[Bug] ipv6 Redirect 模式下直连会出现reject loopback connection #4321

john5du · 2025-02-10T04:36:03Z

Verify Steps

Tracker 我已经在 Issue Tracker 中找过我要提出的问题
Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
Relevant 我知道 OpenClash 与内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
Definite 这确实是 OpenClash 出现的问题
Contributors 我有能力协助 OpenClash 开发并解决此问题
Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.072

Bug on Environment

Immortalwrt

OpenWrt Version

23.05.3

Bug on Platform

Linux-amd64(x86-64)

Describe the Bug

ipv6 Redirect 模式下直连会出现reject loopback connection

2025-02-10 12:23:32 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:42638 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
2025-02-10 12:23:31 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:51396 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
2025-02-10 12:23:21 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:44848 --> catalog.gamepass.com:443 error: reject loopback connection to: catalog.gamepass.com:443"
2025-02-10 12:23:15 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:38914 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
2025-02-10 12:22:50 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:44496 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
2025-02-10 12:22:50 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:44482 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
2025-02-10 12:22:50 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:44468 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
2025-02-10 12:22:33 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:50544 --> teams.microsoft.com:443 error: reject loopback connection to: teams.microsoft.com:443"
2025-02-10 12:22:33 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:50540 --> teams.microsoft.com:443 error: reject loopback connection to: teams.microsoft.com:443"
2025-02-10 12:22:33 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:50538 --> teams.microsoft.com:443 error: reject loopback connection to: teams.microsoft.com:443"
2025-02-10 12:22:33 level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:xxx::xxx:xxx]:50528 --> teams.microsoft.com:443 error: reject loopback connection to: teams.microsoft.com:443"

To Reproduce

ipv6 Redirect 模式下直连会出现reject loopback connection

OpenClash Log

无异常

OpenClash Config

OpenClash 调试日志

生成时间: 2025-02-10 12:31:22
插件版本: 0.46.072
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息



#===================== 系统信息 =====================#

主机型号: QEMU Standard PC (Q35 + ICH9, 2009)
固件版本: ImmortalWrt 23.05.3 r27917-81a1f98d5b
LuCI版本: git-24.272.29284-d386ad6
内核版本: 5.15.162
处理器架构: x86_64

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: 

DNS劫持: 停用
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
dnsmasq-full(ipset): 未安装
dnsmasq-full(nftset): 已安装
bash: 已安装
curl: 已安装
ca-bundle: 已安装
ipset: 已安装
ip-full: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 已安装
unzip: 已安装
kmod-nft-tproxy: 已安装

#===================== 内核检查 =====================#

运行状态: 运行中
运行内核：Meta
进程pid: 29650
运行用户: root
已选择的架构: linux-amd64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限

Meta内核版本: alpha-gccc3f84
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: redir-host
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 启用
IPV6代理: 启用
IPV6-DNS解析: 启用
禁用Dnsmasq缓存: 停用
自定义规则: 启用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 启用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 启用


#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

ruby_edit "$CONFIG_FILE" "['disable-keep-alive']" "false"
ruby_edit "$CONFIG_FILE" "['listeners']" "[]"
ruby_edit "$CONFIG_FILE" "['sub-rules']['Game-rule']" "[]"
ruby_arr_add_file "$CONFIG_FILE" "['listeners']" "0" "/etc/openclash/custom/openclash_custom_listeners.yaml" "['listeners']"
ruby_arr_add_file "$CONFIG_FILE" "['sub-rules']['Game-rule']" "0" "/etc/openclash/custom/openclash_custom_sub-rules.yaml" "['rules']"

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

#nft 'insert rule inet fw4 openclash_output_v6 position 0 ip6 saddr & ::*:*:*:ffff == ::211:32ff:fed6:5748 counter return'
#nft 'insert rule inet fw4 openclash_mangle_v6 position 0 ip6 saddr & ::*:*:*:ffff == ::211:32ff:fed6:5748 counter return'



#Simple Demo:
    #Key Overwrite Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
    #ruby_edit "$CONFIG_FILE" "['dns']['proxy-server-nameserver']" "['https://doh.pub/dns-query','https://223.5.*.*:443/dns-query']"

    #Hash Overwrite Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['dns']['nameserver-policy']" "{'+.msftconnecttest.com'=>'114.114.*.*', '+.msftncsi.com'=>'114.114.*.*', 'geosite:gfw'=>['https://dns.cloudflare.com/dns-query', 'https://dns.google/dns-query#ecs=1.1.*.*/24&ecs-override=true'], 'geosite:cn'=>['114.114.*.*'], 'geosite:geolocation-!cn'=>['https://dns.cloudflare.com/dns-query', 'https://dns.google/dns-query#ecs=1.1.*.*/24&ecs-override=true']}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'enable'=>true, 'parse-pure-ip'=>true, 'force-domain'=>['+.netflix.com', '+.nflxvideo.net', '+.amazonaws.com', '+.media.dssott.com'], 'skip-domain'=>['+.apple.com', 'Mijia Cloud', 'dlg.io.mi.com', '+.oray.com', '+.sunlogin.net'], 'sniff'=>{'TLS'=>nil, 'HTTP'=>{'ports'=>[80, '8080-8880'], 'override-destination'=>true}}}"

    #Array Insert Value Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.*.*"

