#--------------------------------------------------------------------------------# # Clash 专家级配置文件 (适配 Clash.Meta 核心) # #--------------------------------------------------------------------------------# # # 本配置文件专为在中国大陆网络环境中使用而设计,旨在提供一套自动化、智能化、高可用性 # 的网络流量管理方案。 # # 核心特性: # 1. TUN 模式: 接管系统所有网络流量,实现真正的全局透明代理。 # 2. 规则集 (Rule Providers): 动态从网络加载和更新分流规则,免去手动维护烦恼。 # 3. 分割 DNS (Split DNS): 智能区分国内外域名解析,有效抗 DNS 污染,兼顾速度与准确性。 # 4. 逻辑化规则排序: 通过精心设计的规则匹配顺序,实现精确的流量控制。 # #--------------------------------------------------------------------------------# #----------------# # 常规配置 # #----------------# # HTTP 代理端口 port: 7890 # SOCKS5 代理端口 socks-port: 7891 # 允许局域网连接,设为 true 后,局域网内其他设备可将本机作为网关使用 allow-lan: true # 代理模式,rule 表示规则模式,是本配置的核心 mode: rule # 日志级别,info 级别提供了足够的信息且不过于冗长 log-level: info # 外部控制器,用于让 GUI 客户端 (如 Clash Verge) 或 WebUI (如 yacd) 控制 Clash 核心 external-controller: '127.0.0.1:9090' # 外部 UI,指定一个 WebUI 面板的目录,'dashboard' 是一个常见的选择 # external-ui: dashboard #----------------# # DNS 配置 # #----------------# dns: enable: true listen: 127.0.0.1:53 ipv6: false enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 fake-ip-filter: - localhost - '*.lan' - '*.local' - '*.arpa' - time.*.com - ntp.*.com - +.market.xiaomi.com - localhost.ptlogin2.qq.com - '*.msftncsi.com' - www.msftconnecttest.com # [优化] 默认 DNS - 节点是 IP,可用海外 DNS # 仅用于解析 rule-providers 的 CDN 域名 (cdn.jsdelivr.net) default-nameserver: - 223.5.5.5 # 存在安全隐患,需要处理 - 119.29.29.29 # 存在安全隐患,需要处理 - 1.1.1.1 - 8.8.8.8 # [核心优化] 主 DNS - 海外加密 DNS 走专用代理组 # 通过 #🔰 DNS代理 强制所有海外 DNS 查询走代理 nameserver: - 'https://dns.google/dns-query#🔰 DNS代理' - 'https://cloudflare-dns.com/dns-query#🔰 DNS代理' - 'https://dns.quad9.net/dns-query#🔰 DNS代理' # Fallback DNS - 备用海外 DNS fallback: - 'https://dns.adguard-dns.com/dns-query#🔰 DNS代理' - 'https://dns.opendns.com/dns-query#🔰 DNS代理' # Fallback 过滤器 - 国内 IP 用 nameserver,国外 IP 用 fallback fallback-filter: geoip: true geoip-code: CN ipcidr: - 240.0.0.0/4 - 0.0.0.0/8 # [关键配置] 域名策略 DNS - 实现智能分流解析 nameserver-policy: # === 海外服务强制走海外 DNS (over proxy) === # Google 全家桶 '+.google.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.google.com.hk': - 'https://dns.google/dns-query#🔰 DNS代理' '+.googleapis.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.googleusercontent.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.gstatic.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.gmail.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.youtube.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.ytimg.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.googlevideo.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.gvt1.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.gvt2.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.recaptcha.net': - 'https://dns.google/dns-query#🔰 DNS代理' '+.1e100.net': - 'https://dns.google/dns-query#🔰 DNS代理' # Gemini 服务 '+.gemini.google.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.generativelanguage.googleapis.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.aistudio.google.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.bard.google.com': - 'https://dns.google/dns-query#🔰 DNS代理' # 其他海外服务 '+.github.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.githubusercontent.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.twitter.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.facebook.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.instagram.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.openai.