# Port of HTTP(S) proxy server on the local end port: 7890 # Port of SOCKS5 proxy server on the local end socks-port: 7891 # Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) # redir-port: 7892 # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) # tproxy-port: 7893 # HTTP(S) and SOCKS4(A)/SOCKS5 server on the same port # mixed-port: 7890 # authentication of local SOCKS5/HTTP(S) server # authentication: # - "user1:pass1" # - "user2:pass2" # Set to true to allow connections to the local-end server from # other LAN IP addresses # allow-lan: false # This is only applicable when `allow-lan` is `true` # '*': bind all IP addresses # 192.168.122.11: bind a single IPv4 address # "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address # bind-address: '*' # Clash router working mode # rule: rule-based packet routing # global: all packets will be forwarded to a single endpoint # direct: directly forward the packets to the Internet mode: rule # Clash by default prints logs to STDOUT # info / warning / error / debug / silent # log-level: info # When set to false, resolver won't translate hostnames to IPv6 addresses # ipv6: false # RESTful web API listening address external-controller: 127.0.0.1:9090 # A relative path to the configuration directory or an absolute path to a # directory in which you put some static web resource. Clash core will then # serve it at `http://{{external-controller}}/ui`. # external-ui: folder # Secret for the RESTful API (optional) # Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}` # ALWAYS set a secret if RESTful API is listening on 0.0.0.0 # secret: "" # Outbound interface name # interface-name: en0 # fwmark on Linux only # routing-mark: 6666 # Static hosts for DNS server and connection establishment (like /etc/hosts) # # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) # Non-wildcard domain names have a higher priority than wildcard domain names # e.g. foo.example.com > *.example.com > .example.com # P.S. +.foo.com equals to .foo.com and foo.com hosts: # '*.clash.dev': 127.0.0.1 # '.dev': 127.0.0.1 # 'alpha.clash.dev': '::1' 'avistaz.to': 162.159.45.84 'beyond-hd.me': 162.159.45.84 'chdbits.co': 162.159.45.84 'greatposterwall.com': 162.159.45.84 'www.hd.ai': 162.159.45.84 'www.hddolby.com': 162.159.45.84 'www.hdarea.co': 162.159.45.84 'hdatmos.club': 162.159.45.84 'hdhome.org': 162.159.45.84 'lemonhd.org': 162.159.45.84 'hdsky.me': 162.159.45.84 'pt.msg.vg': 162.159.45.84 'kp.m-team.cc': 162.159.45.84 'www.nicept.net': 162.159.45.84 'open.cd': 162.159.45.84 'ourbits.club': 162.159.45.84 'pt.keepfrds.com': 162.159.45.84 'pterclub.com': 162.159.45.84 'www.tjupt.org': 162.159.45.84 'springsunday.net': 162.159.45.84 'www.beitai.pt': 162.159.45.84 'club.hares.top': 162.159.45.84 'hdtime.org': 162.159.45.84 profile: # Store the `select` results in $HOME/.config/clash/.cache # set false If you don't want this behavior # when two different configurations have groups with the same name, the selected values are shared store-selected: false # persistence fakeip store-fake-ip: true # DNS server settings # This section is optional. When not present, the DNS server will be disabled. dns: enable: true listen: 0.0.0.0:53 ipv6: false # when the false, response to AAAA questions will be empty # These nameservers are used to resolve the DNS nameserver hostnames below. # Specify IP addresses only default-nameserver: - 114.114.114.114 - 8.8.8.8 enhanced-mode: fake-ip # or redir-host (not recommended) fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR # use-hosts: true # lookup hosts and return IP record # Hostnames in this list will not be resolved with fake IPs # i.e. questions to these domain names will always be answered with their # real IP addresses # https://raw.githubusercontent.com/vernesong/OpenClash/master/luci-app-openclash/root/etc/openclash/custom/openclash_custom_fake_filter.list fake-ip-filter: #LAN - '*.lan' - '*.localdomain' - '*.example' - '*.invalid' - '*.localhost' - '*.test' - '*.local' - '*.home.arpa' #放行NTP服务 - 'time.*.com' - 'time.*.gov' - 'time.*.edu.cn' - 'time.*.apple.com' - 'time-ios.apple.com' - 'time1.*.com' - 'time2.