    #Array Insert Other Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--array
    #ruby_arr_insert_arr "$CONFIG_FILE" "['dns']['proxy-server-nameserver']" "0" "['https://doh.pub/dns-query','https://223.5.*.*:443/dns-query']"

    #Array Insert From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

    #Delete Array Value Demo:
    #1--config path
    #2--key name
    #3--value
    #ruby_delete "$CONFIG_FILE" "['dns']['nameserver']" "114.114.*.*"

    #Delete Key Demo:
    #1--config path
    #2--key name
    #3--key name
    #ruby_delete "$CONFIG_FILE" "['dns']" "nameserver"
    #ruby_delete "$CONFIG_FILE" "" "dns"

    #Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules
LOG_OUT "Tip: Start Add Custom Firewall Rules..."
nft 'insert rule inet fw4 openclash_output_v6 position 0 ip6 saddr & ::*:*:*:ffff == ::211:32ff:fed6:5748 counter return'
nft 'insert rule inet fw4 openclash_mangle_v6 position 0 ip6 saddr & ::*:*:*:ffff == ::211:32ff:fed6:5748 counter return'
# nft 'insert rule inet fw4 openclash_mangle_v6 position 0 ip6 saddr & ::*:*:*:ffff == ::211:32ff:fed6:5748 counter return'

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain


#IPv4 Mangle chain

# Generated by iptables-save v1.8.8 on Mon Feb 10 12:31:23 2025
*mangle
:PREROUTING ACCEPT [3058361:2678449025]
:INPUT ACCEPT [887845:687391972]
:FORWARD ACCEPT [2133653:1984491080]
:OUTPUT ACCEPT [542014:231253988]
:POSTROUTING ACCEPT [2674847:2215699898]
:mwan3_connected_ipv4 - [0:0]
:mwan3_custom_ipv4 - [0:0]
:mwan3_dynamic_ipv4 - [0:0]
:mwan3_hook - [0:0]
:mwan3_iface_in_10010 - [0:0]
:mwan3_iface_in_wan - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_ct_only - [0:0]
:mwan3_policy_cu_only - [0:0]
:mwan3_rules - [0:0]
-A PREROUTING -j mwan3_hook
-A OUTPUT -j mwan3_hook
-A mwan3_connected_ipv4 -m set --match-set mwan3_connected_ipv4 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_custom_ipv4 -m set --match-set mwan3_custom_ipv4 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_dynamic_ipv4 -m set --match-set mwan3_dynamic_ipv4 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_custom_ipv4
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected_ipv4
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_dynamic_ipv4
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_custom_ipv4
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected_ipv4
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_dynamic_ipv4
-A mwan3_iface_in_10010 -i pppoe-10010 -m set --match-set mwan3_custom_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_10010 -i pppoe-10010 -m set --match-set mwan3_connected_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_10010 -i pppoe-10010 -m set --match-set mwan3_dynamic_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_10010 -i pppoe-10010 -m mark --mark 0x0/0x3f00 -m comment --comment 10010 -j MARK --set-xmark 0x200/0x3f00
-A mwan3_iface_in_wan -i pppoe-wan -m set --match-set mwan3_custom_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_wan -i pppoe-wan -m set --match-set mwan3_connected_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_wan -i pppoe-wan -m set --match-set mwan3_dynamic_ipv4 src -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_iface_in_wan -i pppoe-wan -m mark --mark 0x0/0x3f00 -m comment --comment wan -j MARK --set-xmark 0x100/0x3f00
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_wan
-A mwan3_ifaces_in -m mark --mark 0x0/0x3f00 -j mwan3_iface_in_10010
-A mwan3_policy_ct_only -m mark --mark 0x0/0x3f00 -m comment --comment "wan 1 1" -j MARK --set-xmark 0x100/0x3f00
-A mwan3_policy_cu_only -m mark --mark 0x0/0x3f00 -m comment --comment "10010 1 1" -j MARK --set-xmark 0x200/0x3f00
-A mwan3_rules -m mark --mark 0x0/0x3f00 -j mwan3_policy_cu_only
COMMIT
# Completed on Mon Feb 10 12:31:23 2025

#IPv4 Filter chain

# Generated by iptables-save v1.8.8 on Mon Feb 10 12:31:23 2025
*filter
:INPUT ACCEPT [3139:1264650]
:FORWARD ACCEPT [1341:454919]
:OUTPUT ACCEPT [2782:1973987]
COMMIT
# Completed on Mon Feb 10 12:31:23 2025

