Last updated on
我的 Clash 配置
我的 Clash.Meta 覆写配置,需配合 Sub-Store 使用。
目前依然不稳定,需要时时更新。
目前客户端用的是 Sparkle,要注意配置是否会被 GUI 默认设置覆盖掉导致不生效。
mode: rule # 此项拥有默认值,默认为规则模式
log-level: debug # 内核输出日志的等级 完善配置用
mixed-port: 7890 # 混合端口,同时支持 HTTP(S) 和 SOCKS5 协议
socks-port: 7891 # SOCKS4/4a/5 代理端口
port: 7892 # HTTP(S) 代理端口
ipv6: true # 允许内核接受 IPv6 流量
allow-lan: true # 允许局域网连接
bind-address: "*" # 绑定 IP 地址,仅作用于 allow-lan 为 true,"*" 表示所有地址
use-hosts: true # 配置里的 hosts
use-system-hosts: true # 系统的 hosts
unified-delay: true # 开启统一延迟,会计算 RTT,消除不同协议类型节点的延迟差异
tcp-concurrent: true # TCP 并发,降低连接延迟但轻微增加资源消耗。似乎会导致大量 connect failed: dial tcp IP 地址 i/o timeout
global-client-fingerprint: random # 全局 TLS 指纹
profile:
store-selected: true # 保存代理组里对代理节点的选择
store-fake-ip: true # 保存域名与其分配的 Fake IP 之间的映射关系,加快解析
interface-name: WLAN # 避免系统休眠唤醒时,日志里大量的 Auto detect interface for IP 地址 get empty name 及 connect error: connect failed: interface not found
# 但有可能导致不显示 Wi-Fi 图标,而显示虚拟网卡的图标,不知原因
hosts:
# 屏蔽 Typora 的在线激活验证
"store.typora.io": 127.0.0.1
"typoraio.cn": 127.0.0.1
"dian.typora.com.cn": 127.0.0.1TUN 模式配置:
tun:
enable: true
stack: mixed
dns-hijack: # DNS 劫持,一般设置为 any:53 即可,即劫持所有 53 端口的 udp 流量
- any:53 # 不写协议头,则为 udp://
- tcp://any:53 # 防止 DNS 泄露或使用了非预期的 DNS
mtu: 1500 # GUI 默认都是 1500
strict-route: true # 严格路由,GUI 默认是关闭的,会覆盖配置
auto-route: true # 自动设置全局路由
route-address:
- 0.0.0.0/1
- 128.0.0.0/1
- "::/1"
- "8000::/1"
# auto-detect-interface: true # 自动识别出口网卡,与 interface-name: 冲突。GUI 默认开启DNS 配置:
实测不会有所谓的“DNS 泄露”
dns:
enable: true # false 将使用系统 DNS
cache-algorithm: arc # arc: Adaptive Replacement Cache
prefer-h3: false # 开启后 DoH 优先使用 HTTP/3,将并发尝试
respect-rules: false
listen: 0.0.0.0:1053 # 非标准 DNS 端口,监听无需管理员权限,不会冲突
# 0.0.0.0:53 # 很可能会与系统自带的 DNS 解析服务发生端口冲突
ipv6: true
enhanced-mode: fake-ip # or redir-host,Mihomo 的 DNS 处理模式
# Fake IP 会污染本地的 DNS 缓存,代理断开后,Fake IP 缓存在过期前的一段时间内可能无法访问网络
fake-ip-range: 198.18.0.1/16
fake-ip-filter-mode: blacklist # 匹配 fake-ip-filter 的域名将不会获得虚假 IP,而是进行常规解析
fake-ip-filter: # 允许特定域名绕过 fake-ip 获取真实 IP 地址
# === LAN ===
- "+.lan" # GUI 有内置,局域网设备常用的.lan 后缀
- "+.local" # GUI 有内置,常用于本地开发环境的.local 后缀域名
- "+.localhost" # 覆盖 localhost 及其子域名
- "*.localdomain"
- "+.test" #.test TLD 保留用于测试
- "+.example" #.example TLD 保留用于文档示例
- "+.invalid" #.invalid TLD 保留用于无效域名
- "+.home.arpa" # RFC 8375 定义的家庭网络域名 [51]
# === STUN 服务 ===
- "stun.*.*" # STUN (Session Traversal Utilities for NAT)
- "stun.*.*.*" # 凡是涉及到在 NAT 后的设备之间进行实时、点对点通信的应用,都很有可能用到 STUN
- "+.stun.*.*" # 视频会议和实时通信 (WebRTC 应用,Microsoft Teams, FaceTime 之类)
- "+.stun.*.*.*" # 私有云与内网穿透工具 (ZeroTier, Tailscale),P2P 文件共享 (*Torrent, eMule)
