From 54fe0ccab1cd26ad9ba53715965e1604f3d6d15a Mon Sep 17 00:00:00 2001 From: MOOn Date: Thu, 23 Mar 2023 19:19:22 +0800 Subject: [PATCH] Add sample Clash config --- Clash/Clash.yaml | 566 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 566 insertions(+) create mode 100644 Clash/Clash.yaml diff --git a/Clash/Clash.yaml b/Clash/Clash.yaml new file mode 100644 index 0000000..acfab18 --- /dev/null +++ b/Clash/Clash.yaml @@ -0,0 +1,566 @@ +# Port of HTTP(S) proxy server on the local end +port: 7890 + +# Port of SOCKS5 proxy server on the local end +socks-port: 7891 + +# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) +# redir-port: 7892 + +# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) +# tproxy-port: 7893 + +# HTTP(S) and SOCKS4(A)/SOCKS5 server on the same port +# mixed-port: 7890 + +# authentication of local SOCKS5/HTTP(S) server +# authentication: +# - "user1:pass1" +# - "user2:pass2" + +# Set to true to allow connections to the local-end server from +# other LAN IP addresses +# allow-lan: false + +# This is only applicable when `allow-lan` is `true` +# '*': bind all IP addresses +# 192.168.122.11: bind a single IPv4 address +# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address +# bind-address: '*' + +# Clash router working mode +# rule: rule-based packet routing +# global: all packets will be forwarded to a single endpoint +# direct: directly forward the packets to the Internet +mode: rule + +# Clash by default prints logs to STDOUT +# info / warning / error / debug / silent +# log-level: info + +# When set to false, resolver won't translate hostnames to IPv6 addresses +# ipv6: false + +# RESTful web API listening address +external-controller: 127.0.0.1:9090 + +# A relative path to the configuration directory or an absolute path to a +# directory in which you put some static web resource. Clash core will then +# serve it at `http://{{external-controller}}/ui`. +# external-ui: folder + +# Secret for the RESTful API (optional) +# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}` +# ALWAYS set a secret if RESTful API is listening on 0.0.0.0 +# secret: "" + +# Outbound interface name +# interface-name: en0 + +# fwmark on Linux only +# routing-mark: 6666 + +# Static hosts for DNS server and connection establishment (like /etc/hosts) +# +# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) +# Non-wildcard domain names have a higher priority than wildcard domain names +# e.g. foo.example.com > *.example.com > .example.com +# P.S. +.foo.com equals to .foo.com and foo.com +hosts: + # '*.clash.dev': 127.0.0.1 + # '.dev': 127.0.0.1 + # 'alpha.clash.dev': '::1' + 'avistaz.to': 162.159.45.84 + 'beyond-hd.me': 162.159.45.84 + 'chdbits.co': 162.159.45.84 + 'greatposterwall.com': 162.159.45.84 + 'www.hd.ai': 162.159.45.84 + 'www.hddolby.com': 162.159.45.84 + 'www.hdarea.co': 162.159.45.84 + 'hdatmos.club': 162.159.45.84 + 'hdhome.org': 162.159.45.84 + 'lemonhd.org': 162.159.45.84 + 'hdsky.me': 162.159.45.84 + 'pt.msg.vg': 162.159.45.84 + 'kp.m-team.cc': 162.159.45.84 + 'www.nicept.net': 162.159.45.84 + 'open.cd': 162.159.45.84 + 'ourbits.club': 162.159.45.84 + 'pt.keepfrds.com': 162.159.45.84 + 'pterclub.com': 162.159.45.84 + 'www.tjupt.org': 162.159.45.84 + 'springsunday.net': 162.159.45.84 + 'www.beitai.pt': 162.159.45.84 + 'club.hares.top': 162.159.45.84 + 'hdtime.org': 162.159.45.84 + +profile: + # Store the `select` results in $HOME/.config/clash/.cache + # set false If you don't want this behavior + # when two different configurations have groups with the same name, the selected values are shared + store-selected: false + + # persistence fakeip + store-fake-ip: true + +# DNS server settings +# This section is optional. When not present, the DNS server will be disabled. +dns: + enable: true + listen: 0.0.0.0:53 + ipv6: false # when the false, response to AAAA questions will be empty + + # These nameservers are used to resolve the DNS nameserver hostnames below. + # Specify IP addresses only + default-nameserver: + - 114.114.114.114 + - 8.8.8.8 + enhanced-mode: fake-ip # or redir-host (not recommended) + fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR + # use-hosts: true # lookup hosts and return IP record + + # Hostnames in this list will not be resolved with fake IPs + # i.e. questions to these domain names will always be answered with their + # real IP addresses + # https://raw.githubusercontent.com/vernesong/OpenClash/master/luci-app-openclash/root/etc/openclash/custom/openclash_custom_fake_filter.list + fake-ip-filter: + #LAN + - '*.lan' + - '*.localdomain' + - '*.example' + - '*.invalid' + - '*.localhost' + - '*.test' + - '*.local' + - '*.home.arpa' + #放行NTP服务 + - 'time.*.com' + - 'time.*.gov' + - 'time.*.edu.cn' + - 'time.*.apple.com' + - 'time-ios.apple.com' + - 'time1.*.com' + - 'time2.*.com' + - 'time3.*.com' + - 'time4.*.com' + - 'time5.*.com' + - 'time6.*.com' + - 'time7.*.com' + - 'ntp.*.com' + - 'ntp1.*.com' + - 'ntp2.*.com' + - 'ntp3.*.com' + - 'ntp4.*.com' + - 'ntp5.*.com' + - 'ntp6.*.com' + - 'ntp7.*.com' + - '*.time.edu.cn' + - '*.ntp.org.cn' + - '+.pool.ntp.org' + - 'time1.cloud.tencent.com' + #放行网易云音乐 + - 'music.163.com' + - '*.music.163.com' + - '*.126.net' + #百度音乐 + - 'musicapi.taihe.com' + - 'music.taihe.com' + #酷狗音乐 + - 'songsearch.kugou.com' + - 'trackercdn.kugou.com' + #酷我音乐 + - '*.kuwo.cn' + #JOOX音乐 + - 'api-jooxtt.sanook.com' + - 'api.joox.com' + - 'joox.com' + #QQ音乐 + - 'y.qq.com' + - '*.y.qq.com' + - 'streamoc.music.tc.qq.com' + - 'mobileoc.music.tc.qq.com' + - 'isure.stream.qqmusic.qq.com' + - 'dl.stream.qqmusic.qq.com' + - 'aqqmusic.tc.qq.com' + - 'amobile.music.tc.qq.com' + #虾米音乐 + - '*.xiami.com' + #咪咕音乐 + - '*.music.migu.cn' + - 'music.migu.cn' + #win10本地连接检测 + - '+.msftconnecttest.com' + - '+.msftncsi.com' + #QQ登录 + - 'localhost.ptlogin2.qq.com' + - 'localhost.sec.qq.com' + - '+.qq.com' + - '+.tencent.com' + #Game + #Nintendo Switch + - '+.srv.nintendo.net' + - '*.n.n.srv.nintendo.net' + #Sony PlayStation + - '+.stun.playstation.net' + #Microsoft Xbox + - 'xbox.*.*.microsoft.com' + - '*.*.xboxlive.com' + - 'xbox.*.microsoft.com' + - 'xnotify.xboxlive.com' + #Wotgame + - '+.battlenet.com.cn' + - '+.wotgame.cn' + - '+.wggames.cn' + - '+.wowsgame.cn' + - '+.wargaming.net' + #Golang + - 'proxy.golang.org' + #STUN + - 'stun.*.*' + - 'stun.*.*.*' + - '+.stun.*.*' + - '+.stun.*.*.*' + - '+.stun.*.*.*.*' + - '+.stun.*.*.*.*.*' + #Linksys Router + - 'heartbeat.belkin.com' + - '*.linksys.com' + - '*.linksyssmartwifi.com' + #ASUS Router + - '*.router.asus.com' + #Apple Software Update Service + - 'mesu.apple.com' + - 'swscan.apple.com' + - 'swquery.apple.com' + - 'swdownload.apple.com' + - 'swcdn.apple.com' + - 'swdist.apple.com' + #Google + - 'lens.l.google.com' + - 'stun.l.google.com' + #Netflix + - '+.nflxvideo.net' + #FinalFantasy XIV Worldwide Server & CN Server + - '*.square-enix.com' + - '*.finalfantasyxiv.com' + - '*.ffxiv.com' + - '*.ff14.sdo.com' + - 'ff.dorado.sdo.com' + #Bilibili + - '*.mcdn.bilivideo.cn' + #Disney Plus + - '+.media.dssott.com' + #shark007 Codecs + - 'shark007.net' + #Mijia + - 'Mijia Cloud' + #招商银行 + - '+.cmbchina.com' + - '+.cmbimg.com' + #AdGuard + - 'local.adguard.org' + #迅雷 + - '+.sandai.net' + - '+.n0808.com' + + # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. + # All DNS questions are sent directly to the nameserver, without proxies + # involved. Clash answers the DNS question with the first result gathered. + nameserver: + # - 114.114.114.114 # default value + # - 8.8.8.8 # default value + - tls://dns.rubyfish.cn:853 # DNS over TLS + - https://1.1.1.1/dns-query # DNS over HTTPS + - https://dns.alidns.com/dns-query + - tls://dns.alidns.com + # - dhcp://en0 # dns from dhcp + # - '8.8.8.8#en0' + + # When `fallback` is present, the DNS server will send concurrent requests + # to the servers in this section along with servers in `nameservers`. + # The answers from fallback servers are used when the GEOIP country + # is not `CN`. + # fallback: + # - tcp://1.1.1.1 + # - 'tcp://1.1.1.1#en0' + + # If IP addresses resolved with servers in `nameservers` are in the specified + # subnets below, they are considered invalid and results from `fallback` + # servers are used instead. + # + # IP address resolved with servers in `nameserver` is used when + # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. + # + # If `fallback-filter.geoip` is false, results from `nameserver` nameservers + # are always used if not match `fallback-filter.ipcidr`. + # + # This is a countermeasure against DNS pollution attacks. + # fallback-filter: + # geoip: true + # geoip-code: CN + # ipcidr: + # - 240.0.0.0/4 + # domain: + # - '+.google.com' + # - '+.facebook.com' + # - '+.youtube.com' + + # Lookup domains via specific nameservers + # nameserver-policy: + # 'www.baidu.com': '114.114.114.114' + # '+.internal.crop.com': '10.0.0.1' + nameserver-policy: + '+.taobao.com': '223.5.5.5' + '+.qq.com': '119.29.29.29' + +proxy-groups: + - name: "ALL Servers" + type: select # 亦可使用 fallback 或 load-balance + use: # 注意此处是「use」 + - ProxyList # 这是上面「proxy-providers」的名称 + + - name: "ALL Servers Auto" + type: url-test # 亦可使用 fallback 或 load-balance + use: # 注意此处是「use」 + - ProxyList # 这是上面「proxy-providers」的名称 + url: 'http://www.gstatic.com/generate_204' + interval: 300 + + - name: "BWConsuming" + type: select + use: + - BWConsuming + + - name: "US" + type: select + use: + - USIP + + - name: "Switch" + type: select + use: + - Switch + + # 代理节点选择 + - name: "PROXY" + type: select + proxies: + - "ALL Servers" # 嵌套使用订阅节点策略组 + - "ALL Servers Auto" + + # 白名单模式 PROXY, 黑名单模式 DIRECT, 不知道别动 + - name: "MATCH" + type: select + proxies: + - PROXY + - DIRECT + + # 国际流媒体服务 + - name: "Streaming" + type: select + use: + - StreamingList + +proxy-providers: + ProxyList: + type: file + path: ./ProxyList/servers.yaml + health-check: + enable: true + interval: 36000 + url: http://www.gstatic.com/generate_204 + + StreamingList: + type: file + path: ./ProxyList/streaming.yaml + health-check: + enable: true + interval: 36000 + url: http://www.gstatic.com/generate_204 + + USIP: + type: file + path: ./ProxyList/usip.yaml + health-check: + enable: true + interval: 36000 + url: http://www.gstatic.com/generate_204 + + BWConsuming: + type: file + path: ./ProxyList/BWConsuming.yaml + health-check: + enable: true + interval: 36000 + url: http://www.gstatic.com/generate_204 + + Switch: + type: file + path: ./ProxyList/servers.yaml + health-check: + enable: true + interval: 36000 + url: http://www.gstatic.com/generate_204 + +rule-providers: + reject: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt" + path: ./RuleSet/reject.yaml + interval: 86400 + + icloud: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt" + path: ./RuleSet/icloud.yaml + interval: 86400 + + apple: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt" + path: ./RuleSet/apple.yaml + interval: 86400 + + google: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt" + path: ./RuleSet/google.yaml + interval: 86400 + + proxy: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt" + path: ./RuleSet/proxy.yaml + interval: 86400 + + direct: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt" + path: ./RuleSet/direct.yaml + interval: 86400 + + private: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt" + path: ./RuleSet/private.yaml + interval: 86400 + + gfw: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt" + path: ./RuleSet/gfw.yaml + interval: 86400 + + greatfire: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt" + path: ./RuleSet/greatfire.yaml + interval: 86400 + + tld-not-cn: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt" + path: ./RuleSet/tld-not-cn.yaml + interval: 86400 + + telegramcidr: + type: http + behavior: ipcidr + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt" + path: ./RuleSet/telegramcidr.yaml + interval: 86400 + + cncidr: + type: http + behavior: ipcidr + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt" + path: ./RuleSet/cncidr.yaml + interval: 86400 + + lancidr: + type: http + behavior: ipcidr + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt" + path: ./RuleSet/lancidr.yaml + interval: 86400 + + applications: + type: http + behavior: classical + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt" + path: ./RuleSet/applications.yaml + interval: 86400 + + # custom ruleset + + US: + type: http + behavior: classical + path: ./RuleSet/Custom/US.yaml + url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/US.yaml + interval: 86400 + + StreamingCustom: + type: http + behavior: classical + path: ./RuleSet/Custom/StreamingCustom.yaml + url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/StreamingCustom.yaml + interval: 86400 + + BWConsuming: + type: http + behavior: classical + path: ./RuleSet/Custom/BWConsuming.yaml + url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/BWConsuming.yaml + interval: 86400 + + DirectAccess: + type: http + behavior: classical + path: ./RuleSet/Custom/DirectAccess.yaml + url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/DirectAccess.yaml + interval: 86400 + + GoogleDrive: + type: http + behavior: classical + path: ./RuleSet/Extra/Google/GoogleDrive.yaml + url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Extra/Google/GoogleDrive.yaml + interval: 86400 + +rules: + + # Custom Below + - RULE-SET,StreamingCustom,Streaming + - RULE-SET,BWConsuming,BWConsuming + - RULE-SET,GoogleDrive,BWConsuming + - RULE-SET,US,US + - SRC-IP-CIDR,10.77.1.243/32,Switch + # Custom Above + + - RULE-SET,applications,DIRECT + - DOMAIN,clash.razord.top,DIRECT + - DOMAIN,yacd.haishan.me,DIRECT + - RULE-SET,private,DIRECT + - RULE-SET,reject,REJECT + - RULE-SET,icloud,DIRECT + - RULE-SET,apple,DIRECT + # - RULE-SET,google,DIRECT + - RULE-SET,proxy,PROXY + - RULE-SET,direct,DIRECT + - RULE-SET,lancidr,DIRECT + - RULE-SET,cncidr,DIRECT + - RULE-SET,telegramcidr,BWConsuming + - GEOIP,LAN,DIRECT + - GEOIP,CN,DIRECT + - MATCH,MATCH