[Bug] 升级至v0.46.075后订阅更新失败 #4349

adidas8 · 2025-02-27T04:04:21Z

Verify Steps

Tracker 我已经在 Issue Tracker 中找过我要提出的问题
Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
Relevant 我知道 OpenClash 与内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
Definite 这确实是 OpenClash 出现的问题
Contributors 我有能力协助 OpenClash 开发并解决此问题
Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.075

Bug on Environment

Immortalwrt

OpenWrt Version

GoldenOrb-Version-1 ( ImmortalWrt 21.02-SNAPSHOT ) / LuCI openwrt-21.02 branch git-23.093.57360-e98243e

Bug on Platform

Linux-armv7

Describe the Bug

点击配置更新按钮日志无反应，退回至v0.46.064就没问题

To Reproduce

只能通过上传配置才能使用

OpenClash Log

OpenClash 调试日志

生成时间: 2025-02-27 11:55:49
插件版本: 0.46.076
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息



#===================== 系统信息 =====================#

主机型号: Ruijie RG-MTFi-M520
固件版本: ImmortalWrt 21.02-SNAPSHOT r19108-840b239ddd
LuCI版本: git-22.009.24417-8e16151
内核版本: 5.4.163
处理器架构: arm_cortex-a15_neon-vfpv4

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: hybrid

DNS劫持: Firewall 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
dnsmasq-full(ipset): 已安装
dnsmasq-full(nftset): 未安装
bash: 已安装
curl: 已安装
ca-bundle: 已安装
ipset: 已安装
ip-full: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 未安装
kmod-ipt-extra: 未安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 未运行
已选择的架构: linux-armv7

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限

Meta内核版本: alpha-gd81c19a
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/config.yaml
启动配置文件: /etc/openclash/config.yaml
运行模式: fake-ip-tun
默认代理模式: rule
UDP流量转发(tproxy): 停用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 启用

#===================== 配置文件 =====================#


#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
#Config Path
CONFIG_FILE="$1"

    #Simple Demo:
    #Key Overwrite Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
    #ruby_edit "$CONFIG_FILE" "['dns']['proxy-server-nameserver']" "['https://doh.pub/dns-query','https://223.5.*.*:443/dns-query']"

    #Hash Overwrite Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['dns']['nameserver-policy']" "{'+.msftconnecttest.com'=>'114.114.*.*', '+.msftncsi.com'=>'114.114.*.*', 'geosite:gfw'=>['https://dns.cloudflare.com/dns-query', 'https://dns.google/dns-query#ecs=1.1.*.*/24&ecs-override=true'], 'geosite:cn'=>['114.114.*.*'], 'geosite:geolocation-!cn'=>['https://dns.cloudflare.com/dns-query', 'https://dns.google/dns-query#ecs=1.1.*.*/24&ecs-override=true']}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'enable'=>true, 'parse-pure-ip'=>true, 'force-domain'=>['+.netflix.com', '+.nflxvideo.net', '+.amazonaws.com', '+.media.dssott.com'], 'skip-domain'=>['+.apple.com', 'Mijia Cloud', 'dlg.io.mi.com', '+.oray.com', '+.sunlogin.net'], 'sniff'=>{'TLS'=>nil, 'HTTP'=>{'ports'=>[80, '8080-8880'], 'override-destination'=>true}}}"

    #Hash Merge Demo
    #1--config path
    #2--key name
    #3--hash
    #ruby_merge_hash "$CONFIG_FILE" "['proxy-providers']" "'TW'=>{'type'=>'http', 'path'=>'./proxy_provider/TW.yaml', 'url'=>'https://gist.githubusercontent.com/raw/tw_clash', 'interval'=>3600, 'health-check'=>{'enable'=>true, 'url'=>'http://cp.cloudflare.com/generate_204', 'interval'=>300}}"
    #ruby_merge_hash "$CONFIG_FILE" "['rule-providers']" "'Reject'=>{'type'=>'http', 'behavior'=>'classical', 'url'=>'https://testingcf.jsdelivr.net/gh/dler-io/Rules@main/Clash/Provider/Reject.yaml', 'path'=>'./rule_provider/Reject', 'interval'=>86400}"

