[Bug] 以旁路有模式启用了openclash，同样的环境下优酷的视频chrome无法播放，edge却可以 #3877

yuhuan05 · 2024-05-07T10:35:00Z

Verify Steps

Tracker 我已经在 Issue Tracker 中找过我要提出的问题
Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
Relevant 我知道 OpenClash 与内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
Definite 这确实是 OpenClash 出现的问题
Contributors 我有能力协助 OpenClash 开发并解决此问题
Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.003-beta

Bug on Environment

Official OpenWrt, Istoreos

OpenWrt Version

iStoreOS 22.03.6 2024032917

Bug on Platform

Linux-arm64, Other

Describe the Bug

其中，在手机上的浏览器均无法打开优酷并提示请允许cookie存储
值得意外的是在edge中可以正常播放，我已按照问题中的其他的解决方式进行尝试，并关闭了chrome安全的DNS
但是故障依旧，可能是dns的问题？我也不太确定，请各位大佬赐教。

To Reproduce

该问题开启openclash即出现，其中是以旁路由模式运行。

OpenClash Log

OpenClash 调试日志

生成时间: 2024-05-07 18:17:21
插件版本: v0.46.003-beta
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息



#===================== 系统信息 =====================#

主机型号: Phicomm N1
固件版本: iStoreOS 22.03.6 2024032917
LuCI版本: git-23.093.42303-d58cd69
内核版本: 5.10.201
处理器架构: aarch64_cortex-a53

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 127.0.0.1#7874

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：TUN
进程pid: 18908
运行权限: 18908: cap_dac_override,cap_net_bind_service,cap_net_admin,cap_net_raw,cap_sys_ptrace,cap_sys_resource=eip
运行用户: nobody
已选择的架构: linux-arm64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限
Tun内核版本: 2023.08.17-13-gdcc8d87
Tun内核文件: 存在
Tun内核运行权限: 正常

Dev内核版本: v1.18.0-13-gd034a40
Dev内核文件: 存在
Dev内核运行权限: 正常
#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #General Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"

    #Hash Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['experimental']" "{'sniff-tls-sni'=>true}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'sniffing'=>['tls','http']}"

    #Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.114.114"

    #Array Add From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

#Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Tue May  7 18:17:35 2024
*nat
:PREROUTING ACCEPT [2670:151662]
:INPUT ACCEPT [2517:142444]
:OUTPUT ACCEPT [3468:208597]
:POSTROUTING ACCEPT [3472:208837]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:openclash - [0:0]
:openclash_output - [0:0]
:openclash_post - [0:0]
:postrouting_docker_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_docker_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_docker_postrouting - [0:0]
:zone_docker_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p tcp -m comment --comment "OpenClash TCP DNS Hijack" -m tcp --dport 53 -j ACCEPT
-A PREROUTING -p tcp -m tcp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -p udp -m udp --dport 53 -m comment --comment "OpenClash DNS Hijack" -j REDIRECT --to-ports 53
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i utun -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i docker0 -m comment --comment "!fw3" -j zone_docker_prerouting
-A PREROUTING -p tcp -j openclash
-A OUTPUT -j openclash_output
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o utun -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o docker0 -m comment --comment "!fw3" -j zone_docker_postrouting
-A POSTROUTING -m comment --comment "OpenClash Bypass Gateway Compatible" -j openclash_post
-A openclash -p tcp -m tcp --sport 8897 -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p tcp -j REDIRECT --to-ports 7892
-A openclash_output -p tcp -m tcp --sport 8897 -j RETURN
-A openclash_output -d 198.18.0.0/16 -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -p tcp -m owner ! --uid-owner 65534 -j REDIRECT --to-ports 7892
-A openclash_post -m mark --mark 0x162 -j ACCEPT
-A openclash_post -m set --match-set localnetwork dst -j RETURN
-A openclash_post -m addrtype ! --src-type LOCAL -m owner ! --uid-owner 65534 -j MASQUERADE
-A zone_docker_postrouting -m comment --comment "!fw3: Custom docker postrouting rule chain" -j postrouting_docker_rule
-A zone_docker_prerouting -m comment --comment "!fw3: Custom docker prerouting rule chain" -j prerouting_docker_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_lan_postrouting -i docker0 -m comment --comment "!fw3: DockerNAT" -j MASQUERADE
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -j MINIUPNPD
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Tue May  7 18:17:35 2024

