stilleshan
/
code
mirror of https://github.com/stilleshan/code.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
code/projects/openwrt/openclash/Sample.yaml

606 lines
16 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Port of HTTP(S) proxy server on the local end
# port: 7890
# Port of SOCKS5 proxy server on the local end
# socks-port: 7891
# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP)
# redir-port: 7892
# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
# tproxy-port: 7893
# HTTP(S) and SOCKS5 server on the same port
mixed-port: 7890
# authentication of local SOCKS5/HTTP(S) server
# authentication:
# - "user1:pass1"
# - "user2:pass2"
# Set to true to allow connections to the local-end server from
# other LAN IP addresses
allow-lan: false
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
bind-address: '*'
# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single endpoint
# direct: directly forward the packets to the Internet
mode: rule
# Clash by default prints logs to STDOUT
# info / warning / error / debug / silent
log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
ipv6: false
# RESTful web API listening address
external-controller: 127.0.0.1:9090
# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `${API}/ui`.
# external-ui: folder
# Secret for the RESTful API (optional)
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
# secret: ""
# Outbound interface name
# interface-name: en0
# Static hosts for DNS server and connection establishment (like /etc/hosts)
#
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names have a higher priority than wildcard domain names
# e.g. foo.example.com > *.example.com > .example.com
# P.S. +.foo.com equals to .foo.com and foo.com
hosts:
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
# Firebase Cloud Messaging
'mtalk.google.com': 108.177.125.188
# Google Dl
'dl.google.com': 180.163.151.161
'dl.l.google.com': 180.163.151.161
# DNS server settings
# This section is optional. When not present, the DNS server will be disabled.
dns:
enable: false
listen: 0.0.0.0:53
# ipv6: false # when the false, response to AAAA questions will be empty
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 119.29.29.29
enhanced-mode: fake-ip # or redir-host
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# use-hosts: true # lookup hosts and return IP record
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
fake-ip-filter:
- '*.lan'
- localhost.ptlogin2.qq.com
- '+.srv.nintendo.net'
- '+.stun.playstation.net'
- '+.msftconnecttest.com'
- '+.msftncsi.com'
- '+.xboxlive.com'
- 'msftconnecttest.com'
- 'xbox.*.microsoft.com'
- '*.battlenet.com.cn'
- '*.battlenet.com'
- '*.blzstatic.cn'
- '*.battle.net'
# === Linksys Wireless Router ===
- '*.linksys.com'
- '*.linksyssmartwifi.com'
# === Apple Software Update Service ===
- 'swscan.apple.com'
- 'mesu.apple.com'
# === Windows 10 Connnect Detection ===
- '*.msftconnecttest.com'
- '*.msftncsi.com'
# === NTP Service ===
- 'time.*.com'
- 'time.*.gov'
- 'time.*.edu.cn'
- 'time.*.apple.com'
- 'time1.*.com'
- 'time2.*.com'
- 'time3.*.com'
- 'time4.*.com'
- 'time5.*.com'
- 'time6.*.com'
- 'time7.*.com'
- 'ntp.*.com'
- 'ntp.*.com'
- 'ntp1.*.com'
- 'ntp2.*.com'
- 'ntp3.*.com'
- 'ntp4.*.com'
- 'ntp5.*.com'
- 'ntp6.*.com'
- 'ntp7.*.com'
- '*.time.edu.cn'
- '*.ntp.org.cn'
- '+.pool.ntp.org'
- 'time1.cloud.tencent.com'
# === Music Service ===
## NetEase
- '+.music.163.com'
- '*.126.net'
## Baidu
- 'musicapi.taihe.com'
- 'music.taihe.com'
## Kugou
- 'songsearch.kugou.com'
- 'trackercdn.kugou.com'
## Kuwo
- '*.kuwo.cn'
## JOOX
- 'api-jooxtt.sanook.com'
- 'api.joox.com'
- 'joox.com'
## QQ
- '+.y.qq.com'
- '+.music.tc.qq.com'
- 'aqqmusic.tc.qq.com'
- '+.stream.qqmusic.qq.com'
## Xiami
- '*.xiami.com'
## Migu
- '+.music.migu.cn'
# === Game Service ===
## Nintendo Switch
- '+.srv.nintendo.net'
## Sony PlayStation
- '+.stun.playstation.net'
## Microsoft Xbox
- 'xbox.*.microsoft.com'
- '+.xboxlive.com'
# === Other ===
## QQ Quick Login
- 'localhost.ptlogin2.qq.com'
## Golang
- 'proxy.golang.org'
## STUN Server
- 'stun.*.*'
- 'stun.*.*.*'