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.chatgpt.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.anthropic.com': - 'https://dns.google/dns-query#🔰 DNS代理' '+.claude.ai': - 'https://dns.google/dns-query#🔰 DNS代理' # Proxy 规则集的域名走海外 DNS 'rule-set:proxy': - 'https://dns.google/dns-query#🔰 DNS代理' - 'https://cloudflare-dns.com/dns-query#🔰 DNS代理' 'rule-set:google': - 'https://dns.google/dns-query#🔰 DNS代理' # === 国内服务使用国内 DNS (确保最佳 CDN) === # 工作内网域名 - 使用内网 DNS '+.hq.cmcc': - 192.168.78.39 '+.uavcmlc.com': - 192.168.34.40 'ir.hq.cmcc': - 192.168.78.39 'oa.cdcyy.cn': - 192.168.78.39 '+.cdcyy.cn': - 192.168.78.39 # 国内直连域名规则集 - 使用国内 DNS(重要!) # 这确保国内网站能获得最优 CDN 节点 'rule-set:direct': - 223.5.5.5 - 119.29.29.29 - 180.184.1.1 # Apple/iCloud 服务 - 使用国内 DNS(在中国有 CDN) 'rule-set:apple': - 223.5.5.5 - 119.29.29.29 'rule-set:icloud': - 223.5.5.5 - 119.29.29.29 # 常见国内域名 '+.baidu.com': - 223.5.5.5 - 119.29.29.29 '+.qq.com': - 119.29.29.29 - 223.5.5.5 '+.taobao.com': - 223.5.5.5 '+.tmall.com': - 223.5.5.5 '+.jd.com': - 119.29.29.29 '+.alipay.com': - 223.5.5.5 '+.aliyun.com': - 223.5.5.5 '+.163.com': - 119.29.29.29 '+.126.com': - 119.29.29.29 '+.sina.com.cn': - 119.29.29.29 '+.weibo.com': - 119.29.29.29 '+.douyin.com': - 180.184.1.1 '+.bilibili.com': - 119.29.29.29 '+.zhihu.com': - 119.29.29.29 use-system-hosts: true prefer-h3: false # [优化] respect-rules: false # 因为已使用 #🔰 DNS代理 和 nameserver-policy 精确控制 respect-rules: false # [简化] 节点是 IP,不需要解析,可用任意 DNS proxy-server-nameserver: - 1.1.1.1 - 8.8.8.8 # 直连 DNS direct-nameserver: - 192.168.78.39 - 223.5.5.5 - 119.29.29.29 external-controller-cors: {} proxies: - type: vless name: TC-HongKong server: 43.154.83.213 port: 24443 uuid: f8702759-f402-4e85-92a6-8540d577de22 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: BFC-LosAngles server: 45.143.128.143 port: 443 uuid: 302fbcb8-e096-46a1-906f-e879ec5ab0c5 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: xx.l4.ca.bg.107421.xyz tls: true udp: true - type: vless name: CF-HongKong-R-TCHK server: 43.154.83.213 port: 24453 uuid: 93be1d17-8e02-449d-bb99-683ed46fbe50 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: FV-HongKong server: 43.154.83.213 port: 24452 uuid: cdf0b19a-9524-48d5-b697-5f10bb567734 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: Care-DEU-Dusseldorf-R-TCHK server: 43.154.83.213 port: 24451 uuid: 9fa9b4e7-d76d-4890-92cf-ce9251a76f59 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: Care-DEU-Dusseldorf server: 85.121.125.113 port: 443 uuid: b1417d92-998d-410b-a5f3-cf144b6f043e skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: bingo.107421.xyz tls: true udp: true - type: vless name: Oracle-KOR-Seoul server: 140.238.14.103 port: 443 uuid: 1089cc14-557e-47ac-ac85-c07957b3cce3 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: xx.s4.cc.hh.107421.xyz tls: true udp: true - type: vless name: FV-DEU-Frankfurt server: 43.154.83.213 port: 24444 uuid: 6055eac4-dee7-463b-b575-d30ea94bb768 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: FV-KOR-Seoul server: 43.154.83.213 port: 24445 uuid: 1cd284b2-d3d8-4165-b773-893f836c2b51 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: FV-JPN-Tokyo server: 43.154.83.213 port: 24446 uuid: bf0e9c35-84a9-460e-b5bf-2fa9f2fb3bca skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: FV-GBR-London server: 43.154.83.213 port: 24447 uuid: adc19390-373d-4dfc-b0f6-19fab1b6fbf6 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: FV-SGP