    #Array Insert Value Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.*.*"

    #Array Insert Hash Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--hash
    #ruby_arr_insert_hash "$CONFIG_FILE" "['proxy-groups']" "0" "{'name'=>'Disney', 'type'=>'select', 'disable-udp'=>false, 'use'=>['TW', 'SG', 'HK']}"
    #ruby_arr_insert_hash "$CONFIG_FILE" "['proxies']" "0" "{'name'=>'HKG 01', 'type'=>'ss', 'server'=>'cc.hd.abc', 'port'=>'12345', 'cipher'=>'aes-128-gcm', 'password'=>'123456', 'udp'=>true, 'plugin'=>'obfs', 'plugin-opts'=>{'mode'=>'http', 'host'=>'microsoft.com'}}"
    #ruby_arr_insert_hash "$CONFIG_FILE" "['listeners']" "0" "{'name'=>'name', 'type'=>'shadowsocks', 'port'=>'12345', 'listen'=>'0.0.*.*', 'rule'=>'sub-rule-1', 'proxy'=>'proxy'}"

    #Array Insert Other Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--array
    #ruby_arr_insert_arr "$CONFIG_FILE" "['dns']['proxy-server-nameserver']" "0" "['https://doh.pub/dns-query','https://223.5.*.*:443/dns-query']"

    #Array Insert From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

    #Delete Array Value Demo:
    #1--config path
    #2--key name
    #3--value
    #ruby_delete "$CONFIG_FILE" "['dns']['nameserver']" "114.114.*.*"

    #Delete Key Demo:
    #1--config path
    #2--key name
    #3--key name
    #ruby_delete "$CONFIG_FILE" "['dns']" "nameserver"
    #ruby_delete "$CONFIG_FILE" "" "dns"

