-
Notifications
You must be signed in to change notification settings - Fork 0
/
premium.yaml
260 lines (223 loc) · 9.14 KB
/
premium.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
# Port of HTTP(S) proxy server on the local end
# port: 7890
# Port of SOCKS5 proxy server on the local end
# socks-port: 7891
# Transparent proxy server port for Linux and macOS
# redir-port: 7892
# HTTP(S) and SOCKS5 server on the same port
mixed-port: 7890
# authentication of local SOCKS5/HTTP(S) server
# authentication:
# - "user1:pass1"
# - "user2:pass2"
# Set to true to allow connections to local-end server from
# other LAN IP addresses
allow-lan: true
# This is only applicable when `allow-lan` is `true`
# '*': bind all IP addresses
# 192.168.122.11: bind a single IPv4 address
# "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address
bind-address: '*'
mode: rule
log-level: info
# When set to false, resolver won't translate hostnames to IPv6 addresses
ipv6: false
external-controller: 127.0.0.1:9090
# A relative path to the configuration directory or an absolute path to a
# directory in which you put some static web resource. Clash core will then
# serve it at `${API}/ui`.
# external-ui: folder
# Secret for the RESTful API (optional)
# Authenticate by spedifying HTTP header `Authorization: Bearer ${secret}`
# ALWAYS set a secret if RESTful API is listening on 0.0.0.0
# secret: ""
# Outbound interface name
# interface-name: en0
# Static hosts for DNS server and connection establishment, only works
# when `dns.enhanced-mode` is `redir-host`.
#
# Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com)
# Non-wildcard domain names has a higher priority than wildcard domain names
# e.g. foo.example.com > *.example.com > .example.com
# P.S. +.foo.com equals to .foo.com and foo.com
hosts:
'mtalk.google.com': 108.177.125.188
# '*.clash.dev': 127.0.0.1
# '.dev': 127.0.0.1
# 'alpha.clash.dev': '::1'
# DNS server settings
# This section is optional. When not present, DNS server will be disabled.
dns:
enable: false
listen: 0.0.0.0:53
# ipv6: false # when false, response to AAAA questions will be empty
# These nameservers are used to resolve the DNS nameserver hostnames below.
# Specify IP addresses only
default-nameserver:
- 119.29.29.29
- 1.0.0.1
enhanced-mode: redir-host # or fake-ip
# fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR
# Hostnames in this list will not be resolved with fake IPs
# i.e. questions to these domain names will always be answered with their
# real IP addresses
# fake-ip-filter:
# - '*.lan'
# - localhost.ptlogin2.qq.com
# Supports UDP, TCP, DoT, DoH. You can specify the port to connect to.
# All DNS questions are sent directly to the nameserver, without proxies
# involved. Clash answers the DNS question with the first result gathered.
nameserver:
- 119.29.29.29
# - tls://dns.rubyfish.cn:853 # DNS over TLS
# - https://1.1.1.1/dns-query # DNS over HTTPS
# When `fallback` is present, the DNS server will send concurrent requests
# to the servers in this section along with servers in `nameservers`.
# The answers from fallback servers are used when the GEOIP country
# is not `CN`.
fallback:
