OpenClash
OpenClash copied to clipboard
vernesong
[Bug] 近期几个版本中IPV6设置的问题
Verify Steps
- [X] Tracker 我已经在 Issue Tracker 中找过我要提出的问题
- [X] Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中,或者我会手动下载并安装 Dev 分支的 OpenClash
- [X] Latest 我已经使用最新 Dev 版本测试过,问题依旧存在
- [X] Relevant 我知道 OpenClash 与 内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系,仅相互调用
- [X] Definite 这确实是 OpenClash 出现的问题
- [ ] Contributors 我有能力协助 OpenClash 开发并解决此问题
- [ ] Meaningless 我提交的是无意义的催促更新或修复请求
OpenClash Version
v0.46.033-beta
Bug on Environment
Other
OpenWrt Version
OpenWrt 23.05
Bug on Platform
Linux-arm64
Describe the Bug
安卓手机打开谷歌商店,点击右上角头像,点选“管理应用和设备”后,点第二项更新应用,如果全部应用都是最新,那么点页面下方的【检查是否有更新】的按钮,进行刷新,会长时间卡在页面转圈的状态
To Reproduce
不论opc是fakeip状态还是redir-host状态,主要”ipv6设置“里选择了 tun模式就会这样,而切换到 tproxy 模式,则上述问题消失。
OpenClash Log
OpenClash 调试日志
生成时间: 2024-09-24 13:26:30
插件版本:
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息
#===================== 系统信息 =====================#
主机型号: Redmi
固件版本: Kwrt 23.05-SNAPSHOT 09.05.2024
LuCI版本:
内核版本: 5.15.164
处理器架构:
#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid
DNS劫持: 停用
#DNS劫持为Dnsmasq时,此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#5300
#===================== 依赖检查 =====================#
dnsmasq-full: 未安装
coreutils: 未安装
coreutils-nohup: 未安装
bash: 未安装
curl: 未安装
ca-certificates: 未安装
ipset: 未安装
ip-full: 未安装
libcap: 未安装
libcap-bin: 未安装
ruby: 未安装
ruby-yaml: 未安装
ruby-psych: 未安装
ruby-pstore: 未安装
kmod-tun(TUN模式): 未安装
luci-compat(Luci >= 19.07): 未安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 未安装
kmod-nft-tproxy: 未安装
#===================== 内核检查 =====================#
运行状态: 运行中
运行内核:Meta
进程pid: 8299
运行权限: 8299: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_admin,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-arm64
#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Meta内核版本: alpha-g59a2b24
Meta内核文件: 存在
Meta内核运行权限: 正常
#===================== 插件设置 =====================#
当前配置文件: /etc/openclash/config/qm.yaml
启动配置文件: /etc/openclash/qm.yaml
运行模式: redir-host-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 启用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 启用
仅允许常用端口流量: 启用
绕过中国大陆IP: 启用
路由本机代理: 启用
#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用
#启动异常时建议关闭此项后重试
第三方规则: 停用
#===================== 自定义规则 一 =====================#
script:
## shortcuts:
## Notice: The core timezone is UTC
## CST 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
## 内核时区为UTC,故以下time.now()函数的取值需要根据本地时区进行转换
## 北京时间(CST) 20:00-24:00 = time.now().hour > 12 and time.now().hour < 16
## quic: network == 'udp' and dst_port == 443 and (geoip(resolve_ip(host)) != 'CN' or geoip(dst_ip) != 'CN')
## time-limit: in_cidr(src_ip,'192.168.1.2/32') and time.now().hour < 20 or time.now().hour > 21
## time-limit: src_ip == '192.168.1.2' and time.now().hour < 20 or time.now().hour > 21
## code: |
## def main(ctx, metadata):
## directkeywordlist = ["baidu"]
## for directkeyword in directkeywordlist:
## if directkeyword in metadata["host"]:
## ctx.log('[Script] matched keyword %s use direct' % directkeyword)
## return "DIRECT"
rules:
##- SCRIPT,quic,REJECT #shortcuts rule
##- SCRIPT,time-limit,REJECT #shortcuts rule
##- PROCESS-NAME,curl,DIRECT #匹配路由自身进程(curl直连)
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)
##排序在上的规则优先生效,如添加(去除规则前的#号):
##IP段:192.168.1.2-192.168.1.200 直连
##- SRC-IP-CIDR,192.168.1.2/31,DIRECT
##- SRC-IP-CIDR,192.168.1.4/30,DIRECT
##- SRC-IP-CIDR,192.168.1.8/29,DIRECT
##- SRC-IP-CIDR,192.168.1.16/28,DIRECT
##- SRC-IP-CIDR,192.168.1.32/27,DIRECT
##- SRC-IP-CIDR,192.168.1.64/26,DIRECT
##- SRC-IP-CIDR,192.168.1.128/26,DIRECT
##- SRC-IP-CIDR,192.168.1.192/29,DIRECT
##- SRC-IP-CIDR,192.168.1.200/32,DIRECT
##IP段:192.168.1.202-192.168.1.255 直连
##- SRC-IP-CIDR,192.168.1.202/31,DIRECT
##- SRC-IP-CIDR,192.168.1.204/30,DIRECT
##- SRC-IP-CIDR,192.168.1.208/28,DIRECT
##- SRC-IP-CIDR,192.168.1.224/27,DIRECT
##此时IP为192.168.1.1和192.168.1.201的客户端流量走代理(策略),其余客户端不走代理
##因为Fake-IP模式下,IP地址为192.168.1.1的路由器自身流量可走代理(策略),所以需要排除
##仅设置路由器自身直连:
##- SRC-IP-CIDR,192.168.1.1/32,DIRECT
##- SRC-IP-CIDR,198.18.0.1/32,DIRECT
##DDNS
##- DOMAIN-SUFFIX,checkip.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkipv6.dyndns.org,DIRECT
##- DOMAIN-SUFFIX,checkip.synology.com,DIRECT
##- DOMAIN-SUFFIX,ifconfig.co,DIRECT
##- DOMAIN-SUFFIX,api.myip.com,DIRECT
##- DOMAIN-SUFFIX,ip-api.com,DIRECT
