# Port of HTTP(S) proxy server on the local end
port: 7890
# Port of SOCKS5 proxy server on the local end
socks-port: 7891
# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP)
# redir-port: 7892
# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
# tproxy-port: 7893
# HTTP(S) and SOCKS4(A)/SOCKS5 server on the same port
# mixed-port: 7890
# authentication of local SOCKS5/HTTP(S) server
# authentication:
# - "user1:pass1"
# - "user2:pass2"
# Set to true to allow connections to the local-end server from
# other LAN IP addresses
# allow-lan: false
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
# bind-address: '*'
# Clash router working mode
# rule: rule-based packet routing
# global: all packets will be forwarded to a single endpoint
# direct: directly forward the packets to the Internet
mode: rule
# Clash by default prints logs to STDOUT
# info / warning / error / debug / silent
# log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
# ipv6: false
# RESTful web API listening address
external-controller: 127.0.0.1:9090
# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `http://{{external-controller}}/ui`.
# external-ui: folder
# Secret for the RESTful API (optional)
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
# secret: ""
# Outbound interface name
# interface-name: en0
# fwmark on Linux only
# routing-mark: 6666
# Static hosts for DNS server and connection establishment (like /etc/hosts)
#
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names have a higher priority than wildcard domain names
# e.g. foo.example.com > *.example.com > .example.com
# P.S. +.foo.com equals to .foo.com and foo.com
hosts:
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
'avistaz.to': 162.159.45.84
'beyond-hd.me': 162.159.45.84
'chdbits.co': 162.159.45.84
'greatposterwall.com': 162.159.45.84
'www.hd.ai': 162.159.45.84
'www.hddolby.com': 162.159.45.84
'www.hdarea.co': 162.159.45.84
'hdatmos.club': 162.159.45.84
'hdhome.org': 162.159.45.84
'lemonhd.org': 162.159.45.84
'hdsky.me': 162.159.45.84
'pt.msg.vg': 162.159.45.84
'kp.m-team.cc': 162.159.45.84
'www.nicept.net': 162.159.45.84
'open.cd': 162.159.45.84
'ourbits.club': 162.159.45.84
'pt.keepfrds.com': 162.159.45.84
'pterclub.com': 162.159.45.84
'www.tjupt.org': 162.159.45.84
'springsunday.net': 162.159.45.84
'www.beitai.pt': 162.159.45.84
'club.hares.top': 162.159.45.84
'hdtime.org': 162.159.45.84
profile:
# Store the `select` results in $HOME/.config/clash/.cache
# set false If you don't want this behavior
# when two different configurations have groups with the same name, the selected values are shared
store-selected: false
# persistence fakeip
store-fake-ip: true
# DNS server settings
# This section is optional. When not present, the DNS server will be disabled.
dns:
enable: true
listen: 0.0.0.0:53
ipv6: false # when the false, response to AAAA questions will be empty
