.0.4:52679 rAddr=123.194.32.40:51413 inbound=Redir
12:13:17 DBG [TCP] accept connection lAddr=10.0.0.4:51357 rAddr=171.239.139.2:1010 inbound=Redir
12:13:17 DBG [TCP] accept connection lAddr=10.0.0.4:45273 rAddr=51.89.151.110:9001 inbound=Redir
12:13:17 DBG [TCP] accept connection lAddr=10.0.0.4:55891 rAddr=103.120.10.160:63754 inbound=Redir
12:13:17 DBG [Matcher] find process failed error=process not found addr=123.194.32.40
12:13:17 DBG [Matcher] find process failed error=process not found addr=171.239.139.2
12:13:17 DBG [Matcher] find process failed error=process not found addr=103.120.10.160
12:13:17 DBG [Matcher] find process failed error=process not found addr=51.89.151.110
12:13:18 WRN [TCP] dial failed error=dial tcp4 129.154.201.4:8999: i/o timeout proxy=DIRECT lAddr=10.0.0.4:46799 rAddr=129.154.201.4:8999 rule=Match rulePayload=
12:13:18 WRN [TCP] dial failed error=dial tcp4 149.88.26.162:42076: i/o timeout proxy=DIRECT lAddr=10.0.0.4:33373 rAddr=149.88.26.162:42076 rule=Match rulePayload=
12:13:18 WRN [TCP] dial failed error=dial tcp4 114.24.98.134:9833: i/o timeout proxy=DIRECT lAddr=10.0.0.4:34734 rAddr=114.24.98.134:9833 rule=Match rulePayload=
12:13:18 DBG [TCP] accept connection lAddr=10.0.0.4:36913 rAddr=94.75.73.210:48500 inbound=Redir
12:13:18 DBG [TCP] accept connection lAddr=10.0.0.4:44940 rAddr=123.194.32.40:51413 inbound=Redir
12:13:18 DBG [TCP] accept connection lAddr=10.0.0.4:53933 rAddr=213.35.127.250:51413 inbound=Redir
12:13:18 DBG [TCP] accept connection lAddr=10.0.0.4:47206 rAddr=152.67.210.31:41122 inbound=Redir
12:13:18 DBG [Matcher] find process failed error=process not found addr=213.35.127.250
12:13:18 DBG [Matcher] find process failed error=process not found addr=123.194.32.40
12:13:18 DBG [Matcher] find process failed error=process not found addr=94.75.73.210
12:13:18 WRN [TCP] dial failed error=dial tcp4 172.247.123.11:13780: i/o timeout proxy=DIRECT lAddr=10.0.0.4:56270 rAddr=172.247.123.11:13780 rule=Match rulePayload=
12:13:18 DBG [Matcher] find process failed error=process not found addr=152.67.210.31
12:13:18 WRN [TCP] dial failed error=dial tcp4 178.238.229.54:40888: i/o timeout proxy=DIRECT lAddr=10.0.0.4:40040 rAddr=178.238.229.54:40888 rule=Match rulePayload=
12:13:18 WRN [TCP] dial failed error=dial tcp4 131.186.43.131:32836: i/o timeout proxy=DIRECT lAddr=10.0.0.4:58967 rAddr=131.186.43.131:32836 rule=Match rulePayload=
12:13:18 DBG [TCP] accept connection lAddr=10.0.0.15:3495 rAddr=a.nel.cloudflare.com:443 inbound=Redir
12:13:18 DBG [Matcher] find process failed error=process not found addr=a.nel.cloudflare.com
12:13:18 DBG [Matcher] resolve success host=a.nel.cloudflare.com ip=35.190.80.1
12:13:18 DBG [DNS] dns response source=10.0.0.10:53 qType=A name=33668.laomao-53875.xyz. answer=["120.233.27.193"]
12:13:18 WRN [TCP] dial failed error=dial tcp4 152.67.210.31:41122: connect: connection refused proxy=DIRECT lAddr=10.0.0.4:47206 rAddr=152.67.210.31:41122 rule=Match rulePayload=
12:13:18 INF [TCP] connected lAddr=10.0.0.15:3495 rAddr=a.nel.cloudflare.com:443 mode=rule rule=DomainSuffix(cloudflare.com) proxy=Proxies[台湾10]
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
1. SourceIP:【10.0.0.15】 - Host:【qqwry.api.skk.moe】 - DestinationIP:【172.67.148.227】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【DIRECT】
2. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
3. SourceIP:【10.0.0.15】 - Host:【activity.windows.com】 - DestinationIP:【20.69.137.228】 - Network:【tcp】 - RulePayload:【windows.com】 - Lastchain:【台湾10】
4. SourceIP:【10.0.0.15】 - Host:【raw.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
5. SourceIP:【10.0.0.15】 - Host:【alive.github.com】 - DestinationIP:【140.82.113.26】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【台湾10】
6. SourceIP:【10.0.0.16】 - Host:【mtalk.google.com】 - DestinationIP:【74.125.23.188】 - Network:【tcp】 - RulePayload:【mtalk.google.com】 - Lastchain:【台湾10】
7. SourceIP:【10.0.0.15】 - Host:【github.githubassets.com】 - DestinationIP:【185.199.110.154】 - Network:【tcp】 - RulePayload:【github】 - Lastchain:【台湾10】
8. SourceIP:【10.0.0.15】 - Host:【avatars2.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
9. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
10. SourceIP:【10.0.0.4】 - Host:【Empty】 - DestinationIP:【221.124.194.171】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
