# Port of HTTP(S) proxy server on the local end # port: 7890 # Port of SOCKS5 proxy server on the local end # socks-port: 7891 # Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) # redir-port: 7892 # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) # tproxy-port: 7893 # HTTP(S) and SOCKS5 server on the same port mixed-port: 7890 # authentication of local SOCKS5/HTTP(S) server # authentication: # - "user1:pass1" # - "user2:pass2" # Set to true to allow connections to the local-end server from # other LAN IP addresses allow-lan: false # This is only applicable when `allow-lan` is `true` # '*': bind all IP addresses # 192.168.122.11: bind a single IPv4 address # "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address bind-address: '*' # Clash router working mode # rule: rule-based packet routing # global: all packets will be forwarded to a single endpoint # direct: directly forward the packets to the Internet mode: rule # Clash by default prints logs to STDOUT # info / warning / error / debug / silent log-level: info # When set to false, resolver won't translate hostnames to IPv6 addresses ipv6: false # RESTful web API listening address external-controller: 127.0.0.1:9090 # A relative path to the configuration directory or an absolute path to a # directory in which you put some static web resource. Clash core will then # serve it at `${API}/ui`. # external-ui: folder # Secret for the RESTful API (optional) # Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}` # ALWAYS set a secret if RESTful API is listening on 0.0.0.0 # secret: "" # Outbound interface name # interface-name: en0 # Static hosts for DNS server and connection establishment (like /etc/hosts) # # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) # Non-wildcard domain names have a higher priority than wildcard domain names # e.g. foo.example.com > *.example.com > .example.com # P.S. +.foo.com equals to .foo.com and foo.com hosts: # '*.clash.dev': 127.0.0.1 # '.dev': 127.0.0.1 # 'alpha.clash.dev': '::1' # Firebase Cloud Messaging 'mtalk.google.com': 108.177.125.188 # Google Dl 'dl.google.com': 180.163.151.161 'dl.l.google.com': 180.163.151.161 # DNS server settings # This section is optional. When not present, the DNS server will be disabled. dns: enable: false listen: 0.0.0.0:53 # ipv6: false # when the false, response to AAAA questions will be empty # These nameservers are used to resolve the DNS nameserver hostnames below. # Specify IP addresses only default-nameserver: - 119.29.29.29 enhanced-mode: fake-ip # or redir-host fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR # use-hosts: true # lookup hosts and return IP record # Hostnames in this list will not be resolved with fake IPs # i.e. questions to these domain names will always be answered with their # real IP addresses fake-ip-filter: - '*.lan' - localhost.ptlogin2.qq.com - '+.srv.nintendo.net' - '+.stun.playstation.net' - '+.msftconnecttest.com' - '+.msftncsi.com' - '+.xboxlive.com' - 'msftconnecttest.com' - 'xbox.*.microsoft.com' - '*.battlenet.com.cn' - '*.battlenet.com' - '*.blzstatic.cn' - '*.battle.net' # === Linksys Wireless Router === - '*.linksys.com' - '*.linksyssmartwifi.com' # === Apple Software Update Service === - 'swscan.apple.com' - 'mesu.apple.com' # === Windows 10 Connnect Detection === - '*.msftconnecttest.com' - '*.msftncsi.com' # === NTP Service === - 'time.