##- DOMAIN-SUFFIX,ipapi.co,DIRECT
##- DOMAIN-SUFFIX,ip6.seeip.org,DIRECT
##- DOMAIN-SUFFIX,members.3322.org,DIRECT
##在线IP段转CIDR地址:http://ip2cidr.com
#===================== 自定义规则 二 =====================#
script:
## shortcuts:
## common_port: dst_port not in [21, 22, 23, 53, 80, 123, 143, 194, 443, 465, 587, 853, 993, 995, 998, 2052, 2053, 2082, 2083, 2086, 2095, 2096, 5222, 5228, 5229, 5230, 8080, 8443, 8880, 8888, 8889]
## code: |
## def main(ctx, metadata):
## directkeywordlist = ["baidu"]
## for directkeyword in directkeywordlist:
## if directkeyword in metadata["host"]:
## ctx.log('[Script] matched keyword %s use direct' % directkeyword)
## return "DIRECT"
rules:
##- SCRIPT,common_port,DIRECT #shortcuts rule
##- DOMAIN-SUFFIX,google.com,Proxy #匹配域名后缀(交由Proxy代理服务器组)
##- DOMAIN-KEYWORD,google,Proxy #匹配域名关键字(交由Proxy代理服务器组)
##- DOMAIN,google.com,Proxy #匹配域名(交由Proxy代理服务器组)
##- DOMAIN-SUFFIX,ad.com,REJECT #匹配域名后缀(拒绝)
##- IP-CIDR,127.0.0.0/8,DIRECT #匹配数据目标IP(直连)
##- SRC-IP-CIDR,192.168.1.201/32,DIRECT #匹配数据发起IP(直连)
##- DST-PORT,80,DIRECT #匹配数据目标端口(直连)
##- SRC-PORT,7777,DIRECT #匹配数据源端口(直连)
#===================== 配置文件 =====================#
port: 7890
socks-port: 7891
redir-port: 7892
allow-lan: true
mode: rule
log-level: silent
external-controller: 0.0.0.0:9090
proxy-groups:
- name: "\U0001F530国外流量"
type: select
proxies:
******
tproxy-port: 7895
mixed-port: 7893
bind-address: "*"
external-ui: "/usr/share/openclash/ui"
ipv6: true
geodata-loader: standard
tcp-concurrent: true
global-client-fingerprint: random
dns:
enable: true
ipv6: true
enhanced-mode: redir-host
listen: 0.0.0.0:7874
nameserver:
- https://https://dns.google/dns-query
- https://https://dns64.dns.google/dns-query
- https://https://cloudflare-dns.com/dns-query
- https://https://1.1.1.1/dns-query
- https://https://1.0.0.1/dns-query
fallback:
- https://dns.cloudflare.com/dns-query
- https://1.1.1.1/dns-query
- https://public.dns.iij.jp/dns-query
- https://jp.tiar.app/dns-query
- https://jp.tiarap.org/dns-query
- https://doh.dnslify.com/dns-query
- https://dns.twnic.tw/dns-query
- https://dns.oszx.co/dns-query
- https://doh.applied-privacy.net/query
- https://doh.ffmuc.net/dns-query
- https://doh.mullvad.net/dns-query
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 0.0.0.0/8
- 10.0.0.0/8
- 100.64.0.0/10
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
domain:
- "+.amazonaws.com"
- "+.bing.com"
- "+.facebook.com"
- "+.github.com"
- "+.githubusercontent.com"
- "+.google.com"
- "+.googleapis.cn"
- "+.googlevideo.com"
- "+.gstatic.com"
- "+.jsdelivr.net"
- "+.kernel.org"
- "+.live.com"
- "+.media.dssott.com"
- "+.microsoft.com"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- "+.netflix.com"
- "+.nflxvideo.net"
- "+.openai.com"
- "+.sentry.io"
- "+.stripe.com"
- "+.youtube.com"
fake-ip-filter-mode: blacklist
sniffer:
enable: true
force-dns-mapping: true
parse-pure-ip: true
force-domain:
- "+.amazonaws.com"
- "+.bing.com"
- "+.facebook.com"
- "+.github.com"
- "+.githubusercontent.com"
- "+.google.com"
- "+.googleapis.cn"
- "+.googlevideo.com"
- "+.gstatic.com"
- "+.jsdelivr.net"
- "+.kernel.org"
- "+.live.com"
- "+.media.dssott.com"
- "+.microsoft.com"
- "+.msftconnecttest.com"
- "+.msftncsi.com"
- "+.netflix.com"
- "+.nflxvideo.net"
- "+.openai.com"
- "+.paypal.com"
- "+.sentry.io"
- "+.stripe.com"
- "+.youtube.com"
skip-domain:
- "+.apple.com"
- Mijia Cloud
- dlg.io.mi.com
- nobepay.com
sniff:
TLS:
HTTP:
ports:
- 80
- 8080-8880
override-destination: true
tun:
enable: true
stack: mixed
device: utun
dns-hijack:
- tcp://any:53
gso: true
gso-max-size: 65536
auto-route: false
auto-detect-interface: false
auto-redirect: false
strict-route: false
profile:
store-selected: true
store-fake-ip: true
authentication:
- Clash:PYKCf3Lm
rule-providers:
微软服务:
type: http
behavior: classical
path: "/etc/openclash/rule_provider/Microsoft.yaml"
url: https://raw.githubusercontent.com/dler-io/Rules/master/Clash/Provider/Microsoft.yaml
interval: 86400
Steam:
type: http
behavior: classical
path: "/etc/openclash/rule_provider/Steam.yaml"
url: https://raw.githubusercontent.com/dler-io/Rules/master/Clash/Provider/Steam.yaml
interval: 86400
#===================== 自定义覆写设置 =====================#
#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts
LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path
