[Bug] 可以正常更新订阅, 订阅更新后的配置修改环节报错, 导致修改后的配置文件内容为空. #4189

sacrelee · 2024-11-22T07:12:57Z

Verify Steps

Tracker 我已经在 Issue Tracker 中找过我要提出的问题
Branch 我知道 OpenClash 的 Dev 分支切换开关位于插件设置-版本更新中，或者我会手动下载并安装 Dev 分支的 OpenClash
Latest 我已经使用最新 Dev 版本测试过，问题依旧存在
Relevant 我知道 OpenClash 与内核(Core)、控制面板(Dashboard)、在线订阅转换(Subconverter)等项目之间无直接关系，仅相互调用
Definite 这确实是 OpenClash 出现的问题
Contributors 我有能力协助 OpenClash 开发并解决此问题
Meaningless 我提交的是无意义的催促更新或修复请求

OpenClash Version

v0.46.050-beta

Bug on Environment

Lean

OpenWrt Version

QWRT R24.11.11 (QSDK 12.2 R7) / main (git-24.308.62899-9ea6266)

Bug on Platform

Linux-arm64

Describe the Bug

更新订阅配置可以正常成功, 内核测试也可以过;
修改配置以适用于openclash过程会报错, 如下:

  2024-11-22 14:59:50 提示：开始运行自定义覆写脚本...
  2024-11-22 14:59:50 错误：修改集路径失败，【undefined method `key?' for false:FalseClass】
  2024-11-22 14:59:50 错误：设置防回环规则失败，【undefined method `has_key?' for false:FalseClass】
  2024-11-22 14:59:50 错误：规则集 Rule-Set 规则添加失败，【undefined method `has_key?' for false:FalseClass】
  2024-11-22 14:59:50 错误：修改路由自身代理规则失败，【undefined method `has_key?' for false:FalseClass】
  2024-11-22 14:59:49 提示：您为 SOCKS5/HTTP(S) 代理设置的账户密码为【Clash:YDnKoK34】...
  2024-11-22 14:59:49 第三步: 修改配置文件...

此时查看配置文件, 修改后配置为空, 仅有 “--false”

To Reproduce

按照正常过程添加订阅, 即可复现. 但是在另一台x86 openwrt设备上正常.

OpenClash Log

OpenClash 调试日志

生成时间: 2024-11-22 15:08:53
插件版本: 0.46.053
隐私提示: 上传此日志前请注意检查、屏蔽公网IP、节点、密码等相关敏感信息



#===================== 系统信息 =====================#

主机型号: Xiaomi Router BE10000 (Wi-Fi 7)
固件版本: QWRT 21.02-SNAPSHOT r47707-9ea6266765
LuCI版本: git-24.308.62899-9ea6266-1
内核版本: 5.4.250
处理器架构: aarch64_cortex-a53

#此项有值时,如不使用IPv6,建议到网络-接口-lan的设置中禁用IPV6的DHCP
IPV6-DHCP: server

DNS劫持: Dnsmasq 转发
#DNS劫持为Dnsmasq时，此项结果应仅有配置文件的DNS监听地址
Dnsmasq转发设置: 

#===================== 依赖检查 =====================#

dnsmasq-full: 已安装
dnsmasq-full(ipset): 已安装
dnsmasq-full(nftset): 已安装
coreutils: 已安装
coreutils-nohup: 已安装
bash: 已安装
curl: 已安装
ca-certificates: 已安装
ipset: 已安装
ip-full: 已安装
libcap: 已安装
libcap-bin: 已安装
ruby: 已安装
ruby-yaml: 已安装
ruby-psych: 已安装
ruby-pstore: 已安装
kmod-tun(TUN模式): 已安装
luci-compat(Luci >= 19.07): 已安装
kmod-inet-diag(PROCESS-NAME): 未安装
unzip: 已安装
iptables-mod-tproxy: 已安装
kmod-ipt-tproxy: 已安装
iptables-mod-extra: 已安装
kmod-ipt-extra: 已安装
kmod-ipt-nat: 已安装

#===================== 内核检查 =====================#

运行状态: 未运行
已选择的架构: linux-arm64

#下方无法显示内核版本号时请确认您的内核版本是否正确或者有无权限

Meta内核版本: alpha-g4623435
Meta内核文件: 存在
Meta内核运行权限: 正常

#===================== 插件设置 =====================#

当前配置文件: /etc/openclash/config/link.yaml
启动配置文件: /etc/openclash/link.yaml
运行模式: fake-ip
默认代理模式: rule
UDP流量转发(tproxy): 启用
自定义DNS: 停用
IPV6代理: 停用
IPV6-DNS解析: 停用
禁用Dnsmasq缓存: 启用
自定义规则: 停用
仅允许内网: 启用
仅代理命中规则流量: 停用
仅允许常用端口流量: 停用
绕过中国大陆IP: 停用
路由本机代理: 启用