#IPv6 NAT chain


#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.8 on Mon Feb 10 12:31:23 2025
*mangle
:PREROUTING ACCEPT [4485510:5537562009]
:INPUT ACCEPT [104975:23878787]
:FORWARD ACCEPT [4349599:5507559122]
:OUTPUT ACCEPT [109447:526237943]
:POSTROUTING ACCEPT [4458720:6033767876]
:mwan3_connected_ipv6 - [0:0]
:mwan3_custom_ipv6 - [0:0]
:mwan3_dynamic_ipv6 - [0:0]
:mwan3_hook - [0:0]
:mwan3_ifaces_in - [0:0]
:mwan3_policy_ct_only - [0:0]
:mwan3_policy_cu_only - [0:0]
:mwan3_rules - [0:0]
-A PREROUTING -j mwan3_hook
-A OUTPUT -j mwan3_hook
-A mwan3_connected_ipv6 -m set --match-set mwan3_connected_ipv6 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_custom_ipv6 -m set --match-set mwan3_custom_ipv6 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_dynamic_ipv6 -m set --match-set mwan3_dynamic_ipv6 dst -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j RETURN
-A mwan3_hook -p ipv6-icmp -m icmp6 --icmpv6-type 137 -j RETURN
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j CONNMARK --restore-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_ifaces_in
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_custom_ipv6
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_connected_ipv6
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_dynamic_ipv6
-A mwan3_hook -m mark --mark 0x0/0x3f00 -j mwan3_rules
-A mwan3_hook -j CONNMARK --save-mark --nfmask 0x3f00 --ctmask 0x3f00
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_custom_ipv6
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_connected_ipv6
-A mwan3_hook -m mark ! --mark 0x3f00/0x3f00 -j mwan3_dynamic_ipv6
-A mwan3_policy_ct_only -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
-A mwan3_policy_cu_only -m mark --mark 0x0/0x3f00 -m comment --comment default -j MARK --set-xmark 0x3f00/0x3f00
COMMIT
# Completed on Mon Feb 10 12:31:23 2025

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.8 on Mon Feb 10 12:31:23 2025
*filter
:INPUT ACCEPT [303:51654]
:FORWARD ACCEPT [22030:28554279]
:OUTPUT ACCEPT [358:723191]
COMMIT
# Completed on Mon Feb 10 12:31:23 2025

