log: level: info dns: servers: - tag: cloudflare address: tcp://1.1.1.1 strategy: ipv4_only #~~已被mixed入站的domain_strategy覆盖,但是如果是tun-in则还是ipv4_only~~ 已将mixed-in与tun-in请求分开缓存,详见https://github.com/w311ang/mysingboxconverter/blob/main/singboxconverter.py detour: Proxies - tag: cloudflare_Global address: https://94.140.14.140/dns-query #https://1.1.1.1/dns-query已被审计,现使用未过滤adguard dns strategy: ipv4_only detour: Proxies - tag: cloudflare_审计 address: tcp://1.1.1.1 strategy: ipv4_only detour: 审计 - tag: cloudflare_AI address: tcp://1.1.1.1 strategy: ipv4_only detour: AI(OpenAI, Claude) - tag: cloudflare_Google address: tcp://1.1.1.1 strategy: ipv4_only detour: Google - tag: cloudflare_TikTok address: tcp://1.1.1.1 strategy: ipv4_only detour: TikTok - tag: cloudflare_YouTube address: tcp://1.1.1.1 strategy: ipv4_only detour: YouTube - tag: cloudflare_Wikipedia address: tcp://1.1.1.1 strategy: ipv4_only detour: Wikipedia - tag: cloudflare_巴哈姆特 address: tcp://1.1.1.1 strategy: ipv4_only detour: 巴哈姆特 - tag: cloudflare_Amazon address: tcp://1.1.1.1 strategy: ipv4_only detour: Amazon - tag: cloudflare_LINUXDO address: tcp://1.1.1.1 strategy: ipv4_only detour: LINUX DO - tag: cloudflare_LINE address: tcp://1.1.1.1 strategy: ipv4_only detour: LINE - tag: cloudflare_EpicGames address: tcp://1.1.1.1 strategy: ipv4_only detour: Epic Games - tag: local address: udp://223.5.5.5 #最好是dhcp://auto detour: direct - tag: system address: local - tag: block address: rcode://refused rules: - outbound: any server: local - inbound: 审计checker-in server: cloudflare - inbound: 审计checker_无审计-in server: cloudflare_审计 - clash_mode: Direct server: local - clash_mode: Global server: cloudflare_Global - domain_suffix: - .lan - .local server: system - query_type: SVCB server: block - rule_set: Bypass server: local - rule_set: Proxy server: cloudflare - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-audit - rule_set: geosite-geolocation-cn invert: true server: cloudflare_审计 - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: - geosite-openai - geosite-claude domain: - cdn.auth0.com server: cloudflare_AI - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: Google server: cloudflare_Google - type: logical mode: and rules: - clash_mode: Nonrule invert: true - type: logical mode: or rules: - package_name: com.zhiliaoapp.musically - rule_set: geosite-tiktok server: cloudflare_TikTok - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-youtube server: cloudflare_YouTube - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-wikimedia server: cloudflare_Wikipedia - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-bahamut server: cloudflare_巴哈姆特 - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-amazon - domain_suffix: - cloudfront.net invert: true server: cloudflare_Amazon - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-linuxdo server: cloudflare_LINUXDO - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-line server: cloudflare_LINE - type: logical mode: and rules: - clash_mode: Nonrule invert: true - rule_set: geosite-epicgames server: cloudflare_EpicGames - rule_set: geosite-geolocation-!cn server: cloudflare - rule_set: - geosite-geolocation-cn - geoip-cn server: local - type: logical mode: or rules: - clash_mode: Rule - clash_mode: Nonrule server: cloudflare independent_cache: true #在tun-in和mixed-in dns请求分开缓存的情况下必须启用 reverse_mapping: true #解决只靠嗅探udp嗅探不出域名而只用ip分流的问题 inbounds: - type: mixed tag: mixed-in listen: 127.0.0.1 listen_port: 1080 sniff: true # 避免不解析域名直接通过域名分流,导致geoip规则失效。实际dns解析还是按照dns解析规则但strategy已被覆盖成prefer_ipv4,也是为什么不用prefer_ipv6原因 # 似乎singbox是并行解析a与aaaa,当弱网时很有可能只解析出aaaa而无a,故又改回ipv4_only domain_strategy: ipv4_only - type: tun tag: tun-in address: - 172.18.0.1/30 - fdfe:dcba:9876::1/126 #像是Facebook这种不使用DNS来解析域名的,会以为支持ipv6而硬上,但节点不支持导致连接被关闭 auto_route: true strict_route: true platform: http_proxy: enabled: true #导致chrome访问NXDOMAIN或其他原因不能访问的网站时只是提示PROXY_ERROR掩盖真实错误 server: 127.0.0.1 server_port: 1080 sniff: true route_exclude_address: #为了让局域网主机还能访问本机0.0.0.0服务器 - 192.168.0.0/16 - fc00::/7 - type: mixed tag: 审计checker-in listen: 127.0.0.1 listen_port: 1081 sniff: true domain_strategy: ipv4_only #仅仅只是为了将域名解析为IP发送给上游节点,模拟TUN代理情况 - type: mixed tag: 审计checker_无审计-in listen: 127.0.0.1 listen_port: 1082 sniff: true domain_strategy: ipv4_only #同上 outbounds: - type: selector tag: select outbounds: - auto - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: urltest tag: auto outbounds: [] interval: 1d idle_timeout: 1d - type: selector tag: Port22SSH outbounds: - direct - 审计 - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: 审计 outbounds: - Proxies - direct - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: AI(OpenAI, Claude) outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: Google outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: IPv6 outbounds: - direct - block - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: UDP outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: TikTok outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: YouTube outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: Wikipedia outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: 巴哈姆特 outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: Amazon outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: LINUX DO outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: LINE outbounds: - Proxies - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - type: selector tag: Epic Games outbounds: - Proxies - direct - Hong Kong - Singapore - Taiwan - United States interrupt_exist_connections: true - '%%新订阅select添加处%%' - type: selector tag: Proxies outbounds: - select - auto-Proxies interrupt_exist_connections: true - type: selector #urltest性能消耗大 tag: Hong Kong outbounds-regex: .*香港.* interrupt_exist_connections: true - type: selector tag: Singapore outbounds-regex: .*新加坡.* interrupt_exist_connections: true - type: selector tag: Taiwan outbounds-regex: .*台湾.* interrupt_exist_connections: true - type: selector tag: United States outbounds-regex: .*美国.* interrupt_exist_connections: true - type: urltest tag: auto-Proxies outbounds: [] interval: 1d idle_timeout: 1d - type: direct tag: direct - type: block tag: block - type: dns tag: dns-out route: rules: - inbound: 审计checker-in outbound: Proxies - inbound: 审计checker_无审计-in outbound: 审计 - clash_mode: Direct outbound: direct - type: logical mode: or rules: - port: 53 - protocol: dns outbound: dns-out - type: logical mode: and rules: - package_name: '%allow_doh%[]' invert: true - rule_set: geosite-audit_doh #屏蔽DoH防止DNS泄漏导致访问IPv6 outbound: block - port: 853 #屏蔽DoT outbound: block - clash_mode: Global outbound: Proxies - ip_is_private: true outbound: direct - rule_set: Bypass outbound: direct - type: logical mode: and rules: - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: - Proxy outbound: Proxies - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - type: logical mode: and rules: - rule_set: - geosite-audit - geosite-audit_doh #针对DoH的审计。因dns ip都固定,无需dns规则还可以避免提前解析 - rule_set: geosite-geolocation-cn invert: true outbound: 审计 - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: - geosite-openai - geosite-claude domain: - cdn.auth0.com outbound: AI(OpenAI, Claude) - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: Google outbound: Google - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - type: logical mode: or rules: - package_name: com.zhiliaoapp.musically - rule_set: geosite-tiktok outbound: TikTok - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: geosite-youtube outbound: YouTube - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: geosite-wikimedia outbound: Wikipedia - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: geosite-bahamut outbound: 巴哈姆特 - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - type: logical mode: and rules: - rule_set: geosite-amazon - domain_suffix: - cloudfront.net invert: true outbound: Amazon - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: geosite-linuxdo outbound: LINUX DO - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: geosite-line outbound: LINE - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: geosite-epicgames outbound: Epic Games - type: logical mode: and rules: - clash_mode: Nonrule invert: true - network: udp invert: true - port: 22 invert: true - type: logical mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true invert: true - rule_set: - geosite-geolocation-!cn outbound: Proxies - type: logical mode: and rules: - rule_set: - geoip-cn - geosite-geolocation-cn - rule_set: - geosite-geolocation-!cn invert: true outbound: direct - type: logical mode: or rules: - network: udp port: - 443 - 80 - protocol: quic outbound: block - type: logical #检测ipv6 only域名 mode: and rules: - ip_cidr: ::/0 - ip_cidr: 0.0.0.0/0 invert: true outbound: IPv6 - network: udp outbound: UDP - port: 22 outbound: Port22SSH - type: logical mode: or rules: - clash_mode: Rule - clash_mode: Nonrule outbound: Proxies - process_name: #用以启用在ui中显示进程 - placeholder outbound: Proxies rule_set: - type: remote tag: geosite-geolocation-cn format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-cn.srs download_detour: auto - type: remote tag: geosite-geolocation-!cn format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-geolocation-!cn.srs download_detour: auto - type: remote tag: geoip-cn format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geoip/rule-set/geoip-cn.srs download_detour: auto - type: remote tag: geosite-openai format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-openai.srs download_detour: auto - type: remote tag: geosite-google format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-google.srs download_detour: auto - type: remote tag: geosite-google@cn format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-google@cn.srs download_detour: auto - type: inline tag: Google rules: - domain: - www.google.com - google.com - type: remote tag: geosite-tiktok format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-tiktok.srs download_detour: auto - type: remote tag: geosite-youtube format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-youtube.srs download_detour: auto - type: remote tag: geosite-wikimedia format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-wikimedia.srs download_detour: auto - type: remote tag: geosite-audit format: binary url: https://raw.githubusercontent.com/w311ang/my_singbox_template/main/geosite-audit.srs download_detour: auto - type: remote tag: geosite-audit_doh format: binary url: https://raw.githubusercontent.com/w311ang/my_singbox_template/main/geosite-audit_doh.srs download_detour: auto - type: remote tag: geosite-bahamut format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-bahamut.srs download_detour: auto - type: remote tag: geosite-amazon format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-amazon.srs download_detour: auto - type: inline tag: Bypass rules: - domain: - www.pc528.net - type: inline tag: Proxy rules: - domain_suffix: - taptap.io - type: inline tag: geosite-linuxdo rules: - domain: - shared.oaifree.com - type: remote tag: geosite-claude format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-anthropic.srs download_detour: auto - type: remote tag: geosite-line format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-line.srs download_detour: auto - type: remote tag: geosite-epicgames format: binary url: https://raw.githubusercontent.com/SagerNet/sing-geosite/rule-set/geosite-epicgames.srs download_detour: auto auto_detect_interface: true experimental: cache_file: enabled: true store_rdrc: true clash_api: external_controller: 127.0.0.1:9090 external_ui: dashboard external_ui_download_detour: auto default_mode: Rule