#启动异常时建议关闭此项后重试
混合节点: 停用
保留配置: 停用

#启动异常时建议关闭此项后重试
第三方规则: 停用

#===================== 配置文件 =====================#


#===================== 自定义覆写设置 =====================#

#!/bin/sh
. /usr/share/openclash/ruby.sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom overwrite scripts here, they will be take effict after the OpenClash own srcipts

LOG_OUT "Tip: Start Running Custom Overwrite Scripts..."
LOGTIME=$(echo $(date "+%Y-%m-%d %H:%M:%S"))
LOG_FILE="/tmp/openclash.log"
CONFIG_FILE="$1" #config path

#Simple Demo:
    #Key Overwrite Demo
    #1--config path
    #2--key name
    #3--value
    #ruby_edit "$CONFIG_FILE" "['redir-port']" "7892"
    #ruby_edit "$CONFIG_FILE" "['secret']" "123456"
    #ruby_edit "$CONFIG_FILE" "['dns']['enable']" "true"
    #ruby_edit "$CONFIG_FILE" "['dns']['proxy-server-nameserver']" "['https://doh.pub/dns-query','https://223.5.*.*:443/dns-query']"

    #Hash Overwrite Demo
    #1--config path
    #2--key name
    #3--hash type value
    #ruby_edit "$CONFIG_FILE" "['dns']['nameserver-policy']" "{'+.msftconnecttest.com'=>'114.114.*.*', '+.msftncsi.com'=>'114.114.*.*', 'geosite:gfw'=>['https://dns.cloudflare.com/dns-query', 'https://dns.google/dns-query#ecs=1.1.*.*/24&ecs-override=true'], 'geosite:cn'=>['114.114.*.*'], 'geosite:geolocation-!cn'=>['https://dns.cloudflare.com/dns-query', 'https://dns.google/dns-query#ecs=1.1.*.*/24&ecs-override=true']}"
    #ruby_edit "$CONFIG_FILE" "['sniffer']" "{'enable'=>true, 'parse-pure-ip'=>true, 'force-domain'=>['+.netflix.com', '+.nflxvideo.net', '+.amazonaws.com', '+.media.dssott.com'], 'skip-domain'=>['+.apple.com', 'Mijia Cloud', 'dlg.io.mi.com', '+.oray.com', '+.sunlogin.net'], 'sniff'=>{'TLS'=>nil, 'HTTP'=>{'ports'=>[80, '8080-8880'], 'override-destination'=>true}}}"

    #Array Insert Value Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value
    #ruby_arr_insert "$CONFIG_FILE" "['dns']['nameserver']" "0" "114.114.*.*"

    #Array Insert Other Array Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--array
    #ruby_arr_insert_arr "$CONFIG_FILE" "['dns']['proxy-server-nameserver']" "0" "['https://doh.pub/dns-query','https://223.5.*.*:443/dns-query']"

    #Array Insert From Yaml File Demo:
    #1--config path
    #2--key name
    #3--position(start from 0, end with -1)
    #4--value file path
    #5--value key name in #4 file
    #ruby_arr_add_file "$CONFIG_FILE" "['dns']['fallback-filter']['ipcidr']" "0" "/etc/openclash/custom/openclash_custom_fallback_filter.yaml" "['fallback-filter']['ipcidr']"

    #Delete Array Value Demo:
    #1--config path
    #2--key name
    #3--value
    #ruby_delete "$CONFIG_FILE" "['dns']['nameserver']" "114.114.*.*"

    #Delete Key Demo:
    #1--config path
    #2--key name
    #3--key name
    #ruby_delete "$CONFIG_FILE" "['dns']" "nameserver"
    #ruby_delete "$CONFIG_FILE" "" "dns"

    #Ruby Script Demo:
    #ruby -ryaml -rYAML -I "/usr/share/openclash" -E UTF-8 -e "
    #   begin
    #      Value = YAML.load_file('$CONFIG_FILE');
    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Load File Failed,【' + e.message + '】';
    #   end;

        #General
    #   begin
    #   Thread.new{
    #      Value['redir-port']=7892;
    #      Value['tproxy-port']=7895;
    #      Value['port']=7890;
    #      Value['socks-port']=7891;
    #      Value['mixed-port']=7893;
    #   }.join;

    #   rescue Exception => e
    #      puts '${LOGTIME} Error: Set General Failed,【' + e.message + '】';
    #   ensure
    #      File.open('$CONFIG_FILE','w') {|f| YAML.dump(Value, f)};
    #   end" 2>/dev/null >> $LOG_FILE

exit 0
#===================== 自定义防火墙设置 =====================#

#!/bin/sh
. /usr/share/openclash/log.sh
. /lib/functions.sh

# This script is called by /etc/init.d/openclash
# Add your custom firewall rules here, they will be added after the end of the OpenClash iptables rules