    #Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.7 on Thu Feb 27 11:55:52 2025
*nat
:PREROUTING ACCEPT [328:59465]
:INPUT ACCEPT [340:21519]
:OUTPUT ACCEPT [631:44027]
:POSTROUTING ACCEPT [540:36005]
:PSW - [0:0]
:PSW_DNS - [0:0]
:PSW_OUTPUT - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -m comment --comment "\'PSW\'" -m mark --mark 0x1 -j RETURN
-A PREROUTING -j PSW_DNS
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -p tcp -j PSW
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i eth0.2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i wwan0 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i wan2 -m comment --comment "!fw3" -j zone_wan_prerouting
-A OUTPUT -o lo -p udp -m comment --comment "\'PSW_DNS\'" -m udp --dport 53 -j REDIRECT --to-ports 11400
-A OUTPUT -o lo -p tcp -m comment --comment "\'PSW_DNS\'" -m tcp --dport 53 -j REDIRECT --to-ports 11400
-A OUTPUT -p tcp -j PSW_OUTPUT
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o eth0.2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o wwan0 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o wan2 -m comment --comment "!fw3" -j zone_wan_postrouting
-A PSW -m set --match-set passwall_lan dst -j RETURN
-A PSW -m set --match-set passwall_vps dst -j RETURN
-A PSW -d 10.246.*.*/32 -m comment --comment "\'WAN_IP_RETURN\'" -j RETURN
-A PSW -m comment --comment "\'默认\'" -m set --match-set passwall_white dst -j RETURN
-A PSW -d 198.18.*.*/15 -p tcp -m comment --comment "\'默认\'" -j REDIRECT --to-ports 1041
-A PSW -p tcp -m comment --comment "\'默认\'" -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -m set --match-set passwall_black dst -j REDIRECT --to-ports 1041
-A PSW -p tcp -m comment --comment "\'默认\'" -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -m set --match-set passwall_gfw dst -j REDIRECT --to-ports 1041
-A PSW -p tcp -m comment --comment "\'默认\'" -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -m set --match-set passwall_chn dst -m mark ! --mark 0x1 -j RETURN
-A PSW -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW_DNS -p udp -m comment --comment "\'默认\'" -m udp --dport 53 -j REDIRECT --to-ports 11400
-A PSW_DNS -p tcp -m comment --comment "\'默认\'" -m tcp --dport 53 -j REDIRECT --to-ports 11400
-A PSW_OUTPUT -d 208.87.*.*/32 -p tcp -m comment --comment "\'208.87.*.*:63721\'" -m tcp --dport 63721 -j RETURN
-A PSW_OUTPUT -d 108.181.*.*/32 -p tcp -m comment --comment "\'108.181.*.*:11512\'" -m tcp --dport 11512 -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_lan dst -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_vps dst -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_white dst -j RETURN
-A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW_OUTPUT -d 198.18.*.*/15 -p tcp -j REDIRECT --to-ports 1041
-A PSW_OUTPUT -p tcp -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -m set --match-set passwall_black dst -j REDIRECT --to-ports 1041
-A PSW_OUTPUT -p tcp -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -m set --match-set passwall_gfw dst -j REDIRECT --to-ports 1041
-A PSW_OUTPUT -p tcp -m multiport --dports 22,25,53,143,465,587,853,993,995,80,443 -m set --match-set passwall_chn dst -m mark ! --mark 0x1 -j RETURN
-A prerouting_lan_rule -p udp -m udp --dport 53 -j REDIRECT --to-ports 53
-A prerouting_lan_rule -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 53
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j FULLCONENAT
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -m comment --comment "!fw3" -j FULLCONENAT
COMMIT
# Completed on Thu Feb 27 11:55:52 2025