#===================== NFTABLES 防火墙设置 =====================#

table inet fw4 {
	chain input {
		type filter hook input priority filter; policy accept;
		iifname "pppoe-10010" ip6 saddr != @localnetwork6 counter packets 6 bytes 1309 jump openclash_wan6_input
		iifname "pppoe-wan" ip6 saddr != @localnetwork6 counter packets 0 bytes 0 jump openclash_wan6_input
		iifname "eth0.2" ip6 saddr != @localnetwork6 counter packets 0 bytes 0 jump openclash_wan6_input
		iifname "eth0.1" ip6 saddr != @localnetwork6 counter packets 0 bytes 0 jump openclash_wan6_input
		iifname "pppoe-10010" ip saddr != @localnetwork counter packets 522 bytes 188872 jump openclash_wan_input
		iifname "pppoe-wan" ip saddr != @localnetwork counter packets 5 bytes 228 jump openclash_wan_input
		iifname "eth0.2" ip saddr != @localnetwork counter packets 0 bytes 0 jump openclash_wan_input
		iifname "eth0.1" ip saddr != @localnetwork counter packets 0 bytes 0 jump openclash_wan_input
		iifname "lo" accept comment "!fw4: Accept traffic from loopback"
		ct state established,related accept comment "!fw4: Allow inbound established and related flows"
		tcp flags syn / fin,syn,rst,ack jump syn_flood comment "!fw4: Rate limit TCP syn packets"
		iifname "br-lan" jump input_lan comment "!fw4: Handle lan IPv4/IPv6 input traffic"
		iifname { "eth0.1", "eth0.2", "pppoe-wan", "pppoe-10010" } jump input_wan comment "!fw4: Handle wan IPv4/IPv6 input traffic"
	}
}
table inet fw4 {
	chain forward {
		type filter hook forward priority filter; policy drop;
		ct state established,related accept comment "!fw4: Allow forwarded established and related flows"
		iifname "br-lan" jump forward_lan comment "!fw4: Handle lan IPv4/IPv6 forward traffic"
		iifname { "eth0.1", "eth0.2", "pppoe-wan", "pppoe-10010" } jump forward_wan comment "!fw4: Handle wan IPv4/IPv6 forward traffic"
		jump handle_reject
	}
}
table inet fw4 {
	chain dstnat {
		type nat hook prerouting priority dstnat; policy accept;
		iifname "br-lan" jump dstnat_lan comment "!fw4: Handle lan IPv4/IPv6 dstnat traffic"
		iifname { "eth0.1", "eth0.2", "pppoe-wan", "pppoe-10010" } jump dstnat_wan comment "!fw4: Handle wan IPv4/IPv6 dstnat traffic"
		ip protocol tcp counter packets 149 bytes 8252 jump openclash
		ip6 nexthdr tcp counter packets 22 bytes 1680 jump openclash_v6
	}
}
table inet fw4 {
	chain srcnat {
		type nat hook postrouting priority srcnat; policy accept;
		oifname "br-lan" jump srcnat_lan comment "!fw4: Handle lan IPv4/IPv6 srcnat traffic"
		oifname { "eth0.1", "eth0.2", "pppoe-wan", "pppoe-10010" } jump srcnat_wan comment "!fw4: Handle wan IPv4/IPv6 srcnat traffic"
	}
}
table inet fw4 {
	chain nat_output {
		type nat hook output priority filter - 1; policy accept;
		ip protocol tcp counter packets 74 bytes 4444 jump openclash_output
		meta nfproto ipv6 counter packets 11 bytes 906 jump openclash_output_v6
	}
}
table inet fw4 {
	chain mangle_prerouting {
		type filter hook prerouting priority mangle; policy accept;
		ip protocol udp counter packets 1488 bytes 456100 jump openclash_mangle
		meta nfproto ipv6 counter packets 23555 bytes 30104221 jump openclash_mangle_v6
	}
}
table inet fw4 {
	chain mangle_output {
		type route hook output priority mangle; policy accept;
		ip protocol udp counter packets 374 bytes 54646 jump openclash_mangle_output
		meta nfproto ipv6 counter packets 360 bytes 723323 jump openclash_mangle_output_v6
	}
}
table inet fw4 {
	chain openclash {
		meta nfproto ipv4 tcp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv4 tcp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv4 tcp sport 45554 counter packets 0 bytes 0 return
		meta nfproto ipv4 tcp sport 55555 counter packets 0 bytes 0 return
		ip daddr @localnetwork counter packets 72 bytes 4180 return
		ct direction reply counter packets 0 bytes 0 return
		ip saddr @lan_ac_black_ips counter packets 0 bytes 0 return
		ether saddr @lan_ac_black_macs counter packets 0 bytes 0 return
		ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 4 bytes 244 return
		ip protocol tcp counter packets 73 bytes 3828 redirect to :7892
	}
}
table inet fw4 {
	chain openclash_mangle {
		meta nfproto ipv4 udp sport 55784 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* udp sport 53 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* udp sport 51820 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* udp sport 37755 counter packets 16 bytes 4361 return
		ip saddr 192.168.*.* udp sport 52280 counter packets 0 bytes 0 return
		ip daddr @localnetwork counter packets 994 bytes 382038 return
		ct direction reply counter packets 471 bytes 70776 return
		ip saddr @lan_ac_black_ips counter packets 0 bytes 0 return
		ether saddr @lan_ac_black_macs counter packets 0 bytes 0 return
		ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 7 bytes 515 return
		ip protocol udp counter packets 6 bytes 456 jump openclash_upnp
		meta l4proto udp meta mark set 0x00000162 tproxy ip to 127.0.*.*:7895 counter packets 6 bytes 456 accept
	}
}
table inet fw4 {
	chain openclash_mangle_output {
		meta nfproto ipv4 udp sport 55784 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 500 counter packets 0 bytes 0 return
		meta nfproto ipv4 udp sport 68 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* udp sport 53 counter packets 57 bytes 7503 return
		ip saddr 192.168.*.* udp sport 51820 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* udp sport 37755 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* udp sport 52280 counter packets 0 bytes 0 return
		meta skgid 65534 counter packets 187 bytes 36718 return
		ip daddr @localnetwork counter packets 102 bytes 7501 return
		ct direction reply counter packets 0 bytes 0 return
		ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 28 bytes 2924 return
		meta l4proto udp meta mark set 0x00000162 counter packets 0 bytes 0 accept
	}
}
table inet fw4 {
	chain openclash_output {
		meta nfproto ipv4 tcp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv4 tcp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv4 tcp sport 45554 counter packets 0 bytes 0 return
		meta nfproto ipv4 tcp sport 55555 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* tcp sport 48089 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* tcp sport 51820 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* tcp sport 37755 counter packets 0 bytes 0 return
		ip saddr 192.168.*.* tcp sport 52280 counter packets 0 bytes 0 return
		meta skgid 65534 counter packets 34 bytes 2044 return
		ip daddr @localnetwork counter packets 36 bytes 2160 return
		ct direction reply counter packets 0 bytes 0 return
		ip daddr @china_ip_route ip daddr != @china_ip_route_pass counter packets 0 bytes 0 return
		ip protocol tcp counter packets 4 bytes 240 redirect to :7892
	}
}
table inet fw4 {
	chain openclash_wan_input {
		meta l4proto { tcp, udp } th dport { 7874, 7891, 7892, 7893, 7895, 9090, 56789 } counter packets 0 bytes 0 reject
	}
}
table inet fw4 {
	chain openclash_v6 {
		meta nfproto ipv6 tcp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 45554 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 55555 counter packets 0 bytes 0 return
		ip6 daddr @localnetwork6 counter packets 4 bytes 288 return
		ct direction reply counter packets 0 bytes 0 return
		ip6 saddr @lan_ac_black_ipv6s counter packets 0 bytes 0 return
		ether saddr @lan_ac_black_macs counter packets 0 bytes 0 return
		ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 0 bytes 0 return
		ip6 nexthdr tcp counter packets 19 bytes 1464 redirect to :7892
	}
}
table inet fw4 {
	chain openclash_mangle_v6 {
		ip6 saddr & ::*:*:*:ffff == ::211:32ff:fed6:5748 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 55784 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 45554 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 55555 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
		ip6 daddr @localnetwork6 counter packets 20959 bytes 30166375 return
		ct direction reply counter packets 0 bytes 0 return
		ip6 saddr @lan_ac_black_ipv6s counter packets 0 bytes 0 return
		ether saddr @lan_ac_black_macs counter packets 0 bytes 0 return
		ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 2505 bytes 150300 return
		ip6 nexthdr udp meta mark set 0x00000162 tproxy ip6 to :7895 counter packets 16 bytes 8320 accept comment "OpenClash UDP Tproxy"
	}
}
table inet fw4 {
	chain openclash_mangle_output_v6 {
		meta nfproto ipv6 udp sport 55784 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 45554 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 55555 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 500 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 546 counter packets 0 bytes 0 return
		meta nfproto ipv6 udp sport 37755 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 37755 counter packets 0 bytes 0 return
		meta skgid 65534 counter packets 301 bytes 724251 return
		ip6 daddr @localnetwork6 counter packets 58 bytes 7168 return
		ct direction reply counter packets 0 bytes 0 return
		ip6 nexthdr udp meta mark set 0x00000162 counter packets 0 bytes 0
	}
}
table inet fw4 {
	chain openclash_output_v6 {
		ip6 saddr & ::*:*:*:ffff == ::211:32ff:fed6:5748 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 55444 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 30088 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 45554 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 55555 counter packets 0 bytes 0 return
		meta nfproto ipv6 tcp sport 37755 counter packets 0 bytes 0 return
		ip6 daddr @localnetwork6 counter packets 2 bytes 170 return
		ct direction reply counter packets 0 bytes 0 return
		ip6 daddr @china_ip6_route ip6 daddr != @china_ip6_route_pass counter packets 1 bytes 80 return
		ip6 nexthdr tcp counter packets 7 bytes 560 redirect to :7892
	}
}
table inet fw4 {
	chain openclash_wan6_input {
		ip6 nexthdr { tcp, udp } th dport { 7874, 7891, 7892, 7893, 7895, 9090, 56789 } counter packets 0 bytes 0 reject with icmpv6 port-unreachable
	}
}

