Surge Configuration for Sukka Ruleset

Surge.conf

[General]
loglevel = notify
wifi-assist = true

internet-test-url = http://connectivitycheck.platform.hicloud.com/generate_204
proxy-test-url = http://latency-test.skk.moe/endpoint
proxy-test-udp = www.apple.com@64.6.64.6
test-timeout = 2
dns-server = 223.5.5.5, 119.29.29.29
# encrypted-dns-server = https://223.5.5.5/ // 除非当地 ISP 有严重的 DNS 污染问题，否则没必要开启 DoH，传统 DNS 的性能最优，网络异常后恢复速度最快

ipv6 = false
ipv6-vif = off

http-api-web-dashboard = true
http-listen = 0.0.0.0
socks5-listen = 0.0.0.0

show-error-page-for-reject = true
udp-policy-not-supported-behaviour = REJECT

skip-proxy = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, 162.14.0.0/16, 211.99.96.0/19, 162.159.192.0/24, 162.159.193.0/24, 162.159.195.0/24, fc00::/7, fe80::/10, localhost, *.local, captive.apple.com, passenger.t3go.cn, *.ccb.com, wxh.wo.cn, *.abcchina.com, *.abcchina.com.cn
always-real-ip = *.arpa
exclude-simple-hostnames = true

[Proxy]

[Proxy Group]
PROXY = select, DIRECT, SMART
SMART = smart, include-other-group=
TELEGRAM = smart, include-other-group=, no-alert=0, hidden=0, include-all-proxies=0
OPENAI = smart, include-other-group=, policy-regex-filter=(?i)ChatGPT
SPEEDTEST = select, DIRECT, PROXY, include-all-proxies=1, include-other-group=
APPLE = select, DIRECT, PROXY, no-alert=0, hidden=0
APPLE-CN = select, DIRECT, PROXY, no-alert=0, hidden=0

[Rule]

# 拦截规则
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/reject.conf,REJECT-TINYGIF,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject.conf,REJECT,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-no-drop.conf,REJECT-NO-DROP,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-drop.conf,REJECT-DROP,extended-matching

# SPEEDTEST
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/speedtest.conf,SPEEDTEST,extended-matching

# STATIC CDN
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/cdn.conf,PROXY,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/cdn.conf,PROXY,extended-matching

# TELEGRAM 
RULE-SET,https://ruleset.skk.moe/List/non_ip/telegram.conf,TELEGRAM,extended-matching

# APPLE & MSFT CN CDN
RULE-SET,https://ruleset.skk.moe/List/non_ip/apple_cdn.conf,APPLE
RULE-SET,https://ruleset.skk.moe/List/non_ip/microsoft_cdn.conf,APPLE

# DOWNLOAD FILE 
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/download.conf,APPLE,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/download.conf,APPLE,extended-matching

# APPLE CN
RULE-SET,https://ruleset.skk.moe/List/non_ip/apple_cn.conf,DIRECT

# APPLE non-CN
RULE-SET,https://ruleset.skk.moe/List/non_ip/apple_services.conf,APPLE,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/microsoft.conf,APPLE,extended-matching

# AIGC 
RULE-SET,https://ruleset.skk.moe/List/non_ip/ai.conf,OPENAI,extended-matching

# Foreign
RULE-SET,https://ruleset.skk.moe/List/non_ip/global.conf,PROXY,extended-matching

# Domestic
RULE-SET,https://ruleset.skk.moe/List/non_ip/domestic.conf,DIRECT,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/direct.conf,DIRECT,extended-matching

# Internal Domainset
RULE-SET,https://ruleset.skk.moe/List/non_ip/lan.conf,DIRECT

### IP RULESET ###

# 拦截 IP 
RULE-SET,https://ruleset.skk.moe/List/ip/reject.conf,REJECT-DROP

## Telegram IP 
RULE-SET,https://ruleset.skk.moe/List/ip/telegram.conf,TELEGRAM
PROCESS-NAME,Telegram,REJECT-DROP

# LAN IP
RULE-SET,https://ruleset.skk.moe/List/ip/lan.conf,DIRECT

# CN IP
RULE-SET,https://ruleset.skk.moe/List/ip/domestic.conf,DIRECT
RULE-SET,https://ruleset.skk.moe/List/ip/china_ip.conf,DIRECT

RULE-SET,SYSTEM,PROXY
# 以下规则将触发本地 DNS 解析
RULE-SET,LAN,DIRECT
GEOIP,CN,DIRECT
FINAL,PROXY,dns-failed