#Simple Demo:
#General Demo
#1--config path
#2--key name
#3--value
#ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
#ruby_edit "$CONFIG_FILE" "['secret']" "123456"
#ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
#Hash Demo
#1--config path
#2--key name
#3--hash type value
#ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
#ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"
#Array Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value
#ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"
#Array Add From Yaml File Demo:
#1--config path
#2--key name
#3--position(start from 0, end with -1)
#4--value file path
#5--value key name in #4 file
#ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"
#Ruby Script Demo:
#ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
# begin
# Value = YAML.load_file('$CONFIG_FILE');
# rescue Exception => e
# puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
# end;
#General
# begin
# Thread.new{
# Value['redir-port']=7892;
# Value['tproxy-port']=7895;
# Value['port']=7890;
# Value['socks-port']=7891;
# Value['mixed-port']=7893;
# }.join;
# rescue Exception => e
# puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
# ensure
# File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
# end" 2>/dev/null >> $LOG_FILE
exit 0
#===================== 自定义防火墙设置 =====================#
#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh
# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
exit 0
#===================== IPTABLES 防火墙设置 =====================#
#IPv4 NAT chain
# Generated by iptables-save v1.8.8 (nf_tables) on Tue Sep 24 13:26:32 2024
*nat
:PREROUTING ACCEPT [660130:55369731]
:INPUT ACCEPT [296372:22778699]
:OUTPUT ACCEPT [1147654:74191041]
:POSTROUTING ACCEPT [1647966:110996770]
:CLOUD_MUSIC - [0:0]
-A PREROUTING -p tcp -m set --match-set music dst -j CLOUD_MUSIC
-A CLOUD_MUSIC -d 0.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 10.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 127.0.0.0/8 -j RETURN
-A CLOUD_MUSIC -d 169.254.0.0/16 -j RETURN
-A CLOUD_MUSIC -d 172.16.0.0/12 -j RETURN
-A CLOUD_MUSIC -d 192.168.0.0/16 -j RETURN
-A CLOUD_MUSIC -d 224.0.0.0/4 -j RETURN
-A CLOUD_MUSIC -d 240.0.0.0/4 -j RETURN
-A CLOUD_MUSIC -p tcp -m set --match-set music_http src -m tcp --dport 80 -j RETURN
-A CLOUD_MUSIC -p tcp -m set --match-set music_https src -m tcp --dport 443 -j RETURN
COMMIT
# Completed on Tue Sep 24 13:26:32 2024
#IPv4 Mangle chain
# Generated by iptables-save v1.8.8 (nf_tables) on Tue Sep 24 13:26:32 2024
*mangle
:PREROUTING ACCEPT [43868725:34729525600]
:INPUT ACCEPT [36848605:29827610104]
:FORWARD ACCEPT [6495806:4666589574]
:OUTPUT ACCEPT [22970939:13002835618]
:POSTROUTING ACCEPT [29411805:17667063528]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_FORWARD -s 192.168.2.111/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.111/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.230/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.230/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.207/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.207/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.231/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.231/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.199/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.199/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.212/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.212/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.240/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.240/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.156/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.156/32 -j RETURN
-A RRDIPT_FORWARD -s 192.168.2.120/32 -j RETURN
-A RRDIPT_FORWARD -d 192.168.2.120/32 -j RETURN
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_INPUT -i pppoe-wan -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A RRDIPT_OUTPUT -o pppoe-wan -j RETURN
COMMIT
# Completed on Tue Sep 24 13:26:32 2024
#IPv4 Filter chain
# Generated by iptables-save v1.8.8 (nf_tables) on Tue Sep 24 13:26:32 2024
*filter
:INPUT ACCEPT [36848597:29827608796]
:FORWARD ACCEPT [6495806:4666589574]
:OUTPUT ACCEPT [22970930:13002834507]
-A OUTPUT -d x.x.x.10/32 -j DROP
COMMIT
# Completed on Tue Sep 24 13:26:32 2024
#IPv6 NAT chain
#IPv6 Mangle chain
