port: 7890
socks-port: 7891
redir-port: 7892
allow-lan: true
mode: Rule
log-level: info
external-controller: 127.0.0.1:9090
# secret: ""
dns:
enable: true
listen: 0.0.0.0:853
enhanced-mode: redir-host
nameserver:
- 'tls://dns.rubyfish.cn:853'
- '114.114.114.114'
fallback:
- 'tls://1.1.1.1:853'
- 'tls://dns.google'
proxies:
# 这两个tlb proxy配合我的tlb项目使用的,因为clash内置了proxy选择的策略,所以目前暂时也没有开发的动力
# https://github.com/xdays/tlb
- name: ss-tlb
type: ss
server: 127.0.0.1
port: 443
cipher: rc4-md5
password: changeme
- name: vmess-tlb
type: vmess
server: 127.0.0.1
port: 345
uuid: changeme
alterId: 64
cipher: aes-128-gcm
network: ws
ws-path: /
ws-headers:
Host: foo.xdays.me
tls: true
- name: vmess-hkg01
type: vmess
server: 1.1.1.1
port: 443
uuid: changeme
alterId: 64
cipher: aes-128-gcm
network: ws
ws-path: /
ws-headers:
Host: foo.xdays.me
tls: true
- name: vmess-hkg02
type: vmess
server: 1.1.1.2
port: 443
uuid: changeme
alterId: 64
cipher: aes-128-gcm
network: ws
ws-path: /
ws-headers:
Host: foo.xdays.me
tls: true
# 代理组策略
proxy-groups:
# url-test 通过指定的 URL 测试并选择延迟最低的节点
- name: "UrlTest"
type: url-test
proxies:
- "vmess-hkg01"
- "vmess-hkg02"
url: 'http://www.gstatic.com/generate_204'
interval: 300
# fallback 通过指定的 URL 测试并选择可用的节点,当 1 故障不可用时自动切换到 2 以此类推
- name: "Fallback"
type: fallback
proxies:
- "vmess-hkg01"
url: 'http://www.gstatic.com/generate_204'
interval: 300
# 代理节点选择
- name: "PROXY"
type: select
proxies:
- "UrlTest"
- "vmess-tlb"
- "vmess-hkg01"
# 白名单模式 PROXY,黑名单模式 DIRECT
- name: "Final"
type: select
proxies:
- "PROXY"
- "DIRECT"
# 运营商及声名狼藉网站劫持
- name: "Hijacking"
type: select
proxies:
- "REJECT"
- "DIRECT"
# 规则
rules:
# Internet Service Providers Hijacking 运营商劫持
- DOMAIN-SUFFIX,17gouwuba.com,Hijacking
- DOMAIN-SUFFIX,186078.com,Hijacking
- DOMAIN-SUFFIX,189zj.cn,Hijacking
- DOMAIN-SUFFIX,285680.com,Hijacking
- DOMAIN-SUFFIX,3721zh.com,Hijacking
- DOMAIN-SUFFIX,4336wang.cn,Hijacking
- DOMAIN-SUFFIX,51chumoping.com,Hijacking
- DOMAIN-SUFFIX,51mld.cn,Hijacking
- DOMAIN-SUFFIX,51mypc.cn,Hijacking
- DOMAIN-SUFFIX,58mingri.cn,Hijacking
- DOMAIN-SUFFIX,58mingtian.cn,Hijacking
- DOMAIN-SUFFIX,5vl58stm.com,Hijacking
- DOMAIN-SUFFIX,6d63d3.com,Hijacking
- DOMAIN-SUFFIX,7gg.cc,Hijacking
- DOMAIN-SUFFIX,91veg.com,Hijacking
- DOMAIN-SUFFIX,9s6q.cn,Hijacking
- DOMAIN-SUFFIX,adsame.com,Hijacking
- DOMAIN-SUFFIX,aiclk.com,Hijacking
- DOMAIN-SUFFIX,akuai.top,Hijacking
- DOMAIN-SUFFIX,atplay.cn,Hijacking
- DOMAIN-SUFFIX,baiwanchuangyi.com,Hijacking
- DOMAIN-SUFFIX,beerto.cn,Hijacking
- DOMAIN-SUFFIX,beilamusi.com,Hijacking
- DOMAIN-SUFFIX,benshiw.net,Hijacking
- DOMAIN-SUFFIX,bianxianmao.com,Hijacking
- DOMAIN-SUFFIX,bryonypie.com,Hijacking
- DOMAIN-SUFFIX,cishantao.com,Hijacking
- DOMAIN-SUFFIX,cszlks.com,Hijacking