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Tue May  7 18:17:35 2024
*mangle
:PREROUTING ACCEPT [137837:178008950]
:INPUT ACCEPT [137755:178003060]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [144331:174417908]
:POSTROUTING ACCEPT [144599:174486104]
:openclash - [0:0]
:openclash_dns_hijack - [0:0]
:openclash_output - [0:0]
:openclash_upnp - [0:0]
-A PREROUTING -p udp -j openclash
-A PREROUTING -p tcp -m tcp --dport 53 -j openclash_dns_hijack
-A OUTPUT -j openclash_output
-A openclash -p udp -m udp --sport 500 -j RETURN
-A openclash -p udp -m udp --sport 68 -j RETURN
-A openclash -i utun -j RETURN
-A openclash -m set --match-set localnetwork dst -j RETURN
-A openclash -p udp -j openclash_upnp
-A openclash -j MARK --set-xmark 0x162/0xffffffff
-A openclash_dns_hijack -p tcp -m comment --comment "OpenClash TCP DNS Hijack" -m tcp --dport 53 -j MARK --set-xmark 0x162/0xffffffff
-A openclash_output -p udp -m udp --sport 500 -j RETURN
-A openclash_output -p udp -m udp --sport 68 -j RETURN
-A openclash_output -m set --match-set localnetwork dst -j RETURN
-A openclash_output -d 198.18.0.0/16 -p udp -m owner ! --uid-owner 65534 -j MARK --set-xmark 0x162/0xffffffff
COMMIT
# Completed on Tue May  7 18:17:35 2024

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Tue May  7 18:17:35 2024
*filter
:INPUT ACCEPT [230:9416]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -o utun -p udp -m udp --dport 443 -m comment --comment "OpenClash QUIC REJECT" -m set ! --match-set china_ip_route dst -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o utun -m comment --comment "OpenClash TUN Forward" -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_docker_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to docker forwarding policy" -j zone_docker_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Tue May  7 18:17:35 2024

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Tue May  7 18:17:35 2024
*nat
:PREROUTING ACCEPT [2389:549321]
:INPUT ACCEPT [2389:549321]
:OUTPUT ACCEPT [96:13253]
:POSTROUTING ACCEPT [96:13253]
COMMIT
# Completed on Tue May  7 18:17:35 2024

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Tue May  7 18:17:35 2024
*mangle
:PREROUTING ACCEPT [63378:11568165]
:INPUT ACCEPT [58947:11233657]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [563:86232]
:POSTROUTING ACCEPT [653:109712]
COMMIT
# Completed on Tue May  7 18:17:35 2024

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Tue May  7 18:17:35 2024
*filter
:INPUT ACCEPT [12:3033]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [19:3741]
:MINIUPNPD - [0:0]
:forwarding_docker_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_docker_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_docker_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_docker_dest_ACCEPT - [0:0]
:zone_docker_forward - [0:0]
:zone_docker_input - [0:0]
:zone_docker_output - [0:0]
:zone_docker_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i utun -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i docker0 -m comment --comment "!fw3" -j zone_docker_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i utun -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i docker0 -m comment --comment "!fw3" -j zone_docker_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o utun -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o docker0 -m comment --comment "!fw3" -j zone_docker_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_docker_dest_ACCEPT -o docker0 -m comment --comment "!fw3" -j ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Custom docker forwarding rule chain" -j forwarding_docker_rule
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3: Zone docker to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_docker_forward -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_input -m comment --comment "!fw3: Custom docker input rule chain" -j input_docker_rule
-A zone_docker_input -m comment --comment "!fw3" -j zone_docker_src_ACCEPT
-A zone_docker_output -m comment --comment "!fw3: Custom docker output rule chain" -j output_docker_rule
-A zone_docker_output -m comment --comment "!fw3" -j zone_docker_dest_ACCEPT
-A zone_docker_src_ACCEPT -i docker0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o utun -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to docker forwarding policy" -j zone_docker_dest_ACCEPT
-A zone_lan_forward -j MINIUPNPD
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -j MINIUPNPD
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_src_ACCEPT -i utun -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 8897 -m comment --comment "!fw3: linkease" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
COMMIT
# Completed on Tue May  7 18:17:35 2024

