Last active
May 9, 2024 16:26
-
-
Save LufsX/a522b340a8e62e008c049c39a82951a0 to your computer and use it in GitHub Desktop.
Profile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
##################################### | |
# 基于 DivineEngine/Profiles 的配置文件 | |
# 添加/修改一些基础配置 | |
# 包括 DNS, Custom Rules 等 | |
# 建议搭配 https://github.com/LufsX/shell-sub 并开启增强模式食用 ~ | |
##################################### | |
# Port of HTTP(S) proxy server on the local end | |
# port: 7890 | |
# Port of SOCKS5 proxy server on the local end | |
# socks-port: 7891 | |
# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) | |
# redir-port: 7892 | |
# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) | |
# tproxy-port: 7893 | |
# HTTP(S) and SOCKS5 server on the same port | |
mixed-port: 7890 | |
# authentication of local SOCKS5/HTTP(S) server | |
# authentication: | |
# - "user1:pass1" | |
# - "user2:pass2" | |
# Set to true to allow connections to the local-end server from | |
# other LAN IP addresses | |
allow-lan: true | |
# This is only applicable when `allow-lan` is `true` | |
# '*': bind all IP addresses | |
# 192.168.122.11: bind a single IPv4 address | |
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address | |
bind-address: "*" | |
# Clash router working mode | |
# rule: rule-based packet routing | |
# global: all packets will be forwarded to a single endpoint | |
# direct: directly forward the packets to the Internet | |
mode: rule | |
# Clash by default prints logs to STDOUT | |
# info / warning / error / debug / silent | |
log-level: info | |
# When set to false, resolver won't translate hostnames to IPv6 addresses | |
ipv6: false | |
# RESTful web API listening address | |
external-controller: 127.0.0.1:9090 | |
# A relative path to the configuration directory or an absolute path to a | |
# directory in which you put some static web resource. Clash core will then | |
# serve it at `${API}/ui`. | |
# external-ui: folder | |
# Secret for the RESTful API (optional) | |
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}` | |
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0 | |
# secret: "" | |
# Outbound interface name | |
# interface-name: en0 | |
# Static hosts for DNS server and connection establishment (like /etc/hosts) | |
# | |
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) | |
# Non-wildcard domain names have a higher priority than wildcard domain names | |
# e.g. foo.example.com > *.example.com > .example.com | |
# P.S. +.foo.com equals to .foo.com and foo.com | |
hosts: | |
# '*.clash.dev': 127.0.0.1 | |
# '.dev': 127.0.0.1 | |
# 'alpha.clash.dev': '::1' | |
# Firebase Cloud Messaging | |
"mtalk.google.com": 108.177.125.188 | |
# Google Dl | |
# "dl.google.com": 180.163.151.161 | |
# "dl.l.google.com": 180.163.151.161 | |
# DNS server settings | |
# This section is optional. When not present, the DNS server will be disabled. | |
dns: | |
enable: true | |
listen: 0.0.0.0:53 | |
# ipv6: false # when the false, response to AAAA questions will be empty | |
# These nameservers are used to resolve the DNS nameserver hostnames below. | |
# Specify IP addresses only | |
default-nameserver: | |
- 119.29.29.29 | |
- 223.6.6.6 | |
enhanced-mode: fake-ip # or redir-host | |
fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR | |
# use-hosts: true # lookup hosts and return IP record | |
# Hostnames in this list will not be resolved with fake IPs | |
# i.e. questions to these domain names will always be answered with their | |
# real IP addresses | |
fake-ip-filter: | |
- "*.126.net" | |
- "*.example" | |
- "*.ffxiv.com" | |
- "*.finalfantasyxiv.com" | |
- "*.home.arpa" | |
- "*.invalid" | |
- "*.kuwo.cn" | |
- "*.lan" | |
- "*.linksys.com" | |
- "*.linksys.com" | |
- "*.linksyssmartwifi.com" | |
- "*.linksyssmartwifi.com" | |
- "*.local" | |
- "*.localdomain" | |
- "*.localhost" | |
- "*.mcdn.bilivideo.cn" | |
- "*.msftconnecttest.com" | |
- "*.msftncsi.com" | |
- "*.music.163.com" | |
- "*.music.migu.cn" | |
- "*.ntp.org.cn" | |
- "*.pool.ntp.org" | |
- "*.router.asus.com" | |
- "*.square-enix.com" | |
- "*.test" | |
- "*.time.edu.cn" | |
- "*.xiami.com" | |
- "*.y.qq.com" | |
- "+.battlenet.com.cn" | |
- "+.nflxvideo.net" | |
- "+.pool.ntp.org" | |
- "+.srv.nintendo.net" | |
- "+.stun.*.*" | |
- "+.stun.*.*.*" | |
- "+.stun.*.*.*.*" | |
- "+.stun.playstation.net" | |
- "+.wargaming.net" | |
- "+.wggames.cn" | |
- "+.wotgame.cn" | |
- "+.wowsgame.cn" | |
- "amobile.music.tc.qq.com" | |
- "api-jooxtt.sanook.com" | |
- "api.joox.com" | |
- "aqqmusic.tc.qq.com" | |
- "dl.stream.qqmusic.qq.com" | |
- "heartbeat.belkin.com" | |
- "isure.stream.qqmusic.qq.com" | |
- "joox.com" | |
- "lens.l.google.com" | |
- "localhost.ptlogin2.qq.com" | |
- "localhost.sec.qq.com" | |
- "mesu.apple.com" | |
- "mobileoc.music.tc.qq.com" | |
- "msftconnecttest.com" | |
- "msftncsi.com" | |
- "music.163.com" | |
- "music.migu.cn" | |
- "music.taihe.com" | |
- "musicapi.taihe.com" | |
- "ntp.*.com" | |
- "ntp.*.com" | |
- "ntp1.*.com" | |
- "ntp2.*.com" | |
- "ntp3.*.com" | |
- "ntp4.*.com" | |
- "ntp5.*.com" | |
- "ntp6.*.com" | |
- "ntp7.*.com" | |
- "proxy.golang.org" | |
- "songsearch.kugou.com" | |
- "streamoc.music.tc.qq.com" | |
- "stun.*.*" | |
- "stun.*.*.*" | |
- "stun.l.google.com" | |
- "swcdn.apple.com" | |
- "swdist.apple.com" | |
- "swdownload.apple.com" | |
- "swquery.apple.com" | |
- "swscan.apple.com" | |
- "time.*.apple.com" | |
- "time.*.com" | |
- "time.*.edu.cn" | |
- "time.*.gov" | |
- "time1.*.com" | |
- "time1.cloud.tencent.com" | |
- "time2.*.com" | |
- "time3.*.com" | |
- "time4.*.com" | |
- "time5.*.com" | |
- "time6.*.com" | |
- "time7.*.com" | |
- "time8.*.com" | |
- "time9.*.com" | |
- "trackercdn.kugou.com" | |
- "xbox.*.microsoft.com" | |
- "xnotify.xboxlive.com" | |
- "y.qq.com" | |
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. | |
# All DNS questions are sent directly to the nameserver, without proxies | |
# involved. Clash answers the DNS question with the first result gathered. | |
nameserver: | |
- tls://dns.pub:853 # DNS over TLS | |
- tls://dns.alidns.com:853 # DNS over TLS | |
- 119.29.29.29 | |
- 223.6.6.6 | |