- "+.stun.*.*.*.*" # 在线游戏,特别是含语音交流的游戏
- "+.stun.*.*.*.*.*" # 物联网,智能家居,VoIP (网络电话)
# === NTP 服务 ===
- "time.*.com" # GUI 有内置
- "time.*.gov"
- "time.*.edu.cn"
- "+.time.edu.cn"
- "time.*.apple.com"
- "ntp.*.com" # GUI 有内置
- “*.ntp.org.cn“
- "+.pool.ntp.org"
- "time1.*.com"
- "time2.*.com"
- "time3.*.com"
- "time4.*.com"
- "time5.*.com"
- "time6.*.com"
- "time7.*.com"
- "ntp.*.com"
- "ntp1.*.com"
- "ntp2.*.com"
- "ntp3.*.com"
- "ntp4.*.com"
- "ntp5.*.com"
- "ntp6.*.com"
- "ntp7.*.com"
# === 微软系统连通性 ===
- "msftncsi.com"
- "*.msftncsi.com"
- "msftconnecttest.com"
- "*.msftconnecttest.com"
- "*.ipv6.microsoft.com"
- "msftncsi.com"
# === 腾讯相关 ===
- localhost.ptlogin2.qq.com # QQ 的网页快速登录需要
- localhost.sec.qq.com
- localhost.work.weixin.qq.com # 微信的快速登录需要
# 避免软件以为没有联网
- "geosite:connectivity-check"
default-nameserver: # 用来解析其他 DNS,如 DoH/DoT 的域名,所使用的 DNS,必须是 IP 地址
- tls://119.29.29.29:853 # 腾讯 DNS
- tls://223.5.5.5:853 # 阿里 DNS
# - system # 系统 DNS (保留以防万一)
proxy-server-nameserver: # 仅用来解析代理节点信息里域名的 DNS
# 用境外 DoH 的 DNS 时,CC 的节点域名会解析报错:TCP/UDP dial ** connect error: dns resolve failed: couldn't find ip。原因未知
- tls://1.1.1.1:853
- tls://8.8.8.8:853
nameserver:
- https://doh.pub/dns-query # 腾讯 DNS,容易错写成 dns.pub,已不支持 IP 直接接入
- https://223.5.5.5/dns-query#h3=true # 强制 HTTP/3,与 perfer-h3 无关
# - https://dns.alidns.com/dns-query#h3=true
fallback: # nameserver 解析失败或返回可能受污染的结果时提供备选
# fallback 被配置时,DNS 将并发请求 nameserver 和 fallback 中所有 DNS 服务器,寻求最快结果。一般使用境外 DNS, 保证结果可信
# 也可让 DNS 通过代理节点进行解析:#ProxyGroupName,ProxyGroupName 为节点组名或节点名
- "https://dns.cloudflare.com/dns-query#节点选择"
- "https://dns.google/dns-query#节点选择"
- tls://1.1.1.1:853
- tls://8.8.4.4:853
fallback-filter:
geoip: true # 启用 geoip 判断
geoip-code: CN # 除了 geoip-code 配置的国家 IP, 其他的 IP 结果会被视为污染
ipcidr:
- 240.0.0.0/4 # 保留的 IP 地址块
nameserver-policy: # 为特定的域名或域名模式指定 DNS, 优先级高于 nameserver 和 fallback 解析
"geosite:cn,private":
- https://doh.pub/dns-query
- https://223.5.5.5/dns-query#h3=true
# "geosite:category-ads-all": rcode://success
direct-nameserver: # 判定为 DIRECT 的域名的 DNS,用 DoH 可以防劫持。用运营商的 DNS 也行
- tls://223.5.5.5:853
- tls://119.29.29.29:853
# - system # 先用系统 DNS 解析应该会更快
direct-nameserver-follow-policy: false # 是否遵循 nameserver-policy,仅当 direct-nameserver 不为空时生效Geo 数据:
geodata-loader: standard # GEO 文件加载模式
geo-auto-update: true
geo-update-interval: 24
geox-url:
geoip: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.dat"
geosite: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
mmdb: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/country.mmdb"