LOG_OUT "Tip: Start Add Custom Firewall Rules..."

exit 0
#===================== IPTABLES 防火墙设置 =====================#

#IPv4 NAT chain

# Generated by iptables-save v1.8.3 on Fri Nov 22 15:08:54 2024
*nat
:PREROUTING ACCEPT [12128:6892567]
:INPUT ACCEPT [1614:115398]
:OUTPUT ACCEPT [2851:191561]
:POSTROUTING ACCEPT [209:31039]
:MINIUPNPD - [0:0]
:MINIUPNPD-POSTROUTING - [0:0]
:postrouting_ipsecserver_rule - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_vpn_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_ipsecserver_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_vpn_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_ipsecserver_postrouting - [0:0]
:zone_ipsecserver_prerouting - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_vpn_postrouting - [0:0]
:zone_vpn_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
-A PREROUTING -p udp -m udp --dport 123 -j REDIRECT --to-ports 123
-A PREROUTING -m comment --comment "!fw3: Custom prerouting rule chain" -j prerouting_rule
-A PREROUTING -i br-lan -m comment --comment "!fw3" -j zone_lan_prerouting
-A PREROUTING -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i eth4 -m comment --comment "!fw3" -j zone_wan_prerouting
-A PREROUTING -i tun0 -m comment --comment "!fw3" -j zone_vpn_prerouting
-A PREROUTING -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_prerouting
-A POSTROUTING -m comment --comment "!fw3: Custom postrouting rule chain" -j postrouting_rule
-A POSTROUTING -o br-lan -m comment --comment "!fw3" -j zone_lan_postrouting
-A POSTROUTING -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o eth4 -m comment --comment "!fw3" -j zone_wan_postrouting
-A POSTROUTING -o tun0 -m comment --comment "!fw3" -j zone_vpn_postrouting
-A POSTROUTING -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_postrouting
-A zone_ipsecserver_postrouting -m comment --comment "!fw3: Custom ipsecserver postrouting rule chain" -j postrouting_ipsecserver_rule
-A zone_ipsecserver_prerouting -m comment --comment "!fw3: Custom ipsecserver prerouting rule chain" -j prerouting_ipsecserver_rule
-A zone_lan_postrouting -m comment --comment "!fw3: Custom lan postrouting rule chain" -j postrouting_lan_rule
-A zone_lan_postrouting -s 192.168.*.*/24 -d 192.168.*.*/32 -p tcp -m tcp --dport 5001 -m comment --comment "!fw3: Forward (reflection)" -j SNAT --to-source 192.168.*.*
-A zone_lan_postrouting -s 192.168.*.*/24 -d 192.168.*.*/32 -p udp -m udp --dport 5001 -m comment --comment "!fw3: Forward (reflection)" -j SNAT --to-source 192.168.*.*
-A zone_lan_prerouting -m comment --comment "!fw3: Custom lan prerouting rule chain" -j prerouting_lan_rule
-A zone_lan_prerouting -s 192.168.*.*/24 -d 113.128.*.*/32 -p tcp -m tcp --dport 5001 -m comment --comment "!fw3: Forward (reflection)" -j DNAT --to-destination 192.168.*.*:5001
-A zone_lan_prerouting -s 192.168.*.*/24 -d 113.128.*.*/32 -p udp -m udp --dport 5001 -m comment --comment "!fw3: Forward (reflection)" -j DNAT --to-destination 192.168.*.*:5001
-A zone_vpn_postrouting -m comment --comment "!fw3: Custom vpn postrouting rule chain" -j postrouting_vpn_rule
-A zone_vpn_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_vpn_prerouting -m comment --comment "!fw3: Custom vpn prerouting rule chain" -j prerouting_vpn_rule
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -j MINIUPNPD-POSTROUTING
-A zone_wan_postrouting -m comment --comment "!fw3: Custom wan postrouting rule chain" -j postrouting_wan_rule
-A zone_wan_postrouting -m comment --comment "!fw3" -j MASQUERADE --mode fullcone
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -j MINIUPNPD
-A zone_wan_prerouting -m comment --comment "!fw3: Custom wan prerouting rule chain" -j prerouting_wan_rule
-A zone_wan_prerouting -p tcp -m tcp --dport 5001 -m comment --comment "!fw3: Forward" -j DNAT --to-destination 192.168.*.*:5001
-A zone_wan_prerouting -p udp -m udp --dport 5001 -m comment --comment "!fw3: Forward" -j DNAT --to-destination 192.168.*.*:5001
COMMIT
# Completed on Fri Nov 22 15:08:54 2024

#IPv4 Mangle chain

# Generated by iptables-save v1.8.3 on Fri Nov 22 15:08:54 2024
*mangle
:PREROUTING ACCEPT [2160598:620795922]
:INPUT ACCEPT [434731:181258574]
:FORWARD ACCEPT [1965925:520486046]
:OUTPUT ACCEPT [313455:125229519]
:POSTROUTING ACCEPT [2283964:647358720]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth4 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth4 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri Nov 22 15:08:54 2024