# - tls://dns.rubyfish.cn:853 # DNS over TLS | |
# - https://1.1.1.1/dns-query # DNS over HTTPS | |
# When `fallback` is present, the DNS server will send concurrent requests | |
# to the servers in this section along with servers in `nameservers`. | |
# The answers from fallback servers are used when the GEOIP country | |
# is not `CN`. | |
# fallback: | |
# - tcp://1.1.1.1 | |
# If IP addresses resolved with servers in `nameservers` are in the specified | |
# subnets below, they are considered invalid and results from `fallback` | |
# servers are used instead. | |
# | |
# IP address resolved with servers in `nameserver` is used when | |
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. | |
# | |
# If `fallback-filter.geoip` is false, results from `nameserver` nameservers | |
# are always used if not match `fallback-filter.ipcidr`. | |
# | |
# This is a countermeasure against DNS pollution attacks. | |
fallback-filter: | |
geoip: true | |
ipcidr: | |
# - 240.0.0.0/4 | |
# domain: | |
# - '+.google.com' | |
# - '+.facebook.com' | |
# - '+.youtube.com' | |
# | |
# https://github.com/Dreamacro/clash/wiki/premium-core-features | |
# | |
# tun: | |
# enable: true | |
# stack: system # or gvisor | |
# # dns-hijack: | |
# # - 8.8.8.8:53 | |
# # - tcp://8.8.8.8:53 | |
# macOS-auto-route: true # auto set global route | |
# macOS-auto-detect-interface: true # conflict with interface-name | |
proxies: | |
# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration | |
# Shadowsocks(Websocket + TLS) | |
# - name: "1" | |
# type: ss | |
# server: server | |
# port: 443 | |
# cipher: chacha20-ietf-poly1305 | |
# password: "password" | |
# plugin: v2ray-plugin | |
# plugin-opts: | |
# mode: websocket # no QUIC now | |
# tls: true # wss | |
# # skip-cert-verify: true | |
# # host: bing.com | |
# path: "/s" | |
# # mux: true | |
# # headers: | |
# # custom: value | |
# # VMess(Websocket + TLS) | |
# - name: "2" | |
# type: vmess | |
# server: v2ray.cool | |
# port: 443 | |
# uuid: a3482e88-686a-4a58-8126-99c9df64b7bf | |
# alterId: 32 | |
# cipher: auto | |
# # udp: true | |
# tls: true | |
# # skip-cert-verify: true | |
# network: ws | |
# ws-path: /v | |
# # ws-headers: | |
# # Host: v2ray.com | |
# # Trojan | |
# - name: "3" | |
# type: trojan | |
# server: server | |
# port: 443 | |
# password: yourpsk | |
# # udp: true | |
# # sni: example.com # aka server name | |
# # alpn: | |
# # - h2 | |
# # - http/1.1 | |
# # skip-cert-verify: true | |
# 服务器节点订阅 | |
proxy-providers: | |
# name: # Provider 名称 | |
# type: http # http 或 file | |
# path: # 文件路径 | |
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。 | |
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用 | |
# health-check: # 健康检查选项从此处开始 | |
# enable: | |
# url: | |
# interval: | |
# | |
# 「url」参数填写订阅链接 | |
# | |
# 订阅链接可以使用 API 进行转换,如:https://dove.589669.xyz/web | |
# | |
# | |
# 此处只是订阅示例,如果没有订阅链接的使用需求,此处及 proxy-groups 的相关内容可删除 | |
# DuckDuckGoList: #「冲鸭机场」订阅 | |
# type: http | |
# url: "https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/ProxyList/List.yaml" # 放机场订阅链接 | |
# interval: 3600 | |
# path: ./Proxy/List.yaml # 注意此处文件名不可相同 | |
# health-check: | |
# enable: true | |
# interval: 600 | |
# url: http://www.gstatic.com/generate_204 | |
# DuckDuckGoUS: #「冲鸭机场」订阅美国地区节点 | |
# type: http | |
# url: "https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/ProxyList/US.yaml" # 放机场订阅链接 | |
# interval: 3600 | |
# path: ./Proxy/US.yaml # 注意此处文件名不可相同 | |
# health-check: | |
# enable: true | |
# interval: 600 | |
# url: http://www.gstatic.com/generate_204 | |
ProxyList: | |