asn: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/GeoLite2-ASN.mmdb"
# 另一套
# geoip: "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geoip.dat"
# geosite: "https://github.com/Loyalsoldier/v2ray-rules-dat/releases/latest/download/geosite.dat"
# mmdb: "https://raw.githubusercontent.com/Loyalsoldier/geoip/release/Country-without-asn.mmdb"
# asn: "https://raw.githubusercontent.com/Loyalsoldier/geoip/release/GeoLite2-ASN.mmdb" # MaxMind 官方版代理节点组:
这里的 filter 只适合我自己的机场
proxy-groups: # 全部代理节点组
-
name: "节点选择"
type: select
include-all-proxies: true # 引入所有代理节点
proxies:
- DIRECT # 额外再添加一个直连作选项
-
name: "Steam 跨区"
type: select
proxies:
- "日本"
- "新加坡"
- "NP 的"
- DIRECT
-
name: "高倍率"
type: url-test
url: "https://www.apple.com/library/test/success.html" # 测试地址,cp.cloudflare.com
interval: 3600 # 测试间隔,单位为秒,1 小时
expected-status: 204/200 # 期望的响应状态码,只有一致时才认为节点可用,可设多个
timeout: 7000 # 超时时间,单位为毫秒,7 秒
max-failed-times: 7 # 最大失败次数,超过则触发强制健康检查或将节点标记为不可用,默认 5
# 新的最低延迟的代理延迟大于之前选择的节点延迟减去容差值时,才会切换节点,默认 0,单位 ms
# 例: 上次选择的代理节点这次测试延迟为 50ms,容差 10,则必须有低于 40ms 的节点才会切换
tolerance: 30
include-all-proxies: true # 引入所有代理节点,约等于手动填写 proxies: 数组里大量的节点名字
filter: '^.*\[倍率:([2-9]\d*(\.\d+)?|1\.(?!0+$)\d+)\].*$'
-
name: "正常倍率"
type: url-test
url: "https://www.apple.com/library/test/success.html"
interval: 3600
expected-status: 204/200
timeout: 7000
max-failed-times: 7
tolerance: 30
include-all-proxies: true
filter: '(^.*\[倍率:1(\.0+)?\].*$)|(^(?!.*\[倍率:).*$)'
-
name: "低倍率"
type: url-test
url: "https://www.apple.com/library/test/success.html"
interval: 3600
expected-status: 204/200
timeout: 7000
max-failed-times: 7
tolerance: 30
include-all-proxies: true
filter: '^.*\[倍率:0\.(?!0+$)\d+\].*$'
-
name: "流媒体解锁"
type: url-test
url: "https://www.apple.com/library/test/success.html"
interval: 3600
expected-status: 204/200
timeout: 7000
max-failed-times: 7
tolerance: 30
include-all-proxies: true
filter: '^.*\[M\].*$'
-
name: "NP 的"
type: url-test
url: "https://www.apple.com/library/test/success.html"
interval: 3600
expected-status: 204/200
timeout: 7000
max-failed-times: 7
tolerance: 30
include-all-proxies: true
filter: '^(?!.*\[倍率:).*$'
-
name: "香港"
type: select
include-all-proxies: true
filter: '(^.*(转香港|深港|广港).*$)|(^(?=.*香港)(?!.*\[倍率:).*$)'
-
name: "日本"
type: select
include-all-proxies: true
filter: '(^.*转日本.*$)|(^(?=.*日本)(?!.*\[倍率:).*$)'
-
name: "美国"
type: select
include-all-proxies: true
filter: '(^.*转美国.*$)|(^(?=.*美国)(?!.*\[倍率:).*$)'
-
name: "台湾"
type: select
include-all-proxies: true
filter: '(^.*转台湾.*$)|(^(?=.*台湾)(?!.*\[倍率:).*$)'
-
name: "新加坡"
type: select
include-all-proxies: true