#===================== IPSET状态 =====================#

Name: mwan3_dynamic_ipv6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xad7001a3
Size in memory: 1240
References: 1
Number of entries: 0

Name: mwan3_connected_ipv4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0x013926fc
Size in memory: 744
References: 3
Number of entries: 6

Name: mwan3_connected_ipv6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xec8167d2
Size in memory: 1672
References: 1
Number of entries: 6

Name: mwan3_custom_ipv4
Type: hash:net
Revision: 7
Header: family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb55e9c06
Size in memory: 456
References: 3
Number of entries: 0

Name: mwan3_custom_ipv6
Type: hash:net
Revision: 7
Header: family inet6 hashsize 1024 maxelem 65536 bucketsize 12 initval 0x940eb13a
Size in memory: 1240
References: 1
Number of entries: 0

Name: mwan3_dynamic_ipv4
Type: list:set
Revision: 3
Header: size 8
Size in memory: 80
References: 3
Number of entries: 0

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.*.*         101.204.*.*    0.0.*.*         UG    20     0        0 pppoe-10010
0.0.*.*         125.70.*.*     0.0.*.*         UG    100    0        0 pppoe-wan
101.204.*.*    0.0.*.*         255.255.*.* UH    0      0        0 pppoe-10010
125.70.*.*     0.0.*.*         255.255.*.* UH    0      0        0 pppoe-wan
192.168.*.*     0.0.*.*         255.255.*.*   U     0      0        0 eth0.2
192.168.*.*     0.0.*.*         255.255.*.*   U     0      0        0 br-lan
192.168.*.*   0.0.*.*         255.255.*.*   U     0      0        0 eth0.1

#ip route list
default via 101.204.*.* dev pppoe-10010 proto static metric 20 
default via 125.70.*.* dev pppoe-wan proto static metric 100 
101.204.*.* dev pppoe-10010 proto kernel scope link src 101.204.*.* 
125.70.*.* dev pppoe-wan proto kernel scope link src 125.70.*.* 
192.168.*.*/24 dev eth0.2 proto kernel scope link src 192.168.*.* 
192.168.*.*/24 dev br-lan proto kernel scope link src 192.168.*.* 
192.168.*.*/24 dev eth0.1 proto kernel scope link src 192.168.*.* 

#ip rule show
0:	from all lookup local
1000:	from all fwmark 0x162 lookup 354
1001:	from all iif pppoe-wan lookup 1
1002:	from all iif pppoe-10010 lookup 2
2001:	from all fwmark 0x100/0x3f00 lookup 1
2002:	from all fwmark 0x200/0x3f00 lookup 2
2061:	from all fwmark 0x3d00/0x3f00 blackhole
2062:	from all fwmark 0x3e00/0x3f00 unreachable
3001:	from all fwmark 0x100/0x3f00 unreachable
3002:	from all fwmark 0x200/0x3f00 unreachable
10000:	from 125.70.*.* lookup main
20000:	from all to 125.70.*.* lookup main
32766:	from all lookup main
32767:	from all lookup default
90009:	from all iif lo lookup main