type: http | |
url: https://url | |
interval: 86400 | |
path: ./Proxy/List.yaml | |
health-check: | |
enable: true | |
interval: 86400 | |
url: http://www.gstatic.com/generate_204 | |
ProxyList-SE: | |
type: http | |
url: https://se.url | |
interval: 86400 | |
path: ./Proxy/SE/List-SE.yaml | |
health-check: | |
enable: true | |
ProxyList-Telegram: | |
type: http | |
url: https://telegram.url | |
interval: 86400 | |
path: ./Proxy/Telegram/List-Telegram.yaml | |
health-check: | |
enable: true | |
interval: 86400 | |
url: http://www.gstatic.com/generate_204 | |
proxy-groups: | |
# 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration | |
# | |
# 策略组说明 | |
# | |
# 「MATCH」类似 Surge 的「Final」,此处用于选择白名单模式(PROXY 策略)和黑名单模式(DIRECT 策略) | |
# | |
# 「Streaming」和「StreamingSE」比较好理解,有专用于流媒体的节点就设置到其中,如果没有「StreamingSE」的需求可以连带 Rule 部分一起删掉,「Streaming」需至少保留 Rule,用「PROXY」即可。 | |
# | |
# 「PROXY」是代理规则策略,它可以指定为某个节点或嵌套一个其他策略组,如:「自动测试」、「Fallback」或「负载均衡」的策略组,关于这 3 个策略组的具体示例可以看官方示例:https://github.com/Dreamacro/clash | |
# | |
# 注意此处的「use」而不是「proxies」,当然也可以不用在此先嵌套一个策略组进行选择,可以直接使用,如 | |
# | |
# # 代理节点选择 | |
# - name: "PROXY" | |
# type: select | |
# use: | |
# - DuckDuckGo # 嵌套使用订阅节点策略组 | |
# proxies: | |
# - Fallback | |
# - 1 | |
# - 2 | |
# - 3 | |
# | |
# 但如果订阅节点很多选起来就很麻烦,不如先嵌套一个策略组进行手动或自动的选择。 | |
# # 手动选择订阅节点 | |
# - name: "DuckDuckGo" | |
# type: select # 亦可使用 fallback 或 load-balance | |
# use: # 注意此处是「use」 | |
# - DuckDuckGoList # 这是上面「proxy-providers」的名称 | |
# - name: "US" | |
# type: select # 亦可使用 fallback 或 load-balance | |
# use: # 注意此处是「use」 | |
# - DuckDuckGoUS # 这是上面「proxy-providers」的名称 | |
# Fallback 比较实用的策略组类型,用于测试服务器节点的可用性,当第一个节点不可用时切换到第二个,以此类推。 | |
- name: "Fallback" | |
type: fallback | |
# proxies: | |
# - 1 | |
# - 2 | |
# - 3 | |
use: | |
- ProxyList | |
url: "http://www.gstatic.com/generate_204" | |
interval: 300 | |
# 代理节点选择 | |
- name: "PROXY" | |
type: select | |
proxies: | |
- Fallback | |
# - 1 | |
# - 2 | |
# - 3 | |
# - DuckDuckGo # 嵌套使用订阅节点策略组 | |
use: | |
- ProxyList | |
# 白名单模式 PROXY, 黑名单模式 DIRECT, 不知道别动 | |
- name: "MATCH" | |
type: select | |
proxies: | |
- PROXY | |
- DIRECT | |
# 国际流媒体服务 | |
- name: "Streaming" | |
type: select | |
proxies: | |
- PROXY | |
# - 1 | |
# - 2 | |
# - 3 | |
# - US | |
# 中国流媒体服务(面向海外版本) | |
# 用于观看部分国内流媒体面向港澳台的地区的限定内容,此处应放港澳台节点,如果没有此需求可删除此处策略组及相关规则 | |
- name: "StreamingSE" | |
type: select | |
proxies: | |
- DIRECT | |
# - 2 | |
use: | |
- ProxyList-SE | |
# Telegram 即时通讯 | |
- name: "Telegram" | |
type: select | |
proxies: | |
- PROXY | |
# - 2 | |
use: | |
- ProxyList-Telegram | |
# OneDrive 网盘服务 | |
- name: "OneDrive" | |
type: select | |
proxies: | |
- DIRECT | |
- PROXY | |
# - 2 | |
- name: "Advertisement" | |
type: select | |
proxies: | |
- REJECT | |
- DIRECT | |
# 关于 Rule Provider 请查阅:https://lancellc.gitbook.io/clash/clash-config-file/rule-provider | |
rule-providers: | |
# name: # Provider 名称 | |
# type: http # http 或 file | |
# behavior: classical # 或 ipcidr、domain | |
# path: # 文件路径 | |
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。 | |
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用 | |
Unbreak: | |
type: http | |
behavior: classical | |
path: ./RuleSet/Unbreak.yaml | |