filter: '(^.*转新加坡.*$)|(^(?=.*新加坡)(?!.*\[倍率:).*$)'
-
name: "其它国家"
type: select
include-all-proxies: true
# 正则过滤不干净,NP 的节点名字没规律
filter: '^(?!.*港)(?!.*日本)(?!.*美国)(?!.*台湾)(?!.*新加坡).*$'
-
name: "漏网之鱼"
type: select
proxies:
- "节点选择"
- DIRECT
- "NP 的"
# -
# name: "🚫 全球拦截"
# type: select
# proxies:
# - REJECT
# - REJECT-DROP # 静默抛弃请求
# -
# name: "🎯 全球直连"
# type: select
# proxies:
# - DIRECT # 当所有节点都不可用而筛选不出可用节点时,会回退到 COMPATIBLE 状态
# # 效果就是让流量直接连接到目标服务器,跟直接指定了 DIRECT 一样vernesong 的 Smart 内核版本:
待定,需要依据8月份新版内核进行更新远程规则组:
使用了 Sukka 的 Ruleset,但由于是 Sukka 个人偏好,所以要自己观察日志,必要时需要覆写自己的规则。
# ----------------------------------------------------------------------
rule-providers: # rule-providers: 仅定义规则的来源、格式和更新方式,其排序不影响实际规则匹配
# ----------------------------------------------------------------------
# https://github.com/SukkaW/Surge 规则集开始 ------------------------------
# 广告拦截 / 隐私保护 / Malware 拦截 / Phishing 拦截
reject_non_ip_no_drop:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/reject-no-drop.txt
path: ./sukkaw_ruleset/reject_non_ip_no_drop.txt
reject_non_ip_drop:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/reject-drop.txt
path: ./sukkaw_ruleset/reject_non_ip_drop.txt
reject_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/reject.txt
path: ./sukkaw_ruleset/reject_non_ip.txt
reject_domainset:
type: http
behavior: domain
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/domainset/reject.txt
path: ./sukkaw_ruleset/reject_domainset.txt
# 在 Clash 上,同时启用基础和额外的拦截域名会导致内存占用过高和匹配用时增加等性能问题
reject_extra_domainset:
type: http
behavior: domain
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/domainset/reject_extra.txt
path: ./sukkaw_ruleset/reject_domainset_extra.txt
reject_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/reject.txt
path: ./sukkaw_ruleset/reject_ip.txt
# 搜狗输入法,影响搜狗输入法账号同步、词库更新、问题反馈
sogouinput:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/sogouinput.txt
path: ./sukkaw_ruleset/sogouinput.txt
# Speedtest 测速域名,人工维护。fast.com 和 Netflix CDN 影响流媒体分流,故不包含
speedtest:
type: http
behavior: domain
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/domainset/speedtest.txt
path: ./sukkaw_ruleset/speedtest.txt
# 常见静态 CDN,可使用低倍率代理节点
# 包含部分未包含在 global.conf 的域名,如果用不到低倍率代理节点,分配与 global.conf 相同的策略即可
cdn_domainset:
type: http
behavior: domain
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/domainset/cdn.txt
path: ./sukkaw_ruleset/cdn_domainset.txt
cdn_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/cdn.txt
path: ./sukkaw_ruleset/cdn_non_ip.txt
# 流媒体,人工维护
# 北美相关流媒体
stream_us_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/stream_us.txt