#IPv4 Filter chain

# Generated by iptables-save v1.8.3 on Fri Nov 22 15:08:54 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:RATE-LIMIT - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth4 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth4 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth4 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A RATE-LIMIT -m limit --limit 1000/sec --limit-burst 1000 -j RETURN
-A RATE-LIMIT -j DROP
-A RATE-LIMIT -m limit --limit 1000/sec --limit-burst 1000 -j RETURN
-A RATE-LIMIT -j DROP
-A RATE-LIMIT -m limit --limit 1000/sec --limit-burst 1000 -j RETURN
-A RATE-LIMIT -j DROP
-A RATE-LIMIT -m limit --limit 1000/sec --limit-burst 1000 -j RETURN
-A RATE-LIMIT -j DROP
-A RATE-LIMIT -m limit --limit 1000/sec --limit-burst 1000 -j RETURN
-A RATE-LIMIT -j DROP
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth4 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth4 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth4 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate NEW -j RATE-LIMIT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port forwards" -j ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment "!fw3: Allow-DHCP-Renew" -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment "!fw3: Allow-Ping" -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment "!fw3: Allow-IGMP" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3: Accept port redirections" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth4 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Fri Nov 22 15:08:54 2024

#IPv6 NAT chain

# Generated by ip6tables-save v1.8.3 on Fri Nov 22 15:08:54 2024
*nat
:PREROUTING ACCEPT [89428:12155887]
:INPUT ACCEPT [44613:4247906]
:OUTPUT ACCEPT [7192:629169]
:POSTROUTING ACCEPT [22662:3118947]
COMMIT
# Completed on Fri Nov 22 15:08:54 2024

#IPv6 Mangle chain

# Generated by ip6tables-save v1.8.3 on Fri Nov 22 15:08:54 2024
*mangle
:PREROUTING ACCEPT [225140:43481078]
:INPUT ACCEPT [76147:7024477]
:FORWARD ACCEPT [193987:50893828]
:OUTPUT ACCEPT [77325:13011635]
:POSTROUTING ACCEPT [271724:63897004]
-A FORWARD -o pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i pppoe-wan -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -o eth4 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -i eth4 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "!fw3: Zone wan MTU fixing" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Fri Nov 22 15:08:54 2024