*.com' - 'time.*.gov' - 'time.*.edu.cn' - 'time.*.apple.com' - 'time1.*.com' - 'time2.*.com' - 'time3.*.com' - 'time4.*.com' - 'time5.*.com' - 'time6.*.com' - 'time7.*.com' - 'ntp.*.com' - 'ntp.*.com' - 'ntp1.*.com' - 'ntp2.*.com' - 'ntp3.*.com' - 'ntp4.*.com' - 'ntp5.*.com' - 'ntp6.*.com' - 'ntp7.*.com' - '*.time.edu.cn' - '*.ntp.org.cn' - '+.pool.ntp.org' - 'time1.cloud.tencent.com' # === Music Service === ## NetEase - '+.music.163.com' - '*.126.net' ## Baidu - 'musicapi.taihe.com' - 'music.taihe.com' ## Kugou - 'songsearch.kugou.com' - 'trackercdn.kugou.com' ## Kuwo - '*.kuwo.cn' ## JOOX - 'api-jooxtt.sanook.com' - 'api.joox.com' - 'joox.com' ## QQ - '+.y.qq.com' - '+.music.tc.qq.com' - 'aqqmusic.tc.qq.com' - '+.stream.qqmusic.qq.com' ## Xiami - '*.xiami.com' ## Migu - '+.music.migu.cn' # === Game Service === ## Nintendo Switch - '+.srv.nintendo.net' ## Sony PlayStation - '+.stun.playstation.net' ## Microsoft Xbox - 'xbox.*.microsoft.com' - '+.xboxlive.com' # === Other === ## QQ Quick Login - 'localhost.ptlogin2.qq.com' ## Golang - 'proxy.golang.org' ## STUN Server - 'stun.*.*' - 'stun.*.*.*' # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. # All DNS questions are sent directly to the nameserver, without proxies # involved. Clash answers the DNS question with the first result gathered. nameserver: - 119.29.29.29 - 223.5.5.5 # - tls://dns.rubyfish.cn:853 # DNS over TLS # - https://1.1.1.1/dns-query # DNS over HTTPS # When `fallback` is present, the DNS server will send concurrent requests # to the servers in this section along with servers in `nameservers`. # The answers from fallback servers are used when the GEOIP country # is not `CN`. # fallback: # - tcp://1.1.1.1 fallback: - tls://one.one.one.one:853 - tls://dns.google:853 - https://dns.twnic.tw/dns-query - https://dns.adguard.com/dns-query - https://doh.dns.sb/dns-query # If IP addresses resolved with servers in `nameservers` are in the specified # subnets below, they are considered invalid and results from `fallback` # servers are used instead. # # IP address resolved with servers in `nameserver` is used when # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. # # If `fallback-filter.geoip` is false, results from `nameserver` nameservers # are always used if not match `fallback-filter.ipcidr`. # # This is a countermeasure against DNS pollution attacks. fallback-filter: geoip: true ipcidr: # - 240.0.0.0/4 # domain: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' # # https://github.com/Dreamacro/clash/wiki/premium-core-features # # tun: # enable: true # stack: system # or gvisor # # dns-hijack: # # - 8.8.8.8:53 # # - tcp://8.8.8.8:53 # macOS-auto-route: true # auto set global route # macOS-auto-detect-interface: true # conflict with interface-name proxies: # 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration # 服务器节点订阅 proxy-providers: # name: # Provider 名称 # type: http # http 或 file # path: # 文件路径 # url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。 # interval: # 自动更新间隔,仅在类型为 HTTP 时可用 # health-check: # 健康检查选项从此处开始 # enable: # url: # interval: # # 「url」参数填写订阅链接 # # 订阅链接可以使用 API 进行转换,如:https://dove.589669.xyz/web # # # 此处只是订阅示例,如果没有订阅链接的使用需求,此处及 proxy-groups 的相关内容可删除 ## 订阅 URL 拼接说明 # 第一段: sub 转换地址 https://SUB-API-URL/sub?target=clash&url= # 第二段: 订阅地址 urlencode https%3A%2F%2Ffast.losadhwselfff2332dasd.xyz%2Flink%xxxxxxxxxx%3Fsub%3D1 # 第三段: 过滤文字提取信息 &exclude=(%E6%B5%81%E9%87%8F%7C%E5%AE%98%E7%BD%91%7C%E6%9C%AC%E7%AB%99%7C%E5%8A%A0%E5%85%A5%7C%E8%BF%87%E6%9C%9F)&emoji=true&list=true&udp=false&tfo=false&scv=false&fdn=false&sort=false Amy: type: http url: "" interval: 3600 path: ./Proxy/Amy.yaml # 注意此处文件名不可相同 health-check: enable: true interval: 600 url: http://www.gstatic.com/generate_204 CNIX: type: http url: "" interval: 3600 path: ./Proxy/CNIX.yaml # 注意此处文件名不可相同 health-check: enable: true interval: 600 url: http://www.gstatic.com/generate_204 GuGuEX: type: http url: "" interval: 3600 path: ./Proxy/GuGuEX.yaml # 注意此处文件名不可相同 health-check: enable: true interval: 600 url: http://www.gstatic.com/generate_204 Dler: type: http url: "" interval: 3600 path: ./Proxy/Dler.yaml # 注意此处文件名不可相同 health-check: enable: true interval: 600 url: http://www.gstatic.com/generate_204 proxy-groups: # 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration # # 策略组说明 # # 「MATCH」类似 Surge 的「Final」,此处用于选择白名单模式(PROXY 策略)和黑名单模式(DIRECT 策略) # # 「Streaming」和「StreamingSE」比较好理解,有专用于流媒体的节点就设置到其中,如果没有「StreamingSE」的需求可以连带 Rule 部分一起删掉,「Streaming」需至少保留 Rule,用「PROXY」即可。 # # 「PROXY」是代理规则策略,它可以指定为某个节点或嵌套一个其他策略组,如:「自动测试」、「Fallback」或「负载均衡」的策略组,关于这 3 个策略组的具体示例可以看官方示例:https://github.com/Dreamacro/clash # # 注意此处的「use」而不是「proxies」,当然也可以不用在此先嵌套一个策略组进行选择,可以直接使用,如 # # # 代理节点选择 # - name: "PROXY" # type: select # use: # - DuckDuckGo # 嵌套使用订阅节点策略组 # proxies: # - Fallback # - 1 # - 2 # - 3 # # 但如果订阅节点很多选起来就很麻烦,不如先嵌套一个策略组进行手动或自动的选择。 # 代理节点选择 - name: "PROXY" type: select # 亦可使用 fallback 或 load-balance use: - CNIX - GuGuEX - Dler - name: "Media" type: select use: - Amy - CNIX - Dler proxies: - PROXY # YouTube 服务 - name: "YouTube" type: select use: - Amy - CNIX - Dler proxies: - PROXY - Media # Netflix 服务 - name: "Netflix" type: select use: - Amy - CNIX - Dler proxies: - PROXY - Media # DisneyPlus 服务 - name: "DisneyPlus" type: select use: - Amy - CNIX - Dler proxies: - PROXY - Media # AppleTV 服务 - name: "AppleTV" type: select use: - Amy - CNIX - Dler proxies: - PROXY - Media # Apple 服务 - name: "Apple" type: select use: - Amy - CNIX - Dler proxies: - DIRECT - PROXY # Microsoft服务 - name: "Microsoft" type: select use: - Amy - CNIX - Dler proxies: - DIRECT - PROXY # PayPal 服务 - name: "PayPal" type: select use: - Amy - CNIX - Dler proxies: - DIRECT - PROXY # 广告拦截 - name: "AdBlock" type: select use: - Amy - CNIX - Dler proxies: - DIRECT - PROXY - REJECT # 最终策略 - name: "漏网之鱼" type: select proxies: - DIRECT - PROXY # 关于 Rule Provider 请查阅:https://lancellc.gitbook.io/clash/clash-config-file/rule-provider rule-providers: # name: # Provider 名称 # type: http # http 或 file # behavior: classical # 或 ipcidr、domain # path: # 文件路径 # url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。 # interval: # 自动更新间隔,仅在类型为 HTTP 时可用 Unbreak: type: http behavior: classical path: ./RuleSet/Unbreak.yaml url: https://git.jasuit.com/jh163888/Profiles/raw/branch/master/Clash/RuleSet/Unbreak.yaml interval: 86400 AdBlock: type: http behavior: classical path: ./RuleSet/AdBlock.