#===================== IPSET状态 =====================#

Name: localnetwork
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 1024
References: 5
Number of entries: 9

Name: china_ip_route
Type: hash:net
Revision: 6
Header: family inet hashsize 4096 maxelem 1000000
Size in memory: 246664
References: 1
Number of entries: 8651

Name: china_ip_route_pass
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1000000
Size in memory: 448
References: 0
Number of entries: 0

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.31.1    0.0.0.0         UG    0      0        0 br-lan
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
192.168.31.0    0.0.0.0         255.255.255.0   U     0      0        0 br-lan
198.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 utun

#ip route list
default via 192.168.31.1 dev br-lan proto static 
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 
192.168.31.0/24 dev br-lan proto kernel scope link src 192.168.31.222 
198.18.0.0/16 dev utun proto kernel scope link src 198.18.0.1 

#ip rule show
0:	from all lookup local
32765:	from all fwmark 0x162 lookup 354
32766:	from all lookup main
32767:	from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
fdfa:ba06:e73b::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    1        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 veth3665f31
fe80::/64                                   ::                                      U     256    1        0 docker0 
fe80::/64                                   ::                                      U     256    1        0 utun    
::/0                                        ::                                      !n    -1     1        0 lo      
::1/128                                     ::                                      Un    0      6        0 lo      
fe80::/128                                  ::                                      Un    0      7        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 veth3665f31
fe80::/128                                  ::                                      Un    0      3        0 docker0 
fe80::/128                                  ::                                      Un    0      3        0 utun    
fe80::42:f6ff:fe16:6844/128                 ::                                      Un    0      2        0 docker0 
fe80::28cb:37ff:fe56:f043/128               ::                                      Un    0      2        0 veth3665f31
fe80::4b75:c09:f769:d90e/128                ::                                      Un    0      2        0 utun    
fe80::d42d:37ff:fe6c:3192/128               ::                                      Un    0      2        0 br-lan  
ff00::/8                                    ::                                      U     256    6        0 br-lan  
ff00::/8                                    ::                                      U     256    3        0 veth3665f31
ff00::/8                                    ::                                      U     256    2        0 docker0 
ff00::/8                                    ::                                      U     256    3        0 utun    
::/0                                        ::                                      !n    -1     1        0 lo      

#ip -6 route list
unreachable fdfa:ba06:e73b::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev veth3665f31 proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 pref medium
fe80::/64 dev utun proto kernel metric 256 pref medium

#ip -6 rule show
0:	from all lookup local
32766:	from all lookup main

#===================== Tun设备状态 =====================#

utun: tun multi_queue vnet_hdr

#===================== 端口占用状态 =====================#

tcp        0      0 198.18.0.1:7777         0.0.0.0:*               LISTEN      18908/clash
tcp        0      0 :::7890                 :::*                    LISTEN      18908/clash
tcp        0      0 :::7891                 :::*                    LISTEN      18908/clash
tcp        0      0 :::7892                 :::*                    LISTEN      18908/clash
tcp        0      0 :::7893                 :::*                    LISTEN      18908/clash
tcp        0      0 :::7895                 :::*                    LISTEN      18908/clash
tcp        0      0 :::9090                 :::*                    LISTEN      18908/clash
udp        0      0 :::7874                 :::*                                18908/clash
udp        0      0 :::7891                 :::*                                18908/clash
udp        0      0 :::7892                 :::*                                18908/clash
udp        0      0 :::7893                 :::*                                18908/clash
udp        0      0 :::7895                 :::*                                18908/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:		127.0.0.1
Address:	127.0.0.1:53

Name:	www.baidu.com
Address: 198.18.0.5



#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 1845
  data: z-p42-instagram.c10r.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 44
  data: 
  name: z-p42-instagram.c10r.instagram.com.
  type: 1


Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface lan
nameserver 119.29.29.29
nameserver 8.8.8.8

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Tue, 07 May 2024 10:17:35 GMT
Etag: "575e1f71-115"
Last-Modified: Mon, 13 Jun 2016 02:50:25 GMT
Pragma: no-cache
Server: bfe/1.0.8.18