- DOMAIN-SUFFIX,cudaojia.com,Hijacking
- DOMAIN-SUFFIX,dafapromo.com,Hijacking
- DOMAIN-SUFFIX,daitdai.com,Hijacking
- DOMAIN-SUFFIX,dsaeerf.com,Hijacking
- DOMAIN-SUFFIX,dugesheying.com,Hijacking
- DOMAIN-SUFFIX,dv8c1t.cn,Hijacking
- DOMAIN-SUFFIX,echatu.com,Hijacking
- DOMAIN-SUFFIX,erdoscs.com,Hijacking
- DOMAIN-SUFFIX,fan-yong.com,Hijacking
- DOMAIN-SUFFIX,feih.com.cn,Hijacking
- DOMAIN-SUFFIX,fjlqqc.com,Hijacking
- DOMAIN-SUFFIX,fkku194.com,Hijacking
- DOMAIN-SUFFIX,freedrive.cn,Hijacking
- DOMAIN-SUFFIX,gclick.cn,Hijacking
- DOMAIN-SUFFIX,goufanli100.com,Hijacking
- DOMAIN-SUFFIX,goupaoerdai.com,Hijacking
- DOMAIN-SUFFIX,gouwubang.com,Hijacking
- DOMAIN-SUFFIX,gzxnlk.com,Hijacking
- DOMAIN-SUFFIX,haoshengtoys.com,Hijacking
- DOMAIN-SUFFIX,hyunke.com,Hijacking
- DOMAIN-SUFFIX,ichaosheng.com,Hijacking
- DOMAIN-SUFFIX,ishop789.com,Hijacking
- DOMAIN-SUFFIX,jdkic.com,Hijacking
- DOMAIN-SUFFIX,jiubuhua.com,Hijacking
- DOMAIN-SUFFIX,jsncke.com,Hijacking
- DOMAIN-SUFFIX,junkucm.com,Hijacking
- DOMAIN-SUFFIX,jwg365.cn,Hijacking
- DOMAIN-SUFFIX,kawo77.com,Hijacking
- DOMAIN-SUFFIX,kualianyingxiao.cn,Hijacking
- DOMAIN-SUFFIX,kumihua.com,Hijacking
- DOMAIN-SUFFIX,ltheanine.cn,Hijacking
- DOMAIN-SUFFIX,maipinshangmao.com,Hijacking
- DOMAIN-SUFFIX,minisplat.cn,Hijacking
- DOMAIN-SUFFIX,mkitgfs.com,Hijacking
- DOMAIN-SUFFIX,mlnbike.com,Hijacking
- DOMAIN-SUFFIX,mobjump.com,Hijacking
- DOMAIN-SUFFIX,nbkbgd.cn,Hijacking
- DOMAIN-SUFFIX,newapi.com,Hijacking
- DOMAIN-SUFFIX,pinzhitmall.com,Hijacking
- DOMAIN-SUFFIX,poppyta.com,Hijacking
- DOMAIN-SUFFIX,qianchuanghr.com,Hijacking
- DOMAIN-SUFFIX,qichexin.com,Hijacking
- DOMAIN-SUFFIX,qinchugudao.com,Hijacking
- DOMAIN-SUFFIX,quanliyouxi.cn,Hijacking
- DOMAIN-SUFFIX,qutaobi.com,Hijacking
- DOMAIN-SUFFIX,ry51w.cn,Hijacking
- DOMAIN-SUFFIX,sg536.cn,Hijacking
- DOMAIN-SUFFIX,sifubo.cn,Hijacking
- DOMAIN-SUFFIX,sifuce.cn,Hijacking
- DOMAIN-SUFFIX,sifuda.cn,Hijacking
- DOMAIN-SUFFIX,sifufu.cn,Hijacking
- DOMAIN-SUFFIX,sifuge.cn,Hijacking
- DOMAIN-SUFFIX,sifugu.cn,Hijacking
- DOMAIN-SUFFIX,sifuhe.cn,Hijacking
- DOMAIN-SUFFIX,sifuhu.cn,Hijacking
- DOMAIN-SUFFIX,sifuji.cn,Hijacking
- DOMAIN-SUFFIX,sifuka.cn,Hijacking
- DOMAIN-SUFFIX,smgru.net,Hijacking
- DOMAIN-SUFFIX,taoggou.com,Hijacking
- DOMAIN-SUFFIX,tcxshop.com,Hijacking
- DOMAIN-SUFFIX,tjqonline.cn,Hijacking
- DOMAIN-SUFFIX,topitme.com,Hijacking
- DOMAIN-SUFFIX,tt3sm4.cn,Hijacking
- DOMAIN-SUFFIX,tuia.cn,Hijacking
- DOMAIN-SUFFIX,tuipenguin.com,Hijacking
- DOMAIN-SUFFIX,tuitiger.com,Hijacking
- DOMAIN-SUFFIX,websd8.com,Hijacking
- DOMAIN-SUFFIX,wsgblw.com,Hijacking
- DOMAIN-SUFFIX,wx16999.com,Hijacking
- DOMAIN-SUFFIX,xchmai.com,Hijacking
- DOMAIN-SUFFIX,xiaohuau.xyz,Hijacking