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   3        0 lo      
::/0                                        fe80::*:*:*:daa0               UG    512    4        0 pppoe-10010
::/0                                        fe80::*:*:*:daa0               UG    512    3        0 pppoe-10010
::/0                                        fe80::*:*:*:7700               UG    512    3        0 pppoe-wan
::/0                                        fe80::*:*:*:7700               UG    512    4        0 pppoe-wan
2408:*:*:*::/64                      ::                                      !n    2147483647 4        0 lo      
2408:*:*:*::/64                     ::                                      U     1024   3        0 br-lan  
2408:*:*:*::/64                     ::                                      !n    2147483647 1        0 lo      
240e:*:*:*::/64                       ::                                      !n    2147483647 5        0 lo      
240e:*:*:*::/60                       ::                                      !n    2147483647 2        0 lo      
fe80::*:*:*:6379/128                ::                                      U     256    1        0 pppoe-10010
fe80::*:*:*:daa0/128               ::                                      U     256    1        0 pppoe-10010
fe80::*:*:*:c570/128               ::                                      U     256    1        0 pppoe-wan
fe80::*:*:*:cc68/128               ::                                      U     256    4        0 pppoe-wan
fe80::/64                                   ::                                      U     256    3        0 br-lan  
fe80::/64                                   ::                                      U     256    2        0 eth0.1  
fe80::/64                                   ::                                      U     256    1        0 eth0.2  
::/0                                        ::                                      !n    -1     2        0 lo      
::1/128                                     ::                                      Un    0      5        0 lo      
2408:*:*:*::/128                     ::                                      Un    0      3        0 pppoe-10010
2408:*:*:*:8add:d42:66dc:6379/128    ::                                      Un    0      4        0 pppoe-10010
2408:*:*:*::/128                    ::                                      Un    0      3        0 br-lan  
2408:*:*:*:88dd:dff:fedc:637a/128   ::                                      Un    0      5        0 br-lan  
240e:*:*:*::/128                      ::                                      Un    0      3        0 pppoe-wan
240e:*:*:*:dc2e:d535:de2c:cc68/128    ::                                      Un    0      6        0 pppoe-wan
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 eth0.2  
fe80::/128                                  ::                                      Un    0      3        0 eth0.1  
fe80::*:*:*:6379/128                ::                                      Un    0      2        0 eth0.2  
fe80::*:*:*:6379/128                ::                                      Un    0      3        0 eth0.1  
fe80::*:*:*:637a/128                ::                                      Un    0      8        0 br-lan  
fe80::*:*:*:6379/128                ::                                      Un    0      3        0 pppoe-10010
fe80::*:*:*:cc68/128               ::                                      Un    0      4        0 pppoe-wan
ff00::/8                                    ::                                      U     256    4        0 br-lan  
ff00::/8                                    ::                                      U     256    2        0 eth0.1  
ff00::/8                                    ::                                      U     256    2        0 eth0.2  
ff00::/8                                    ::                                      U     256    3        0 pppoe-wan
ff00::/8                                    ::                                      U     256    3        0 pppoe-10010
::/0                                        ::                                      !n    -1     2        0 lo      

#ip -6 route list
default from 2408:*:*:*::/64 via fe80::ce1a:faff:feee:daa0 dev pppoe-10010 proto static metric 512 pref medium
default from 2408:*:*:*::/64 via fe80::ce1a:faff:feee:daa0 dev pppoe-10010 proto static metric 512 pref medium
default from 240e:*:*:*::/64 via fe80::d6c1:c8ff:fe9a:7700 dev pppoe-wan proto static metric 512 pref medium
default from 240e:*:*:*::/60 via fe80::d6c1:c8ff:fe9a:7700 dev pppoe-wan proto static metric 512 pref medium
unreachable 2408:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
2408:*:*:*::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2408:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
unreachable 240e:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
unreachable 240e:*:*:*::/60 dev lo proto static metric 2147483647 pref medium
fe80::*:*:*:6379 dev pppoe-10010 proto kernel metric 256 pref medium
fe80::*:*:*:daa0 dev pppoe-10010 proto kernel metric 256 pref medium
fe80::*:*:*:c570 dev pppoe-wan proto kernel metric 256 pref medium
fe80::*:*:*:cc68 dev pppoe-wan proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0.1 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium

#ip -6 rule show
0:	from all lookup local
2060:	from all fwmark 0x162 lookup 354
2061:	from all fwmark 0x3d00/0x3f00 blackhole
2062:	from all fwmark 0x3e00/0x3f00 unreachable
32766:	from all lookup main
4200000000:	from 2408:*:*:*:88dd:dff:fedc:637a/64 iif br-lan unreachable
4200000009:	from all iif pppoe-wan failed_policy

#===================== 端口占用状态 =====================#

tcp        0      0 192.168.*.*:10888       0.0.*.*:*               LISTEN      29650/clash
tcp        0      0 :::56789                :::*                    LISTEN      29650/clash
tcp        0      0 :::45554                :::*                    LISTEN      29650/clash
tcp        0      0 :::55555                :::*                    LISTEN      29650/clash
tcp        0      0 :::7893                 :::*                    LISTEN      29650/clash
tcp        0      0 :::7892                 :::*                    LISTEN      29650/clash
tcp        0      0 :::7895                 :::*                    LISTEN      29650/clash
tcp        0      0 :::7891                 :::*                    LISTEN      29650/clash
tcp        0      0 :::7874                 :::*                    LISTEN      29650/clash
tcp        0      0 :::9090                 :::*                    LISTEN      29650/clash
udp        0      0 192.168.*.*:10888       0.0.*.*:*                           29650/clash
udp        0      0 :::55444                :::*                                29650/clash
udp        0      0 :::56506                :::*                                29650/clash
udp        0      0 :::55555                :::*                                29650/clash
udp        0      0 :::36243                :::*                                29650/clash
udp        0      0 :::45554                :::*                                29650/clash
udp        0      0 :::7874                 :::*                                29650/clash
udp        0      0 :::7891                 :::*                                29650/clash
udp        0      0 :::7892                 :::*                                29650/clash
udp        0      0 :::7893                 :::*                                29650/clash
udp        0      0 :::7895                 :::*                                29650/clash
udp        0      0 :::37689                :::*                                29650/clash

#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:		127.0.*.*
Address:	127.0.*.*:53

www.baidu.com	canonical name = www.a.shifen.com
Name:	www.a.shifen.com
Address: 183.2.*.*
Name:	www.a.shifen.com
Address: 183.2.*.*

www.baidu.com	canonical name = www.a.shifen.com
Name:	www.a.shifen.com
Address: 240e:*:*:*:0:ff:b042:f296
Name:	www.a.shifen.com
Address: 240e:*:*:*:0:ff:b014:8e8b