*.com' - 'time3.*.com' - 'time4.*.com' - 'time5.*.com' - 'time6.*.com' - 'time7.*.com' - 'ntp.*.com' - 'ntp1.*.com' - 'ntp2.*.com' - 'ntp3.*.com' - 'ntp4.*.com' - 'ntp5.*.com' - 'ntp6.*.com' - 'ntp7.*.com' - '*.time.edu.cn' - '*.ntp.org.cn' - '+.pool.ntp.org' - 'time1.cloud.tencent.com' #放行网易云音乐 - 'music.163.com' - '*.music.163.com' - '*.126.net' #百度音乐 - 'musicapi.taihe.com' - 'music.taihe.com' #酷狗音乐 - 'songsearch.kugou.com' - 'trackercdn.kugou.com' #酷我音乐 - '*.kuwo.cn' #JOOX音乐 - 'api-jooxtt.sanook.com' - 'api.joox.com' - 'joox.com' #QQ音乐 - 'y.qq.com' - '*.y.qq.com' - 'streamoc.music.tc.qq.com' - 'mobileoc.music.tc.qq.com' - 'isure.stream.qqmusic.qq.com' - 'dl.stream.qqmusic.qq.com' - 'aqqmusic.tc.qq.com' - 'amobile.music.tc.qq.com' #虾米音乐 - '*.xiami.com' #咪咕音乐 - '*.music.migu.cn' - 'music.migu.cn' #win10本地连接检测 - '+.msftconnecttest.com' - '+.msftncsi.com' #QQ登录 - 'localhost.ptlogin2.qq.com' - 'localhost.sec.qq.com' - '+.qq.com' - '+.tencent.com' #Game #Nintendo Switch - '+.srv.nintendo.net' - '*.n.n.srv.nintendo.net' #Sony PlayStation - '+.stun.playstation.net' #Microsoft Xbox - 'xbox.*.*.microsoft.com' - '*.*.xboxlive.com' - 'xbox.*.microsoft.com' - 'xnotify.xboxlive.com' #Wotgame - '+.battlenet.com.cn' - '+.wotgame.cn' - '+.wggames.cn' - '+.wowsgame.cn' - '+.wargaming.net' #Golang - 'proxy.golang.org' #STUN - 'stun.*.*' - 'stun.*.*.*' - '+.stun.*.*' - '+.stun.*.*.*' - '+.stun.*.*.*.*' - '+.stun.*.*.*.*.*' #Linksys Router - 'heartbeat.belkin.com' - '*.linksys.com' - '*.linksyssmartwifi.com' #ASUS Router - '*.router.asus.com' #Apple Software Update Service - 'mesu.apple.com' - 'swscan.apple.com' - 'swquery.apple.com' - 'swdownload.apple.com' - 'swcdn.apple.com' - 'swdist.apple.com' #Google - 'lens.l.google.com' - 'stun.l.google.com' #Netflix - '+.nflxvideo.net' #FinalFantasy XIV Worldwide Server & CN Server - '*.square-enix.com' - '*.finalfantasyxiv.com' - '*.ffxiv.com' - '*.ff14.sdo.com' - 'ff.dorado.sdo.com' #Bilibili - '*.mcdn.bilivideo.cn' #Disney Plus - '+.media.dssott.com' #shark007 Codecs - 'shark007.net' #Mijia - 'Mijia Cloud' #招商银行 - '+.cmbchina.com' - '+.cmbimg.com' #AdGuard - 'local.adguard.org' #迅雷 - '+.sandai.net' - '+.n0808.com' # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. # All DNS questions are sent directly to the nameserver, without proxies # involved. Clash answers the DNS question with the first result gathered. nameserver: # - 114.114.114.114 # default value # - 8.8.8.8 # default value - tls://dns.rubyfish.cn:853 # DNS over TLS - https://1.1.1.1/dns-query # DNS over HTTPS - https://dns.alidns.com/dns-query - tls://dns.alidns.com # - dhcp://en0 # dns from dhcp # - '8.8.8.8#en0' # When `fallback` is present, the DNS server will send concurrent requests # to the servers in this section along with servers in `nameservers`. # The answers from fallback servers are used when the GEOIP country # is not `CN`. # fallback: # - tcp://1.1.1.1 # - 'tcp://1.1.1.1#en0' # If IP addresses resolved with servers in `nameservers` are in the specified # subnets below, they are considered invalid and results from `fallback` # servers are used instead. # # IP address resolved with servers in `nameserver` is used when # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. # # If `fallback-filter.geoip` is false, results from `nameserver` nameservers # are always used if not match `fallback-filter.ipcidr`. # # This is a countermeasure against DNS pollution attacks. # fallback-filter: # geoip: true # geoip-code: CN # ipcidr: # - 240.0.0.0/4 # domain: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' # Lookup domains via specific nameservers # nameserver-policy: # 'www.baidu.com': '114.114.114.114' # '+.internal.crop.com': '10.0.0.1' nameserver-policy: '+.taobao.com': '223.5.5.5' '+.qq.com': '119.29.29.29' proxy-groups: - name: "ALL Servers" type: select # 亦可使用 fallback 或 load-balance use: # 注意此处是「use」 - ProxyList # 这是上面「proxy-providers」的名称 - name: "ALL Servers Auto" type: url-test # 亦可使用 fallback 或 load-balance use: # 注意此处是「use」 - ProxyList # 这是上面「proxy-providers」的名称 url: 'http://www.gstatic.com/generate_204' interval: 300 - name: "BWConsuming" type: select use: - BWConsuming - name: "US" type: select use: - USIP - name: "Switch" type: select use: - Switch # 代理节点选择 - name: "PROXY" type: select proxies: - "ALL Servers" # 嵌套使用订阅节点策略组 - "ALL Servers Auto" # 白名单模式 PROXY, 黑名单模式 DIRECT, 不知道别动 - name: "MATCH" type: select proxies: - PROXY - DIRECT # 国际流媒体服务 - name: "Streaming" type: select use: - StreamingList proxy-providers: ProxyList: type: file path: ./ProxyList/servers.yaml health-check: enable: true interval: 36000 url: http://www.gstatic.com/generate_204 StreamingList: type: file path: ./ProxyList/streaming.yaml health-check: enable: true interval: 36000 url: http://www.gstatic.com/generate_204 USIP: type: file path: ./ProxyList/usip.yaml health-check: enable: true interval: 36000 url: http://www.gstatic.com/generate_204 BWConsuming: type: file path: ./ProxyList/BWConsuming.yaml health-check: enable: true interval: 36000 url: http://www.gstatic.com/generate_204 Switch: type: file path: ./ProxyList/servers.yaml health-check: enable: true interval: 36000 url: http://www.gstatic.com/generate_204 rule-providers: reject: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt" path: ./RuleSet/reject.yaml interval: 86400 icloud: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt" path: ./RuleSet/icloud.yaml interval: 86400 apple: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt" path: ./RuleSet/apple.yaml interval: 86400 google: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt" path: ./RuleSet/google.yaml interval: 86400 proxy: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt" path: ./RuleSet/proxy.yaml interval: 86400 direct: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt" path: ./RuleSet/direct.yaml interval: 86400 private: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt" path: ./RuleSet/private.yaml interval: 86400 gfw: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt" path: ./RuleSet/gfw.yaml interval: 86400 greatfire: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt" path: ./RuleSet/greatfire.yaml interval: 86400 tld-not-cn: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt" path: ./RuleSet/tld-not-cn.yaml interval: 86400 telegramcidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt" path: ./RuleSet/telegramcidr.yaml interval: 86400 cncidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt" path: ./RuleSet/cncidr.yaml interval: 86400 lancidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt" path: ./RuleSet/lancidr.yaml interval: 86400 applications: type: http behavior: classical url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt" path: ./RuleSet/applications.yaml interval: 86400 # custom ruleset US: type: http behavior: classical path: ./RuleSet/Custom/US.yaml url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/US.yaml interval: 86400 StreamingCustom: type: http behavior: classical path: ./RuleSet/Custom/StreamingCustom.yaml url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/StreamingCustom.yaml interval: 86400 BWConsuming: type: http behavior: classical path: ./RuleSet/Custom/BWConsuming.yaml url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/BWConsuming.yaml interval: 86400 DirectAccess: type: http behavior: classical path: ./RuleSet/Custom/DirectAccess.yaml url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/DirectAccess.yaml interval: 86400 GoogleDrive: type: http behavior: classical path: ./RuleSet/Extra/Google/GoogleDrive.yaml url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Extra/Google/GoogleDrive.yaml interval: 86400 rules: # Custom Below - RULE-SET,StreamingCustom,Streaming - RULE-SET,BWConsuming,BWConsuming - RULE-SET,GoogleDrive,BWConsuming - RULE-SET,US,US - SRC-IP-CIDR,10.77.1.243/32,Switch # Custom Above - RULE-SET,applications,DIRECT - DOMAIN,clash.razord.top,DIRECT - DOMAIN,yacd.haishan.me,DIRECT - RULE-SET,private,DIRECT - RULE-SET,reject,REJECT - RULE-SET,icloud,DIRECT - RULE-SET,apple,DIRECT # - RULE-SET,google,DIRECT - RULE-SET,proxy,PROXY - RULE-SET,direct,DIRECT - RULE-SET,lancidr,DIRECT - RULE-SET,cncidr,DIRECT - RULE-SET,telegramcidr,BWConsuming - GEOIP,LAN,DIRECT - GEOIP,CN,DIRECT - MATCH,MATCH