mirror of
https://github.com/blackmatrix7/ios_rule_script.git
synced 2025-01-13 01:49:14 +08:00
250 lines
7.0 KiB
YAML
250 lines
7.0 KiB
YAML
# Port of HTTP(S) proxy server on the local end
|
||
port: 7890
|
||
|
||
# Port of SOCKS5 proxy server on the local end
|
||
socks-port: 7891
|
||
|
||
# Transparent proxy server port for Linux and macOS
|
||
# redir-port: 7892
|
||
|
||
# HTTP(S) and SOCKS5 server on the same port
|
||
# mixed-port: 7890
|
||
|
||
# authentication of local SOCKS5/HTTP(S) server
|
||
# authentication:
|
||
# - "user1:pass1"
|
||
# - "user2:pass2"
|
||
|
||
# Set to true to allow connections to local-end server from
|
||
# other LAN IP addresses
|
||
allow-lan: false
|
||
|
||
# This is only applicable when `allow-lan` is `true`
|
||
# '*': bind all IP addresses
|
||
# 192.168.122.11: bind a single IPv4 address
|
||
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
|
||
bind-address: '*'
|
||
|
||
# Clash router working mode
|
||
# rule: rule-based packet routing
|
||
# global: all packets will be forwarded to a single endpoint
|
||
# direct: directly forward the packets to the Internet
|
||
mode: rule
|
||
|
||
# Clash by default prints logs to STDOUT
|
||
# info / warning / error / debug / silent
|
||
log-level: info
|
||
|
||
# When set to false, resolver won't translate hostnames to IPv6 addresses
|
||
ipv6: true
|
||
|
||
# RESTful web API listening address
|
||
external-controller: 127.0.0.1:9090
|
||
|
||
# A relative path to the configuration directory or an absolute path to a
|
||
# directory in which you put some static web resource. Clash core will then
|
||
# serve it at `${API}/ui`.
|
||
# external-ui: folder
|
||
|
||
# Secret for the RESTful API (optional)
|
||
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
|
||
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
|
||
# secret: ""
|
||
|
||
# Outbound interface name
|
||
interface-name: en0
|
||
|
||
# Static hosts for DNS server and connection establishment, only works
|
||
# when `dns.enhanced-mode` is `redir-host`.
|
||
#
|
||
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
|
||
# Non-wildcard domain names has a higher priority than wildcard domain names
|
||
# e.g. foo.example.com > *.example.com > .example.com
|
||
# P.S. +.foo.com equals to .foo.com and foo.com
|
||
hosts:
|
||
'mtalk.google.com': 108.177.125.188
|
||
# '*.clash.dev': 127.0.0.1
|
||
# '.dev': 127.0.0.1
|
||
# 'alpha.clash.dev': '::1'
|
||
|
||
# DNS server settings
|
||
# This section is optional. When not present, DNS server will be disabled.
|
||
dns:
|
||
enable: false
|
||
listen: 0.0.0.0:53
|
||
# ipv6: false # when false, response to AAAA questions will be empty
|
||
|
||
# These nameservers are used to resolve the DNS nameserver hostnames below.
|
||
# Specify IP addresses only
|
||
default-nameserver:
|
||
- 114.114.114.114
|
||
- 8.8.8.8
|
||
enhanced-mode: redir-host # or fake-ip
|
||
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
|
||
|
||
# Hostnames in this list will not be resolved with fake IPs
|
||
# i.e. questions to these domain names will always be answered with their
|
||
# real IP addresses
|
||
# fake-ip-filter:
|
||
# - '*.lan'
|
||
# - localhost.ptlogin2.qq.com
|
||
|
||
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
|
||
# All DNS questions are sent directly to the nameserver, without proxies
|
||
# involved. Clash answers the DNS question with the first result gathered.
|
||
nameserver:
|
||
- 114.114.114.114 # default value
|
||
- 8.8.8.8 # default value
|
||
- tls://dns.rubyfish.cn:853 # DNS over TLS
|
||
- https://1.1.1.1/dns-query # DNS over HTTPS
|
||
|
||
# When `fallback` is present, the DNS server will send concurrent requests
|
||
# to the servers in this section along with servers in `nameservers`.
|
||
# The answers from fallback servers are used when the GEOIP country
|
||
# is not `CN`.
|
||
# fallback:
|
||
# - tcp://1.1.1.1
|
||
|
||
# If IP addresses resolved with servers in `nameservers` are in the specified
|
||
# subnets below, they are considered invalid and results from `fallback`
|
||
# servers are used instead.
|
||
#
|
||
# IP address resolved with servers in `nameserver` is used when
|
||
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
|
||
#
|
||
# If `fallback-filter.geoip` is false, results from `fallback` nameservers
|
||
# are always used, and answers from `nameservers` are discarded.
|
||
#
|
||
# This is a countermeasure against DNS pollution attacks.
|
||
fallback-filter:
|
||
geoip: true
|
||
ipcidr:
|
||
# - 240.0.0.0/4
|
||
|
||
proxies:
|
||
# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md
|
||
|
||
# Shadowsocks(Websocket + TLS)
|
||
- name: "CN1"
|
||
type: ss
|
||
server: server
|
||
port: 443
|
||
cipher: chacha20-ietf-poly1305
|
||
password: "password"
|
||
plugin: v2ray-plugin
|
||
plugin-opts:
|
||
mode: websocket # no QUIC now
|
||
tls: true # wss
|
||
# skip-cert-verify: true
|
||
# host: bing.com
|
||
path: "/s"
|
||
# mux: true
|
||
# headers:
|
||
# custom: value
|
||
|
||
# VMess(Websocket + TLS)
|
||
- name: "CN2"
|
||
type: vmess
|
||
server: v2ray.cool
|
||
port: 443
|
||
uuid: a3482e88-686a-4a58-8126-99c9df64b7bf
|
||
alterId: 32
|
||
cipher: auto
|
||
# udp: true
|
||
tls: true
|
||
# skip-cert-verify: true
|
||
network: ws
|
||
ws-path: /v
|
||
# ws-headers:
|
||
# Host: v2ray.com
|
||
|
||
# Trojan
|
||
- name: "CN3"
|
||
type: trojan
|
||
server: server
|
||
port: 443
|
||
password: yourpsk
|
||
# udp: true
|
||
# sni: example.com # aka server name
|
||
# alpn:
|
||
# - h2
|
||
# - http/1.1
|
||
# skip-cert-verify: true
|
||
|
||
# 节点订阅
|
||
proxy-providers:
|
||
# name: # Provider 名称
|
||
# type: http # http 或 file
|
||
# path: # 文件路径
|
||
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
|
||
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
|
||
# health-check: # 健康检查选项从此处开始
|
||
# enable:
|
||
# url:
|
||
# interval:
|
||
|
||
# DuckDuckGo: # 冲鸭机场订阅链接
|
||
# type: http
|
||
# url: "https://duckduckgo.security/user/sub.php?token=DivineEngine"
|
||
# interval: 3600
|
||
# path: ./Proxy/ProxyList.yaml
|
||
# health-check:
|
||
# enable: true
|
||
# interval: 600
|
||
# url: http://www.gstatic.com/generate_204
|
||
|
||
proxy-groups:
|
||
# 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md
|
||
|
||
# Fallback
|
||
- name: "Fallback"
|
||
type: fallback
|
||
# use:
|
||
# - DuckDuckGo
|
||
proxies:
|
||
- CN1
|
||
- CN2
|
||
- CN3
|
||
url: 'http://cp.cloudflare.com/generate_204'
|
||
interval: 300
|
||
|
||
# 代理节点选择
|
||
- name: "PROXY"
|
||
type: select
|
||
proxies:
|
||
- Fallback
|
||
- CN1
|
||
- CN2
|
||
- CN3
|
||
|
||
rule-providers:
|
||
# name: # Provider 名称
|
||
# type: http # http 或 file
|
||
# behavior: classical # 或 ipcidr、domain
|
||
# path: # 文件路径
|
||
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
|
||
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
|
||
|
||
StreamingCN:
|
||
type: http
|
||
behavior: classical
|
||
path: ./RuleSet/StreamingMedia/StreamingCN.yaml
|
||
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/StreamingCN.yaml
|
||
interval: 86400
|
||
|
||
rules:
|
||
|
||
- RULE-SET,StreamingCN,PROXY
|
||
|
||
# Local Area Network
|
||
- IP-CIDR,192.168.0.0/16,DIRECT
|
||
- IP-CIDR,10.0.0.0/8,DIRECT
|
||
- IP-CIDR,172.16.0.0/12,DIRECT
|
||
- IP-CIDR,127.0.0.0/8,DIRECT
|
||
- IP-CIDR,100.64.0.0/10,DIRECT
|
||
- IP-CIDR,224.0.0.0/4,DIRECT
|
||
|
||
# GeoIP China
|
||
- GEOIP,CN,PROXY
|
||
|
||
- MATCH,DIRECT |