#IPv6 Filter chain

# Generated by ip6tables-save v1.8.3 on Fri Nov 22 15:08:54 2024
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:MINIUPNPD - [0:0]
:forwarding_ipsecserver_rule - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_vpn_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_ipsecserver_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_vpn_rule - [0:0]
:input_wan_rule - [0:0]
:output_ipsecserver_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_vpn_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_ipsecserver_dest_ACCEPT - [0:0]
:zone_ipsecserver_forward - [0:0]
:zone_ipsecserver_input - [0:0]
:zone_ipsecserver_output - [0:0]
:zone_ipsecserver_src_ACCEPT - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_vpn_dest_ACCEPT - [0:0]
:zone_vpn_forward - [0:0]
:zone_vpn_input - [0:0]
:zone_vpn_output - [0:0]
:zone_vpn_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
-A INPUT -i lo -m comment --comment "!fw3" -j ACCEPT
-A INPUT -m comment --comment "!fw3: Custom input rule chain" -j input_rule
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment "!fw3" -j syn_flood
-A INPUT -i br-lan -m comment --comment "!fw3" -j zone_lan_input
-A INPUT -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i eth4 -m comment --comment "!fw3" -j zone_wan_input
-A INPUT -i tun0 -m comment --comment "!fw3" -j zone_vpn_input
-A INPUT -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_input
-A FORWARD -m comment --comment "!fw3: Custom forwarding rule chain" -j forwarding_rule
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A FORWARD -i br-lan -m comment --comment "!fw3" -j zone_lan_forward
-A FORWARD -i pppoe-wan -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i eth4 -m comment --comment "!fw3" -j zone_wan_forward
-A FORWARD -i tun0 -m comment --comment "!fw3" -j zone_vpn_forward
-A FORWARD -i ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_forward
-A FORWARD -m comment --comment "!fw3" -j reject
-A OUTPUT -o lo -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -m comment --comment "!fw3: Custom output rule chain" -j output_rule
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "!fw3" -j ACCEPT
-A OUTPUT -o br-lan -m comment --comment "!fw3" -j zone_lan_output
-A OUTPUT -o pppoe-wan -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o eth4 -m comment --comment "!fw3" -j zone_wan_output
-A OUTPUT -o tun0 -m comment --comment "!fw3" -j zone_vpn_output
-A OUTPUT -o ipsec0 -m comment --comment "!fw3" -j zone_ipsecserver_output
-A reject -p tcp -m comment --comment "!fw3" -j REJECT --reject-with tcp-reset
-A reject -m comment --comment "!fw3" -j REJECT --reject-with icmp6-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -m comment --comment "!fw3" -j RETURN
-A syn_flood -m comment --comment "!fw3" -j DROP
-A zone_ipsecserver_dest_ACCEPT -o ipsec0 -m comment --comment "!fw3" -j ACCEPT
-A zone_ipsecserver_forward -m comment --comment "!fw3: Custom ipsecserver forwarding rule chain" -j forwarding_ipsecserver_rule
-A zone_ipsecserver_forward -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_input -m comment --comment "!fw3: Custom ipsecserver input rule chain" -j input_ipsecserver_rule
-A zone_ipsecserver_input -m comment --comment "!fw3" -j zone_ipsecserver_src_ACCEPT
-A zone_ipsecserver_output -m comment --comment "!fw3: Custom ipsecserver output rule chain" -j output_ipsecserver_rule
-A zone_ipsecserver_output -m comment --comment "!fw3" -j zone_ipsecserver_dest_ACCEPT
-A zone_ipsecserver_src_ACCEPT -i ipsec0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_dest_ACCEPT -o br-lan -m comment --comment "!fw3" -j ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Custom lan forwarding rule chain" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3: Zone lan to vpn forwarding policy" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "!fw3: Custom lan input rule chain" -j input_lan_rule
-A zone_lan_input -m comment --comment "!fw3" -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "!fw3: Custom lan output rule chain" -j output_lan_rule
-A zone_lan_output -m comment --comment "!fw3" -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i br-lan -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_vpn_dest_ACCEPT -o tun0 -m comment --comment "!fw3" -j ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Custom vpn forwarding rule chain" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to wan forwarding policy" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3: Zone vpn to lan forwarding policy" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "!fw3: Custom vpn input rule chain" -j input_vpn_rule
-A zone_vpn_input -m comment --comment "!fw3" -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "!fw3: Custom vpn output rule chain" -j output_vpn_rule
-A zone_vpn_output -m comment --comment "!fw3" -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o pppoe-wan -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o pppoe-wan -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth4 -m conntrack --ctstate INVALID -m comment --comment "!fw3: Prevent NAT leakage" -j DROP
-A zone_wan_dest_ACCEPT -o eth4 -m comment --comment "!fw3" -j ACCEPT
-A zone_wan_dest_REJECT -o pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_dest_REJECT -o eth4 -m comment --comment "!fw3" -j reject
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -j MINIUPNPD
-A zone_wan_forward -m comment --comment "!fw3: Custom wan forwarding rule chain" -j forwarding_wan_rule
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Forward" -j ACCEPT
-A zone_wan_forward -p esp -m comment --comment "!fw3: Allow-IPSec-ESP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "!fw3: Allow-ISAKMP" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "!fw3" -j zone_wan_dest_REJECT
-A zone_wan_input -m comment --comment "!fw3: Custom wan input rule chain" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 546 -m comment --comment "!fw3: Allow-DHCPv6" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 130/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 131/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 132/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -s fe80::/10 -p ipv6-icmp -m icmp6 --icmpv6-type 143/0 -m comment --comment "!fw3: Allow-MLD" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 128 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 129 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 2 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 3 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/0 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 4/1 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 133 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 135 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 134 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p ipv6-icmp -m icmp6 --icmpv6-type 136 -m limit --limit 1000/sec -m comment --comment "!fw3: Allow-ICMPv6-Input" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p udp -m udp --dport 1194 -m comment --comment "!fw3: openvpn" -j ACCEPT
-A zone_wan_input -p tcp -m tcp --dport 1688 -m comment --comment "!fw3: kms" -j ACCEPT
-A zone_wan_input -m comment --comment "!fw3" -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "!fw3: Custom wan output rule chain" -j output_wan_rule
-A zone_wan_output -m comment --comment "!fw3" -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i pppoe-wan -m comment --comment "!fw3" -j reject
-A zone_wan_src_REJECT -i eth4 -m comment --comment "!fw3" -j reject
COMMIT
# Completed on Fri Nov 22 15:08:54 2024

#===================== IPSET状态 =====================#


#===================== 路由表状态 =====================#

#IPv4

#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.*.*         113.128.*.*   0.0.*.*         UG    0      0        0 pppoe-wan
113.128.*.*   0.0.*.*         255.255.*.* UH    0      0        0 pppoe-wan
192.168.*.*     0.0.*.*         255.255.*.*   U     0      0        0 br-lan

#ip route list
default via 113.128.*.* dev pppoe-wan proto static 
113.128.*.* dev pppoe-wan proto kernel scope link src 113.128.*.* 
192.168.*.*/24 dev br-lan proto kernel scope link src 192.168.*.* 