11. SourceIP:【10.0.0.15】 - Host:【a.nel.cloudflare.com】 - DestinationIP:【35.190.80.1】 - Network:【tcp】 - RulePayload:【cloudflare.com】 - Lastchain:【台湾10】
12. SourceIP:【10.0.0.2】 - Host:【op.supes.top】 - DestinationIP:【172.67.213.212】 - Network:【tcp】 - RulePayload:【supes.top】 - Lastchain:【DIRECT】
13. SourceIP:【10.0.0.4】 - Host:【Empty】 - DestinationIP:【211.51.7.97】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
14. SourceIP:【10.0.0.15】 - Host:【client.wns.windows.com】 - DestinationIP:【20.198.162.76】 - Network:【tcp】 - RulePayload:【windows.com】 - Lastchain:【台湾10】
15. SourceIP:【10.0.0.15】 - Host:【ext2-tyo3.steamserver.net】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【steamserver.net】 - Lastchain:【DIRECT】
16. SourceIP:【10.0.0.15】 - Host:【avatars1.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
17. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
18. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
19. SourceIP:【10.0.0.15】 - Host:【content-autofill.googleapis.com】 - DestinationIP:【172.217.160.74】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【台湾10】
20. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
21. SourceIP:【10.0.0.15】 - Host:【avatars0.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
22. SourceIP:【10.0.0.15】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
23. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
24. SourceIP:【10.0.0.15】 - Host:【avatars3.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
25. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
26. SourceIP:【10.0.0.15】 - Host:【stun.syncthing.net】 - DestinationIP:【139.59.84.212】 - Network:【udp】 - RulePayload:【syncthing.net】 - Lastchain:【DIRECT】
27. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
28. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
29. SourceIP:【10.0.0.15】 - Host:【avatars.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
30. SourceIP:【10.0.0.15】 - Host:【api.ipify.org】 - DestinationIP:【172.67.74.152】 - Network:【tcp】 - RulePayload:【443】 - Lastchain:【DIRECT】
31. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
32. SourceIP:【10.0.0.15】 - Host:【private-user-images.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
33. SourceIP:【10.0.0.15】 - Host:【clients4.google.com】 - DestinationIP:【172.217.163.46】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【台湾10】
34. SourceIP:【10.0.0.15】 - Host:【www.youtube.com】 - DestinationIP:【199.59.148.229】 - Network:【tcp】 - RulePayload:【youtube.com】 - Lastchain:【新加坡03】
35. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
36. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
37. SourceIP:【10.0.0.4】 - Host:【Empty】 - DestinationIP:【221.124.194.171】 - Network:【tcp】 - RulePayload:【】 - Lastchain:【DIRECT】
38. SourceIP:【10.0.0.15】 - Host:【api-ipv4.ip.sb】 - DestinationIP:【104.26.12.31】 - Network:【tcp】 - RulePayload:【ip.sb】 - Lastchain:【台湾10】
39. SourceIP:【10.0.0.15】 - Host:【mtalk.google.com】 - DestinationIP:【74.125.203.188】 - Network:【tcp】 - RulePayload:【mtalk.google.com】 - Lastchain:【台湾10】
40. SourceIP:【10.0.0.4】 - Host:【db.xtatcha.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【xtatcha.com】 - Lastchain:【DIRECT】
41. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
42. SourceIP:【10.0.0.16】 - Host:【cn.pool.ntp.org】 - DestinationIP:【162.159.200.1】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
43. SourceIP:【10.0.0.15】 - Host:【a.nel.cloudflare.com】 - DestinationIP:【35.190.80.1】 - Network:【tcp】 - RulePayload:【cloudflare.com】 - Lastchain:【台湾10】
44. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
45. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
46. SourceIP:【10.0.0.2】 - Host:【dl.openwrt.ai】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【openwrt.ai】 - Lastchain:【DIRECT】
47. SourceIP:【10.0.0.15】 - Host:【chromewebstore.google.com】 - DestinationIP:【142.251.42.238】 - Network:【tcp】 - RulePayload:【google】 - Lastchain:【台湾10】
48. SourceIP:【10.0.0.15】 - Host:【raw.githubusercontent.com】 - DestinationIP:【】 - Network:【tcp】 - RulePayload:【githubusercontent.com】 - Lastchain:【台湾10】
49. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
50. SourceIP:【10.0.0.15】 - Host:【Empty】 - DestinationIP:【5.5.5.5】 - Network:【udp】 - RulePayload:【】 - Lastchain:【DIRECT】
### OpenClash Config
_No response_
### Expected Behavior
求助,请问该问题能否解决,或者能否通过设置缓解
### Additional Context
_No response_