# Generated by ip6tables-save v1.8.8 on Tue Sep 24 13:26:32 2024
*mangle
:PREROUTING ACCEPT [153:55143]
:INPUT ACCEPT [75:15903]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [151:53990]
:POSTROUTING ACCEPT [154:54206]
:RRDIPT_FORWARD - [0:0]
:RRDIPT_INPUT - [0:0]
:RRDIPT_OUTPUT - [0:0]
-A INPUT -j RRDIPT_INPUT
-A FORWARD -j RRDIPT_FORWARD
-A OUTPUT -j RRDIPT_OUTPUT
-A RRDIPT_INPUT -i br-lan -j RETURN
-A RRDIPT_INPUT -i pppoe-wan -j RETURN
-A RRDIPT_OUTPUT -o br-lan -j RETURN
-A RRDIPT_OUTPUT -o pppoe-wan -j RETURN
COMMIT
# Completed on Tue Sep 24 13:26:32 2024
#IPv6 Filter chain
# Generated by ip6tables-save v1.8.8 on Tue Sep 24 13:26:32 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Tue Sep 24 13:26:32 2024
#===================== NFTABLES 防火墙设置 =====================#
table inet fw4 {
chain input {
type filter hook input priority filter; policy drop;
iifname "pppoe-wan" ip6 saddr != @localnetwork6 counter packets 1564 bytes 122340 jump openclash_wan6_input
meta l4proto { tcp, udp } iifname "utun" counter packets 55760 bytes 13026357 accept comment "OpenClash TUN Input"
iifname "pppoe-wan" ip saddr != @localnetwork counter packets 91428 bytes 21226362 jump openclash_wan_input
iif "lo" accept comment "!fw4: Accept traffic from loopback"
ct state vmap { established : accept, related : accept } comment "!fw4: Handle inbound flows"
tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
iifname { "wan", "pppoe-wan" } jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
jump handle_reject
}
}
table inet fw4 {
chain forward {
type filter hook forward priority filter; policy drop;
meta l4proto { tcp, udp } iifname "utun" counter packets 54515 bytes 14305008 accept comment "OpenClash TUN Forward"
meta l4proto { tcp, udp } oifname "utun" counter packets 42406 bytes 11158295 accept comment "OpenClash TUN Forward"
meta l4proto { tcp, udp } flow add @ft
ct state vmap { established : accept, related : accept } comment "!fw4: Handle forwarded flows"
iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
iifname { "wan", "pppoe-wan" } jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
jump upnp_forward comment "Hook into miniupnpd forwarding chain"
jump handle_reject
}
}
table inet fw4 {
chain dstnat {
type nat hook prerouting priority dstnat; policy accept;
ip6 daddr { 2001:4860:4860::8844, 2001:4860:4860::8888 } tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash Google DNS Hijack"
iifname { "wan", "pppoe-wan" } jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic"
jump upnp_prerouting comment "Hook into miniupnpd prerouting chain"
}
}
table inet fw4 {
chain srcnat {
type nat hook postrouting priority srcnat; policy accept;
meta nfproto ipv4 oifname "utun" counter packets 652 bytes 45407 return comment "OpenClash TUN Postrouting"
oifname { "wan", "pppoe-wan" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
jump upnp_postrouting comment "Hook into miniupnpd postrouting chain"
}
}
table inet fw4 {
chain nat_output {
type nat hook output priority filter - 1; policy accept;
meta skuid != 65534 meta nfproto ipv6 tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash TCP DNS Hijack"
meta skuid != 65534 meta nfproto ipv4 tcp dport 53 counter packets 0 bytes 0 accept comment "OpenClash TCP DNS Hijack"
meta nfproto ipv6 counter packets 1395 bytes 126625 jump openclash_output_v6
}
}
table inet fw4 {
chain mangle_prerouting {
type filter hook prerouting priority mangle; policy accept;
meta nfproto ipv4 meta l4proto { tcp, udp } counter packets 311478 bytes 66864959 jump openclash_mangle
meta nfproto ipv6 counter packets 40354 bytes 8545183 jump openclash_mangle_v6
}
}
table inet fw4 {
chain mangle_output {
type route hook output priority mangle; policy accept;
meta nfproto ipv4 meta l4proto { tcp, udp } counter packets 206222 bytes 211640017 jump openclash_mangle_output
}
}
table inet fw4 {
chain openclash_mangle {
meta nfproto ipv4 tcp sport 1688 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 68 counter packets 2 bytes 666 return
meta l4proto { tcp, udp } iifname "utun" counter packets 110223 bytes 27327933 return
ip daddr @localnetwork counter packets 156358 bytes 28219633 return
meta l4proto { tcp, udp } th dport != @common_ports counter packets 305 bytes 17977 return
ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 2182 bytes 139965 return