#===================== 最近运行日志(自动切换为Debug模式) =====================#

10:13:43 INF [TCP] connected lAddr=192.168.31.87:47742 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47748 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47762 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47772 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47774 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47788 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47804 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47816 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47826 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47828 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47838 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47842 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47854 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47870 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47880 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47882 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47896 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47910 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:43 INF [TCP] connected lAddr=192.168.31.87:47914 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47918 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47928 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47932 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47946 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47958 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47964 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47970 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:44 INF [TCP] connected lAddr=192.168.31.87:47972 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:45 INF [TCP] connected lAddr=192.168.31.87:47974 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:45 INF [TCP] connected lAddr=192.168.31.87:47982 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:45 INF [TCP] connected lAddr=192.168.31.87:47984 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:45 INF [TCP] connected lAddr=192.168.31.87:48000 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:46 INF [TCP] connected lAddr=192.168.31.87:48014 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:46 INF [TCP] connected lAddr=192.168.31.87:48026 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:47 INF [TCP] connected lAddr=192.168.31.87:48038 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:47 INF [TCP] connected lAddr=192.168.31.87:48048 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:47 INF [TCP] connected lAddr=192.168.31.87:48062 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:47 INF [TCP] connected lAddr=192.168.31.87:48064 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:48 INF [TCP] connected lAddr=192.168.31.87:48078 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:48 INF [TCP] connected lAddr=192.168.31.87:48090 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:48 INF [TCP] connected lAddr=192.168.31.87:48104 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:48 INF [TCP] connected lAddr=192.168.31.87:48106 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:49 INF [TCP] connected lAddr=192.168.31.87:48118 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:49 INF [TCP] connected lAddr=192.168.31.87:48122 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:49 INF [TCP] connected lAddr=192.168.31.87:48126 rAddr=log.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:49 INF [TCP] connected lAddr=192.168.31.87:48138 rAddr=gm.mmstat.com:80 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:49 INF [TCP] connected lAddr=192.168.31.87:48152 rAddr=gm.mmstat.com:443 mode=rule rule=DomainSuffix(mmstat.com) proxy=REJECT
10:13:53 INF [TCP] connected lAddr=192.168.31.154:7522 rAddr=array822.prod.do.dsp.mp.microsoft.com:443 mode=rule rule=DomainSuffix(microsoft.com) proxy=DIRECT
10:13:54 INF [TCP] connected lAddr=192.168.31.154:7523 rAddr=kv801.prod.do.dsp.mp.microsoft.com:443 mode=rule rule=DomainSuffix(microsoft.com) proxy=DIRECT
10:15:02 INF [TCP] connected lAddr=192.168.31.133:63982 rAddr=p205-fmfmobile.icloud.com.cn:443 mode=rule rule=DomainSuffix(cn) proxy=DIRECT
10:17:30 DBG [TCP] accept connection lAddr=192.168.31.87:53926 rAddr=connect.rom.miui.com:80 inbound=HTTP
10:17:30 INF [TCP] connected lAddr=192.168.31.87:53926 rAddr=connect.rom.miui.com:80 mode=rule rule=DomainSuffix(miui.com) proxy=DIRECT
10:17:30 DBG [TCP] accept connection lAddr=192.168.31.87:53928 rAddr=www.baidu.com:443 inbound=HTTP Connect
10:17:30 DBG [TCP] accept connection lAddr=192.168.31.87:53932 rAddr=connect.rom.miui.com:443 inbound=HTTP Connect
10:17:30 INF [TCP] connected lAddr=192.168.31.87:53932 rAddr=connect.rom.miui.com:443 mode=rule rule=DomainSuffix(miui.com) proxy=DIRECT
10:17:30 INF [TCP] connected lAddr=192.168.31.87:53928 rAddr=www.baidu.com:443 mode=rule rule=DomainKeyword(baidu) proxy=DIRECT
10:17:38 DBG [TCP] accept connection lAddr=192.168.31.87:39360 rAddr=wxa.wxs.qq.com:443 inbound=HTTP Connect
10:17:38 DBG [DNS] dns response source=https://dns.alidns.com/dns-query qType=A name=wxa.wxs.qq.com. answer=["61.170.73.125","60.188.67.105","106.225.221.116"]
10:17:38 INF [TCP] connected lAddr=192.168.31.87:39360 rAddr=wxa.wxs.qq.com:443 mode=rule rule=DomainSuffix(qq.com) proxy=DIRECT
10:17:41 DBG [TCP] accept connection lAddr=192.168.31.87:39368 rAddr=api.io.mi.com:443 inbound=HTTP Connect
10:17:41 DBG [DNS] dns response source=https://dns.alidns.com/dns-query qType=A name=api.io.mi.com. answer=["118.26.252.107","220.181.106.173","110.43.87.16"]
10:17:41 INF [TCP] connected lAddr=192.168.31.87:39368 rAddr=api.io.mi.com:443 mode=rule rule=DomainSuffix(mi.com) proxy=DIRECT