#IPv4 Mangle chain

# Generated by iptables-save v1.8.7 on Thu Feb 27 11:55:52 2025
*mangle
:PREROUTING ACCEPT [29509:22484684]
:INPUT ACCEPT [33536:22847061]
:FORWARD ACCEPT [1097:192054]
:OUTPUT ACCEPT [15565:21746061]
:POSTROUTING ACCEPT [16613:21936155]
:PSW - [0:0]
:PSW_DIVERT - [0:0]
:PSW_OUTPUT - [0:0]
:PSW_RULE - [0:0]
-A PREROUTING -p udp -m conntrack --ctstate NEW -m udp --dport 53 -j MARK --set-xmark 0x800099/0x8000ff
-A PREROUTING -p tcp -m socket -j PSW_DIVERT
-A PREROUTING -j PSW
-A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -o lo -m comment --comment "\'mangle-OUTPUT-PSW\'" -j RETURN
-A OUTPUT -p udp -m comment --comment "\'mangle-OUTPUT-PSW\'" -j PSW_OUTPUT
-A OUTPUT -m comment --comment "\'mangle-OUTPUT-PSW\'" -m mark --mark 0x1 -j RETURN
-A PSW -m set --match-set passwall_lan dst -j RETURN
-A PSW -m set --match-set passwall_vps dst -j RETURN
-A PSW -d 10.246.*.*/32 -m comment --comment "\'WAN_IP_RETURN\'" -j RETURN
-A PSW -i lo -p udp -m comment --comment "\'本机\'" -m mark --mark 0x1 -j TPROXY --on-port 1051 --on-ip 0.0.*.* --tproxy-mark 0x1/0x1
-A PSW -i lo -p udp -m comment --comment "\'本机\'" -j RETURN
-A PSW -p udp -m comment --comment "\'默认\'" -m multiport --dports 80,443 -j RETURN
-A PSW -p udp -m comment --comment "\'默认\'" -m udp --dport 53 -j RETURN
-A PSW -p tcp -m comment --comment "\'默认\'" -m tcp --dport 53 -j RETURN
-A PSW -m comment --comment "\'默认\'" -m set --match-set passwall_block dst -j DROP
-A PSW -d 198.18.*.*/15 -p udp -m comment --comment "\'默认\'" -m multiport --dports 80,443 -j DROP
-A PSW -p udp -m comment --comment "\'默认\'" -m multiport --dports 80,443 -m set --match-set passwall_black dst -j DROP
-A PSW -p udp -m comment --comment "\'默认\'" -m multiport --dports 80,443 -m set --match-set passwall_gfw dst -j DROP
-A PSW -p udp -m comment --comment "\'默认\'" -m multiport --dports 80,443 -m set --match-set passwall_chn dst -m mark ! --mark 0x1 -j RETURN
-A PSW -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW -d 198.18.*.*/15 -p udp -m comment --comment "\'默认\'" -j PSW_RULE
-A PSW -p udp -m comment --comment "\'默认\'" -m set --match-set passwall_black dst -j PSW_RULE
-A PSW -p udp -m comment --comment "\'默认\'" -m set --match-set passwall_gfw dst -j PSW_RULE
-A PSW -p udp -m comment --comment "\'默认\'" -m set --match-set passwall_chn dst -m mark ! --mark 0x1 -j RETURN
-A PSW -p udp -m comment --comment "\'默认\'" -m mark --mark 0x1 -j TPROXY --on-port 1051 --on-ip 0.0.*.* --tproxy-mark 0x1/0x1
-A PSW -p udp -m comment --comment "\'默认\'" -j RETURN
-A PSW_DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A PSW_DIVERT -j ACCEPT
-A PSW_OUTPUT -d 208.87.*.*/32 -p udp -m comment --comment "\'208.87.*.*:63721\'" -m udp --dport 63721 -j RETURN
-A PSW_OUTPUT -d 108.181.*.*/32 -p udp -m comment --comment "\'108.181.*.*:11512\'" -m udp --dport 11512 -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_lan dst -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_vps dst -j RETURN
-A PSW_OUTPUT -d 119.29.*.*/32 -p udp -m udp --dport 53 -j RETURN
-A PSW_OUTPUT -d 119.29.*.*/32 -p tcp -m tcp --dport 53 -j RETURN
-A PSW_OUTPUT -d 8.8.*.*/32 -p udp -m udp --dport 53 -j RETURN
-A PSW_OUTPUT -d 8.8.*.*/32 -p tcp -m tcp --dport 53 -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_white dst -j RETURN
-A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_block dst -j DROP
-A PSW_OUTPUT -p udp -m multiport --dports 80,443 -j RETURN
-A PSW_OUTPUT -d 198.18.*.*/15 -p udp -m multiport --dports 80,443 -j DROP
-A PSW_OUTPUT -p udp -m multiport --dports 80,443 -m set --match-set passwall_black dst -j DROP
-A PSW_OUTPUT -p udp -m multiport --dports 80,443 -m set --match-set passwall_gfw dst -j DROP
-A PSW_OUTPUT -p udp -m multiport --dports 80,443 -m set --match-set passwall_chn dst -m mark ! --mark 0x1 -j RETURN
-A PSW_OUTPUT -d 198.18.*.*/15 -p udp -j PSW_RULE
-A PSW_OUTPUT -p udp -m set --match-set passwall_black dst -j PSW_RULE
-A PSW_OUTPUT -p udp -m set --match-set passwall_gfw dst -j PSW_RULE
-A PSW_OUTPUT -p udp -m set --match-set passwall_chn dst -m mark ! --mark 0x1 -j RETURN
-A PSW_RULE -m mark --mark 0x1 -j RETURN
-A PSW_RULE -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j MARK --set-xmark 0x1/0xffffffff
-A PSW_RULE -p udp -m conntrack --ctstate NEW -j MARK --set-xmark 0x1/0xffffffff
COMMIT
# Completed on Thu Feb 27 11:55:52 2025