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 114.114.114.114
- 8.8.8.8
enhanced-mode: fake-ip # or redir-host (not recommended)
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# use-hosts: true # lookup hosts and return IP record
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
# https://raw.githubusercontent.com/vernesong/OpenClash/master/luci-app-openclash/root/etc/openclash/custom/openclash_custom_fake_filter.list
fake-ip-filter:
#LAN
- '*.lan'
- '*.localdomain'
- '*.example'
- '*.invalid'
- '*.localhost'
- '*.test'
- '*.local'
- '*.home.arpa'
#放行NTP服务
- 'time.*.com'
- 'time.*.gov'
- 'time.*.edu.cn'
- 'time.*.apple.com'
- 'time-ios.apple.com'
- 'time1.*.com'
- 'time2.*.com'
- 'time3.*.com'
- 'time4.*.com'
- 'time5.*.com'
- 'time6.*.com'
- 'time7.*.com'
- 'ntp.*.com'
- 'ntp1.*.com'
- 'ntp2.*.com'
- 'ntp3.*.com'
- 'ntp4.*.com'
- 'ntp5.*.com'
- 'ntp6.*.com'
- 'ntp7.*.com'
- '*.time.edu.cn'
- '*.ntp.org.cn'
- '+.pool.ntp.org'
- 'time1.cloud.tencent.com'
#放行网易云音乐
- 'music.163.com'
- '*.music.163.com'
- '*.126.net'
#百度音乐
- 'musicapi.taihe.com'
- 'music.taihe.com'
#酷狗音乐
- 'songsearch.kugou.com'
- 'trackercdn.kugou.com'
#酷我音乐
- '*.kuwo.cn'
#JOOX音乐
- 'api-jooxtt.sanook.com'
- 'api.joox.com'
- 'joox.com'
#QQ音乐
- 'y.qq.com'
- '*.y.qq.com'
- 'streamoc.music.tc.qq.com'
- 'mobileoc.music.tc.qq.com'
- 'isure.stream.qqmusic.qq.com'
- 'dl.stream.qqmusic.qq.com'
- 'aqqmusic.tc.qq.com'
- 'amobile.music.tc.qq.com'
#虾米音乐
- '*.xiami.com'
#咪咕音乐
- '*.music.migu.cn'
- 'music.migu.cn'
#win10本地连接检测
- '+.msftconnecttest.com'
- '+.msftncsi.com'
#QQ登录
- 'localhost.ptlogin2.qq.com'
- 'localhost.sec.qq.com'
- '+.qq.com'
- '+.tencent.com'
#Game
#Nintendo Switch
- '+.srv.nintendo.net'
- '*.n.n.srv.nintendo.net'
#Sony PlayStation
- '+.stun.playstation.net'
#Microsoft Xbox
- 'xbox.*.*.microsoft.com'
- '*.*.xboxlive.com'
- 'xbox.*.microsoft.com'
- 'xnotify.xboxlive.com'
#Wotgame
- '+.battlenet.com.cn'
- '+.wotgame.cn'
- '+.wggames.cn'
- '+.wowsgame.cn'
- '+.wargaming.net'
#Golang
- 'proxy.golang.org'
#STUN
- 'stun.*.*'
- 'stun.*.*.*'
- '+.stun.*.*'
- '+.stun.*.*.*'
- '+.stun.*.*.*.*'
- '+.stun.*.*.*.*.*'
#Linksys Router
- 'heartbeat.belkin.com'
- '*.linksys.com'
- '*.linksyssmartwifi.com'
#ASUS Router
- '*.router.asus.com'
#Apple Software Update Service
- 'mesu.apple.com'
- 'swscan.apple.com'
- 'swquery.apple.com'
- 'swdownload.apple.com'
- 'swcdn.apple.com'
- 'swdist.apple.com'
#Google
- 'lens.l.google.com'
- 'stun.l.google.com'
#Netflix
- '+.nflxvideo.net'
#FinalFantasy XIV Worldwide Server & CN Server
- '*.square-enix.com'
- '*.finalfantasyxiv.com'
- '*.ffxiv.com'
- '*.ff14.sdo.com'
- 'ff.dorado.sdo.com'
#Bilibili
- '*.mcdn.bilivideo.cn'
#Disney Plus
- '+.media.dssott.com'
#shark007 Codecs
- 'shark007.net'
#Mijia
- 'Mijia Cloud'
#招商银行
- '+.cmbchina.com'
- '+.cmbimg.com'
#AdGuard
- 'local.adguard.org'
#迅雷
- '+.sandai.net'
- '+.n0808.com'