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
- 119.29.29.29
- 223.5.5.5
# - tls://dns.rubyfish.cn:853 # DNS over TLS
# - https://1.1.1.1/dns-query # DNS over HTTPS
# When `fallback` is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in `nameservers`.
# The answers from fallback servers are used when the GEOIP country
# is not `CN`.
# fallback:
# - tcp://1.1.1.1
fallback:
- tls://one.one.one.one:853
- tls://dns.google:853
- https://dns.twnic.tw/dns-query
- https://dns.adguard.com/dns-query
- https://doh.dns.sb/dns-query
# If IP addresses resolved with servers in `nameservers` are in the specified
# subnets below, they are considered invalid and results from `fallback`
# servers are used instead.
#
# IP address resolved with servers in `nameserver` is used when
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
#
# If `fallback-filter.geoip` is false, results from `nameserver` nameservers
# are always used if not match `fallback-filter.ipcidr`.
#
# This is a countermeasure against DNS pollution attacks.
fallback-filter:
geoip: true
ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'
#
# https://github.com/Dreamacro/clash/wiki/premium-core-features
#
# tun:
# enable: true
# stack: system # or gvisor
# # dns-hijack:
# # - 8.8.8.8:53
# # - tcp://8.8.8.8:53
# macOS-auto-route: true # auto set global route
# macOS-auto-detect-interface: true # conflict with interface-name
proxies:
# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式https://github.com/Dreamacro/clash/wiki/configuration
# 服务器节点订阅
proxy-providers:
# name: # Provider 名称
# type: http # http 或 file
# path: # 文件路径
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
# health-check: # 健康检查选项从此处开始
# enable:
# url:
# interval:
#
# 「url」参数填写订阅链接
#
# 订阅链接可以使用 API 进行转换https://sub.ops.ci/
#
#
# 此处只是订阅示例,如果没有订阅链接的使用需求,此处及 proxy-groups 的相关内容可删除
## 订阅 URL 拼接说明
# 第一段: sub 转换地址 https://sub.ops.ci/sub?target=clash&url=
# 第二段: 订阅地址 urlencode https%3A%2F%2Ffast.losadhwselfff2332dasd.xyz%2Flink%xxxxxxxxxx%3Fsub%3D1
# 第三段: 过滤文字提取信息 &exclude=(%E6%B5%81%E9%87%8F%7C%E5%AE%98%E7%BD%91%7C%E6%9C%AC%E7%AB%99%7C%E5%8A%A0%E5%85%A5%7C%E8%BF%87%E6%9C%9F)&emoji=true&list=true&udp=false&tfo=false&scv=false&fdn=false&sort=false
# 示例: https://sub.ops.ci/sub?target=clash&url=https%3A%2F%2Ffast.losadhwselfff2332dasd.xyz%2Flink%xxxxxxxxxx%3Fsub%3D1&exclude=(%E6%B5%81%E9%87%8F%7C%E5%AE%98%E7%BD%91%7C%E6%9C%AC%E7%AB%99%7C%E5%8A%A0%E5%85%A5%7C%E8%BF%87%E6%9C%9F)&emoji=true&list=true&udp=false&tfo=false&scv=false&fdn=false&sort=false
Amy:
type: http
url: "参照上文注释 订阅 URL 拼接说明 示例自行拼接填写"
interval: 3600
path: ./Proxy/Amy.yaml # 注意此处文件名不可相同
health-check:
enable: true
interval: 600
url: http://www.gstatic.com/generate_204
CNIX:
type: http
url: "参照上文注释 订阅 URL 拼接说明 示例自行拼接填写"
interval: 3600
path: ./Proxy/CNIX.yaml # 注意此处文件名不可相同
health-check:
enable: true
interval: 600
url: http://www.gstatic.com/generate_204
Dler:
type: http
url: "参照上文注释 订阅 URL 拼接说明 示例自行拼接填写"
interval: 3600
path: ./Proxy/Dler.yaml # 注意此处文件名不可相同
health-check:
enable: true
interval: 600
url: http://www.gstatic.com/generate_204
proxy-groups:
# 策略组示例请查阅 Clash 项目 README 以使用最新格式https://github.com/Dreamacro/clash/wiki/configuration
#
# 策略组说明
#
# 「MATCH」类似 Surge 的「Final」此处用于选择白名单模式(PROXY 策略)和黑名单模式(DIRECT 策略)
#
# 「Streaming」和「StreamingSE」比较好理解有专用于流媒体的节点就设置到其中如果没有「StreamingSE」的需求可以连带 Rule 部分一起删掉「Streaming」需至少保留 Rule用「PROXY」即可。
#
# 「PROXY」是代理规则策略它可以指定为某个节点或嵌套一个其他策略组「自动测试」、「Fallback」或「负载均衡」的策略组关于这 3 个策略组的具体示例可以看官方示例https://github.com/Dreamacro/clash
#
# 注意此处的「use」而不是「proxies」当然也可以不用在此先嵌套一个策略组进行选择可以直接使用
#
# # 代理节点选择
# - name: "PROXY"
# type: select
# use:
# - DuckDuckGo # 嵌套使用订阅节点策略组
# proxies:
# - Fallback
# - 1
# - 2
# - 3
#
# 但如果订阅节点很多选起来就很麻烦,不如先嵌套一个策略组进行手动或自动的选择。
# 代理节点选择
- name: "PROXY"
type: select # 亦可使用 fallback 或 load-balance
use:
- Amy
- CNIX
- Dler
# YouTube 服务
- name: "YouTube"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- PROXY
# Netflix 服务
- name: "Netflix"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- PROXY
# DisneyPlus 服务
- name: "DisneyPlus"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- PROXY
# AppleTV 服务
- name: "AppleTV"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- DIRECT