url: https://cors.isteed.cc/https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Unbreak.yaml | |
interval: 86400 | |
Streaming: | |
type: http | |
behavior: classical | |
path: ./RuleSet/StreamingMedia/Streaming.yaml | |
url: https://cors.isteed.cc/https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/Streaming.yaml | |
interval: 86400 | |
StreamingSE: | |
type: http | |
behavior: classical | |
path: ./RuleSet/StreamingMedia/StreamingSE.yaml | |
url: https://cors.isteed.cc/https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/StreamingMedia/StreamingSE.yaml | |
interval: 86400 | |
Global: | |
type: http | |
behavior: classical | |
path: ./RuleSet/Global.yaml | |
url: https://cors.isteed.cc/https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Global.yaml | |
interval: 86400 | |
China: | |
type: http | |
behavior: classical | |
path: ./RuleSet/China.yaml | |
url: https://cors.isteed.cc/https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/China.yaml | |
interval: 86400 | |
Telegram: | |
type: http | |
behavior: classical | |
path: ./RuleSet/Extra/Telegram.yaml | |
url: https://cors.isteed.cc/https://raw.githubusercontent.com/DivineEngine/Profiles/master/Clash/RuleSet/Extra/Telegram/Telegram.yaml | |
interval: 86400 | |
OneDrive: | |
type: http | |
behavior: classical | |
path: ./RuleSet/Extra/OneDrive.yaml | |
url: https://clash-sub.isteed.cc/RuleSet/Extra/Microsoft/OneDrive.yaml | |
interval: 86400 | |
AD: | |
type: http | |
behavior: classical | |
path: ./RuleSet/Extra/AD.yaml | |
url: https://cors.isteed.cc/https://raw.githubusercontent.com/Hackl0us/SS-Rule-Snippet/master/Rulesets/Clash/Basic/common-ad-keyword.yaml | |
interval: 86400 | |
DirectCustom: | |
type: http | |
behavior: classical | |
path: ./RuleSet/DirectCustom.yaml | |
url: https://clash-sub.isteed.cc/RuleSet/DirectCustom.yaml | |
interval: 86400 | |
ProxyCustom: | |
type: http | |
behavior: classical | |
path: ./RuleSet/ProxyCustom.yaml | |
url: https://clash-sub.isteed.cc/RuleSet/ProxyCustom.yaml | |
interval: 86400 | |
# 规则 | |
rules: | |
# Custom | |
- RULE-SET,DirectCustom,DIRECT | |
- RULE-SET,ProxyCustom,PROXY | |
# common-ad-keyword | |
- RULE-SET,AD,Advertisement | |
## Telegram | |
- RULE-SET,Telegram,Telegram | |
## OneDrive | |
- RULE-SET,OneDrive,OneDrive | |
# Unbreak | |
- RULE-SET,Unbreak,DIRECT | |
# Global Area Network | |
# (Streaming Media) | |
- RULE-SET,Streaming,Streaming | |
# (StreamingSE) | |
- RULE-SET,StreamingSE,StreamingSE | |
# (DNS Cache Pollution) / (IP Blackhole) / (Region-Restricted Access Denied) / (Network Jitter) | |
- RULE-SET,Global,PROXY | |
# China Area Network | |
- RULE-SET,China,DIRECT | |
# Local Area Network | |
- IP-CIDR,192.168.0.0/16,DIRECT | |
- IP-CIDR,10.0.0.0/8,DIRECT | |
- IP-CIDR,172.16.0.0/12,DIRECT | |
- IP-CIDR,127.0.0.0/8,DIRECT | |
- IP-CIDR,100.64.0.0/10,DIRECT | |
- IP-CIDR,224.0.0.0/4,DIRECT | |
- IP-CIDR,fe80::/10,DIRECT | |
# (可选)使用来自 ipipdotnet 的 ChinaIP 以解决数据不准确的问题,使用 ChinaIP.yaml 时可禁用下列直至(包括)「GEOIP,CN」规则 | |
# - RULE-SET,ChinaIP,DIRECT | |
# Tencent | |
- IP-CIDR,119.28.28.28/32,DIRECT | |
- IP-CIDR,182.254.116.0/24,DIRECT | |
# GeoIP China | |
- GEOIP,CN,DIRECT | |
- MATCH,MATCH |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment