By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tracker 我已经在 Issue Tracker 中找过我要提出的问题

Latest 我已经使用最新 Dev 版本测试过，问题依旧存在

Core 这是 OpenClash 存在的问题，并非我所使用的 Clash 或 Meta 等内核的特定问题

Meaningful 我提交的不是无意义的 催促更新或修复 请求

OpenClash Version

v0.45.59-beta

Bug on Environment

Official OpenWrt

Bug on Platform

Linux-mipsle-softfloat

To Reproduce

重启浏览器后首次打开一个 国外 网页，如 Google、GitHub 等。

Describe the Bug

第一次打开时， Initial connection 和 SSL 耗时常常能达到 10s+，表现就是网页一直卡白屏很久，非常影响网页浏览体验。

当浏览器没关闭的 第二次 打开网站时，响应非常迅速，一切正常。

F12 调试器截图在下方截图区内。

OpenClash Log

OpenClash 调试日志

生成时间: 2022-10-25 22:26:44
插件版本:
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息

#===================== 系统信息 =====================# 主机型号: Xiaomi Mi Router CR660x 固件版本: OpenWrt SNAPSHOT r4458-ad34521be LuCI版本: git-22.103.65959-d9db1b0-1 内核版本: 5.4.188 处理器架构: mipsel_24kc #此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP IPV6-DHCP: server #此项结果应仅有配置文件的DNS监听地址 Dnsmasq转发设置: 127.0.0.1#7874 #===================== 依赖检查 =====================# dnsmasq-full: 未安装 coreutils: 已安装 coreutils-nohup: 未安装 bash: 已安装 curl: 已安装 ca-certificates: 已安装 ipset: 已安装 ip-full: 已安装 libcap: 已安装 libcap-bin: 已安装 ruby: 已安装 ruby-yaml: 已安装 ruby-psych: 已安装 ruby-pstore: 已安装 kmod-tun(TUN模式): 已安装 luci-compat(Luci >= 19.07): 已安装 kmod-inet-diag(PROCESS-NAME): 已安装 unzip: 已安装 iptables-mod-tproxy: 已安装 kmod-ipt-tproxy: 已安装 iptables-mod-extra: 已安装 kmod-ipt-extra: 已安装 kmod-ipt-nat: 已安装 #===================== 内核检查 =====================# 运行状态: 运行中 进程pid: 1319 运行权限: 1319: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip 运行用户: nobody 已选择的架构: linux-mipsle-softfloat #下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限 Tun内核版本: 2022.08.26-3-ge16bdd2 Tun内核文件: 存在 Tun内核运行权限: 正常 Dev内核版本: v1.11.8-3-g4f291fa Dev内核文件: 存在 Dev内核运行权限: 正常 Meta内核版本: alpha-g9b89ff9 Meta内核文件: 存在 Meta内核运行权限: 正常 #===================== 插件设置 =====================# 当前配置文件: /etc/openclash/config/MieLink-01.yaml 启动配置文件: /etc/openclash/MieLink-01.yaml 运行模式: redir-host 默认代理模式: rule UDP流量转发(tproxy): 启用 DNS劫持: 启用 自定义DNS: 停用 IPV6代理: 停用 IPV6-DNS解析: 停用 禁用Dnsmasq缓存: 启用 自定义规则: 停用 仅允许内网: 启用 仅代理命中规则流量: 停用 仅允许常用端口流量: 停用 绕过中国大陆IP: 停用 DNS远程解析: 启用 路由本机代理: 启用 #启动异常时建议关闭此项后重试 混合节点: 停用 保留配置: 停用 #启动异常时建议关闭此项后重试 第三方规则: 停用 #===================== 配置文件 =====================# mixed-port: 7893 redir-port: 7892 allow-lan: true mode: rule log-level: silent external-controller: 0.0.0.0:9090 enable: true ipv6: false listen: 0.0.0.0:7874 enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 default-nameserver: - 119.29.29.29 - 119.28.28.28 - 1.0.0.1 - 208.67.222.222 - 1.2.4.8 nameserver: - https://dns.alidns.com/dns-query - https://1.1.1.1/dns-query - tls://dns.adguard.com:853 fallback: - tls://223.5.5.5:853 - https://223.5.5.5/dns-query fallback-filter: geoip: true geoip-code: CN ipcidr: - 240.0.0.0/4 fake-ip-filter: - "+.*" proxy-groups: (已删除) rule-providers: IPfake: type: http behavior: classical url: https://raw.fastgit.org/lwd-temp/anti-ip-attribution/main/generated/rule-provider.yaml path: "./rule_provider/IPfake.yaml" interval: 259200 BiliBili: type: http behavior: classical url: https://raw.fastgit.org/blackmatrix7/ios_rule_script/master/rule/Clash/BiliBili/BiliBili.yaml path: "./rule_provider/bilibili.yaml" interval: 259200 Disney: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Clash/Disney/Disney.yaml path: "./rule_provider/Disney.yaml" interval: 259200 Netflix: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Clash/Netflix/Netflix.yaml path: "./rule_provider/Netflix.yaml" interval: 259200 TikTok: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Clash/TikTok/TikTok.yaml path: "./rule_provider/TikTok.yaml" interval: 259200 YouTube: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/YouTube/YouTube.yaml path: "./rule_provider/YouTube.yaml" interval: 259200 Telegram: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Clash/Telegram/Telegram.yaml