ip protocol udp counter packets 148 bytes 70875 jump openclash_upnp
meta l4proto { tcp, udp } th dport 0-65535 meta mark set 0x00000162 counter packets 42408 bytes 11158785
}
}
table inet fw4 {
chain openclash_mangle_output {
meta nfproto ipv4 tcp sport 1688 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
ip daddr @localnetwork counter packets 57333 bytes 178266408 return
meta l4proto { tcp, udp } th dport != @common_ports meta skuid != 65534 counter packets 0 bytes 0 return
meta skuid != 65534 ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 696 bytes 52956 return
tcp dport 0-65535 meta skuid != 65534 meta mark set 0x00000162 counter packets 5618 bytes 622981
}
}
table inet fw4 {
chain openclash_wan_input {
udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 3 bytes 136 reject
}
}
table inet fw4 {
chain openclash_dns_hijack {
}
}
table inet fw4 {
chain openclash_mangle_v6 {
meta nfproto ipv6 tcp sport 1688 counter packets 0 bytes 0 return
meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
meta nfproto ipv6 udp sport 546 counter packets 2 bytes 370 return
ip6 daddr @localnetwork6 counter packets 28323 bytes 6020497 return
meta nfproto ipv6 udp dport 53 counter packets 0 bytes 0 return
meta nfproto ipv6 th dport != @common_ports counter packets 12 bytes 1565 return
ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 447 bytes 38639 return
meta nfproto ipv6 tcp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 10075 bytes 1734033 accept comment "OpenClash TCP Tproxy"
meta nfproto ipv6 udp dport 0-65535 meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 1495 bytes 750079 accept comment "OpenClash UDP Tproxy"
}
}
table inet fw4 {
chain openclash_output_v6 {
ip6 daddr @localnetwork6 counter packets 177 bytes 28516 return
meta nfproto ipv6 th dport != @common_ports meta skuid != 65534 counter packets 0 bytes 0 return
meta skuid != 65534 ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 1 bytes 96 return
meta nfproto ipv6 meta skuid != 65534 tcp dport 0-65535 counter packets 14 bytes 1120 redirect to :7892
}
}
table inet fw4 {
chain openclash_wan6_input {
udp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
tcp dport { 7874, 7890, 7891, 7892, 7893, 7895, 9090 } counter packets 0 bytes 0 reject
}
}
#===================== IPSET状态 =====================#
Name: music
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x126cb015
Size in memory: 2568
References: 1
Number of entries: 59
Name: mwan3_connected_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xd727860b
Size in memory: 1328
References: 1
Number of entries: 18
Name: mwan3_connected_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x0596d587
Size in memory: 1752
References: 1
Number of entries: 7
Name: mwan3_source_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x50a9eb31
Size in memory: 1608
References: 0
Number of entries: 5
Name: mwan3_dynamic_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x34efe002
Size in memory: 464
References: 1
Number of entries: 0
Name: mwan3_dynamic_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x8a7cd0d5
Size in memory: 1248
References: 1
Number of entries: 0
Name: mwan3_custom_v4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x46904d48
Size in memory: 464
References: 1
Number of entries: 0
Name: mwan3_custom_v6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x81df3559
Size in memory: 1248
References: 1
Number of entries: 0
Name: music_http
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5ee5363
Size in memory: 208
References: 1
Number of entries: 0
Name: music_https
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x6ca397a7
Size in memory: 208
References: 1
Number of entries: 0
Name: music_proxy_http
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xa179e8ac
Size in memory: 208
References: 0
Number of entries: 0
Name: music_proxy_https
Type: hash:ip
Revision: 5
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x3cdebce4
Size in memory: 208
References: 0
Number of entries: 0
Name: mwan3_connected
Type: list:set
Revision: 3
Header: size 8
Size in memory: 376
References: 0
Number of entries: 6
#===================== 路由表状态 =====================#
#IPv4
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 222.1.192.1 0.0.0.0 UG 0 0 0 pppoe-wan
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 bond-23