#IPv4 Filter chain

# Generated by iptables-save v1.8.7 on Thu Feb 27 11:55:52 2025
*filter
:INPUT ACCEPT [6:240]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [6:240]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_DROP - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i wwan0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i wan2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i wwan0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i wan2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o wwan0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o wan2 -m comment --comment "!fw3" -j zone_wan_output
-A forwarding_wan_rule -m mark --mark 0x99/0xff -j ACCEPT
-A input_wan_rule -m mark --mark 0x800000/0x800000 -j RETURN
-A input_wan_rule -m mark --mark 0x99/0xff -j ACCEPT
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o wwan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o wwan0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o wan2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o wan2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_DROP -o eth0.2 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_DROP -o wwan0 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_DROP -o wan2 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o wwan0 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o wan2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i wwan0 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i wan2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Feb 27 11:55:52 2025

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.7 on Thu Feb 27 11:55:52 2025
*nat
:PREROUTING ACCEPT [131:30231]
:INPUT ACCEPT [336:29279]
:OUTPUT ACCEPT [11:1588]
:POSTROUTING ACCEPT [114:9648]
:PSW_DNS - [0:0]
-A PREROUTING -m comment --comment "\'PSW\'" -m mark --mark 0x1 -j RETURN
-A PREROUTING -j PSW_DNS
-A OUTPUT -o lo -p udp -m comment --comment "\'PSW_DNS\'" -m udp --dport 53 -j REDIRECT --to-ports 11400
-A OUTPUT -o lo -p tcp -m comment --comment "\'PSW_DNS\'" -m tcp --dport 53 -j REDIRECT --to-ports 11400
-A PSW_DNS -p udp -m comment --comment "\'默认\'" -m udp --dport 53 -j REDIRECT --to-ports 11400
-A PSW_DNS -p tcp -m comment --comment "\'默认\'" -m tcp --dport 53 -j REDIRECT --to-ports 11400
COMMIT
# Completed on Thu Feb 27 11:55:52 2025

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.7 on Thu Feb 27 11:55:52 2025
*mangle
:PREROUTING ACCEPT [784:86977]
:INPUT ACCEPT [617:53816]
:FORWARD ACCEPT [75:5712]
:OUTPUT ACCEPT [626:94172]
:POSTROUTING ACCEPT [701:99884]
:PSW - [0:0]
:PSW_DIVERT - [0:0]
:PSW_OUTPUT - [0:0]
:PSW_RULE - [0:0]
-A PREROUTING -p tcp -m socket -j PSW_DIVERT
-A PREROUTING -j PSW
-A FORWARD -o eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth0.2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wwan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i wan2 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A OUTPUT -o lo -m comment --comment "\'mangle-OUTPUT-PSW\'" -j RETURN
-A OUTPUT -m comment --comment "\'mangle-OUTPUT-PSW\'" -m mark --mark 0x1 -j RETURN
-A PSW -m set --match-set passwall_lan6 dst -j RETURN
-A PSW -m set --match-set passwall_vps6 dst -j RETURN
-A PSW -d 240e:*:*:*:f4b3:7ff:febf:e018/128 -m comment --comment "\'WAN6_IP_RETURN\'" -j RETURN
-A PSW -p udp -m comment --comment "\'默认\'" -m multiport --dports 80,443 -j RETURN
-A PSW -p udp -m comment --comment "\'默认\'" -m udp --dport 53 -j RETURN
-A PSW -p tcp -m comment --comment "\'默认\'" -m tcp --dport 53 -j RETURN
-A PSW -p tcp -m comment --comment "\'默认\'" -j RETURN
-A PSW -p udp -m comment --comment "\'默认\'" -j RETURN
-A PSW_DIVERT -j MARK --set-xmark 0x1/0xffffffff
-A PSW_DIVERT -j ACCEPT
-A PSW_OUTPUT -m mark --mark 0xff -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_lan6 dst -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_vps6 dst -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_white6 dst -j RETURN
-A PSW_OUTPUT -m set --match-set passwall_block6 dst -j DROP
-A PSW_OUTPUT -p udp -m multiport --dports 80,443 -j RETURN
-A PSW_RULE -m mark --mark 0x1 -j RETURN
-A PSW_RULE -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j MARK --set-xmark 0x1/0xffffffff
-A PSW_RULE -p udp -m conntrack --ctstate NEW -j MARK --set-xmark 0x1/0xffffffff
COMMIT
# Completed on Thu Feb 27 11:55:52 2025