path: "./rule_provider/Telegram.yaml" interval: 259200 Emby: type: http behavior: classical url: https://raw.fastgit.org/justdoiting/emby-rules/main/Emby.yaml path: "./rule_provider/Emby.yaml" interval: 259200 Game: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Clash/Game/Game.yaml path: "./rule_provider/Game.yaml" interval: 259200 BanEasyPrivacy: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Privacy/Privacy_Classical.yaml path: "./rule_provider/BanEasyPrivacy.yaml" interval: 259200 Advertising: type: http behavior: classical url: https://ghproxy.com/https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/AdvertisingLite/AdvertisingLite_Classical.yaml path: "./rule_provider/Advertising.yaml" interval: 259200 Download: type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Clash/Download/Download.yaml path: "./rule_provider/Download.yaml" interval: 259200 PrivateTracker: type: http behavior: domain url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/PrivateTracker/PrivateTracker.yaml path: "./rule_provider/PrivateTracker.yaml" interval: 259200 ChinaMax: type: http behavior: classical url: https://ghproxy.com/https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/ChinaMaxNoIP/ChinaMaxNoIP_Classical.yaml path: "./rule_provider/ChinaMax.yaml" interval: 259200 Global: type: http behavior: classical url: https://ghproxy.com/https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Global/Global_Classical.yaml path: "./rule_provider/Global.yaml" interval: 259200 type: http behavior: classical url: https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script/rule/Clash/Lan/Lan.yaml path: "./rule_provider/Lan.yaml" interval: 259200 rules: - DST-PORT,7895,REJECT - DST-PORT,7892,REJECT - IP-CIDR,198.18.0.1/16,REJECT,no-resolve - DOMAIN-SUFFIX,gjfzpt.cn,REJECT - SRC-IP-CIDR,219.143.187.136/32,REJECT - "RULE-SET,BiliBili,\U0001F4FA BiliBili" - "RULE-SET,YouTube,\U0001F3AC YouTube" - "RULE-SET,Netflix,\U0001F3A5 Netflix" - "RULE-SET,Disney,\U0001F4F9 Disney+" - "RULE-SET,TikTok,\U0001F4F7 TikTok" - "RULE-SET,Emby,\U0001F3BC Emby" - RULE-SET,Telegram,☎️ 电报消息 - "RULE-SET,Game,\U0001F3AE 游戏平台" - "RULE-SET,BanEasyPrivacy,\U0001F6E1️ 隐私防护" - "RULE-SET,Advertising,\U0001F6AB 广告拦截" - RULE-SET,Download,⏬ 下载平台 - "RULE-SET,PrivateTracker,\U0001F332 BT种子" - "RULE-SET,IPfake,\U0001F6A9 社交平台IP归属地" - "RULE-SET,Lan,\U0001F1E8\U0001F1F3 国内流量" - "RULE-SET,ChinaMax,\U0001F1E8\U0001F1F3 国内流量" - "RULE-SET,Global,\U0001F680 节点选择" - "GEOIP,CN,\U0001F1E8\U0001F1F3 国内流量" - "MATCH,\U0001F41F 漏网之鱼" tproxy-port: 7895 port: 7890 socks-port: 7891 bind-address: "*" external-ui: "/usr/share/openclash/ui" ipv6: false experimental: sniff-tls-sni: true profile: store-selected: true store-fake-ip: true authentication: - Clash:VL757cvE #===================== IPTABLES 防火墙设置 =====================# #IPv4 NAT chain # Generated by iptables-save v1.8.7 on Tue Oct 25 22:26:53 2022 :PREROUTING ACCEPT [1678:255840] :INPUT ACCEPT [1149:91600] :OUTPUT ACCEPT [2946:206887] :POSTROUTING ACCEPT [857:54427] :MINIUPNPD - [0:0] :MINIUPNPD-POSTROUTING - [0:0] :openclash - [0:0] :openclash_output - [0:0] :postrouting_VPN_rule - [0:0] :postrouting_lan_rule - [0:0] :postrouting_rule - [0:0] :postrouting_wan_rule - [0:0] :prerouting_VPN_rule - [0:0] :prerouting_lan_rule - [0:0] :prerouting_rule - [0:0] :prerouting_wan_rule - [0:0] :zone_VPN_postrouting - [0:0] :zone_VPN_prerouting - [0:0] :zone_lan_postrouting - [0:0] :zone_lan_prerouting - [0:0] :zone_wan_postrouting - [0:0] :zone_wan_prerouting - [0:0] -A PREROUTING -d 8.8.4.4/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -d 8.8.8.8/32 -p tcp -m comment --comment "OpenClash Google DNS Hijack" -m tcp --dport 53 -j REDIRECT --to-ports 7892 -A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53 -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule -A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting -A PREROUTING -i wan -m comment --comment "!fw3" -j zone_wan_prerouting -A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_prerouting -A PREROUTING -p tcp -j openclash -A OUTPUT -j openclash_output -A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule -A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting -A POSTROUTING -o wan -m comment --comment "!fw3" -j zone_wan_postrouting -A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_postrouting -A openclash -p tcp -m tcp --sport 1688 -j RETURN -A openclash -p tcp -m tcp --sport 1723 -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p tcp -j REDIRECT --to-ports 7892 -A openclash_output -p tcp -m tcp --sport 1688 -j RETURN -A openclash_output -p tcp -m tcp --sport 1723 -j RETURN -A openclash_output -m set --match-set localnetwork dst -j RETURN -A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892 -A zone_VPN_postrouting -m comment --comment "!fw3: Custom VPN postrouting rule chain" -j postrouting_VPN_rule -A zone_VPN_prerouting -m comment --comment "!fw3: Custom VPN prerouting rule chain" -j prerouting_VPN_rule -A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule -A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING -A zone_wan_postrouting -j MINIUPNPD-POSTROUTING -A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule -A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT -A zone_wan_prerouting -j MINIUPNPD -A zone_wan_prerouting -j MINIUPNPD -A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule -A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT COMMIT # Completed on Tue Oct 25 22:26:53 2022 #IPv4 Mangle chain # Generated by iptables-save v1.8.7 on Tue Oct 25 22:26:53 2022 *mangle :PREROUTING ACCEPT [304439:294400094] :INPUT ACCEPT [312781:294933031] :FORWARD ACCEPT [386:31770] :OUTPUT ACCEPT [97878:286417939] :POSTROUTING ACCEPT [98190:286446713] :mwan3_connected - [0:0] :mwan3_hook - [0:0] :mwan3_iface_in_wan - [0:0] :mwan3_ifaces_in - [0:0] :mwan3_policy_balanced - [0:0] :mwan3_rule_https - [0:0] :mwan3_rules - [0:0] :openclash - [0:0] -A PREROUTING -j mwan3_hook -A PREROUTING -p udp -j openclash -A FORWARD -o wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -i wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A OUTPUT -j mwan3_hook -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00 -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00 -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00 -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected -A mwan3_iface_in_wan -i wan -m set --match-set mwan3_connected src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00 -A mwan3_iface_in_wan -i wan -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00 -A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan -A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m statistic --mode random --probability 0.25000000000 -m comment --comment "wan 1 4" -j MARK --set-xmark 0x100/0x3f00 -A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment "wan 3 3" -j MARK --set-xmark 0x100/0x3f00 -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x100/0x3f00 -A mwan3_rule_https -m mark --mark 0x100/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00 -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j MARK --set-xmark 0x100/0x3f00 -A mwan3_rule_https -m mark --mark 0x100/0x3f00 -m set ! --match-set mwan3_sticky_https src,src -j MARK --set-xmark 0x0/0x3f00 -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src -A mwan3_rules -p tcp -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -j mwan3_rule_https -A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced -A openclash -p udp -m udp --sport 4500 -j RETURN -A openclash -p udp -m udp --sport 500 -j RETURN -A openclash -p udp -m udp --sport 500 -j RETURN -A openclash -p udp -m udp --sport 68 -j RETURN -A openclash -m set --match-set localnetwork dst -j RETURN -A openclash -p udp -m udp --dport 53 -j RETURN -A openclash -p udp -j TPROXY --on-port 7895 --on-ip 0.0.0.0 --tproxy-mark 0x162/0xffffffff COMMIT # Completed on Tue Oct 25 22:26:53 2022 #IPv4 Filter chain # Generated by iptables-save v1.8.7 on Tue Oct 25 22:26:54 2022 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :MINIUPNPD - [0:0] :SOCAT - [0:0] :forwarding_VPN_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_VPN_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :openclash_wan_input - [0:0] :output_VPN_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_VPN_dest_ACCEPT - [0:0] :zone_VPN_forward - [0:0] :zone_VPN_input - [0:0] :zone_VPN_output - [0:0] :zone_VPN_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable -A INPUT -i wan -m set ! --match-set localnetwork src -j openclash_wan_input -A INPUT -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A INPUT -j SOCAT -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i wan -m comment --comment "!fw3" -j zone_wan_input -A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input -A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT -A FORWARD -m policy --dir in --pol ipsec --proto esp -j ACCEPT -A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT -A FORWARD -m policy --dir out --pol ipsec --proto esp -j ACCEPT -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i wan -m comment --comment "!fw3" -j zone_wan_forward -A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT -A OUTPUT -m policy --dir out --pol ipsec --proto esp -j ACCEPT -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o wan -m comment --comment "!fw3" -j zone_wan_output -A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output -A forwarding_rule -i pppoe+ -j RETURN -A forwarding_rule -o pppoe+ -j RETURN -A forwarding_rule -i ppp+ -m conntrack --ctstate NEW -j ACCEPT -A forwarding_rule -o ppp+ -m conntrack --ctstate NEW -j ACCEPT -A openclash_wan_input -p udp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable -A openclash_wan_input -p tcp -m multiport --dports 7892,7895,9090,7890,7891,7893,7874 -j REJECT --reject-with icmp-port-unreachable -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable -A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT -A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule -A zone_VPN_forward -m comment --comment "!fw3: Zone VPN to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_VPN_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule -A zone_VPN_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT -A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule -A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_ACCEPT -o wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_wan_dest_ACCEPT -o wan -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_REJECT -o wan -m comment --comment "!fw3" -j reject -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT -A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP -A zone_wan_input -p udp -m udp --dport 500 -m comment --comment "!fw3: ike" -j ACCEPT -A zone_wan_input -p udp -m udp --dport 4500 -m comment --comment "!fw3: ipsec" -j ACCEPT -A zone_wan_input -p ah -m comment --comment "!fw3: ah" -j ACCEPT -A zone_wan_input -p esp -m comment --comment "!fw3: esp" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT -A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT -A zone_wan_src_REJECT -i wan -m comment --comment "!fw3" -j reject COMMIT # Completed on Tue Oct 25 22:26:54 2022 #IPv6 NAT chain # Generated by ip6tables-save v1.8.7 on Tue Oct 25 22:26:54 2022 :PREROUTING ACCEPT [580928:70787218] :INPUT ACCEPT [200759:19011124] :OUTPUT ACCEPT [649591:51482112] :POSTROUTING ACCEPT [649591:51482112] -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 53 -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53 COMMIT # Completed on Tue Oct 25 22:26:54 2022 #IPv6 Mangle chain # Generated by ip6tables-save v1.8.7 on Tue Oct 25 22:26:54 2022 *mangle :PREROUTING ACCEPT [604055:77596816] :INPUT ACCEPT [374120:52813261] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [704877:77605193] :POSTROUTING ACCEPT [704877:77605193] :mwan3_connected - [0:0] :mwan3_hook - [0:0] :mwan3_ifaces_in - [0:0] :mwan3_policy_balanced - [0:0] :mwan3_rule_https - [0:0] :mwan3_rules - [0:0] -A PREROUTING -j mwan3_hook -A FORWARD -o wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -i wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu -A OUTPUT -j mwan3_hook -A mwan3_connected -m set --match-set mwan3_connected dst -j MARK --set-xmark 0x3f00/0x3f00 -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j RETURN -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j RETURN -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN -A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 137 -j RETURN -A mwan3_hook -p ipv6-icmp -m set --match-set mwan3_source_v6 src -m icmp6 --icmpv6-type 128 -j RETURN -A mwan3_hook -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00 -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected -A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules -A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00 -A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected -A mwan3_policy_balanced -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00 -A mwan3_rule_https -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --del-set mwan3_sticky_https src,src -A mwan3_rule_https -m mark ! --mark 0xfc00/0xfc00 -j SET --add-set mwan3_sticky_https src,src -A mwan3_rules -p tcp -m multiport --dports 443 -m mark --mark 0x0/0x3f00 -j mwan3_rule_https -A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_balanced COMMIT # Completed on Tue Oct 25 22:26:54 2022 #IPv6 Filter chain # Generated by ip6tables-save v1.8.7 on Tue Oct 25 22:26:54 2022 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :MINIUPNPD - [0:0] :SOCAT - [0:0] :forwarding_VPN_rule - [0:0] :forwarding_lan_rule - [0:0] :forwarding_rule - [0:0] :forwarding_wan_rule - [0:0] :input_VPN_rule - [0:0] :input_lan_rule - [0:0] :input_rule - [0:0] :input_wan_rule - [0:0] :output_VPN_rule - [0:0] :output_lan_rule - [0:0] :output_rule - [0:0] :output_wan_rule - [0:0] :reject - [0:0] :syn_flood - [0:0] :zone_VPN_dest_ACCEPT - [0:0] :zone_VPN_forward - [0:0] :zone_VPN_input - [0:0] :zone_VPN_output - [0:0] :zone_VPN_src_ACCEPT - [0:0] :zone_lan_dest_ACCEPT - [0:0] :zone_lan_forward - [0:0] :zone_lan_input - [0:0] :zone_lan_output - [0:0] :zone_lan_src_ACCEPT - [0:0] :zone_wan_dest_ACCEPT - [0:0] :zone_wan_dest_REJECT - [0:0] :zone_wan_forward - [0:0] :zone_wan_input - [0:0] :zone_wan_output - [0:0] :zone_wan_src_REJECT - [0:0] -A INPUT -j SOCAT -A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT -A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood -A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input -A INPUT -i wan -m comment --comment "!fw3" -j zone_wan_input -A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_input -A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule -A FORWARD -m comment --comment "!fw3: Traffic offloading" -m conntrack --ctstate RELATED,ESTABLISHED -j FLOWOFFLOAD --hw -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward -A FORWARD -i wan -m comment --comment "!fw3" -j zone_wan_forward -A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_VPN_forward -A FORWARD -m comment --comment "!fw3" -j reject -A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT -A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output -A OUTPUT -o wan -m comment --comment "!fw3" -j zone_wan_output -A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_VPN_output -A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset -A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable -A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN -A syn_flood -m comment --comment "!fw3" -j DROP -A zone_VPN_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT -A zone_VPN_forward -m comment --comment "!fw3: Custom VPN forwarding rule chain" -j forwarding_VPN_rule -A zone_VPN_forward -m comment --comment "!fw3: Zone VPN to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_VPN_forward -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_input -m comment --comment "!fw3: Custom VPN input rule chain" -j input_VPN_rule -A zone_VPN_input -m comment --comment "!fw3" -j zone_VPN_src_ACCEPT -A zone_VPN_output -m comment --comment "!fw3: Custom VPN output rule chain" -j output_VPN_rule -A zone_VPN_output -m comment --comment "!fw3" -j zone_VPN_dest_ACCEPT -A zone_VPN_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT -A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule -A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT -A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule -A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT -A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule -A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT -A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_ACCEPT -o wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP -A zone_wan_dest_ACCEPT -o wan -m comment --comment "!fw3" -j ACCEPT -A zone_wan_dest_REJECT -o wan -m comment --comment "!fw3" -j reject -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -j MINIUPNPD -A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT -A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT -A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT -A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule -A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 8118 -m comment --comment "!fw3: adblock" -j DROP -A zone_wan_input -p udp -m udp --dport 500 -m comment --comment "!fw3: ike" -j ACCEPT -A zone_wan_input -p udp -m udp --dport 4500 -m comment --comment "!fw3: ipsec" -j ACCEPT -A zone_wan_input -p ah -m comment --comment "!fw3: ah" -j ACCEPT -A zone_wan_input -p esp -m comment --comment "!fw3: esp" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1723 -m comment --comment "!fw3: pptp" -j ACCEPT -A zone_wan_input -p gre -m comment --comment "!fw3: gre" -j ACCEPT -A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT -A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT -A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule -A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT -A zone_wan_src_REJECT -i wan -m comment --comment "!fw3" -j reject COMMIT # Completed on Tue Oct 25 22:26:54 2022 #===================== IPSET状态 =====================# Name: cn Name: ct Name: cnc Name: cmcc Name: crtc Name: cernet Name: gwbn Name: othernet Name: music Name: mwan3_connected_v4 Name: mwan3_connected_v6 Name: mwan3_source_v6 Name: mwan3_dynamic_v4 Name: mwan3_dynamic_v6 Name: mwan3_custom_v4 Name: mwan3_custom_v6 Name: mwan3_sticky_v4_https Name: mwan3_sticky_v6_https Name: china_ip_route Name: china_ip_route_pass Name: localnetwork Name: mwan3_connected Name: mwan3_sticky_https #===================== 路由表状态 =====================# #route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.142.127.254 0.0.0.0 UG 0 0 0 wan 10.142.64.0 0.0.0.0 255.255.192.0 U 0 0 0 wan 192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan #ip route list default via 10.142.127.254 dev wan proto static src 10.142.89.9 10.142.64.0/18 dev wan proto kernel scope link src 10.142.89.9 192.168.6.0/24 dev br-lan proto kernel scope link src 192.168.6.1 #ip rule show 0: from all lookup local 