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 wan
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
198.18.0.0 0.0.0.0 255.255.255.252 U 0 0 0 utun
222.1.192.1 0.0.0.0 255.255.255.255 UH 0 0 0 pppoe-wan
#ip route list
default via 222.1.192.1 dev pppoe-wan proto static
10.0.0.0/24 dev bond-23 proto kernel scope link src 10.0.0.1
192.168.1.0/24 dev wan proto kernel scope link src 192.168.1.2
192.168.2.0/24 dev br-lan proto kernel scope link src 192.168.2.1
198.18.0.0/30 dev utun proto kernel scope link src 198.18.0.1
222.1.192.1 dev pppoe-wan proto kernel scope link src *WAN IP*.38
#ip rule show
0: from all lookup local
32765: from all fwmark 0x162 lookup 354
32766: from all lookup main
32767: from all lookup default
#IPv6
#route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::/0 :: U 1024 2 0 lo
::/0 :: U 1024 1 0 utun
::/0 UG 512 6 0 pppoe-wan
::/0 UG 512 5 0 pppoe-wan
240e::/64 :: U 256 5 0 wan
240e::/64 :: U 1024 2 0 br-lan
240e::/64 :: !n 2147483647 1 0 lo
240e::/56 UG 512 4 0 wan
240e::/56 :: !n 2147483647 1 0 lo
240e::/64 :: !n 2147483647 2 0 lo
240e::/64 :: !n 2147483647 2 0 lo
fdfe:dcba:9876::/126 :: U 256 5 0 utun
fe80::/128 :: U 256 1 0 pppoe-wan
fe80::/128 :: U 256 1 0 pppoe-wan
fe80::/64 :: U 256 6 0 br-lan
fe80::/64 :: U 256 1 0 wan
fe80::/64 :: U 256 1 0 utun
::/0 UG 512 5 0 wan
::1/128 :: Un 0 7 0 lo
240e::/128 :: Un 0 3 0 br-lan
240e::/128 :: Un 0 3 0 wan
240e::1/128 :: Un 0 9 0 br-lan
*WAN IP*:6a0a/128 :: Un 0 6 0 wan
240e::/128 :: Un 0 3 0 pppoe-wan
*WAN IP*:6a0a/128 :: Un 0 4 0 pppoe-wan
fdfe::/128 :: Un 0 3 0 utun
fdfe::1/128 :: Un 0 7 0 utun
fe80::/128 :: Un 0 7 0 br-lan
fe80::/128 :: Un 0 3 0 wan
fe80::/128 :: Un 0 3 0 utun
fe80::/128 :: Un 0 3 0 pppoe-wan
fe80::/128 :: Un 0 3 0 wan
fe80::/128 :: Un 0 5 0 br-lan
fe80::/128 :: Un 0 2 0 utun
ff00::/8 :: U 256 5 0 br-lan
ff00::/8 :: U 256 5 0 wan
ff00::/8 :: U 256 5 0 pppoe-wan
ff00::/8 :: U 256 5 0 utun
::/0 :: !n -1 2 0 lo
#ip -6 route list
default from via dev pppoe-wan proto static metric 512 pref medium
default from via dev pppoe-wan proto static metric 512 pref medium
dev wan proto static metric 256 pref medium
dev br-lan proto static metric 1024 pref medium
#ip -6 rule show
0: from all lookup local
32760: from all fwmark 0x162 lookup 354
32761: from all oif utun lookup 2022
32762: from all oif utun lookup 2022
32763: from all oif utun lookup 2022
32764: from all oif utun lookup 2022
32765: from all oif utun lookup 2022
32766: from all lookup main
4200000000: from 240e:/60 iif br-lan unreachable
#===================== Tun设备状态 =====================#
utun: tun vnet_hdr
#===================== 端口占用状态 =====================#
tcp 0 0 198.18.0.1:34209 0.0.0.0:* LISTEN 8299/clash
tcp 0 0 :::* LISTEN 8299/clash
tcp 0 0 :::7891 :::* LISTEN 8299/clash
tcp 0 0 :::7890 :::* LISTEN 8299/clash
tcp 0 0 :::7895 :::* LISTEN 8299/clash
tcp 0 0 :::7893 :::* LISTEN 8299/clash
tcp 0 0 :::7892 :::* LISTEN 8299/clash
tcp 0 0 :::9090 :::* LISTEN 8299/clash
udp 0 0 :::48662 :::* 8299/clash
udp 0 0 :::7874 :::* 8299/clash
udp 0 0 :::7891 :::* 8299/clash
udp 0 0 :::7892 :::* 8299/clash
udp 0 0 :::7893 :::* 8299/clash
udp 0 0 :::7895 :::* 8299/clash
#===================== 测试本机DNS查询(www.baidu.com) =====================#
Server: 127.0.0.1
Address: 127.0.0.1:53
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address: 180.101.50.242
Name: www.a.shifen.com
Address: 180.101.50.188
Non-authoritative answer:
www.baidu.com canonical name = www.a.shifen.com
Name: www.a.shifen.com
Address:
Name: www.a.shifen.com
Address:
#===================== 测试内核DNS查询(www.instagram.com) =====================#
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 1
Qclass: 1
Answer:
TTL: 3590
data: z-p42-instagram.c10r.instagram.com.
name: www.instagram.com.
type: 5
TTL: 50
data: 157.240.31.174
name: z-p42-instagram.c10r.instagram.com.
type: 1
Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false
Question:
Name: www.instagram.com.
Qtype: 28
Qclass: 1
Answer:
TTL: 3525
data: z-p42-instagram.c10r.instagram.com.
name: www.instagram.com.
type: 5
TTL: 36
data: 2a23:2680:f70f:e5:fdce:b00c:0:4320
name: z-p42-instagram.c10r.instagram.com.
type: 28
Dnsmasq 当前默认 resolv 文件:/tmp/resolv.conf.d/resolv.conf.auto
#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#
# Interface wan
nameserver 180.
nameserver 116.
# Interface wan6
nameserver 240e:
# Interface wan_6
nameserver 240e:
nameserver 240e:
#===================== 测试本机网络连接(www.baidu.com) =====================#
HTTP/1.1 200 OK
Bdpagetype: 1
Bdqid: 0xb6ddd0ba0000895c
Connection: keep-alive
Content-Length: 414487
Content-Type: text/html; charset=utf-8
Date: Tue, 24 Sep 2024 05:26:33 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=D05AF63BF5674C391F9E727C4A5E533A; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1727155593; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDSVRTM=0; path=/
Set-Cookie: BD_HOME=1; path=/
Set-Cookie: BAIDUID=D05AF63BF5674C391F9E727C4A5E533A:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=D05AF63BF5674C391F9E727C4A5E533A:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1727155593060717057013176917582038468956
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
X-Xss-Protection: 1;mode=block
#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#
HTTP/2 200
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "f6037a93c68519d7041a3b4df325b61c424ec255b45dfeb063371319e39b0d96"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: F599:
accept-ranges: bytes
date: Tue, 24 Sep 2024 05:26:34 GMT
via: 1.1 varnish
x-served-by: cache-tyo11931-TYO
x-cache: MISS
x-cache-hits: 0
x-timer: S1727155594.841046,VS0,VE290
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 2fbd3e2ce40892b517356a895f8b2521f9c4ca37
expires: Tue, 24 Sep 2024 05:31:34 GMT
source-age: 0
content-length: 1071
#===================== 最近运行日志(自动切换为Debug模式) =====================#
time="2024-09-24T04:01:16.877391386Z" level=info msg="Initial configuration complete, total time: 5831ms"
2024-09-24 12:01:24 Tip: Waiting for TUN Interface Start...
2024-09-24 12:01:24 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2024-09-24 12:01:24 Tip: Start Add Custom Firewall Rules...
2024-09-24 12:01:24 Step 7: Restart Dnsmasq...
2024-09-24 12:01:25 Step 8: Add Cron Rules, Start Daemons...
2024-09-24 12:01:25 OpenClash Start Successful!
2024-09-24 12:34:10 OpenClash Restart...
2024-09-24 12:34:10 OpenClash Stoping...
2024-09-24 12:34:10 Step 1: Backup The Current Groups State...
2024-09-24 12:34:10 Step 2: Delete OpenClash Firewall Rules...
2024-09-24 12:34:14 Step 3: Close The OpenClash Daemons...
2024-09-24 12:34:14 Step 4: Close The Clash Core Process...
2024-09-24 12:34:14 Step 5: Restart Dnsmasq...
2024-09-24 12:34:15 Step 6: Delete OpenClash Residue File...
2024-09-24 12:34:15 OpenClash Start Running...
2024-09-24 12:34:15 Step 1: Get The Configuration...
2024-09-24 12:34:15 Step 2: Check The Components...
2024-09-24 12:34:15 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2024-09-24 12:34:15 Step 3: Modify The Config File...
2024-09-24 12:34:17 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:PYKCf3Lm】
2024-09-24 12:34:19 Tip: Start Running Custom Overwrite Scripts...
2024-09-24 12:34:19 Step 4: Start Running The Clash Core...
2024-09-24 12:34:19 Test The Config File First...
time="2024-09-24T04:34:21.003495407Z" level=info msg="Start initial configuration in progress"
time="2024-09-24T04:34:21.021358254Z" level=info msg="Geodata Loader mode: standard"
time="2024-09-24T04:34:21.021455441Z" level=info msg="Geosite Matcher implementation: succinct"
time="2024-09-24T04:34:21.021973826Z" level=info msg="Load GeoSite rule: cn"
time="2024-09-24T04:34:24.07595682Z" level=info msg="Load GeoSite rule: category-public-tracker"
time="2024-09-24T04:34:24.731257844Z" level=info msg="Finished initial GeoSite rule category-public-tracker => DIRECT, records: 174"
time="2024-09-24T04:34:24.74172549Z" level=info msg="Initial configuration complete, total time: 3737ms"
2024-09-24 12:34:24 configuration file【/etc/openclash/xm.yaml】test is successful
2024-09-24 12:34:25 Step 5: Check The Core Status...
time="2024-09-24T04:34:27.284776328Z" level=info msg="Start initial configuration in progress"
time="2024-09-24T04:34:27.302771258Z" level=info msg="Geodata Loader mode: standard"
time="2024-09-24T04:34:27.302887664Z" level=info msg="Geosite Matcher implementation: succinct"
time="2024-09-24T04:34:27.303367299Z" level=info msg="Load GeoSite rule: cn"
2024-09-24 12:34:28 Step 6: Set Firewall Rules...
2024-09-24 12:34:28 Tip: DNS Hijacking is Disabled...
2024-09-24 12:34:28 Tip: IPv6 Proxy Mode is TUN...
2024-09-24 12:34:28 Tip: Firewall4 was Detected, Use NFTABLE Rules...
time="2024-09-24T04:34:30.486015114Z" level=info msg="Load GeoSite rule: category-public-tracker"
time="2024-09-24T04:34:31.141987439Z" level=info msg="Finished initial GeoSite rule category-public-tracker => DIRECT, records: 174"
time="2024-09-24T04:34:31.150636962Z" level=info msg="Initial configuration complete, total time: 3865ms"
2024-09-24 12:34:34 Tip: Waiting for TUN Interface Start...
2024-09-24 12:34:39 Tip: Waiting for TUN Interface Start...
2024-09-24 12:34:39 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2024-09-24 12:34:40 Tip: Start Add Custom Firewall Rules...
2024-09-24 12:34:40 Step 7: Restart Dnsmasq...
2024-09-24 12:34:40 Step 8: Add Cron Rules, Start Daemons...
2024-09-24 12:34:40 OpenClash Start Successful!