- https://cloudflare-dns.com/dns-query
# If IP addresses resolved with servers in `nameservers` are in the specified
# subnets below, they are considered invalid and results from `fallback`
# servers are used instead.
#
# IP address resolved with servers in `nameserver` is used when
# `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`.
#
# If `fallback-filter.geoip` is false, results from `fallback` nameservers
# are always used, and answers from `nameservers` are discarded.
#
# This is a countermeasure against DNS pollution attacks.
fallback-filter:
geoip: true
ipcidr:
# - 240.0.0.0/4
proxies:
# - {name: 🇯🇵 苏日, server: 43.248.130.174, port: 38591, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇯🇵 沪日, server: 43.248.130.173, port: 32331, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇭🇰 沪港, server: 43.248.130.173, port: 47196, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇰🇷 沪韩, server: 43.248.130.173, port: 39550, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇸🇬 沪新, server: 43.248.130.173, port: 11476, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇺🇸 沪美, server: 43.248.130.173, port: 23161, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇩🇪 沪德, server: 43.248.130.173, port: 13683, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇭🇰 莞港, server: 211.99.100.91, port: 16544, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇨🇳 莞台, server: 211.99.100.91, port: 58387, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇸🇬 莞新, server: 211.99.100.91, port: 21111, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
- {name: 🇦🇺 莞澳, server: 211.99.100.91, port: 36396, type: ss, cipher: aes-128-gcm, password: qazwsx123456}
proxy-groups:
# 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md
#
# 策略组说明
#
# 「MATCH」类似 Surge 的「Final」,此处用于选择白名单模式(PROXY 策略)和黑名单模式(DIRECT 策略)
#
# 「Streaming」和「StreamingSE」比较好理解,有专用于流媒体的节点就设置到其中,如果没有「StreamingSE」的需求可以连带 Rule 部分一起删掉,「Streaming」需至少保留 Rule,用「PROXY」即可。
#
# 「PROXY」是代理规则策略,它可以指定为某个节点或嵌套一个其他策略组,如:「自动测试」、「Fallback」或「负载均衡」的策略组,关于这 3 个策略组的具体示例可以看官方示例:https://github.com/Dreamacro/clash
#
# Fallback 比较实用的策略组类型,用于测试服务器节点的可用性,当第一个节点不可用时切换到第二个,以此类推。
# 代理节点选择
- name: "PROXY"
type: select
proxies:
# - 🇯🇵 苏日
- 🇯🇵 沪日
- 🇭🇰 沪港
- 🇰🇷 沪韩
- 🇸🇬 沪新
- 🇺🇸 沪美
- 🇩🇪 沪德
- 🇭🇰 莞港
- 🇨🇳 莞台
- 🇸🇬 莞新
- 🇦🇺 莞澳
# 白名单模式 PROXY, 黑名单模式 DIRECT, 不知道别动
- name: "MATCH"
type: select
proxies:
- PROXY
- DIRECT
# 国际流媒体服务
- name: "Streaming"
type: select
proxies:
- PROXY
- DIRECT
# 中国流媒体服务(面向海外版本)
- name: "StreamingSE"
type: select
proxies:
- DIRECT
- PROXY
# 关于 Rule Provider 请查阅:https://lancellc.gitbook.io/clash/clash-config-file/rule-provider
rule-providers:
# name: # Provider 名称
# type: http # http 或 file
# behavior: classical # 或 ipcidr、domain
# path: # 文件路径
# url: # 只有当类型为 HTTP 时才可用,您不需要在本地空间中创建新文件。
# interval: # 自动更新间隔,仅在类型为 HTTP 时可用
Unbreak:
type: http
behavior: classical
path: ./RuleSet/Unbreak.yaml
url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Unbreak.yaml
interval: 86400
Streaming:
type: http
behavior: classical
path: ./RuleSet/StreamingMedia/Streaming.yaml
url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/StreamingMedia/Streaming.yaml
interval: 86400
StreamingSE:
type: http
behavior: classical
path: ./RuleSet/StreamingMedia/StreamingSE.yaml
url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/StreamingMedia/StreamingSE.yaml
interval: 86400
Global:
type: http
behavior: classical
path: ./RuleSet/Global.yaml
url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Global.yaml
interval: 86400
China:
type: http
behavior: classical
path: ./RuleSet/China.yaml
url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/China.yaml
interval: 86400
ChinaIP:
type: http
behavior: ipcidr
path: ./RuleSet/Extra/ChinaIP.yaml
url: https://cdn.jsdelivr.net/gh/DivineEngine/Profiles@master/Clash/RuleSet/Extra/ChinaIP.yaml
interval: 86400
# 规则
rules:
# Unbreak
- RULE-SET,Unbreak,DIRECT
# Global Area Network
# (Streaming Media)
- RULE-SET,Streaming,Streaming
# (StreamingSE)
- RULE-SET,StreamingSE,StreamingSE
# (DNS Cache Pollution) / (IP Blackhole) / (Region-Restricted Access Denied) / (Network Jitter)
- RULE-SET,Global,PROXY
# China Area Network
- RULE-SET,China,DIRECT
# Local Area Network
- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,172.16.0.0/12,DIRECT
- IP-CIDR,127.0.0.0/8,DIRECT
- IP-CIDR,100.64.0.0/10,DIRECT
- IP-CIDR,224.0.0.0/4,DIRECT
#(可选)使用来自 ipipdotnet 的 ChinaIP 以解决数据不准确的问题,使用 ChinaIP.yaml 时可禁用下列直至(包括)「GEOIP,CN」规则
- RULE-SET,ChinaIP,DIRECT
# Tencent
- IP-CIDR,119.28.28.28/32,DIRECT
- IP-CIDR,182.254.116.0/24,DIRECT
# GeoIP China
# - GEOIP,CN,DIRECT
- MATCH,MATCH