diff --git a/clash/config-lan.yaml b/clash/config-lan.yaml new file mode 100644 index 0000000..f904d0e --- /dev/null +++ b/clash/config-lan.yaml @@ -0,0 +1,523 @@ +mode: rule +log-level: info +ipv6: false +geodata-mode: true +tcp-concurrent: true +find-process-mode: always + +#自定义 geodata url +geox-url: + geoip: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.dat" + geosite: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geosite.dat" + mmdb: "https://fastly.jsdelivr.net/gh/MetaCubeX/meta-rules-dat@release/geoip.metadb" + +geo-auto-update: true +geo-update-interval: 24 + +dns: + enable: true + listen: 0.0.0.0:53 + ipv6: false + default-nameserver: + - 223.5.5.5 + - 1.0.0.1 + enhanced-mode: fake-ip + fake-ip-range: 198.10.0.1/16 + fake-ip-filter: + - stun.*.*.* + - stun.*.* + - time.windows.com + - time.nist.gov + - time.apple.com + - time.asia.apple.com + # Tailscale 必须真实 DNS 解析,否则打洞失败 + - '*.tailscale.com' + - '*.ts.net' + - controlplane.tailscale.com + - login.tailscale.com + use-hosts: true + nameserver: + - 1.1.1.1 + - 8.8.8.8 + +sniffer: + enable: true + force-dns-mapping: true + parse-pure-ip: true + override-destination: false + sniff: + HTTP: + ports: [ 80, 8080-8880 ] + override-destination: true + TLS: + ports: [ 443, 8443 ] + QUIC: + ports: [ 443, 8443 ] + skip-domain: + - Mijia Cloud + + hosts: + mtalk.google.com 108.177.97.188 + alt1-mtalk.google.com 142.250.141.188 + alt2-mtalk.google.com 142.250.115.188 + alt3-mtalk.google.com 64.233.171.188 + alt4-mtalk.google.com 142.250.152.188 + alt5-mtalk.google.com 173.194.77.188 + alt6-mtalk.google.com 173.194.219.188 + alt7-mtalk.google.com 142.250.112.188 + alt8-mtalk.google.com 172.217.197.188 + +# ══════════════════════════════════════════════════════════ +# Tailscale 家庭内网代理 +# ══════════════════════════════════════════════════════════ +proxies: + - name: "WSL-Home-Tailscale" + type: socks5 + server: 127.0.0.1 + port: 1080 + udp: true + +# ══════════════════════════════════════════════════════════ +# 节点订阅源 +# ══════════════════════════════════════════════════════════ +proxy-providers: + self-proxies: + type: http + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/oruke-self-proxies.yaml + path: ./oruke-self-proxies.yaml + health-check: + enable: true + interval: 600 + lazy: true + url: http://www.gstatic.com/generate_204 + liangyuandian: + type: http + url: https://www.fightingly.vip/api/v1/client/subscribe?token=7f9f9961ecbd6a17d856887fff9cd87d + interval: 172800 + path: ./oruke-liangyuandian.yaml + timeout: 100000 + health-check: + enable: true + interval: 600 + lazy: true + url: http://www.gstatic.com/generate_204 + byWave: + type: http + url: https://sub.bwbwbw.cc/subscribe/74851/8pPTLIl5ZdDg + interval: 172800 + path: ./oruke-byWave.yaml + timeout: 100000 + health-check: + enable: true + interval: 600 + lazy: true + url: http://www.gstatic.com/generate_204 + +# ══════════════════════════════════════════════════════════ +# 代理组 — 按流量特征分类 +# ══════════════════════════════════════════════════════════ +proxy-groups: + + # ── 家庭内网 ── + - name: "🏡 家庭内网" + type: select + proxies: + - "WSL-Home-Tailscale" + - DIRECT + use: [self-proxies] + + # ── 节点池 ── + - name: "自动选择" + type: url-test + use: [self-proxies, byWave, liangyuandian] + url: http://www.gstatic.com/generate_204 + interval: 300 + tolerance: 50 + + - name: "PROXY" + type: select + proxies: + - "自动选择" + use: [self-proxies, byWave, liangyuandian] + + # ── 固定组 ── + + - name: "AI" + type: select + proxies: + - PROXY + use: [self-proxies, byWave] + + # Tailscale 流量必须直连,否则打洞失败 + - name: "Tailscale" + type: select + proxies: + - DIRECT + + # ── 按流量特征分组 ── + + # 流媒体: 视频/音频串流,高带宽持续连接 (YouTube, Netflix, Spotify, Twitch...) + - name: "流媒体" + type: select + proxies: + - PROXY + - "大文件下载" + use: [self-proxies, byWave, liangyuandian] + + # 大文件下载: GitHub/Docker/npm/PyPI/HuggingFace/Steam/模型 等批量下载 + # 不含 byWave (流量贵) + - name: "大文件下载" + type: select + proxies: + - PROXY + use: [self-proxies, liangyuandian] + + # 社交通讯: Discord/Twitter/Reddit/Telegram/Facebook 等社交平台 + - name: "社交通讯" + type: select + proxies: + - PROXY + use: [self-proxies, byWave, liangyuandian] + + # 日系站点: DLsite/Pixiv/DMM/Niconico/Booth 等 (美国节点内容不全,建议选日本节点) + - name: "日系站点" + type: select + proxies: + - PROXY + use: [self-proxies, byWave, liangyuandian] + + # Exhentai: 日本节点大量内容不可见,荷兰节点能看全部 (避开日本节点!) + - name: "Exhentai" + type: select + proxies: + - PROXY + use: [self-proxies, byWave, liangyuandian] + + # PT站点: 网页浏览+Tracker握手走代理,BT文件下载走直连 + # (applications规则在pt-custom之后,域名优先匹配代理,纯IP的peer连接走DIRECT) + - name: "PT站点" + type: select + proxies: + - PROXY + - DIRECT + use: [self-proxies] + + # ── 平台组 ── + + # Apple: iCloud/App Store/Apple Music 等,默认直连 + - name: "Apple" + type: select + proxies: + - DIRECT + - PROXY + use: [self-proxies, byWave, liangyuandian] + + # Google: Search/Maps/Gmail 等 (Drive/Photos 在大文件下载组) + - name: "Google" + type: select + proxies: + - PROXY + use: [self-proxies, byWave, liangyuandian] + + # Microsoft: Office/Azure 等,默认直连 + - name: "Microsoft" + type: select + proxies: + - DIRECT + - PROXY + use: [self-proxies, byWave] + + # 漏网之鱼: 未匹配任何规则的流量 + - name: "漏网之鱼" + type: select + proxies: + - PROXY + - DIRECT + use: [self-proxies] + +# ══════════════════════════════════════════════════════════ +# 规则集 +# ══════════════════════════════════════════════════════════ +rule-providers: + + # ── 外部规则集 (Loyalsoldier) ── + reject: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt" + path: ./ruleset/reject.yaml + interval: 86400 + timeout: 50000 + + icloud: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt" + path: ./ruleset/icloud.yaml + interval: 86400 + timeout: 50000 + + apple: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt" + path: ./ruleset/apple.yaml + interval: 86400 + timeout: 50000 + + proxy: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt" + path: ./ruleset/proxy-ls.yaml + interval: 86400 + timeout: 50000 + + direct: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt" + path: ./ruleset/direct-ls.yaml + interval: 86400 + timeout: 50000 + + private: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt" + path: ./ruleset/private.yaml + interval: 86400 + timeout: 50000 + + gfw: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt" + path: ./ruleset/gfw.yaml + interval: 86400 + timeout: 50000 + + tld-not-cn: + type: http + behavior: domain + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt" + path: ./ruleset/tld-not-cn.yaml + interval: 86400 + timeout: 50000 + + telegramcidr: + type: http + behavior: ipcidr + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt" + path: ./ruleset/telegramcidr.yaml + interval: 86400 + timeout: 50000 + + cncidr: + type: http + behavior: ipcidr + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt" + path: ./ruleset/cncidr.yaml + interval: 86400 + timeout: 50000 + + lancidr: + type: http + behavior: ipcidr + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt" + path: ./ruleset/lancidr.yaml + interval: 86400 + timeout: 50000 + + applications: + type: http + behavior: classical + url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt" + path: ./ruleset/applications.yaml + interval: 86400 + timeout: 50000 + + # ── 外部规则集 (blackmatrix7) ── + microsoft: + type: http + behavior: classical + url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Microsoft/Microsoft.yaml" + path: ./ruleset/microsoft-bm7.yaml + interval: 86400 + timeout: 50000 + + copilot: + type: http + behavior: classical + url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/Copilot/Copilot.yaml" + path: ./ruleset/copilot.yaml + interval: 86400 + timeout: 50000 + + openai: + type: http + behavior: classical + url: "https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Clash/OpenAI/OpenAI.yaml" + path: ./ruleset/openai.yaml + interval: 86400 + timeout: 50000 + + # ── 自托管规则集 (Gitea) ── + ai-services: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/ai-services.yaml + path: ./ruleset/ai-services.yaml + + huggingface: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/huggingface.yaml + path: ./ruleset/huggingface.yaml + + high-traffic: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/high-traffic.yaml + path: ./ruleset/high-traffic.yaml + + exhentai-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/exhentai.yaml + path: ./ruleset/exhentai.yaml + + pt-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/pt.yaml + path: ./ruleset/pt.yaml + + steam-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/steam.yaml + path: ./ruleset/steam.yaml + + microsoft-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/microsoft.yaml + path: ./ruleset/microsoft-custom.yaml + + direct-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/direct.yaml + path: ./ruleset/direct-custom.yaml + + proxy-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/proxy.yaml + path: ./ruleset/proxy-custom.yaml + + tailscale-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/tailscale.yaml + path: ./ruleset/tailscale.yaml + + streaming-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/streaming.yaml + path: ./ruleset/streaming.yaml + + social-custom: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/social.yaml + path: ./ruleset/social.yaml + + jp-content: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/jp-content.yaml + path: ./ruleset/jp-content.yaml + + google-all: + type: http + behavior: classical + url: http://192.168.51.11:3000/oruke/resources/raw/branch/main/clash/ruleset/google-all.yaml + path: ./ruleset/google-all.yaml + +# ══════════════════════════════════════════════════════════ +# 分流规则 (按优先级从高到低) +# ══════════════════════════════════════════════════════════ +rules: + + # ─── 家庭内网 (Tailscale 网段 + 特定节点 + 局域网) ─── + - IP-CIDR,100.64.0.0/10,🏡 家庭内网,no-resolve + - IP-CIDR,100.121.62.2/32,🏡 家庭内网,no-resolve + - IP-CIDR,100.100.197.116/32,🏡 家庭内网,no-resolve + - IP-CIDR,100.94.64.53/32,🏡 家庭内网,no-resolve + - IP-CIDR,192.168.51.0/24,🏡 家庭内网,no-resolve + - DOMAIN-SUFFIX,tail87372.ts.net,🏡 家庭内网 + + # ─── Tailscale 强制直连 (最高优先,防止打洞失败) ─── + # 域名规则只能匹配控制面,打洞UDP是纯IP连接,必须用进程名全局绕过 + - PROCESS-NAME,tailscaled,DIRECT + - RULE-SET,tailscale-custom,Tailscale + + # ─── Google 全家桶 (必须在 reject/direct 之前!) ─── + - RULE-SET,google-all,Google + + # ─── 广告拦截 ─── + - RULE-SET,reject,REJECT + + # ─── 直连 (局域网、国内) ─── + - RULE-SET,private,DIRECT + - RULE-SET,lancidr,DIRECT + - RULE-SET,cncidr,DIRECT + - RULE-SET,direct,DIRECT + - RULE-SET,direct-custom,DIRECT + + # ─── AI 服务 (非Google的AI:OpenAI/Claude/Copilot等) ─── + - RULE-SET,ai-services,AI + - RULE-SET,openai,AI + - RULE-SET,copilot,AI + + # ─── 流媒体 (视频/音频串流,YouTube已在Google组) ─── + - RULE-SET,streaming-custom,流媒体 + + # ─── 日系站点 (DLsite/Pixiv/DMM/Niconico,建议选日本节点) ─── + - RULE-SET,jp-content,日系站点 + + # ─── Exhentai (避开日本节点,荷兰最佳) ─── + - RULE-SET,exhentai-custom,Exhentai + + # ─── 大文件下载 (GitHub/Docker/npm/Steam/HuggingFace...) ─── + - RULE-SET,high-traffic,大文件下载 + - RULE-SET,huggingface,大文件下载 + - RULE-SET,steam-custom,大文件下载 + + # ─── 社交通讯 (Discord/Twitter/Reddit/Telegram...) ─── + - RULE-SET,social-custom,社交通讯 + - RULE-SET,telegramcidr,社交通讯 + + # ─── PT站点 (网页+Tracker域名走代理) ─── + - RULE-SET,pt-custom,PT站点 + + # ─── BT客户端进程直连 (放在PT之后!PT域名先匹配代理,剩余BT流量走直连) ─── + - RULE-SET,applications,DIRECT + + # ─── 平台服务 ─── + - RULE-SET,icloud,Apple + - RULE-SET,apple,Apple + - RULE-SET,microsoft-custom,Microsoft + - RULE-SET,microsoft,Microsoft + + # ─── 通用代理 ─── + - RULE-SET,proxy-custom,PROXY + - RULE-SET,tld-not-cn,PROXY + - RULE-SET,proxy,PROXY + - RULE-SET,gfw,PROXY + + # ─── 兜底 ─── + - MATCH,漏网之鱼