diff --git a/resources/rules/app.clash.yaml b/resources/rules/app.clash.yaml index 5fd3468b..8a38d677 100644 --- a/resources/rules/app.clash.yaml +++ b/resources/rules/app.clash.yaml @@ -1,14 +1,38 @@ -port: 7890 -socks-port: 7891 +# port: 7890 +# socks-port: 7891 # redir-port: 7892 # tproxy-port: 7893 -# mixed-port: 7890 +mixed-port: 7890 allow-lan: true bind-address: "*" mode: rule log-level: info external-controller: 127.0.0.1:9090 +dns: + enable: true + # listen: 0.0.0.0:53 + ipv6: false + + default-nameserver: + - 223.5.5.5 + - 119.29.29.29 + enhanced-mode: redir-host + fake-ip-range: 198.18.0.1/16 + use-hosts: true + nameserver: + - https://doh.pub/dns-query + - https://dns.alidns.com/dns-query + fallback: + - tls://1.0.0.1:853 + - https://cloudflare-dns.com/dns-query + - https://dns.google/dns-query + fallback-filter: + geoip: true + ipcidr: + - 240.0.0.0/4 + - 0.0.0.0/32 + proxies: proxy-groups: @@ -17,34 +41,48 @@ proxy-groups: - { name: "故障转移", type: fallback, proxies: [], url: "http://www.gstatic.com/generate_204", interval: 7200 } rules: + # 自定义规则 + ## 您可以在此处插入您补充的自定义规则(请注意保持缩进) + + # Google 中国服务 + - DOMAIN-SUFFIX,services.googleapis.cn,SELECT + - DOMAIN-SUFFIX,xn--ngstr-lra8j.com,SELECT + # Apple - DOMAIN,safebrowsing.urlsec.qq.com,DIRECT # 如果您并不信任此服务提供商或防止其下载消耗过多带宽资源,可以进入 Safari 设置,关闭 Fraudulent Website Warning 功能,并使用 REJECT 策略。 - DOMAIN,safebrowsing.googleapis.com,DIRECT # 如果您并不信任此服务提供商或防止其下载消耗过多带宽资源,可以进入 Safari 设置,关闭 Fraudulent Website Warning 功能,并使用 REJECT 策略。 - - DOMAIN,ocsp.apple.com,SELECT + - DOMAIN,developer.apple.com,SELECT - DOMAIN-SUFFIX,digicert.com,SELECT - - DOMAIN-SUFFIX,entrust.net,SELECT + - DOMAIN,ocsp.apple.com,SELECT + - DOMAIN,ocsp.comodoca.com,SELECT + - DOMAIN,ocsp.usertrust.com,SELECT + - DOMAIN,ocsp.sectigo.com,SELECT - DOMAIN,ocsp.verisign.net,SELECT - - DOMAIN-SUFFIX,apps.apple.com,SELECT + - DOMAIN-SUFFIX,apple-dns.net,SELECT + - DOMAIN,testflight.apple.com,SELECT + - DOMAIN,sandbox.itunes.apple.com,SELECT - DOMAIN,itunes.apple.com,SELECT + - DOMAIN-SUFFIX,apps.apple.com,SELECT - DOMAIN-SUFFIX,blobstore.apple.com,SELECT - - DOMAIN-SUFFIX,music.apple.com,DIRECT + - DOMAIN,cvws.icloud-content.com,SELECT - DOMAIN-SUFFIX,mzstatic.com,DIRECT - DOMAIN-SUFFIX,itunes.apple.com,DIRECT - DOMAIN-SUFFIX,icloud.com,DIRECT - DOMAIN-SUFFIX,icloud-content.com,DIRECT - DOMAIN-SUFFIX,me.com,DIRECT - - DOMAIN-SUFFIX,mzstatic.com,DIRECT - - DOMAIN-SUFFIX,akadns.net,DIRECT - DOMAIN-SUFFIX,aaplimg.com,DIRECT + - DOMAIN-SUFFIX,cdn20.com,DIRECT - DOMAIN-SUFFIX,cdn-apple.com,DIRECT + - DOMAIN-SUFFIX,akadns.net,DIRECT + - DOMAIN-SUFFIX,akamaiedge.net,DIRECT + - DOMAIN-SUFFIX,edgekey.net,DIRECT + - DOMAIN-SUFFIX,mwcloudcdn.com,DIRECT + - DOMAIN-SUFFIX,mwcname.com,DIRECT - DOMAIN-SUFFIX,apple.com,DIRECT - DOMAIN-SUFFIX,apple-cloudkit.com,DIRECT + - DOMAIN-SUFFIX,apple-mapkit.com,DIRECT # - DOMAIN,e.crashlytics.com,REJECT //注释此选项有助于大多数App开发者分析崩溃信息;如果您拒绝一切崩溃数据统计、搜集,请取消 # 注释。 - - # 自定义规则 - ## 您可以在此处插入您补充的自定义规则(请注意保持缩进) - # 国内网站 - DOMAIN-SUFFIX,cn,DIRECT - DOMAIN-KEYWORD,-cn,DIRECT @@ -58,7 +96,6 @@ rules: - DOMAIN-SUFFIX,acfun.tv,DIRECT - DOMAIN-SUFFIX,air-matters.com,DIRECT - DOMAIN-SUFFIX,aixifan.com,DIRECT - - DOMAIN-SUFFIX,akamaized.net,DIRECT - DOMAIN-KEYWORD,alicdn,DIRECT - DOMAIN-KEYWORD,alipay,DIRECT - DOMAIN-KEYWORD,taobao,DIRECT @@ -90,7 +127,6 @@ rules: - DOMAIN-SUFFIX,godic.net,DIRECT - DOMAIN-SUFFIX,gtimg.com,DIRECT - DOMAIN,cdn.hockeyapp.net,DIRECT - - DOMAIN-SUFFIX,hdslb.com,DIRECT - DOMAIN-SUFFIX,hongxiu.com,DIRECT - DOMAIN-SUFFIX,hxcdn.net,DIRECT - DOMAIN-SUFFIX,iciba.com,DIRECT @@ -202,21 +238,24 @@ rules: - DOMAIN-KEYWORD,adsrvmedia,REJECT - DOMAIN-KEYWORD,adwords,REJECT - DOMAIN-KEYWORD,adservice,REJECT + - DOMAIN-SUFFIX,appsflyer.com,REJECT - DOMAIN-KEYWORD,domob,REJECT + - DOMAIN-SUFFIX,doubleclick.net,REJECT - DOMAIN-KEYWORD,duomeng,REJECT - DOMAIN-KEYWORD,dwtrack,REJECT - DOMAIN-KEYWORD,guanggao,REJECT - DOMAIN-KEYWORD,lianmeng,REJECT - DOMAIN-SUFFIX,mmstat.com,REJECT + - DOMAIN-KEYWORD,mopub,REJECT - DOMAIN-KEYWORD,omgmta,REJECT - DOMAIN-KEYWORD,openx,REJECT - DOMAIN-KEYWORD,partnerad,REJECT - DOMAIN-KEYWORD,pingfore,REJECT - DOMAIN-KEYWORD,supersonicads,REJECT - - DOMAIN-KEYWORD,tracking,REJECT - DOMAIN-KEYWORD,uedas,REJECT - DOMAIN-KEYWORD,umeng,REJECT - DOMAIN-KEYWORD,usage,REJECT + - DOMAIN-SUFFIX,vungle.com,REJECT - DOMAIN-KEYWORD,wlmonitor,REJECT - DOMAIN-KEYWORD,zjtoolbar,REJECT @@ -225,6 +264,7 @@ rules: - DOMAIN-SUFFIX,abpchina.org,SELECT - DOMAIN-SUFFIX,adblockplus.org,SELECT - DOMAIN-SUFFIX,adobe.com,SELECT + - DOMAIN-SUFFIX,akamaized.net,SELECT - DOMAIN-SUFFIX,alfredapp.com,SELECT - DOMAIN-SUFFIX,amplitude.com,SELECT - DOMAIN-SUFFIX,ampproject.org,SELECT @@ -492,18 +532,38 @@ rules: # Telegram - DOMAIN-SUFFIX,telegra.ph,SELECT - DOMAIN-SUFFIX,telegram.org,SELECT - - IP-CIDR,91.108.4.0/22,SELECT,no-resolve - - IP-CIDR,91.108.8.0/22,SELECT,no-resolve - - IP-CIDR,91.108.12.0/22,SELECT,no-resolve + - IP-CIDR,91.108.8.0/21,SELECT,no-resolve - IP-CIDR,91.108.16.0/22,SELECT,no-resolve - IP-CIDR,91.108.56.0/22,SELECT,no-resolve - - IP-CIDR,149.154.160.0/22,SELECT,no-resolve - - IP-CIDR,149.154.164.0/22,SELECT,no-resolve - - IP-CIDR,149.154.168.0/22,SELECT,no-resolve - - IP-CIDR,149.154.172.0/22,SELECT,no-resolve + - IP-CIDR,149.154.160.0/20,SELECT,no-resolve + - IP-CIDR6,2001:67c:4e8::/48,SELECT,no-resolve + - IP-CIDR6,2001:b28:f23d::/48,SELECT,no-resolve + - IP-CIDR6,2001:b28:f23f::/48,SELECT,no-resolve + + # Google 中国服务 services.googleapis.cn + - IP-CIDR,120.232.181.162/32,SELECT,no-resolve + - IP-CIDR,120.241.147.226/32,SELECT,no-resolve + - IP-CIDR,120.253.253.226/32,SELECT,no-resolve + - IP-CIDR,120.253.255.162/32,SELECT,no-resolve + - IP-CIDR,120.253.255.34/32,SELECT,no-resolve + - IP-CIDR,120.253.255.98/32,SELECT,no-resolve + - IP-CIDR,180.163.150.162/32,SELECT,no-resolve + - IP-CIDR,180.163.150.34/32,SELECT,no-resolve + - IP-CIDR,180.163.151.162/32,SELECT,no-resolve + - IP-CIDR,180.163.151.34/32,SELECT,no-resolve + - IP-CIDR,203.208.39.0/24,SELECT,no-resolve + - IP-CIDR,203.208.40.0/24,SELECT,no-resolve + - IP-CIDR,203.208.41.0/24,SELECT,no-resolve + - IP-CIDR,203.208.43.0/24,SELECT,no-resolve + - IP-CIDR,203.208.50.0/24,SELECT,no-resolve + - IP-CIDR,220.181.174.162/32,SELECT,no-resolve + - IP-CIDR,220.181.174.226/32,SELECT,no-resolve + - IP-CIDR,220.181.174.34/32,SELECT,no-resolve # LAN + - DOMAIN,injections.adguard.org,DIRECT + - DOMAIN,local.adguard.org,DIRECT - DOMAIN-SUFFIX,local,DIRECT - IP-CIDR,127.0.0.0/8,DIRECT - IP-CIDR,172.16.0.0/12,DIRECT @@ -511,6 +571,8 @@ rules: - IP-CIDR,10.0.0.0/8,DIRECT - IP-CIDR,17.0.0.0/8,DIRECT - IP-CIDR,100.64.0.0/10,DIRECT + - IP-CIDR,224.0.0.0/4,DIRECT + - IP-CIDR6,fe80::/10,DIRECT # 最终规则 - GEOIP,CN,DIRECT diff --git a/resources/rules/default.clash.yaml b/resources/rules/default.clash.yaml index 586570b6..6e51603a 100644 --- a/resources/rules/default.clash.yaml +++ b/resources/rules/default.clash.yaml @@ -44,6 +44,10 @@ rules: # 自定义规则 ## 您可以在此处插入您补充的自定义规则(请注意保持缩进) + # Google 中国服务 + - DOMAIN-SUFFIX,services.googleapis.cn,$app_name + - DOMAIN-SUFFIX,xn--ngstr-lra8j.com,$app_name + # Apple - DOMAIN,safebrowsing.urlsec.qq.com,DIRECT # 如果您并不信任此服务提供商或防止其下载消耗过多带宽资源,可以进入 Safari 设置,关闭 Fraudulent Website Warning 功能,并使用 REJECT 策略。 - DOMAIN,safebrowsing.googleapis.com,DIRECT # 如果您并不信任此服务提供商或防止其下载消耗过多带宽资源,可以进入 Safari 设置,关闭 Fraudulent Website Warning 功能,并使用 REJECT 策略。 @@ -537,6 +541,26 @@ rules: - IP-CIDR6,2001:b28:f23d::/48,$app_name,no-resolve - IP-CIDR6,2001:b28:f23f::/48,$app_name,no-resolve + # Google 中国服务 services.googleapis.cn + - IP-CIDR,120.232.181.162/32,$app_name,no-resolve + - IP-CIDR,120.241.147.226/32,$app_name,no-resolve + - IP-CIDR,120.253.253.226/32,$app_name,no-resolve + - IP-CIDR,120.253.255.162/32,$app_name,no-resolve + - IP-CIDR,120.253.255.34/32,$app_name,no-resolve + - IP-CIDR,120.253.255.98/32,$app_name,no-resolve + - IP-CIDR,180.163.150.162/32,$app_name,no-resolve + - IP-CIDR,180.163.150.34/32,$app_name,no-resolve + - IP-CIDR,180.163.151.162/32,$app_name,no-resolve + - IP-CIDR,180.163.151.34/32,$app_name,no-resolve + - IP-CIDR,203.208.39.0/24,$app_name,no-resolve + - IP-CIDR,203.208.40.0/24,$app_name,no-resolve + - IP-CIDR,203.208.41.0/24,$app_name,no-resolve + - IP-CIDR,203.208.43.0/24,$app_name,no-resolve + - IP-CIDR,203.208.50.0/24,$app_name,no-resolve + - IP-CIDR,220.181.174.162/32,$app_name,no-resolve + - IP-CIDR,220.181.174.226/32,$app_name,no-resolve + - IP-CIDR,220.181.174.34/32,$app_name,no-resolve + # LAN - DOMAIN,injections.adguard.org,DIRECT - DOMAIN,local.adguard.org,DIRECT diff --git a/resources/rules/default.surfboard.conf b/resources/rules/default.surfboard.conf index 7b83d334..eccef2af 100644 --- a/resources/rules/default.surfboard.conf +++ b/resources/rules/default.surfboard.conf @@ -34,6 +34,10 @@ DOMAIN-SUFFIX,technews.tw,Proxy # 强制订阅域名直连 DOMAIN,$subs_domain,DIRECT +# Google 中国服务 +DOMAIN-SUFFIX,services.googleapis.cn,Proxy +DOMAIN-SUFFIX,xn--ngstr-lra8j.com,Proxy + # 实用规则片段集 # RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-News.list,Proxy RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-proxy.list,Proxy @@ -43,6 +47,26 @@ RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Su RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/foreign.list,Proxy RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/App/social/Telegram.list,Proxy +# Google 中国服务 services.googleapis.cn +IP-CIDR,120.232.181.162/32,Proxy,no-resolve +IP-CIDR,120.241.147.226/32,Proxy,no-resolve +IP-CIDR,120.253.253.226/32,Proxy,no-resolve +IP-CIDR,120.253.255.162/32,Proxy,no-resolve +IP-CIDR,120.253.255.34/32,Proxy,no-resolve +IP-CIDR,120.253.255.98/32,Proxy,no-resolve +IP-CIDR,180.163.150.162/32,Proxy,no-resolve +IP-CIDR,180.163.150.34/32,Proxy,no-resolve +IP-CIDR,180.163.151.162/32,Proxy,no-resolve +IP-CIDR,180.163.151.34/32,Proxy,no-resolve +IP-CIDR,203.208.39.0/24,Proxy,no-resolve +IP-CIDR,203.208.40.0/24,Proxy,no-resolve +IP-CIDR,203.208.41.0/24,Proxy,no-resolve +IP-CIDR,203.208.43.0/24,Proxy,no-resolve +IP-CIDR,203.208.50.0/24,Proxy,no-resolve +IP-CIDR,220.181.174.162/32,Proxy,no-resolve +IP-CIDR,220.181.174.226/32,Proxy,no-resolve +IP-CIDR,220.181.174.34/32,Proxy,no-resolve + # LAN DOMAIN-SUFFIX,local,DIRECT IP-CIDR,127.0.0.0/8,DIRECT diff --git a/resources/rules/default.surge.conf b/resources/rules/default.surge.conf index be8a06c3..92cb7829 100644 --- a/resources/rules/default.surge.conf +++ b/resources/rules/default.surge.conf @@ -59,6 +59,10 @@ fallback = fallback, $proxy_group, url=http://www.gstatic.com/generate_204, inte # 强制订阅域名直连 DOMAIN,$subs_domain,DIRECT +# Google 中国服务 +DOMAIN-SUFFIX,services.googleapis.cn,Proxy +DOMAIN-SUFFIX,xn--ngstr-lra8j.com,Proxy + # 实用规则片段集 # RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-News.list,Proxy RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/Apple-proxy.list,Proxy @@ -67,6 +71,27 @@ RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Su RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/common-ad-keyword.list,REJECT-TINYGIF RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/Basic/foreign.list,Proxy RULE-SET,https://cdn.jsdelivr.net/gh/Hackl0us/SS-Rule-Snippet@master/Rulesets/Surge/App/social/Telegram.list,Proxy + +# Google 中国服务 services.googleapis.cn +IP-CIDR,120.232.181.162/32,Proxy,no-resolve +IP-CIDR,120.241.147.226/32,Proxy,no-resolve +IP-CIDR,120.253.253.226/32,Proxy,no-resolve +IP-CIDR,120.253.255.162/32,Proxy,no-resolve +IP-CIDR,120.253.255.34/32,Proxy,no-resolve +IP-CIDR,120.253.255.98/32,Proxy,no-resolve +IP-CIDR,180.163.150.162/32,Proxy,no-resolve +IP-CIDR,180.163.150.34/32,Proxy,no-resolve +IP-CIDR,180.163.151.162/32,Proxy,no-resolve +IP-CIDR,180.163.151.34/32,Proxy,no-resolve +IP-CIDR,203.208.39.0/24,Proxy,no-resolve +IP-CIDR,203.208.40.0/24,Proxy,no-resolve +IP-CIDR,203.208.41.0/24,Proxy,no-resolve +IP-CIDR,203.208.43.0/24,Proxy,no-resolve +IP-CIDR,203.208.50.0/24,Proxy,no-resolve +IP-CIDR,220.181.174.162/32,Proxy,no-resolve +IP-CIDR,220.181.174.226/32,Proxy,no-resolve +IP-CIDR,220.181.174.34/32,Proxy,no-resolve + RULE-SET,LAN,DIRECT # 最终规则