两个注意点:
配置如下:
mixed-port: 7890
# Linux 和 macOS 的 redir 代理端口
redir-port: 7892
# 允许局域网的连接
allow-lan: true
# 规则模式:Rule (规则) / Global (全局代理)/ Direct (全局直连)
mode: rule
# 设置日志输出级别 (默认级别:silent ,即不输出任何内容,以避免因日志内容过大而导致程序内存溢出)。
# 5 个级别:silent / warning / error / info / debug 。级别越高日志输出量越大,越倾向于调试,若需要请自行开启。
log-level: info
# Clash 的 RESTful API
external-controller: '127.0.0.1:9091'
# RESTful API 的口令
secret: ''
tun:
enable: true
stack: mixed
dns-hijack:
- "any:53"
- "tcp://any:53"
auto-route: true
auto-redirect: true
auto-detect-interface: true
dns:
enable: true
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- "*"
- "+.lan"
- "+.local"
- "+.market.xiaomi.com"
nameserver:
- https://1.1.1.1/dns-query
- https://8.8.8.8/dns-query
proxy-server-nameserver: # 解析代理节点
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
nameserver-policy:
"geosite:cn,private":
- 223.5.5.5
- 119.29.29.29
# proxy provider start here
proxies:
- name: ss-in
type: ss
server:
port:
cipher: 2022-blake3-aes-128-gcm
password: <openssl rand -base64 16>
udp: true
proxy-providers:
sub-1:
type: http
url:
interval: 3600
sub-2:
type: http
url:
interval: 3600
# proxy provider end
proxy-groups:
- name: 自动选择
type: url-test
url: 'http://www.gstatic.com/generate_204'
interval: 300
use:
- sub-1
- sub-2
- name: alias-sub-1
type: select
use:
- sub-1
rule-providers:
reject:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/reject.txt"
path: ./ruleset/reject.yaml
interval: 86400
icloud:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/icloud.txt"
path: ./ruleset/icloud.yaml
interval: 86400
apple:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/apple.txt"
path: ./ruleset/apple.yaml
interval: 86400
google:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/google.txt"
path: ./ruleset/google.yaml
interval: 86400
proxy:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/proxy.txt"
path: ./ruleset/proxy.yaml
interval: 86400
direct:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/direct.txt"
path: ./ruleset/direct.yaml
interval: 86400
private:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/private.txt"
path: ./ruleset/private.yaml
interval: 86400
gfw:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/gfw.txt"
path: ./ruleset/gfw.yaml
interval: 86400
tld-not-cn:
type: http
behavior: domain
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/tld-not-cn.txt"
path: ./ruleset/tld-not-cn.yaml
interval: 86400
telegramcidr:
type: http
behavior: ipcidr
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/telegramcidr.txt"
path: ./ruleset/telegramcidr.yaml
interval: 86400
cncidr:
type: http
behavior: ipcidr
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/cncidr.txt"
path: ./ruleset/cncidr.yaml
interval: 86400
lancidr:
type: http
behavior: ipcidr
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/lancidr.txt"
path: ./ruleset/lancidr.yaml
interval: 86400
applications:
type: http
behavior: classical
url: "https://raw.githubusercontent.com/Loyalsoldier/clash-rules/release/applications.txt"
path: ./ruleset/applications.yaml
interval: 86400
rules:
# ss-in
- IP-CIDR,192.168.31.0/24,ss-in,no-resolve
# custom rules
- DOMAIN-SUFFIX,freenom.com,DIRECT
# from rule-provider
- RULE-SET,applications,DIRECT
- DOMAIN,clash.razord.top,DIRECT
- DOMAIN,yacd.haishan.me,DIRECT
- RULE-SET,private,DIRECT
- RULE-SET,reject,REJECT
- RULE-SET,icloud,DIRECT
- RULE-SET,apple,DIRECT
- RULE-SET,google,自动选择
- RULE-SET,proxy,自动选择
- RULE-SET,direct,DIRECT
- RULE-SET,lancidr,DIRECT
- RULE-SET,cncidr,DIRECT
- RULE-SET,telegramcidr,自动选择
- GEOIP,LAN,DIRECT
- GEOIP,CN,DIRECT
- MATCH,自动选择
最后就是 DNS 泄露问题到底重不重要?翻了好多配置以及解析流程的文章,各有观点
1
evemoo OP 才发现 overwall 跑路了,上周买的都还没怎么用,淦!
|
2
MYDB 1 天前
dns 泄露看个人洁癖,重度洁癖的人不仅会全局 tun ,还会把设备的语言和时区都改成与节点对应的
|