#===================== 测试内核DNS查询(www.instagram.com) =====================#

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 1
  Qclass: 1

Answer: 
  TTL: 3524
  data: z-p42-instagram.c10r.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 33
  data: 163.70.*.*
  name: z-p42-instagram.c10r.instagram.com.
  type: 1

Status: 0
TC: false
RD: true
RA: true
AD: false
CD: false

Question: 
  Name: www.instagram.com.
  Qtype: 28
  Qclass: 1

Answer: 
  TTL: 3564
  data: z-p42-instagram.c10r.instagram.com.
  name: www.instagram.com.
  type: 5

  TTL: 24
  data: 2a03:*:*:*:face:b00c:0:4420
  name: z-p42-instagram.c10r.instagram.com.
  type: 28


Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.auto =====================#

# Interface 10010_6
nameserver 2408:8001:7000::
search sccnc
# Interface lan
nameserver 192.168.*.*
# Interface wan_6
nameserver 240e:*:*:*::69
nameserver 240e:56:4000::218
# Interface 10010
nameserver 119.6.*.*
nameserver 114.114.*.*
# Interface wan
nameserver 61.139.*.*
nameserver 218.6.*.*

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface 10010_6
nameserver 2408:8001:7000::
search sccnc
# Interface lan
nameserver 192.168.*.*
# Interface wan_6
nameserver 240e:*:*:*::69
nameserver 240e:56:4000::218
# Interface 10010
nameserver 119.6.*.*
nameserver 114.114.*.*
# Interface wan
nameserver 61.139.*.*
nameserver 218.6.*.*

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Bdpagetype: 1
Bdqid: 0xcd38df7203d7d6d0
Connection: keep-alive
Content-Length: 511198
Content-Type: text/html; charset=utf-8
Date: Mon, 10 Feb 2025 04:31:24 GMT
Server: BWS/1.1
Set-Cookie: BIDUPSID=70EE79BAE186B7B049168CEF8469DC04; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: PSTM=1739161884; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com
Set-Cookie: BDSVRTM=0; path=/
Set-Cookie: BD_HOME=1; path=/
Set-Cookie: BAIDUID=70EE79BAE186B7B049168CEF8469DC04:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000
Set-Cookie: BAIDUID_BFESS=70EE79BAE186B7B049168CEF8469DC04:FG=1; Path=/; Domain=baidu.com; Max-Age=31536000; Secure; SameSite=None
Traceid: 1739161884161459917814787815057254766288
Vary: Accept-Encoding
X-Ua-Compatible: IE=Edge,chrome=1
X-Xss-Protection: 1;mode=block


#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/2 200 
cache-control: max-age=300
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
content-type: text/plain; charset=utf-8
etag: "f6037a93c68519d7041a3b4df325b61c424ec255b45dfeb063371319e39b0d96"
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 1; mode=block
x-github-request-id: 56BF:C6FC4:459B61:59BCDA:67A97919
accept-ranges: bytes
date: Mon, 10 Feb 2025 04:31:25 GMT
via: 1.1 varnish
x-served-by: cache-hkg17930-HKG
x-cache: HIT
x-cache-hits: 0
x-timer: S1739161885.859433,VS0,VE333
vary: Authorization,Accept-Encoding,Origin
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: 5ad9a5d2698b346b28544353bb2311f47a482e09
expires: Mon, 10 Feb 2025 04:36:25 GMT
source-age: 0
content-length: 1071


