ios_rule_script/source/connershua/Clash/Global.yaml
2021-04-17 01:38:57 +08:00

353 lines
10 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Port of HTTP(S) proxy server on the local end
port: 7890
# Port of SOCKS5 proxy server on the local end
socks-port: 7891
# Transparent proxy server port for Linux and macOS
# redir-port: 7892
# HTTP(S) and SOCKS5 server on the same port
# mixed-port: 7890
# authentication of local SOCKS5/HTTP(S) server
# authentication:
# - "user1:pass1"
# - "user2:pass2"
# Set to true to allow connections to local-end server from
# other LAN IP addresses
allow-lan: false
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
bind-address: '*'
# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single endpoint
# direct: directly forward the packets to the Internet
mode: rule
# Clash by default prints logs to STDOUT
# info / warning / error / debug / silent
log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
ipv6: true
# RESTful web API listening address
external-controller: 127.0.0.1:9090
# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `${API}/ui`.
# external-ui: folder
# Secret for the RESTful API (optional)
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
# secret: ""
# Outbound interface name
interface-name: en0
# Static hosts for DNS server and connection establishment, only works
# when `dns.enhanced-mode` is `redir-host`.
#
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names has a higher priority than wildcard domain names
# e.g. foo.example.com > *.example.com > .example.com
# P.S. +.foo.com equals to .foo.com and foo.com
hosts:
'mtalk.google.com': 108.177.125.188
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
# DNS server settings
# This section is optional. When not present, DNS server will be disabled.
dns:
enable: false
listen: 0.0.0.0:53
# ipv6: false # when false, response to AAAA questions will be empty
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 114.114.114.114
- 8.8.8.8
enhanced-mode: redir-host # or fake-ip
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
# fake-ip-filter:
# - '*.lan'
# - localhost.ptlogin2.qq.com
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
- 114.114.114.114 # default value
- 8.8.8.8 # default value
- tls://dns.rubyfish.cn:853 # DNS over TLS
- https://1.1.1.1/dns-query # DNS over HTTPS
# When `fallback` is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in `nameservers`.
# The answers from fallback servers are used when the GEOIP country
# is not `CN`.
# fallback:
# - tcp://1.1.1.1
# If IP addresses resolved with servers in `nameservers` are in the specified
# subnets below, they are considered invalid and results from `fallback`
# servers are used instead.
#
# IP address resolved with servers in `nameserver` is used when
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
#
# If `fallback-filter.geoip` is false, results from `fallback` nameservers
# are always used, and answers from `nameservers` are discarded.
#
# This is a countermeasure against DNS pollution attacks.
fallback-filter:
geoip: true
ipcidr:
# - 240.0.0.0/4
proxies:
# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式https://github.com/Dreamacro/clash/blob/master/README.md
# Shadowsocks(Websocket + TLS)
- name: "HK"
type: ss
server: server
port: 443
cipher: chacha20-ietf-poly1305
password: "password"
plugin: v2ray-plugin
plugin-opts:
mode: websocket # no QUIC now
tls: true # wss
# skip-cert-verify: true
# host: bing.com
path: "/s"
# mux: true
# headers:
# custom: value
# VMess(Websocket + TLS)
- name: "US"
type: vmess
server: v2ray.cool
port: 443
uuid: a3482e88-686a-4a58-8126-99c9df64b7bf
alterId: 32
cipher: auto
# udp: true
tls: true