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

OpenClash Config

No response

Expected Behavior

请各位大佬赐教。

Additional Context

![微信图片_20240507182948](https://github.com/vernes

ong/OpenClash/assets/39573969/27e3dfe7-9579-4f47-ae43-25e304323db1)

The text was updated successfully, but these errors were encountered:

OxygenLost · 2024-05-08T11:50:28Z

设置一下分流规则看看

yuhuan05 · 2024-05-08T15:13:30Z

设置一下分流规则看看

烦请大佬赐教，这个我的确没找到，还请细说怎么去设置，非常感谢！

OxygenLost · 2024-05-09T01:07:38Z

规则附加最下面添加 https://github.com/blackmatrix7/ios_rule_script/blob/master/rule/Clash/Youku/Youku.yaml 把这个规则设置直连 yuhuan ***@***.***> 于2024年5月8日周三 23:13写道：

…

设置一下分流规则看看烦请大佬赐教，这个我的确没找到，还请细说怎么去设置，非常感谢！ — Reply to this email directly, view it on GitHub <#3877 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AVKUKB3HMNY5ERAWAXF77ODZBI6LBAVCNFSM6AAAAABHKW4SXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBQHAYTMNRUHA> . You are receiving this because you commented.Message ID: ***@***.***>

yuhuan05 · 2024-05-10T04:23:18Z

规则附加最下面添加 https://github.com/blackmatrix7/ios_rule_script/blob/master/rule/Clash/Youku/Youku.yaml 把这个规则设置直连 yuhuan @.> 于2024年5月8日周三 23:13 写道：
……
设置一下分流规则看看烦请大佬赐教，这个我确实没找到，还请细说怎么去设置，非常感谢！ — 直接回复此邮件，在 GitHub 上查看< #3877（评论） >，或者取消订阅< https://github.com/notifications/unsubscribe-auth/AVKUKB3HMNY5ERAWAXF77ODZBI6LBAVCNFSM6AAAAABHKW4SXKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMBQHAYTMNRUHA > .您收到此消息是因为您发表了评论。消息 ID：@.>

抱歉这么久才回复，当我尝试添加这一项规则时，就无法启动clash了，具体的报错如下

2024-05-09 10:44:05 02:44:05 ERR [Config] configuration file test failed error=initial rule provider Rule-provider - cfg1fac5a error: yaml: line 211: mapping values are not allowed in this context path=/etc/openclash/3fen.yaml

若不添加该项规则，服务可正常启动。是哪些地方设置的不对吗？麻烦了，谢谢！

yuhuan05 added the bug Something isn't working label May 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] 以旁路有模式启用了openclash，同样的环境下优酷的视频chrome无法播放，edge却可以 #3877

[Bug] 以旁路有模式启用了openclash，同样的环境下优酷的视频chrome无法播放，edge却可以 #3877

yuhuan05 commented May 7, 2024

OxygenLost commented May 8, 2024

yuhuan05 commented May 8, 2024

OxygenLost commented May 9, 2024 via email

yuhuan05 commented May 10, 2024

[Bug] 以旁路有模式启用了openclash，同样的环境下优酷的视频chrome无法播放，edge却可以 #3877

[Bug] 以旁路有模式启用了openclash，同样的环境下优酷的视频chrome无法播放，edge却可以 #3877

Comments

yuhuan05 commented May 7, 2024

Verify Steps

OpenClash Version

Bug on Environment

OpenWrt Version

Bug on Platform

Describe the Bug

To Reproduce

OpenClash Log

OpenClash Config

Expected Behavior

Additional Context

OxygenLost commented May 8, 2024

yuhuan05 commented May 8, 2024

OxygenLost commented May 9, 2024 via email

yuhuan05 commented May 10, 2024