path: ./sukkaw_ruleset/stream_us_non_ip.txt
stream_us_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/stream_us.txt
path: ./sukkaw_ruleset/stream_us_ip.txt
# 欧洲相关流媒体
stream_eu_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/stream_eu.txt
path: ./sukkaw_ruleset/stream_eu_non_ip.txt
stream_eu_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/stream_eu.txt
path: ./sukkaw_ruleset/stream_eu_ip.txt
# 日本相关流媒体
stream_jp_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/stream_jp.txt
path: ./sukkaw_ruleset/stream_jp_non_ip.txt
stream_jp_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/stream_jp.txt
path: ./sukkaw_ruleset/stream_jp_ip.txt
# 韩国相关流媒体
stream_kr_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/stream_kr.txt
path: ./sukkaw_ruleset/stream_kr_non_ip.txt
stream_kr_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/stream_kr.txt
path: ./sukkaw_ruleset/stream_kr_ip.txt
# 香港相关流媒体
stream_hk_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/stream_hk.txt
path: ./sukkaw_ruleset/stream_hk_non_ip.txt
stream_hk_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/stream_hk.txt
path: ./sukkaw_ruleset/stream_hk_ip.txt
# 台湾相关流媒体
stream_tw_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/stream_tw.txt
path: ./sukkaw_ruleset/stream_tw_non_ip.txt
stream_tw_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/stream_tw.txt
path: ./sukkaw_ruleset/stream_tw_ip.txt
# 所有流媒体(包括上述所有流媒体)
stream_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/stream.txt
path: ./sukkaw_ruleset/stream_non_ip.txt
stream_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/stream.txt
path: ./sukkaw_ruleset/stream_ip.txt
# AI,人工维护
ai_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/ai.txt
path: ./sukkaw_ruleset/ai_non_ip.txt
# Telegram,人工维护,IP CIDR 规则是自动生成,ASN 规则是人工维护
telegram_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/telegram.txt
path: ./sukkaw_ruleset/telegram_non_ip.txt
telegram_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/telegram.txt
path: ./sukkaw_ruleset/telegram_ip.txt
# Apple CDN,规则组同时包含为境内提供服务并已备案的域名
# 如果需要代理其中部分域名,自行针对域名编写规则、并添加到当前规则组之前
apple_cdn:
type: http
behavior: domain
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/domainset/apple_cdn.txt
path: ./sukkaw_ruleset/apple_cdn.txt
# Apple Service,人工维护
apple_services:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/apple_services.txt
path: ./sukkaw_ruleset/apple_services.txt
# Apple CN,人工维护,云上贵州(icloud.com.cn)和苹果地图大陆特供版等服务的域名
apple_cn_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/apple_cn.txt