#===================== 最近运行日志(自动切换为Debug模式) =====================#

time="2025-02-10T04:31:32.969466780Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:32.970194636Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:32.970236023Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:32.970591229Z" level=info msg="[TCP] [2408:*:*:*:7c2d:cd0:bd1:9535]:51845 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:32.970768565Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:88dd:dff:fedc:637a:45248] to [go.microsoft.com:443]"
time="2025-02-10T04:31:32.970790728Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:32.971474069Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:45248 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:33.127871781Z" level=debug msg="[DNS] cache hit api.miwifi.com --> [] AAAA, expire at 2025-02-10 04:32:30"
time="2025-02-10T04:31:33.127997759Z" level=debug msg="[DNS] cache hit api.miwifi.com --> [220.181.*.* 106.38.*.* 220.181.*.* 106.120.*.*] A, expire at 2025-02-10 04:31:36"
time="2025-02-10T04:31:33.128048433Z" level=debug msg="[DNS] cache hit api.miwifi.com --> [] AAAA, expire at 2025-02-10 04:32:30"
time="2025-02-10T04:31:33.128124443Z" level=debug msg="[DNS] cache hit api.miwifi.com --> [220.181.*.* 106.38.*.* 220.181.*.* 106.120.*.*] A, expire at 2025-02-10 04:31:36"
time="2025-02-10T04:31:33.158611903Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:33.159435484Z" level=info msg="[UDP] [2408:*:*:*:3cce:90f8:3970:3c23]:58029 --> time.apple.com:123 match RuleSet(Apple) using Apple[DIRECT]"
time="2025-02-10T04:31:34.920678208Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.921027792Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.929808027Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:30b7:e14c:c679:888e]:2549]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.929849234Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.930858640Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.930899284Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.931262191Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2549 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:34.931483896Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:88dd:dff:fedc:637a]:45262]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.931511263Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.932191808Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:45262 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:34.937407271Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:30b7:e14c:c679:888e]:2550]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.937446302Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.938148011Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.938184561Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.938464013Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2550 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:34.938636536Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:88dd:dff:fedc:637a]:55398]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.938668173Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.939362365Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55398 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:34.954499690Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:30b7:e14c:c679:888e]:2551]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.954543522Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.955320082Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.955354041Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.955605134Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2551 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:34.955799802Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:88dd:dff:fedc:637a]:55400]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.955824365Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.956505460Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55400 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:34.963200919Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:30b7:e14c:c679:888e:2552] to [go.microsoft.com:443]"
time="2025-02-10T04:31:34.963231440Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.963959807Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.964012386Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.964289290Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2552 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:34.964426382Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:88dd:dff:fedc:637a:55406] to [go.microsoft.com:443]"
time="2025-02-10T04:31:34.964452736Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.965121120Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55406 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:34.969719062Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:30b7:e14c:c679:888e]:2553]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.969749900Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.970428396Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.970507337Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.970800235Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2553 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:34.970922464Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:88dd:dff:fedc:637a]:55416]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.970955713Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.971632752Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55416 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:34.975901789Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:30b7:e14c:c679:888e:2554] to [go.microsoft.com:443]"
time="2025-02-10T04:31:34.975932682Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.976608344Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.976667296Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.976925428Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2554 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:34.977071886Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:88dd:dff:fedc:637a:55420] to [go.microsoft.com:443]"
time="2025-02-10T04:31:34.977097619Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.977746666Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55420 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:34.993886038Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:30b7:e14c:c679:888e]:2555]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.993931174Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.994698774Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:34.994748437Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:34.995008063Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2555 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:34.995154577Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:88dd:dff:fedc:637a]:55424]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:34.995180336Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:34.995882571Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55424 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:35.006210869Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:30b7:e14c:c679:888e:2556] to [go.microsoft.com:443]"
time="2025-02-10T04:31:35.006243286Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:35.006994984Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:35.007034367Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:35.007299594Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2556 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:35.007476665Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:88dd:dff:fedc:637a:55426] to [go.microsoft.com:443]"
time="2025-02-10T04:31:35.007514322Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:35.008234275Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55426 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:35.016222671Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:30b7:e14c:c679:888e]:2557]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:35.016254908Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:35.016961774Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:35.017016051Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:35.017284752Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2557 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:35.017441318Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:88dd:dff:fedc:637a]:55434]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:35.017477677Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:35.018161053Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55434 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:35.024098454Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:30b7:e14c:c679:888e:2558] to [go.microsoft.com:443]"
time="2025-02-10T04:31:35.024129750Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:35.024852244Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:35.024912307Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:35.025170229Z" level=info msg="[TCP] [2408:*:*:*:30b7:e14c:c679:888e]:2558 --> go.microsoft.com:443 match RuleSet(Microsoft) using Microsoft[DIRECT]"
time="2025-02-10T04:31:35.025337240Z" level=debug msg="[Sniffer] All sniffing sniff failed with from [2408:*:*:*:88dd:dff:fedc:637a:55436] to [go.microsoft.com:443]"
time="2025-02-10T04:31:35.025375773Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:35.026038429Z" level=warning msg="[TCP] dial Microsoft (match RuleSet/Microsoft) [2408:*:*:*:88dd:dff:fedc:637a]:55436 --> go.microsoft.com:443 error: reject loopback connection to: go.microsoft.com:443"
time="2025-02-10T04:31:35.034278280Z" level=debug msg="[Sniffer] Sniff tcp [[2408:*:*:*:30b7:e14c:c679:888e]:2559]-->[go.microsoft.com:443] success, replace domain [go.microsoft.com]-->[go.microsoft.com]"
time="2025-02-10T04:31:35.034319478Z" level=debug msg="[Rule] use default rules"
time="2025-02-10T04:31:35.035027027Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [96.16.*.*] A, expire at 2025-02-10 04:31:58"
time="2025-02-10T04:31:35.035051079Z" level=debug msg="[DNS] cache hit go.microsoft.com --> [2600:*:*:*::2c1a 2600:140b:2:999::2c1a] AAAA, expire at 2025-02-10 04:31:39"
time="2025-02-10T04:31:35.109084761Z" level=debug msg="[DNS] cache hit api.miwifi.com --> [220.181.*.* 106.38.*.* 220.181.*.* 106.120.*.*] A, expire at 2025-02-10 04:31:36"

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#

Expected Behavior

ipv6直连流量正常

Additional Context

No response

The text was updated successfully, but these errors were encountered:

john5du added the bug Something isn't working label Feb 10, 2025

vernesong added a commit that referenced this issue Feb 11, 2025

#4321

ec81125

spirillen mentioned this issue Feb 19, 2025

rule-34.net mypdns/matrix#106098

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] ipv6 Redirect 模式下直连会出现reject loopback connection #4321

[Bug] ipv6 Redirect 模式下直连会出现reject loopback connection #4321

john5du commented Feb 10, 2025

[Bug] ipv6 Redirect 模式下直连会出现reject loopback connection #4321

[Bug] ipv6 Redirect 模式下直连会出现reject loopback connection #4321

Comments

john5du commented Feb 10, 2025

Verify Steps

OpenClash Version

Bug on Environment

OpenWrt Version

Bug on Platform

Describe the Bug

To Reproduce

OpenClash Log

OpenClash Config

Expected Behavior

Additional Context