server: 43.154.83.213 port: 24448 uuid: e31bc28e-8ebd-4d72-a98e-9227f26dfac3 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: Oracle-KOR-Seoul-R-TCHK server: 43.154.83.213 port: 24449 uuid: 7e27da0c-3013-4ed4-817b-50cc76a0bf81 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: Oracle-JPN-Tokyo-R-TCHK server: 43.154.83.213 port: 25000 uuid: c751811a-404f-4a05-bc41-5d572e741398 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: Oracle-USA-Phoenix-R-TCHK server: 43.154.83.213 port: 25001 uuid: fce2a9c6-1380-4ffa-ba84-6b9ec9ee2eea skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - type: vless name: FV-USA-LosAngles server: 43.154.83.213 port: 24450 uuid: 56fb312c-bdb0-48ca-bf66-4a2dd34040c6 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: book.107421.xyz tls: true udp: true - name: CF_VIDEO_1 type: vless server: bingo.pp.icederce.ip-ddns.com port: 8443 uuid: 86c50e3a-5b87-49dd-bd20-03c7f2735e40 udp: false tls: true network: ws servername: pp.icederce.ip-ddns.com ws-opts: path: "/?ed=2560" headers: Host: pp.icederce.ip-ddns.com - name: CF_VIDEO_2 type: vless server: bingo.icederce.ip-ddns.com port: 8443 uuid: 86c50e3a-5b87-49dd-bd20-03c7f2735e40 udp: false tls: true network: ws servername: pp.icederce.ip-ddns.com ws-opts: path: "/?ed=2560" headers: Host: pp.icederce.ip-ddns.com - type: socks5 name: TC-CHN-Shanghai server: 42.192.52.227 port: 22887 username: zeaslity password: a1f090ea-e39c-49e7-a3be-9af26b6ce563 udp: true - type: vless name: Oracle-JPN-Tokyo-R-OSel server: 140.238.14.103 port: 20443 uuid: 21dab95b-088e-47bd-8351-609fd23cb33c skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: xx.t2.ll.c0.107421.xyz tls: true udp: true - type: vless name: Oracle-JPN-Osaka-R-OSel server: 140.238.14.103 port: 21443 uuid: 4c2dd763-56e5-408f-bc8f-dbf4c1fe41f9 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: xx.o1.vl.s4.107421.xyz tls: true udp: true - type: vless name: Oracle-USA-Phoneix-R-OSel server: 140.238.14.103 port: 22443 uuid: de576486-e254-4d9d-949a-37088358ec23 skip-cert-verify: false network: tcp flow: xtls-rprx-vision servername: xx.p2.vl.s4.107421.xyz tls: true udp: true - { "type": "socks5","name": "onetools-35-71","server": "192.168.35.71","port": 22888,"username": "zeaslity","password": "password","udp": true } proxy-groups: - name: 🚀 节点选择 type: select proxies: - TC-HongKong - BFC-LosAngles - FV-HongKong - Care-DEU-Dusseldorf-R-TCHK - Oracle-KOR-Seoul-R-TCHK - Oracle-JPN-Tokyo-R-TCHK - Oracle-USA-Phoenix-R-TCHK - Care-DEU-Dusseldorf - Oracle-KOR-Seoul - FV-DEU-Frankfurt - FV-KOR-Seoul - FV-JPN-Tokyo - FV-GBR-London - FV-USA-LosAngles - CF-HongKong-R-TCHK - FV-SGP - CF_VIDEO_1 - CF_VIDEO_2 - Oracle-JPN-Tokyo-R-OSel - Oracle-JPN-Osaka-R-OSel - Oracle-USA-Phoneix-R-OSel - TC-CHN-Shanghai - ♻️ 自动选择 - DIRECT # [新增] DNS 专用代理组 - 所有海外 DNS 查询走这里 - name: 🔰 DNS代理 type: select proxies: - BFC-LosAngles # 优先使用美国节点(距离 Google DNS 近) - TC-HongKong # 亚洲备选 - Oracle-JPN-Tokyo-R-TCHK - ♻️ 自动选择 - name: ♻️ 自动选择 type: url-test url: https://www.gstatic.com/generate_204 interval: 300 tolerance: 50 proxies: - BFC-LosAngles - TC-HongKong - Oracle-JPN-Tokyo-R-TCHK - Oracle-USA-Phoenix-R-TCHK - Oracle-KOR-Seoul - Care-DEU-Dusseldorf - Oracle-JPN-Tokyo-R-OSel - Oracle-JPN-Osaka-R-OSel - Oracle-USA-Phoneix-R-OSel - name: 🌍 国外媒体 type: select proxies: - 🚀 节点选择 - ♻️ 自动选择 - 🎯 全球直连 - name: 📲 电报信息 type: select proxies: - 🚀 节点选择 - ♻️ 自动选择 - 🎯 全球直连 - name: Ⓜ️ 微软服务 type: select proxies: - 🎯 全球直连 - 🚀 节点选择 - name: 🍎 苹果服务 type: select proxies: - 🎯 全球直连 - 🚀 节点选择 - name: 💩 工作直连 type: select proxies: - DIRECT - onetools-35-71 - name: 💩 工作代理 type: select proxies: - onetools-35-71 - DIRECT - name: 🎯 全球直连 type: select proxies: - DIRECT - 🚀 节点选择 - ♻️ 自动选择 - name: 🛑 全球拦截 type: select proxies: - REJECT - DIRECT - name: 🍃 应用净化 type: select proxies: - REJECT - DIRECT - name: 🐟 漏网之鱼 type: select proxies: - 🚀 节点选择 - 🎯 全球直连 - ♻️ 自动选择 - TC-HongKong - Oracle-KOR-Seoul #----------------# # 规则集定义 # #----------------# # Rule Providers 用于从网络动态加载规则列表,实现规则的自动更新 rule-providers: # 广告、追踪器、恶意域名规则集 reject: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt" path: ./ruleset/reject.yaml interval: 604800 # 更新间隔: 7天 # iCloud 服务规则集 icloud: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt" path: ./ruleset/icloud.yaml interval: 604800 # 苹果服务规则集 apple: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt" path: ./ruleset/apple.yaml interval: 604800 # 谷歌服务规则集 google: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt" path: ./ruleset/google.yaml interval: 604800 # 需要代理的域名规则集 proxy: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt" path: ./ruleset/proxy.yaml interval: 604800 # 需要直连的域名规则集 direct: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt" path: ./ruleset/direct.yaml interval: 604800 # 私有网络域名规则集 private: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt" path: ./ruleset/private.yaml interval: 604800 # 中国大陆 IP 段规则集 cncidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt" path: ./ruleset/cncidr.yaml interval: 604800 # 局域网 IP 段规则集 lancidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt" path: ./ruleset/lancidr.yaml interval: 604800 # Telegram 服务器 IP 段规则集 telegramcidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt" path: ./ruleset/telegramcidr.yaml interval: 604800 #----------------# # 分流规则 # #----------------# # [优化] 规则优先级重新排序,防止 Google 被 CNCIDR 劫持 rules: # 1. 拦截规则 - RULE-SET,reject,🛑 全球拦截 # 2. 本地/内网流量 - RULE-SET,lancidr,DIRECT - RULE-SET,private,DIRECT # 3. Google 规则 - 必须在 CNCIDR 之前 - RULE-SET,google,🌍 国外媒体 - DOMAIN-SUFFIX,google.com,🌍 国外媒体 - DOMAIN-SUFFIX,google.com.hk,🌍 国外媒体 - DOMAIN-SUFFIX,googleapis.com,🌍 国外媒体 - DOMAIN-SUFFIX,googleusercontent.com,🌍 国外媒体 - DOMAIN-SUFFIX,gstatic.com,🌍 国外媒体 - DOMAIN-SUFFIX,gmail.com,🌍 国外媒体 - DOMAIN-SUFFIX,youtube.com,🌍 国外媒体 - DOMAIN-SUFFIX,ytimg.com,🌍 国外媒体 - DOMAIN-SUFFIX,googlevideo.com,🌍 国外媒体 - DOMAIN-SUFFIX,gvt1.com,🌍 国外媒体 - DOMAIN-SUFFIX,gvt2.com,🌍 国外媒体 - DOMAIN-SUFFIX,recaptcha.net,🌍 国外媒体 - DOMAIN-SUFFIX,1e100.net,🌍 国外媒体 - DOMAIN-KEYWORD,google,🌍 国外媒体 - # Gemini 专用规则 - DOMAIN-SUFFIX,gemini.google.com,🌍 国外媒体 - DOMAIN-SUFFIX,generativelanguage.googleapis.com,🌍 国外媒体 - DOMAIN-SUFFIX,aistudio.google.com,🌍 国外媒体 - DOMAIN-SUFFIX,bard.google.com,🌍 国外媒体 - DOMAIN-KEYWORD,gemini,🌍 国外媒体 # 4. Google IP 段 - no-resolve 避免额外 DNS 查询 - IP-CIDR,142.250.0.0/15,🌍 国外媒体,no-resolve - IP-CIDR,172.217.0.0/16,🌍 国外媒体,no-resolve - IP-CIDR,216.58.192.0/19,🌍 国外媒体,no-resolve - IP-CIDR,74.125.0.0/16,🌍 国外媒体,no-resolve # 5. 工作域名 - DOMAIN-SUFFIX,cdcyy.cn,💩 工作直连 - DOMAIN-SUFFIX,hq.cmcc,💩 工作直连 - DOMAIN-SUFFIX,wdd.io,💩 工作直连 - DOMAIN-SUFFIX,harbor.cdcyy.com.cn,💩 工作直连 - DOMAIN-SUFFIX,ecs.io,💩 工作直连 - DOMAIN-SUFFIX,uavcmlc.com,💩 工作直连 # 6. Apple/iCloud - RULE-SET,icloud,🍎 苹果服务 - RULE-SET,apple,🍎 苹果服务 # 7. Telegram - RULE-SET,telegramcidr,📲 电报信息 # 8. 其他代理规则 - RULE-SET,proxy,🌍 国外媒体 # 9. 国内直连域名 - RULE-SET,direct,🎯 全球直连 # 10. 国内 IP 段 - RULE-SET,cncidr,DIRECT # 11. GeoIP - GEOIP,CN,DIRECT # 12. 兜底 - MATCH,🐟 漏网之鱼