1000: from all fwmark 0x162 lookup 354 1001: from all iif wan lookup 1 2001: from all fwmark 0x100/0x3f00 lookup 1 2061: from all fwmark 0x3d00/0x3f00 blackhole 2062: from all fwmark 0x3e00/0x3f00 unreachable 32766: from all lookup main 32767: from all lookup default #===================== 端口占用状态 =====================# tcp 0 0 :::7890 :::* LISTEN 1319/clash tcp 0 0 :::7891 :::* LISTEN 1319/clash tcp 0 0 :::7892 :::* LISTEN 1319/clash tcp 0 0 :::7893 :::* LISTEN 1319/clash tcp 0 0 :::7895 :::* LISTEN 1319/clash tcp 0 0 :::9090 :::* LISTEN 1319/clash udp 0 0 :::33577 :::* 1319/clash udp 0 0 :::38976 :::* 1319/clash udp 0 0 :::59222 :::* 1319/clash udp 0 0 :::7874 :::* 1319/clash udp 0 0 :::7891 :::* 1319/clash udp 0 0 :::7892 :::* 1319/clash udp 0 0 :::7893 :::* 1319/clash udp 0 0 :::7895 :::* 1319/clash udp 0 0 :::38664 :::* 1319/clash #===================== 测试本机DNS查询 =====================# Server: 127.0.0.1 Address: 127.0.0.1:53 www.baidu.com canonical name = www.a.shifen.com Name: www.a.shifen.com Address: 110.242.68.3 Name: www.a.shifen.com Address: 110.242.68.4 #===================== resolv.conf.d =====================# # Interface wan nameserver 202.114.49.196 nameserver 202.114.49.206 #===================== 测试本机网络连接 =====================# HTTP/1.1 200 OK Accept-Ranges: bytes Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform Connection: keep-alive Content-Length: 277 Content-Type: text/html Date: Tue, 25 Oct 2022 14:26:56 GMT Etag: "575e1f59-115" Last-Modified: Mon, 13 Jun 2016 02:50:01 GMT Pragma: no-cache Server: bfe/1.0.8.18 #===================== 测试本机网络下载 =====================# HTTP/1.1 200 OK Connection: keep-alive Content-Length: 80 Cache-Control: max-age=300 Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox Content-Type: text/plain; charset=utf-8 ETag: "2029903a78e28a153a9b66d7703becf3af8289a6d59c52df3ce372b71c91b840" Strict-Transport-Security: max-age=31536000 X-Content-Type-Options: nosniff X-Frame-Options: deny X-XSS-Protection: 1; mode=block X-GitHub-Request-Id: 0805:2DF7:E7F43:15D5F6:63576526 Accept-Ranges: bytes Date: Tue, 25 Oct 2022 14:27:01 GMT Via: 1.1 varnish X-Served-By: cache-hkg17922-HKG X-Cache: HIT X-Cache-Hits: 44 X-Timer: S1666708021.393868,VS0,VE0 Vary: Authorization,Accept-Encoding,Origin Access-Control-Allow-Origin: * X-Fastly-Request-ID: 30f81e4b5337372fef6cc751a32277cf34c09348 Expires: Tue, 25 Oct 2022 14:32:01 GMT Source-Age: 52 #===================== 最近运行日志 =====================# (已删除) 14:09:48 INF [Config] initial rule provider name=IPfake 14:09:48 INF [Config] initial rule provider name=Netflix 14:09:48 INF [Config] initial rule provider name=YouTube 14:09:48 INF [Config] initial rule provider name=Global 2022-10-25 22:09:51 Step 6: Wait For The File Downloading... 14:09:51 INF [Config] initial rule provider name=BiliBili 14:09:51 INF [Config] initial rule provider name=Disney 14:09:52 INF [Config] initial rule provider name=Advertising 14:09:56 INF [Config] initial rule provider name=TikTok 14:09:56 INF [Config] initial rule provider name=Telegram 14:09:56 INF [Config] initial rule provider name=Emby 14:09:56 INF [Config] initial rule provider name=PrivateTracker 14:09:56 INF [Config] initial rule provider name=Lan 14:09:56 INF [Config] initial rule provider name=BanEasyPrivacy 14:09:59 INF [Config] initial rule provider name=Download 14:09:59 INF [Config] initial rule provider name=Game 14:09:59 INF [Config] initial rule provider name=ChinaMax 2022-10-25 22:10:43 Step 7: Set Firewall Rules... 2022-10-25 22:10:45 Step 8: Restart Dnsmasq... 2022-10-25 22:10:50 Step 9: Add Cron Rules, Start Daemons... 2022-10-25 22:10:50 Warning: OpenClash Start Successful, Please Note That Network May Abnormal With IPv6's DHCP Server #===================== 活动连接信息 =====================# (已删除)

OpenClash Config

Expected Behavior

首次连接响应迅速。

Screenshots