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
# - 114.114.114.114 # default value
# - 8.8.8.8 # default value
- tls://dns.rubyfish.cn:853 # DNS over TLS
- https://1.1.1.1/dns-query # DNS over HTTPS
- https://dns.alidns.com/dns-query
- tls://dns.alidns.com
# - dhcp://en0 # dns from dhcp
# - '8.8.8.8#en0'
# When `fallback` is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in `nameservers`.
# The answers from fallback servers are used when the GEOIP country
# is not `CN`.
# fallback:
# - tcp://1.1.1.1
# - 'tcp://1.1.1.1#en0'
# If IP addresses resolved with servers in `nameservers` are in the specified
# subnets below, they are considered invalid and results from `fallback`
# servers are used instead.
#
# IP address resolved with servers in `nameserver` is used when
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
#
# If `fallback-filter.geoip` is false, results from `nameserver` nameservers
# are always used if not match `fallback-filter.ipcidr`.
#
# This is a countermeasure against DNS pollution attacks.
# fallback-filter:
# geoip: true
# geoip-code: CN
# ipcidr:
# - 240.0.0.0/4
# domain:
# - '+.google.com'
# - '+.facebook.com'
# - '+.youtube.com'
# Lookup domains via specific nameservers
# nameserver-policy:
# 'www.baidu.com': '114.114.114.114'
# '+.internal.crop.com': '10.0.0.1'
nameserver-policy:
'+.taobao.com': '223.5.5.5'
'+.qq.com': '119.29.29.29'
proxy-groups:
- name: "ALL Servers"
type: select # 亦可使用 fallback 或 load-balance
use: # 注意此处是「use」
- ProxyList # 这是上面「proxy-providers」的名称
- name: "ALL Servers Auto"
type: url-test # 亦可使用 fallback 或 load-balance
use: # 注意此处是「use」
- ProxyList # 这是上面「proxy-providers」的名称
url: 'http://www.gstatic.com/generate_204'
interval: 300
- name: "BWConsuming"
type: select
use:
- BWConsuming
- name: "US"
type: select
use:
- USIP
- name: "Switch"
type: select
use:
- Switch
# 代理节点选择
- name: "PROXY"
type: select
proxies:
- "ALL Servers" # 嵌套使用订阅节点策略组
- "ALL Servers Auto"
# 白名单模式 PROXY, 黑名单模式 DIRECT, 不知道别动
- name: "MATCH"
type: select
proxies:
- PROXY
- DIRECT
# 国际流媒体服务
- name: "Streaming"
type: select
use:
- StreamingList
proxy-providers:
ProxyList:
type: file
path: ./ProxyList/servers.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
StreamingList:
type: file
path: ./ProxyList/streaming.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
USIP:
type: file
path: ./ProxyList/usip.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
BWConsuming:
type: file
path: ./ProxyList/BWConsuming.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
Switch:
type: file
path: ./ProxyList/servers.yaml
health-check:
enable: true
interval: 36000
url: http://www.gstatic.com/generate_204
rule-providers:
reject:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
path: ./RuleSet/reject.yaml
interval: 86400
icloud:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
path: ./RuleSet/icloud.yaml
interval: 86400
apple:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
path: ./RuleSet/apple.yaml
interval: 86400
google:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
path: ./RuleSet/google.yaml
interval: 86400
proxy:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
path: ./RuleSet/proxy.yaml
interval: 86400
direct:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
path: ./RuleSet/direct.yaml
interval: 86400
private:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
path: ./RuleSet/private.yaml
interval: 86400
gfw:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
path: ./RuleSet/gfw.yaml
interval: 86400
greatfire:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt"
path: ./RuleSet/greatfire.yaml
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
path: ./RuleSet/tld-not-cn.yaml
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
path: ./RuleSet/telegramcidr.yaml
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
path: ./RuleSet/cncidr.yaml
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
path: ./RuleSet/lancidr.yaml
interval: 86400
applications:
type: http
behavior: classical
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
path: ./RuleSet/applications.yaml
interval: 86400
# custom ruleset
US:
type: http
behavior: classical
path: ./RuleSet/Custom/US.yaml
url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/US.yaml
interval: 86400
StreamingCustom:
type: http
behavior: classical
path: ./RuleSet/Custom/StreamingCustom.yaml
url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/StreamingCustom.yaml
interval: 86400
BWConsuming:
type: http
behavior: classical
path: ./RuleSet/Custom/BWConsuming.yaml
url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/BWConsuming.yaml
interval: 86400
DirectAccess:
type: http
behavior: classical
path: ./RuleSet/Custom/DirectAccess.yaml
url: https://git.moon.re/MOOn/Profiles/raw/branch/main/Clash/RuleSet/Custom/DirectAccess.yaml
interval: 86400
GoogleDrive:
type: http
behavior: classical
path: ./RuleSet/Extra/Google/GoogleDrive.yaml
url: https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Extra/Google/GoogleDrive.yaml
interval: 86400
rules:
# Custom Below
- RULE-SET,StreamingCustom,Streaming
- RULE-SET,BWConsuming,BWConsuming
- RULE-SET,GoogleDrive,BWConsuming
- RULE-SET,US,US
- SRC-IP-CIDR,10.77.1.243/32,Switch
# Custom Above
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
# - RULE-SET,google,DIRECT
- RULE-SET,proxy,PROXY
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,BWConsuming
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,MATCH