#ip rule show
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default

#IPv6

#route -A inet6
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
::/0                                        fe80::*:*:*:a0df               UG    512    1        0 pppoe-wan
::/0                                        fe80::1                                 UG    512    8        0 eth4    
::/0                                        fe80::1                                 UG    512    4        0 eth4    
::/0                                        fe80::*:*:*:a0df               UG    512    4        0 pppoe-wan
240e:*:*:*::/64                        ::                                      !n    2147483647 1        0 lo      
240e:*:*:*::/56                       fe80::1                                 UG    512    2        0 eth4    
240e:*:*:*::/56                       fe80::1                                 UG    512    4        0 eth4    
240e:*:*:*::/64                       ::                                      U     256    1        0 eth4    
240e:*:*:*::/64                       fe80::1                                 UG    512    1        0 eth4    
240e:*:*:*::/64                       ::                                      !n    2147483647 2        0 lo      
240e:*:*:*::/64                       ::                                      U     1024   3        0 br-lan  
240e:*:*:*::/64                       ::                                      !n    2147483647 1        0 lo      
240e:*:*:*::/64                       ::                                      U     1024   4        0 br-lan  
240e:*:*:*::/56                       ::                                      !n    2147483647 4        0 lo      
fe80::/64                                   ::                                      U     256    5        0 br-lan  
fe80::/64                                   ::                                      U     256    1        0 eth4    
fe80::/64                                   ::                                      U     256    1        0 ath0    
fe80::/64                                   ::                                      U     256    1        0 ath1    
fe80::/64                                   ::                                      U     256    1        0 ath2    
fe80::/10                                   ::                                      U     1      1        0 pppoe-wan
fe80::/10                                   ::                                      U     256    1        0 pppoe-wan
::/0                                        ::                                      !n    -1     3        0 lo      
::1/128                                     ::                                      Un    0      7        0 lo      
240e:*:*:*::/128                       ::                                      Un    0      3        0 pppoe-wan
240e:*:*:*:fc95:92ba:7ed5:97e9/128     ::                                      Un    0      3        0 pppoe-wan
240e:*:*:*::/128                      ::                                      Un    0      3        0 eth4    
240e:*:*:*:4ec6:4cff:feae:6ef3/128    ::                                      Un    0      7        0 eth4    
240e:*:*:*::/128                      ::                                      Un    0      3        0 br-lan  
240e:*:*:*::1/128                     ::                                      Un    0      3        0 br-lan  
240e:*:*:*::/128                      ::                                      Un    0      3        0 br-lan  
240e:*:*:*::1/128                     ::                                      Un    0      6        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 br-lan  
fe80::/128                                  ::                                      Un    0      3        0 eth4    
fe80::/128                                  ::                                      Un    0      3        0 pppoe-wan
fe80::/128                                  ::                                      Un    0      3        0 ath0    
fe80::/128                                  ::                                      Un    0      3        0 ath1    
fe80::/128                                  ::                                      Un    0      3        0 ath2    
fe80::*:*:*:6ef2/128               ::                                      Un    0      9        0 br-lan  
fe80::*:*:*:6ef3/128               ::                                      Un    0      3        0 eth4    
fe80::*:*:*:6ef4/128               ::                                      Un    0      2        0 ath1    
fe80::*:*:*:6ef5/128               ::                                      Un    0      4        0 ath0    
fe80::*:*:*:6ef6/128               ::                                      Un    0      2        0 ath2    
fe80::*:*:*:97e9/128               ::                                      Un    0      3        0 pppoe-wan
ff00::/8                                    ::                                      U     256    6        0 br-lan  
ff00::/8                                    ::                                      U     256    5        0 eth4    
ff00::/8                                    ::                                      U     256    1        0 ath0    
ff00::/8                                    ::                                      U     256    3        0 pppoe-wan
ff00::/8                                    ::                                      U     256    1        0 ath1    
ff00::/8                                    ::                                      U     256    1        0 ath2    
::/0                                        ::                                      !n    -1     3        0 lo      

#ip -6 route list
default from 240e:*:*:*::/64 via fe80::f679:60ff:fe02:a0df dev pppoe-wan proto static metric 512 pref medium
default from 240e:*:*:*::/64 via fe80::1 dev eth4 proto static metric 512 pref medium
default from 240e:*:*:*::/64 via fe80::1 dev eth4 proto static metric 512 pref medium
default from 240e:*:*:*::/56 via fe80::f679:60ff:fe02:a0df dev pppoe-wan proto static metric 512 pref medium
unreachable 240e:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
240e:*:*:*::/56 from 240e:345:8c:9800::/64 via fe80::1 dev eth4 proto static metric 512 pref medium
240e:*:*:*::/56 from 240e:345:8c:9845::/64 via fe80::1 dev eth4 proto static metric 512 pref medium
240e:*:*:*::/64 dev eth4 proto static metric 256 pref medium
240e:*:*:*::/64 via fe80::1 dev eth4 proto static metric 512 pref medium
unreachable 240e:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
240e:*:*:*::/64 dev br-lan proto static metric 1024 pref medium
unreachable 240e:*:*:*::/64 dev lo proto static metric 2147483647 pref medium
240e:*:*:*::/64 dev br-lan proto static metric 1024 pref medium
unreachable 240e:*:*:*::/56 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth4 proto kernel metric 256 pref medium
fe80::/64 dev ath0 proto kernel metric 256 pref medium
fe80::/64 dev ath1 proto kernel metric 256 pref medium
fe80::/64 dev ath2 proto kernel metric 256 pref medium
fe80::/10 dev pppoe-wan metric 1 pref medium
fe80::/10 dev pppoe-wan proto kernel metric 256 pref medium

#ip -6 rule show
0:	from all lookup local
32766:	from all lookup main
4200000000:	from 240e:*:*:*::1/64 iif br-lan unreachable
4200000000:	from 240e:*:*:*::1/64 iif br-lan unreachable

#===================== 端口占用状态 =====================#


#===================== 测试本机DNS查询(www.baidu.com) =====================#

Server:		127.0.*.*
Address:	127.0.*.*#53

Name:      www.baidu.com
www.baidu.com	canonical name = www.a.shifen.com
Name:      www.a.shifen.com
Address 1: 180.101.*.*
Address 2: 180.101.*.*
www.baidu.com	canonical name = www.a.shifen.com
Address 3: 240e:*:*:*:0:ff:b05c:1278
Address 4: 240e:*:*:*:0:ff:b015:146f

#===================== 测试内核DNS查询(www.instagram.com) =====================#


Dnsmasq 当前默认 resolv 文件：/tmp/resolv.conf.d/resolv.conf.auto

#===================== /tmp/resolv.conf.auto =====================#

# Interface wan
nameserver 219.146.*.*
nameserver 219.147.*.*
# Interface wan6
# Interface wan_6
nameserver 240e:4e::66
nameserver 240e:4e:800::66

#===================== /tmp/resolv.conf.d/resolv.conf.auto =====================#

# Interface wan
nameserver 219.146.*.*
nameserver 219.147.*.*
# Interface wan6
# Interface wan_6
nameserver 240e:4e::66
nameserver 240e:4e:800::66

#===================== 测试本机网络连接(www.baidu.com) =====================#

HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Connection: keep-alive
Content-Length: 277
Content-Type: text/html
Date: Fri, 22 Nov 2024 07:08:55 GMT
Etag: "575e1f60-115"
Last-Modified: Mon, 13 Jun 2016 02:50:08 GMT
Pragma: no-cache
Server: bfe/1.0.*.*


#===================== 测试本机网络下载(raw.githubusercontent.com) =====================#

HTTP/1.1 200 OK
Connection: keep-alive
Content-Length: 1071
Cache-Control: max-age=300
Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
Content-Type: text/plain; charset=utf-8
ETag: "f6037a93c68519d7041a3b4df325b61c424ec255b45dfeb063371319e39b0d96"
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block
X-GitHub-Request-Id: 4591:2B4161:3163A6:39E3AC:67402E07
Accept-Ranges: bytes
Date: Fri, 22 Nov 2024 07:08:56 GMT
Via: 1.1 varnish
X-Served-By: cache-nrt-rjtf7700024-NRT
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1732259336.971414,VS0,VE309
Vary: Authorization,Accept-Encoding,Origin
Access-Control-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
X-Fastly-Request-ID: 4af6adb8343ea26f886bd8fa76cc84bfffd3ae75
Expires: Fri, 22 Nov 2024 07:13:56 GMT
Source-Age: 0


#===================== 最近运行日志(自动切换为Debug模式) =====================#

2024-11-22 14:59:35 Installing The New Version, Please Do Not Refresh The Page or Do Other Operations...
2024-11-22 14:59:47 Warning: OpenClash Now Disabled, Need Start From Luci Page, Exit...
2024-11-22 14:59:35 OpenClash Update Successful, About To Restart!
2024-11-22 14:59:47 OpenClash Restart...
2024-11-22 14:59:47 OpenClash Stoping...
2024-11-22 14:59:47 Step 1: Backup The Current Groups State...
2024-11-22 14:59:47 Step 2: Delete OpenClash Firewall Rules...
2024-11-22 14:59:49 Step 3: Close The OpenClash Daemons...
2024-11-22 14:59:49 Step 4: Close The Clash Core Process...
2024-11-22 14:59:49 Step 5: Restart Dnsmasq...
2024-11-22 14:59:49 Step 6: Delete OpenClash Residue File...
2024-11-22 14:59:49 OpenClash Already Stop!
2024-11-22 14:59:49 OpenClash Start Running...
2024-11-22 14:59:49 Step 1: Get The Configuration...
2024-11-22 14:59:49 Step 2: Check The Components...
2024-11-22 14:59:49 Step 3: Modify The Config File...
2024-11-22 14:59:49 Tip: You have seted the authentication of SOCKS5/HTTP(S) proxy with【Clash:YDnKoK34】...
2024-11-22 14:59:50 Error: Set Router Self Proxy Rule Failed,【undefined method `has_key?' for false:FalseClass】
2024-11-22 14:59:50 Error: Rule Set Add Failed,【undefined method `has_key?' for false:FalseClass】
2024-11-22 14:59:50 Error: Set Loop Protect Rules Failed,【undefined method `has_key?' for false:FalseClass】
2024-11-22 14:59:50 Error: Edit Provider Path Failed,【undefined method `key?' for false:FalseClass】
2024-11-22 14:59:50 Tip: Start Running Custom Overwrite Scripts...
2024-11-22 14:59:50 Step 4: Start Running The Clash Core...
2024-11-22 14:59:50 Test The Config File First...
time="2024-11-22T06:59:50.797471018Z" level=error msg="yaml: unmarshal errors:\n  line 1: cannot unmarshal !!bool `false` into config.RawConfig"
2024-11-22 14:59:50 configuration file【/etc/openclash/link.yaml】test failed
2024-11-22 14:59:50 Error: Config File Tested Faild, Please Check The Log Infos!
2024-11-22 14:59:50 OpenClash Stoping...
2024-11-22 14:59:50 Step 1: Backup The Current Groups State...
2024-11-22 14:59:50 Step 2: Delete OpenClash Firewall Rules...
2024-11-22 14:59:52 Step 3: Close The OpenClash Daemons...
2024-11-22 14:59:52 Step 4: Close The Clash Core Process...
2024-11-22 14:59:52 Step 5: Restart Dnsmasq...
2024-11-22 14:59:52 Step 6: Delete OpenClash Residue File...
2024-11-22 14:59:52 OpenClash Already Stop!
2024-11-22 15:01:40【/tmp/clash_last_version】Download Failed:【curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 56252 ms: Operation timed out】
2024-11-22 15:02:36【/tmp/openclash_last_version】Download Failed:【curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 28125 ms: Operation timed out curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 28127 ms: Operation timed out curl: (28) Failed to connect to raw.githubusercontent.com port 443 after 28127 ms: Operation timed out】

#===================== 最近运行日志获取完成(自动切换为silent模式) =====================#


#===================== 活动连接信息 =====================#



### OpenClash Config

_No response_

### Expected Behavior

可以正常更新订阅, 正常使用.

### Additional Context

_No response_

The text was updated successfully, but these errors were encountered:

WFANG12719 · 2024-11-26T11:40:35Z

我有同样的问题，仔细看日志，发现是无法检测到自定义的策略组配置（在：一键生成-->策略组配置），只好忍痛暂时删除所有自定义策略组和覆写设置里相应的自定义规则。

WFANG12719 · 2024-11-26T11:43:39Z

另外此时需要更新配置时也会报错，因为DNSMASQ的劫持还在运行，要先停掉dnsmasq服务，然后手动更新配置，这时的配置才能更新。

sacrelee · 2024-11-27T14:48:24Z

另外此时需要更新配置时也会报错，因为DNSMASQ的劫持还在运行，要先停掉dnsmasq服务，然后手动更新配置，这时的配置才能更新。

感谢回复, 我目前还没尝试, 就是如果按照你的方法, 手动更新配置之后也不能再使用托管的规则吗? 也就是后续只能自己手动控制配置?

sacrelee added the bug Something isn't working label Nov 22, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Bug] 可以正常更新订阅, 订阅更新后的配置修改环节报错, 导致修改后的配置文件内容为空. #4189

[Bug] 可以正常更新订阅, 订阅更新后的配置修改环节报错, 导致修改后的配置文件内容为空. #4189

sacrelee commented Nov 22, 2024 •

edited

Loading

WFANG12719 commented Nov 26, 2024

WFANG12719 commented Nov 26, 2024

sacrelee commented Nov 27, 2024

[Bug] 可以正常更新订阅, 订阅更新后的配置修改环节报错, 导致修改后的配置文件内容为空. #4189

[Bug] 可以正常更新订阅, 订阅更新后的配置修改环节报错, 导致修改后的配置文件内容为空. #4189

Comments

sacrelee commented Nov 22, 2024 • edited Loading

Verify Steps

OpenClash Version

Bug on Environment

OpenWrt Version

Bug on Platform

Describe the Bug

To Reproduce

OpenClash Log

WFANG12719 commented Nov 26, 2024

WFANG12719 commented Nov 26, 2024

sacrelee commented Nov 27, 2024

sacrelee commented Nov 22, 2024 •

edited

Loading