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Advertising/Advertising_Classical.yaml interval: 86400 YouTube: type: http behavior: classical path: ./RuleSet/YouTube.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/YouTube/YouTube.yaml interval: 86400 Netflix: type: http behavior: classical path: ./RuleSet/Netflix.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Netflix/Netflix.yaml interval: 86400 DisneyPlus: type: http behavior: classical path: ./RuleSet/DisneyPlus.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Disney/Disney.yaml interval: 86400 AppleTV: type: http behavior: classical path: ./RuleSet/AppleTV.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/AppleTV/AppleTV.yaml interval: 86400 Apple: type: http behavior: classical path: ./RuleSet/Apple.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Apple/Apple.yaml interval: 86400 Microsoft: type: http behavior: classical path: ./RuleSet/Microsoft.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Microsoft/Microsoft.yaml interval: 86400 PayPal: type: http behavior: classical path: ./RuleSet/PayPal.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/PayPal/PayPal.yaml interval: 86400 SpeedTest: type: http behavior: classical path: ./RuleSet/SpeedTest.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Speedtest/Speedtest.yaml interval: 86400 Steam: type: http behavior: classical path: ./RuleSet/Steam.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Steam/Steam.yaml interval: 86400 PrivateTracker: type: http behavior: classical path: ./RuleSet/PrivateTracker.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/PrivateTracker/PrivateTracker.yaml interval: 86400 Global: type: http behavior: classical path: ./RuleSet/Global.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/Global/Global_Classical.yaml interval: 86400 China: type: http behavior: classical path: ./RuleSet/China.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/China/China.yaml interval: 86400 ChinaIP: type: http behavior: ipcidr path: ./RuleSet/Extra/ChinaIP.yaml url: https://git.jasuit.com/jh163888/ios_rule_script/raw/branch/master/rule/Clash/ChinaIPs/ChinaIPs_IP.yaml interval: 86400 # 规则 rules: # Unbreak 避免被去广告误伤 - RULE-SET,Unbreak,DIRECT # AdBlock 去广告 - RULE-SET,AdBlock,AdBlock # YouTube 苹果服务 - RULE-SET,YouTube,YouTube # Netflix 奈飞服务 - RULE-SET,Netflix,Netflix # DisneyPlus 迪士尼+ - RULE-SET,DisneyPlus,DisneyPlus # AppleTV 苹果服务 - RULE-SET,AppleTV,AppleTV # Apple 苹果服务 - RULE-SET,Apple,Apple # Microsoft 微软服务 - RULE-SET,Microsoft,Microsoft # PayPal 贝宝服务 - RULE-SET,PayPal,PayPal # Speedtest 测速服务 - RULE-SET,SpeedTest,DIRECT # Steam 游戏服务 - RULE-SET,Steam,DIRECT # PT 下载 - RULE-SET,PrivateTracker,DIRECT # 全球代理 - RULE-SET,Global,PROXY # China Area Network - RULE-SET,China,DIRECT # Local Area Network - IP-CIDR,192.168.0.0/16,DIRECT - IP-CIDR,10.0.0.0/8,DIRECT - IP-CIDR,172.16.0.0/12,DIRECT - IP-CIDR,127.0.0.0/8,DIRECT - IP-CIDR,100.64.0.0/10,DIRECT - IP-CIDR,224.0.0.0/4,DIRECT - IP-CIDR,fe80::/10,DIRECT # China IP Network - RULE-SET,ChinaIP,DIRECT # (可选)使用来自 ipipdotnet 的 ChinaIP 以解决数据不准确的问题,使用 ChinaIP.yaml 时可禁用下列直至(包括)「GEOIP,CN」规则 # - RULE-SET,ChinaIP,DIRECT # Tencent #- IP-CIDR,119.28.28.28/32,DIRECT #- IP-CIDR,182.254.116.0/24,DIRECT # GeoIP China #- GEOIP,CN,DIRECT # - MATCH,PROXY - MATCH,漏网之鱼