- DOMAIN-SUFFIX,ygyzx.cn,Hijacking
- DOMAIN-SUFFIX,yinmong.com,Hijacking
- DOMAIN-SUFFIX,yitaopt.com,Hijacking
- DOMAIN-SUFFIX,yjqiqi.com,Hijacking
- DOMAIN-SUFFIX,yukhj.com,Hijacking
- DOMAIN-SUFFIX,zhaozecheng.cn,Hijacking
- DOMAIN-SUFFIX,zhenxinet.com,Hijacking
- DOMAIN-SUFFIX,zlne800.com,Hijacking
- DOMAIN-SUFFIX,zunmi.cn,Hijacking
- DOMAIN-SUFFIX,zzd6.com,Hijacking
- IP-CIDR,39.107.15.115/32,Hijacking,no-resolve
- IP-CIDR,47.89.59.182/32,Hijacking,no-resolve
- IP-CIDR,103.49.209.27/32,Hijacking,no-resolve
- IP-CIDR,123.56.152.96/32,Hijacking,no-resolve
# > ChinaTelecom
- IP-CIDR,61.160.200.223/32,Hijacking,no-resolve
- IP-CIDR,61.160.200.242/32,Hijacking,no-resolve
- IP-CIDR,61.160.200.252/32,Hijacking,no-resolve
- IP-CIDR,61.174.50.214/32,Hijacking,no-resolve
- IP-CIDR,111.175.220.163/32,Hijacking,no-resolve
- IP-CIDR,111.175.220.164/32,Hijacking,no-resolve
- IP-CIDR,122.229.8.47/32,Hijacking,no-resolve
- IP-CIDR,122.229.29.89/32,Hijacking,no-resolve
- IP-CIDR,124.232.160.178/32,Hijacking,no-resolve
- IP-CIDR,175.6.223.15/32,Hijacking,no-resolve
- IP-CIDR,183.59.53.237/32,Hijacking,no-resolve
- IP-CIDR,218.93.127.37/32,Hijacking,no-resolve
- IP-CIDR,221.228.17.152/32,Hijacking,no-resolve
- IP-CIDR,221.231.6.79/32,Hijacking,no-resolve
- IP-CIDR,222.186.61.91/32,Hijacking,no-resolve
- IP-CIDR,222.186.61.95/32,Hijacking,no-resolve
- IP-CIDR,222.186.61.96/32,Hijacking,no-resolve
- IP-CIDR,222.186.61.97/32,Hijacking,no-resolve
# > ChinaUnicom
- IP-CIDR,106.75.231.48/32,Hijacking,no-resolve
- IP-CIDR,119.4.249.166/32,Hijacking,no-resolve
- IP-CIDR,220.196.52.141/32,Hijacking,no-resolve
- IP-CIDR,221.6.4.148/32,Hijacking,no-resolve
# > ChinaMobile
- IP-CIDR,114.247.28.96/32,Hijacking,no-resolve
- IP-CIDR,221.179.131.72/32,Hijacking,no-resolve
- IP-CIDR,221.179.140.145/32,Hijacking,no-resolve
# > Dr.Peng
# - IP-CIDR,10.72.25.0/24,Hijacking,no-resolve
- IP-CIDR,115.182.16.79/32,Hijacking,no-resolve
- IP-CIDR,118.144.88.126/32,Hijacking,no-resolve
- IP-CIDR,118.144.88.215/32,Hijacking,no-resolve
- IP-CIDR,118.144.88.216/32,Hijacking,no-resolve
- IP-CIDR,120.76.189.132/32,Hijacking,no-resolve
- IP-CIDR,124.14.21.147/32,Hijacking,no-resolve
- IP-CIDR,124.14.21.151/32,Hijacking,no-resolve
- IP-CIDR,180.166.52.24/32,Hijacking,no-resolve
- IP-CIDR,211.161.101.106/32,Hijacking,no-resolve
- IP-CIDR,220.115.251.25/32,Hijacking,no-resolve
- IP-CIDR,222.73.156.235/32,Hijacking,no-resolve
# Local Area Network
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
# GeoIP China
- GEOIP,CN,DIRECT
- MATCH,Final
先说第一步,我的做法是用 dnsmasq 来作为局域网的 dhcp 和 dns server,然后 dnsmasq 将 dns 请求转发给 clash 的 853 端口,dnsmasq 的配置如下:
这个脚本里还包括的切换 dnsmasq 的 dns 配置的操作,因为如果 clash 停了整个局域网所有机器的 dns 解析就会失败,这是配合后边一键启停翻墙做准备的。