# skip-cert-verify: true
network: ws
ws-path: /v
# ws-headers:
# Host: v2ray.com
# Trojan
- name: "SG"
type: trojan
server: server
port: 443
password: yourpsk
# udp: true
# sni: example.com # aka server name
# alpn:
# - h2
# - http/1.1
# skip-cert-verify: true
# 服务器节点订阅
proxy-providers:
# name: # Provider 名称
# type: http # http 或 file
# path: # 文件路径
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
# health-check: # 健康检查选项从此处开始
# enable:
# url:
# interval:
#
# 「url」参数填写订阅链接
#
# 订阅链接可以使用 API 进行转换https://sub.dler.io/
#
# 1.模式选择「进阶模式」 2.填写订阅链接 3.勾选「输出为 Node List」 4.「生成订阅链接」
#
DuckDuckGo-Sub: # 冲鸭机场订阅链接
type: http
url: "https://duckduckgo.security/user/sub.php?token=DivineEngine"
interval: 3600
path: ./Proxy/ProxyList.yaml # 不同机场不同命名
health-check:
enable: true
interval: 600
url: http://www.gstatic.com/generate_204
proxy-groups:
# 策略组示例请查阅 Clash 项目 README 以使用最新格式https://github.com/Dreamacro/clash/blob/master/README.md
#
# 策略组说明
#
# 「MATCH」类似 Surge 的「Final」此处用于选择白名单模式(PROXY 策略)和黑名单模式(DIRECT 策略)
#
# 「Streaming」和「StreamingSE」比较好理解有专用于流媒体的节点就设置到其中如果没有「StreamingSE」的需求可以连带 Rule 部分一起删掉「Streaming」需至少保留 Rule用「PROXY」即可。
#
# 「PROXY」是代理规则策略它可以指定为某个节点或嵌套一个其他策略组「自动测试」、「Fallback」或「负载均衡」的策略组关于这 3 个策略组的具体示例可以看官方示例https://github.com/Dreamacro/clash
#
# Fallback 比较实用的策略组类型,用于测试服务器节点的可用性,当第一个节点不可用时切换到第二个,以此类推。
- name: "Fallback"
type: fallback
proxies:
- HK
- US
- SG
url: 'http://www.gstatic.com/generate_204'
interval: 300
# 代理节点选择
- name: "PROXY"
type: select
proxies:
- Fallback
- HK
- US
- SG
- DuckDuckGo
# 白名单模式 PROXY, 黑名单模式 DIRECT, 不知道别动
- name: "MATCH"
type: select
proxies:
- PROXY
- DIRECT
# 国际流媒体服务
- name: "Streaming"
type: select
proxies:
- PROXY
- HK
- US
- SG
# 中国流媒体服务(面向海外版本)
- name: "StreamingSE"
type: select
proxies:
- DIRECT
- HK
# 手动选择节点订阅
- name: "DuckDuckGo"
type: select # 亦可使用 fallback 或 load-balance
use:
- DuckDuckGo-Sub
# 关于 Rule Provider 请查阅https://lancellc.gitbook.io/clash/clash-config-file/rule-provider
rule-providers:
# name: # Provider 名称
# type: http # http 或 file
# behavior: classical # 或 ipcidr、domain
# path: # 文件路径
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
Unbreak:
type: http
behavior: classical
path: ./RuleSet/Unbreak.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Unbreak.yaml
interval: 86400
Streaming:
type: http
behavior: classical
path: ./RuleSet/StreamingMedia/Streaming.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/Streaming.yaml
interval: 86400
StreamingSE:
type: http
behavior: classical
path: ./RuleSet/StreamingMedia/StreamingSE.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/StreamingSE.yaml
interval: 86400
Global:
type: http
behavior: classical
path: ./RuleSet/Global.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Global.yaml
interval: 86400
China:
type: http
behavior: classical
path: ./RuleSet/China.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/China.yaml
interval: 86400
ChinaIP:
type: http
behavior: ipcidr
path: ./RuleSet/Extra/ChinaIP.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Extra/ChinaIP.yaml
interval: 86400
# 规则
rules:
# Unbreak
- RULE-SET,Unbreak,DIRECT
# Global Area Network
# (Streaming Media)
- RULE-SET,Streaming,Streaming
# (StreamingSE)
- RULE-SET,StreamingSE,StreamingSE
# (DNS Cache Pollution) / (IP Blackhole) / (Region-Restricted Access Denied) / (Network Jitter)
- RULE-SET,Global,PROXY
# China Area Network
- RULE-SET,China,DIRECT
# Local Area Network
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
- IP-CIDR,224.0.0.0/4,DIRECT
# (可选)使用来自 ipipdotnet 的 ChinaIP 以解决数据不准确的问题,使用 ChinaIP.yaml 时可禁用下列直至包括「GEOIP,CN」规则
# - RULE-SET,ChinaIP,DIRECT
# Tencent
- IP-CIDR,119.28.28.28/32,DIRECT
- IP-CIDR,182.254.116.0/24,DIRECT
# GeoIP China
- GEOIP,CN,DIRECT
- MATCH,MATCH