2024-09-24 12:36:17 OpenClash Restart...
2024-09-24 12:36:17 OpenClash Stoping...
2024-09-24 12:36:17 Step 1: Backup The Current Groups State...
2024-09-24 12:36:17 Step 2: Delete OpenClash Firewall Rules...
2024-09-24 12:36:21 Step 3: Close The OpenClash Daemons...
2024-09-24 12:36:21 Step 4: Close The Clash Core Process...
2024-09-24 12:36:21 Step 5: Restart Dnsmasq...
2024-09-24 12:36:22 Step 6: Delete OpenClash Residue File...
2024-09-24 12:36:22 OpenClash Start Running...
2024-09-24 12:36:22 Step 1: Get The Configuration...
2024-09-24 12:36:22 Step 2: Check The Components...
2024-09-24 12:36:23 Tip: Because of the file【 /etc/config/openclash 】modificated, Pause quick start...
2024-09-24 12:36:23 Step 3: Modify The Config File...
2024-09-24 12:36:24 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:PYKCf3Lm】
2024-09-24 12:36:26 Tip: Start Running Custom Overwrite Scripts...
2024-09-24 12:36:26 Step 4: Start Running The Clash Core...
2024-09-24 12:36:26 Test The Config File First...
time="2024-09-24T04:36:28.257396476Z" level=info msg="Start initial configuration in progress"
time="2024-09-24T04:36:28.27491224Z" level=info msg="Geodata Loader mode: standard"
time="2024-09-24T04:36:28.275039428Z" level=info msg="Geosite Matcher implementation: succinct"
time="2024-09-24T04:36:28.275926094Z" level=info msg="Load GeoSite rule: cn"
time="2024-09-24T04:36:37.092394165Z" level=info msg="Load GeoSite rule: category-public-tracker"
time="2024-09-24T04:36:37.731632597Z" level=info msg="Finished initial GeoSite rule category-public-tracker => DIRECT, records: 174"
time="2024-09-24T04:36:37.740463265Z" level=info msg="Initial configuration complete, total time: 9482ms"
2024-09-24 12:36:37 configuration file【/etc/openclash/xm.yaml】test is successful
2024-09-24 12:36:38 Step 5: Check The Core Status...
time="2024-09-24T04:36:40.276731856Z" level=info msg="Start initial configuration in progress"
time="2024-09-24T04:36:40.294579703Z" level=info msg="Geodata Loader mode: standard"
time="2024-09-24T04:36:40.2946809Z" level=info msg="Geosite Matcher implementation: succinct"
time="2024-09-24T04:36:40.295154389Z" level=info msg="Load GeoSite rule: cn"
2024-09-24 12:36:41 Step 6: Set Firewall Rules...
2024-09-24 12:36:41 Tip: DNS Hijacking is Disabled...
2024-09-24 12:36:41 Tip: IPv6 Proxy Mode is TProxy...
2024-09-24 12:36:41 Tip: Firewall4 was Detected, Use NFTABLE Rules...
time="2024-09-24T04:36:45.27603765Z" level=info msg="Load GeoSite rule: category-public-tracker"
time="2024-09-24T04:36:46.244279715Z" level=info msg="Finished initial GeoSite rule category-public-tracker => DIRECT, records: 174"
time="2024-09-24T04:36:46.278989784Z" level=info msg="Initial configuration complete, total time: 6001ms"
2024-09-24 12:36:47 Tip: Waiting for TUN Interface Start...
2024-09-24 12:36:53 Tip: Start Add Port Bypassing Rules For Firewall Redirect and Firewall Rules...
2024-09-24 12:36:53 Tip: Start Add Custom Firewall Rules...
2024-09-24 12:36:53 Step 7: Restart Dnsmasq...
2024-09-24 12:36:54 Step 8: Add Cron Rules, Start Daemons...
2024-09-24 12:36:54 OpenClash Start Successful!
time="2024-09-24T05:26:44.17050917Z" level=debug msg="[Sniffer] Sniff tcp [192.168.1.222:57001]-->[47.86.91.152:443] success, replace domain []-->[api.flicker.cool]"
time="2024-09-24T05:26:44.170701982Z" level=debug msg="[Rule] use default rules"
time="2024-09-24T05:26:44.189927524Z" level=debug msg="[Process] find process api.flicker.cool error: netlink receive: no such file or directory"
time="2024-09-24T05:26:44.190243669Z" level=debug msg="[DNS] cache hit knfc.xmrthnode.com --> [] AAAA, expire at 2024-09-24 05:27:10"
time="2024-09-24T05:26:44.190322159Z" level=debug msg="[DNS] cache hit knfc.xmrthnode.com --> [183.14.30.223] A, expire at 2024-09-24 05:26:55"
time="2024-09-24T05:26:44.349443518Z" level=info msg="[TCP] 192.168.1.222:57001 --> api.*.cool:443 match DstPort(443) using ⚓️其他流量[中继]"
#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#
#===================== 活动连接信息 =====================#
### OpenClash Config
_No response_
### Expected Behavior
ipv6设置成 tun模式后,手机谷歌商店的:检查软件更新页面里点击【检查是否有更新】的按钮,刷新不卡死
### Additional Context
_No response_