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.7 on Thu Feb 27 11:55:53 2025
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [32:2432]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_DROP - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i eth0.2 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i wwan0 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i wan2 -m comment --comment "!fw3" -j zone_wan_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i eth0.2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i wwan0 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i wan2 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o eth0.2 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o wwan0 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o wan2 -m comment --comment "!fw3" -j zone_wan_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -p tcp -m tcp --dport 53 -m comment --comment "!fw3: IPV6 DNS FORWARD" -j zone_wan_dest_DROP
-A zone_lan_forward -p udp -m udp --dport 53 -m comment --comment "!fw3: IPV6 DNS FORWARD" -j zone_wan_dest_DROP
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth0.2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth0.2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o wwan0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o wwan0 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o wan2 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o wan2 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_DROP -o eth0.2 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_DROP -o wwan0 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_DROP -o wan2 -m comment --comment "!fw3" -j DROP
-A zone_wan_dest_REJECT -o eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o wwan0 -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o wan2 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -s fc00::/6 -d fc00::/6 -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -p tcp -m tcp --dport 53 -m comment --comment "!fw3: IPV6 DNS OUTPUT" -j zone_wan_dest_DROP
-A zone_wan_output -p udp -m udp --dport 53 -m comment --comment "!fw3: IPV6 DNS OUTPUT" -j zone_wan_dest_DROP
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth0.2 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i wwan0 -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i wan2 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Thu Feb 27 11:55:53 2025

#===================== IPSET状态 =====================#

Name: cone_nat_unused_dst
Type: hash:ip,port
Revision: 5
Header: family inet hashsize 64 maxelem 65536
Size in memory: 112
References: 0
Number of entries: 0

Name: cone_nat_unused_port
Type: bitmap:port
Revision: 3
Header: range 0-65535
Size in memory: 8232
References: 0
Number of entries: 8

Name: auth_sipgrp_0
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 1096
References: 0
Number of entries: 13

Name: wechat_iplist
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 592
References: 0
Number of entries: 12

Name: cone_wan_ip
Type: hash:ip
Revision: 4
Header: family inet hashsize 64 maxelem 256
Size in memory: 152
References: 0
Number of entries: 1

Name: music
Type: hash:ip
Revision: 4
Header: family inet hashsize 1024 maxelem 65536
Size in memory: 792
References: 0
Number of entries: 17

Name: passwall_local
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576
Size in memory: 536
References: 0
Number of entries: 3

Name: passwall_lan
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576
Size in memory: 1320
References: 4
Number of entries: 17

Name: passwall_vps
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576
Size in memory: 1040
References: 4
Number of entries: 12

Name: china
Type: hash:net
Revision: 6
Header: family inet hashsize 4096 maxelem 65536
Size in memory: 215220
References: 0
Number of entries: 8575

Name: passwall_shunt
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 368
References: 0
Number of entries: 0

Name: passwall_gfw
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 9152
References: 6
Number of entries: 130

Name: passwall_chn
Type: hash:net
Revision: 6
Header: family inet hashsize 4096 maxelem 1048576 timeout 172800
Size in memory: 281636
References: 6
Number of entries: 8686