- PROXY
# Apple 服务
- name: "Apple"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- DIRECT
- PROXY
# Microsoft服务
- name: "Microsoft"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- DIRECT
- PROXY
# PayPal 服务
- name: "PayPal"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- DIRECT
- PROXY
# 广告拦截
- name: "AdBlock"
type: select
use:
- Amy
- CNIX
- Dler
proxies:
- DIRECT
- PROXY
- REJECT
# 关于 Rule Provider 请查阅https://lancellc.gitbook.io/clash/clash-config-file/rule-provider
rule-providers:
# name: # Provider 名称
# type: http # http 或 file
# behavior: classical # 或 ipcidr、domain
# path: # 文件路径
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
Unbreak:
type: http
behavior: classical
path: ./RuleSet/Unbreak.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Unbreak.yaml
interval: 86400
AdBlock:
type: http
behavior: classical
path: ./RuleSet/AdBlock.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Advertising/Advertising_Classical.yaml
interval: 86400
YouTube:
type: http
behavior: classical
path: ./RuleSet/YouTube.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/YouTube/YouTube.yaml
interval: 86400
Netflix:
type: http
behavior: classical
path: ./RuleSet/Netflix.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Netflix/Netflix.yaml
interval: 86400
DisneyPlus:
type: http
behavior: classical
path: ./RuleSet/DisneyPlus.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Disney/Disney.yaml
interval: 86400
AppleTV:
type: http
behavior: classical
path: ./RuleSet/AppleTV.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/AppleTV/AppleTV.yaml
interval: 86400
Apple:
type: http
behavior: classical
path: ./RuleSet/Apple.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Apple/Apple.yaml
interval: 86400
Microsoft:
type: http
behavior: classical
path: ./RuleSet/Microsoft.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Microsoft/Microsoft.yaml
interval: 86400
PayPal:
type: http
behavior: classical
path: ./RuleSet/PayPal.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/PayPal/PayPal.yaml
interval: 86400
SpeedTest:
type: http
behavior: classical
path: ./RuleSet/SpeedTest.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Speedtest/Speedtest.yaml
interval: 86400
Steam:
type: http
behavior: classical
path: ./RuleSet/Steam.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Steam/Steam.yaml
interval: 86400
PrivateTracker:
type: http
behavior: classical
path: ./RuleSet/PrivateTracker.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/PrivateTracker/PrivateTracker.yaml
interval: 86400
Global:
type: http
behavior: classical
path: ./RuleSet/Global.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/Global/Global_Classical.yaml
interval: 86400
China:
type: http
behavior: classical
path: ./RuleSet/China.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/China/China.yaml
interval: 86400
ChinaIP:
type: http
behavior: ipcidr
path: ./RuleSet/Extra/ChinaIP.yaml
url: https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Clash/ChinaIPs/ChinaIPs_IP.yaml
interval: 86400
# 规则
rules:
# Unbreak 避免被去广告误伤
- RULE-SET,Unbreak,DIRECT
# AdBlock 去广告
- RULE-SET,AdBlock,AdBlock
# YouTube 苹果服务
- RULE-SET,YouTube,YouTube
# Netflix 奈飞服务
- RULE-SET,Netflix,Netflix
# DisneyPlus 迪士尼+
- RULE-SET,DisneyPlus,DisneyPlus
# AppleTV 苹果服务
- RULE-SET,AppleTV,AppleTV
# Apple 苹果服务
- RULE-SET,Apple,Apple
# Microsoft 微软服务
- RULE-SET,Microsoft,Microsoft
# PayPal 贝宝服务
- RULE-SET,PayPal,PayPal
# Speedtest 测速服务
- RULE-SET,SpeedTest,DIRECT
# Steam 游戏服务
- RULE-SET,Steam,DIRECT
# PT 下载
- RULE-SET,PrivateTracker,DIRECT
# 全球代理
- RULE-SET,Global,PROXY
# China Area Network
- RULE-SET,China,DIRECT
# Local Area Network
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
- IP-CIDR,224.0.0.0/4,DIRECT
- IP-CIDR,fe80::/10,DIRECT
# China IP Network
- RULE-SET,ChinaIP,DIRECT
# (可选)使用来自 ipipdotnet 的 ChinaIP 以解决数据不准确的问题,使用 ChinaIP.yaml 时可禁用下列直至包括「GEOIP,CN」规则
# - RULE-SET,ChinaIP,DIRECT
# Tencent
#- IP-CIDR,119.28.28.28/32,DIRECT
#- IP-CIDR,182.254.116.0/24,DIRECT
# GeoIP China
#- GEOIP,CN,DIRECT
- MATCH,PROXY
Reference in New Issue View Git Blame Copy Permalink