path: ./sukkaw_ruleset/apple_cn_non_ip.txt
# Microsoft CDN,规则组同时包含为境内提供服务并已备案的域名
# 如果需要代理其中部分域名,自行针对域名编写规则、并添加到当前规则组之前
microsoft_cdn_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/microsoft_cdn.txt
path: ./sukkaw_ruleset/microsoft_cdn_non_ip.txt
# Microsoft,人工维护
microsoft_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/microsoft.txt
path: ./sukkaw_ruleset/microsoft_non_ip.txt
# 网易云音乐,人工维护
neteasemusic_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/neteasemusic.txt
path: ./sukkaw_ruleset/neteasemusic_non_ip.txt
neteasemusic_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/neteasemusic.txt
path: ./sukkaw_ruleset/neteasemusic_ip.txt
# 软件更新、操作系统等大文件下载,人工维护,包含部分常见对象存储的域名
# 可能包含微软和苹果的国内 CDN。搭配 Microsoft CDN 和 Apple CDN 规则组、并分配 DIRECT 或低倍率
download_domainset:
type: http
behavior: domain
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/domainset/download.txt
path: ./sukkaw_ruleset/download_domainset.txt
download_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/download.txt
path: ./sukkaw_ruleset/download_non_ip.txt
# 内网域名和局域网 IP,人工维护
# 域名列表包含 .local 和局域网 IP 的 in-addr.arpa 域名(即 AS112 域名)
# 这部分域名一般会被解析到局域网 IP、需要走内网 DNS 解析、需要直连访问
# Clash 没有内置局域网 IP 规则列表(Surge 内置有局域网 IP 规则列表 LAN),需要手动引入
lan_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/lan.txt
path: ./sukkaw_ruleset/lan_non_ip.txt
lan_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/lan.txt
path: ./sukkaw_ruleset/lan_ip.txt
# Misc,杂项规则组
domestic_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/domestic.txt
path: ./sukkaw_ruleset/domestic_non_ip.txt
direct_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/direct.txt
path: ./sukkaw_ruleset/direct_non_ip.txt
global_non_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/non_ip/global.txt
path: ./sukkaw_ruleset/global_non_ip.txt
domestic_ip:
type: http
behavior: classical
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/domestic.txt
path: ./sukkaw_ruleset/domestic_ip.txt
# chnroute CIDR,以 CIDR 格式编写的,包含所有分配给境内的 IP 地址无类别域间路由表
china_ip:
type: http
behavior: ipcidr
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/china_ip.txt
path: ./sukkaw_ruleset/china_ip.txt
china_ip_ipv6:
type: http
behavior: ipcidr
format: text
interval: 43200
url: https://ruleset.skk.moe/Clash/ip/china_ip_ipv6.txt
path: ./sukkaw_ruleset/china_ipv6.txt
# SukkaW/Surge 规则集结束 ------------------------------规则:
个人自定义规则:
# ----------------------------------------------------------------------
rules: # rules: 定义规则的使用顺序,这直接决定了流量匹配的优先级