Name: passwall_black
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 2672
References: 6
Number of entries: 33

Name: passwall_white
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 5768
References: 3
Number of entries: 80

Name: passwall_block
Type: hash:net
Revision: 6
Header: family inet hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 368
References: 2
Number of entries: 0

Name: passwall_local6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576
Size in memory: 2292
References: 0
Number of entries: 11

Name: passwall_lan6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576
Size in memory: 3020
References: 2
Number of entries: 18

Name: passwall_vps6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576
Size in memory: 1148
References: 2
Number of entries: 0

Name: passwall_shunt6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 1148
References: 0
Number of entries: 0

Name: passwall_gfw6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 1148
References: 0
Number of entries: 0

Name: passwall_chn6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 115028
References: 0
Number of entries: 2034

Name: passwall_black6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 1748
References: 0
Number of entries: 5

Name: passwall_white6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 4868
References: 1
Number of entries: 32

Name: passwall_block6
Type: hash:net
Revision: 6
Header: family inet6 hashsize 1024 maxelem 1048576 timeout 172800
Size in memory: 1148
References: 1
Number of entries: 0

#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.*.*         10.246.*.*  0.0.*.*         UG    10     0        0 wwan0
10.246.*.*  0.0.*.*         255.255.*.* U     10     0        0 wwan0
192.168.*.*     0.0.*.*         255.255.*.*   U     0      0        0 br-lan

#ip route list
default via 10.246.*.* dev wwan0 proto static src 10.246.*.* metric 10 
10.246.*.*/30 dev wwan0 proto static scope link metric 10 
192.168.*.*/24 dev br-lan proto kernel scope link src 192.168.*.* 

#ip rule show
0:	from all lookup local
32765:	from all fwmark 0x1 lookup 100
32766:	from all lookup main
32767:	from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        ::                                      U     1024   1        0 lo      
::/0                                        fe80::*:*:*:1141               UG    512    3        0 wwan0   
240e:*:*:*::/64                     ::                                      U     1024   2        0 br-lan  
240e:*:*:*::/64                     ::                                      !n    2147483647 1        0 lo      
fd5f:b691:fd7c::/64                         ::                                      U     1024   3        0 br-lan  
fd5f:b691:fd7c::/48                         ::                                      !n    2147483647 2        0 lo      
fe80::/64                                   ::                                      U     256    1        0 eth1    
fe80::/64                                   ::                                      U     256    1        0 eth0    
fe80::/64                                   ::                                      U     256    1        0 eth0.2  
fe80::/64                                   ::                                      U     256    3        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 wlan1   
fe80::/64                                   ::                                      U     256    1        0 wlan0   
fe80::/64                                   ::                                      U     256    1        0 wwan0   
::/0                                        ::                                      !n    -1     2        0 lo      
::1/128                                     ::                                      Un    0      5        0 lo      
240e:*:*:*::/128                    ::                                      Un    0      4        0 wwan0   
240e:*:*:*::/128                    ::                                      Un    0      3        0 br-lan  
240e:*:*:*::1/128                   ::                                      Un    0      3        0 br-lan  
240e:*:*:*:f4b3:7ff:febf:e018/128   ::                                      Un    0      3        0 wwan0   
fd5f:b691:fd7c::/128                        ::                                      Un    0      3        0 br-lan  
fd5f:b691:fd7c::1/128                       ::                                      Un    0      4        0 br-lan  
fe80::/128                                  ::                                      Un    0      5        0 eth1    
fe80::/128                                  ::                                      Un    0      3        0 eth0.2  
fe80::/128                                  ::                                      Un    0      3        0 eth0    
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 wlan1   
fe80::/128                                  ::                                      Un    0      3        0 wlan0   
fe80::/128                                  ::                                      Un    0      3        0 wwan0   
fe80::*:*:*:2b26/128               ::                                      Un    0      3        0 eth1    
fe80::*:*:*:4a81/128               ::                                      Un    0      4        0 eth0.2  
fe80::*:*:*:4a82/128               ::                                      Un    0      4        0 br-lan  
fe80::*:*:*:4a83/128               ::                                      Un    0      2        0 wlan0   
fe80::*:*:*:4a84/128               ::                                      Un    0      2        0 wlan1   
fe80::*:*:*:8b93/128               ::                                      Un    0      3        0 eth0    
fe80::*:*:*:e018/128                ::                                      Un    0      3        0 wwan0   
ff00::/8                                    ::                                      U     256    3        0 eth1    
ff00::/8                                    ::                                      U     256    3        0 br-lan  
ff00::/8                                    ::                                      U     256    1        0 eth0    
ff00::/8                                    ::                                      U     256    3        0 eth0.2  
ff00::/8                                    ::                                      U     256    1        0 wlan1   
ff00::/8                                    ::                                      U     256    1        0 wlan0   
ff00::/8                                    ::                                      U     256    3        0 wwan0   
::/0                                        ::                                      !n    -1     2        0 lo      

#ip -6 route list
default from 240e:*:*:*::/64 via fe80::c405:aef6:2ac9:1141 dev wwan0 proto static metric 512 pref medium
240e:*:*:*::/64 dev br-lan proto static metric 1024 pref medium
unreachable 240e:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
fd5f:b691:fd7c::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd5f:b691:fd7c::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev wwan0 proto kernel metric 256 pref medium

#ip -6 rule show
0:	from all lookup local
32765:	from all fwmark 0x1 lookup 100
32766:	from all lookup main
4200000000:	from 240e:*:*:*::1/64 iif br-lan unreachable
4200000001:	from all iif lo failed_policy
4200000006:	from all iif wwan0 failed_policy
4200000006:	from all iif wwan0 failed_policy
4200000009:	from all iif br-lan failed_policy

#===================== Tun设备状态 =====================#

OpenClash Config

Expected Behavior

可以正常下载订阅配置

Additional Context

OpenClash-2025-2-27-11-54-55.log

The text was updated successfully, but these errors were encountered:

vernesong · 2025-02-27T08:48:20Z

打√了没有

adidas8 · 2025-02-27T08:52:23Z

打了，反复退回上一个版本就没有这样的问题，内核也换过，问题依旧

vernesong · 2025-02-27T14:52:33Z

直接运行/usr/share/openclash/openclash.sh

adidas8 · 2025-02-28T05:17:46Z

直接运行/usr/share/openclash/openclash.sh

运行后，反馈是这样
BusyBox v1.33.2 (2022-01-09 14:55:45 UTC) multi-call binary.

Usage: basename FILE [SUFFIX]

Strip directory path and .SUFFIX from FILE

adidas8 added the bug Something isn't working label Feb 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] 升级至v0.46.075后订阅更新失败 #4349

[Bug] 升级至v0.46.075后订阅更新失败 #4349

adidas8 commented Feb 27, 2025

vernesong commented Feb 27, 2025

adidas8 commented Feb 27, 2025

vernesong commented Feb 27, 2025

adidas8 commented Feb 28, 2025

[Bug] 升级至v0.46.075后 订阅更新失败 #4349

[Bug] 升级至v0.46.075后 订阅更新失败 #4349

Comments

adidas8 commented Feb 27, 2025

Verify Steps

OpenClash Version

Bug on Environment

OpenWrt Version

Bug on Platform

Describe the Bug

To Reproduce

OpenClash Log

OpenClash Config

Expected Behavior

Additional Context

vernesong commented Feb 27, 2025

adidas8 commented Feb 27, 2025

vernesong commented Feb 27, 2025

adidas8 commented Feb 28, 2025

[Bug] 升级至v0.46.075后订阅更新失败 #4349

[Bug] 升级至v0.46.075后订阅更新失败 #4349