# ----------------------------------------------------------------------
# 插入到原规则前面:+rules: ;原规则后追加规则:rules+:
# no-resolve 作用是在处理 IP 相关的 rules 时跳过 DNS 解析
# DOMAIN-SUFFIX 是匹配所有以 .example.com 结尾的域名,以及 example.com 本身
# DOMAIN 是匹配 example.com 本身。不匹配子域名或不匹配父域名或不相关域名
# DOMAIN-REGEX
# 个人域名规则开始 ------------------------------
# Steam 跨区登录相关,能匹配更多的地址,但也影响下载区域。灵感来源 NP
# 目前登录地区和下载地区找不到更好的规则分开处理
- DOMAIN-REGEX,^.+(?:-.+)*\.steamserver\.net(?::\d+)?$,Steam 跨区
# 微软相关
- DOMAIN-SUFFIX,microsoftedge.microsoft.com,节点选择 # Edge 扩展商店
- DOMAIN-SUFFIX,onedrive.live.com,节点选择 # OneDrive 网页
# 被 SukkaW/Surge RULE-SET 规则集 REJECT
- DOMAIN-SUFFIX,umami.is,节点选择
# 自己需要
- DOMAIN-SUFFIX,docfork.com,日本 # 一个 AI MCP
- DOMAIN-SUFFIX,archive.org,节点选择
- DOMAIN-SUFFIX,grok.com,节点选择 # 还没被 SukkaW/Surge 收录
- DOMAIN,do-cdn.appinn.com,节点选择 # 小众软件这个图片 CDN 必须走代理
- DOMAIN-SUFFIX,lf3-data.volccdn.com,DIRECT # Kimi 网页加载及登录需要
# 个人域名规则结束 ------------------------------SukkaW/Surge 规则:
# https://github.com/SukkaW/Surge RULE-SET 开始 ------------------------------
# 请务必按照 domainset、non_ip、ip,和 README 中的顺序,将规则组添加到你的配置文件中
# 确保所有 domainset 或 non_ip 规则组位于所有的 ip 规则组之前
# === domainset 开始 ===
# 广告拦截 / 隐私保护 / Malware 拦截 / Phishing 拦截
- RULE-SET,reject_domainset,REJECT
- RULE-SET,reject_extra_domainset,REJECT
# Speedtest 测速域名,人工维护。fast.com 和 Netflix CDN 影响流媒体分流,故不包含
- RULE-SET,speedtest,节点选择
# 常见静态 CDN,可使用低倍率代理节点,但低倍率节点可能可用性不高,会造成一种断网错觉
# 包含部分未包含在 global.conf 的域名,如果用不到低倍率代理节点,可分配与 global 文件相同的策略
- RULE-SET,cdn_domainset,正常倍率
# Apple CDN,规则组同时包含为境内提供服务并已备案的域名
# 如果需要代理其中部分域名,自行针对域名编写规则、并添加到当前规则组之前
- RULE-SET,apple_cdn,DIRECT
# 软件更新、操作系统等大文件下载,人工维护,包含部分常见对象存储的域名
# 可能包含微软和苹果的国内 CDN。搭配 Microsoft CDN 和 Apple CDN 规则组、并分配 DIRECT 或低倍率
- RULE-SET,download_domainset,正常倍率
# === non_ip 开始 ===
# 广告拦截 / 隐私保护 / Malware 拦截 / Phishing 拦截
- RULE-SET,reject_non_ip,REJECT
- RULE-SET,reject_non_ip_drop,REJECT-DROP
- RULE-SET,reject_non_ip_no_drop,REJECT
# 搜狗输入法,隐私收集。影响搜狗输入法账号同步、词库更新、问题反馈
- RULE-SET,sogouinput,REJECT
# 常见静态 CDN,可使用低倍率代理节点
# 包含部分未包含在 global.conf 的域名,如果用不到低倍率代理节点,可分配与 global 文件相同的策略
- RULE-SET,cdn_non_ip,正常倍率
# 流媒体,人工维护,不细分节点地点,有需要手动切换
- RULE-SET,stream_us_non_ip,流媒体解锁
- RULE-SET,stream_eu_non_ip,流媒体解锁
- RULE-SET,stream_jp_non_ip,流媒体解锁
- RULE-SET,stream_kr_non_ip,流媒体解锁
- RULE-SET,stream_hk_non_ip,流媒体解锁
- RULE-SET,stream_tw_non_ip,流媒体解锁
- RULE-SET,stream_non_ip,流媒体解锁
# AI,人工维护,量太少
- RULE-SET,ai_non_ip,日本
# Telegram,人工维护,https://github.com/SukkaW/Surge/#telegram
- RULE-SET,telegram_non_ip,正常倍率
# Apple Service,人工维护
- RULE-SET,apple_services,DIRECT # 直连观望
# Apple CN,人工维护,云上贵州(icloud.com.cn)和苹果地图大陆特供版等服务的域名
- RULE-SET,apple_cn_non_ip,DIRECT
# Microsoft CDN,规则组同时包含为境内提供服务并已备案的域名
# 如果需要代理其中部分域名,自行针对域名编写规则、并添加到当前规则组之前
- RULE-SET,microsoft_cdn_non_ip,DIRECT
# Microsoft,人工维护
- RULE-SET,microsoft_non_ip,DIRECT # 直连观望
# 网易云音乐,人工维护
- RULE-SET,neteasemusic_non_ip,DIRECT
# 软件更新、操作系统等大文件下载,人工维护,包含部分常见对象存储的域名
# 可能包含微软和苹果的国内 CDN。搭配 Microsoft CDN 和 Apple CDN 规则组、并分配 DIRECT 或低倍率
- RULE-SET,download_non_ip,DIRECT
# 内网域名和局域网 IP,人工维护
# 域名列表包含 .local 和局域网 IP 的 in-addr.arpa 域名(即 AS112 域名)
# 这部分域名一般会被解析到局域网 IP、需要走内网 DNS 解析、需要直连访问
# Clash 没有内置局域网 IP 规则列表(Surge 内置有局域网 IP 规则列表 LAN),需要手动引入
- RULE-SET,lan_non_ip,DIRECT
# Misc,杂项综合规则组
- RULE-SET,domestic_non_ip,DIRECT
- RULE-SET,direct_non_ip,DIRECT
- RULE-SET,global_non_ip,正常倍率 # 或节点选择
# === ip 开始 === SukkaW/Surge RULE-SET 规则里部分自带了 no-resolve
# 广告拦截 / 隐私保护 / Malware 拦截 / Phishing 拦截
- RULE-SET,reject_ip,REJECT
# 流媒体,人工维护,不细分节点地点,有需要手动切换
- RULE-SET,stream_us_ip,流媒体解锁
- RULE-SET,stream_eu_ip,流媒体解锁
- RULE-SET,stream_jp_ip,流媒体解锁
- RULE-SET,stream_kr_ip,流媒体解锁
- RULE-SET,stream_hk_ip,流媒体解锁
- RULE-SET,stream_tw_ip,流媒体解锁
- RULE-SET,stream_ip,流媒体解锁
# Telegram,人工维护,IP CIDR 规则是自动生成,ASN 规则是人工维护
- RULE-SET,telegram_ip,正常倍率 # 或节点选择
# 网易云音乐,人工维护
- RULE-SET,neteasemusic_ip,DIRECT
# 内网域名和局域网 IP,人工维护
# 域名列表包含 .local 和局域网 IP 的 in-addr.arpa 域名(即 AS112 域名)
# 这部分域名一般会被解析到局域网 IP、需要走内网 DNS 解析、需要直连访问
# Clash 没有内置局域网 IP 规则列表(Surge 内置有局域网 IP 规则列表 LAN),需要手动引入
- RULE-SET,lan_ip,DIRECT,no-resolve
# Misc,杂项综合规则组
- RULE-SET,domestic_ip,DIRECT
# chnroute CIDR,以 CIDR 格式编写的,包含所有分配给境内的 IP 地址无类别域间路由表
- RULE-SET,china_ip,DIRECT,no-resolve
# 仅在使用 IPv6 时才使用它
- RULE-SET,china_ip_ipv6,DIRECT,no-resolve
# === ip 结束 ===
# SukkaW/Surge RULE-SET 结束 ------------------------------保底规则:
- GEOIP,CN,DIRECT,no-resolve # 中国大陆 IP 直连
- GEOIP,LAN,DIRECT,no-resolve # Loyalsoldier 项目里都没有 LAN 这个类,类似的为 private
- GEOIP,private,DIRECT,no-resolve
- MATCH,漏网之鱼
# 预置代理组 GLOBAL 选择 DIRECT记录,待定:
# ============================== 记录,待定 ==============================
# - IP-CIDR,198.18.0.1/16,DIRECT,no-resolve # fake-ip-range 内的不再触发 DNS 解析
# - DOMAIN-KEYWORD,localhost,DIRECT # 针对 "localhost" 域名
# - IP-CIDR,169.254.0.0/16,DIRECT # 可选,链路本地地址,无 DHCP 服务器时自动配置的地址
# ========================= 已验证的 SukkaW/Surge 规则组已包含,留存 =========================
# 优先处理本地私有地址段直连
# - IP-CIDR,127.0.0.0/8,DIRECT,no-resolve # 回环地址 (Loopback)
# - IP-CIDR,10.0.0.0/8,DIRECT,no-resolve # A 类私有地址
# - IP-CIDR,172.16.0.0/12,DIRECT,no-resolve # B 类私有地址
# - IP-CIDR,192.168.0.0/16,DIRECT,no-resolve # C 类私有地址
# # 针对 IPv6 本地环回地址的规则
# - IP-CIDR6,::1/128,DIRECT,no-resolve
# - IP-CIDR6,fc00::/7,DIRECT,no-resolve # ULA (Unique Local Addresses)
# - IP-CIDR6,fe80::/10,DIRECT,no-resolve # Link-Local Addresses