zeaslity/shell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87c9529a2f18aaf194f48ca1c71ae8aca3149d9f
shell-scripts/1-代理Xray/10-clash规则/98-subscribe-clash-dev.yaml
zeaslity 87c9529a2f 新增firefly引用部署 
优化clash verge的DNS问题-极致优化
2026-01-07 10:47:52 +08:00

766 lines
20 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#--------------------------------------------------------------------------------#
# Clash 专家级配置文件 (适配 Clash.Meta 核心) #
#--------------------------------------------------------------------------------#
#
# 本配置文件专为在中国大陆网络环境中使用而设计,旨在提供一套自动化、智能化、高可用性
# 的网络流量管理方案。
#
# 核心特性:
# 1. TUN 模式: 接管系统所有网络流量,实现真正的全局透明代理。
# 2. 规则集 (Rule Providers): 动态从网络加载和更新分流规则,免去手动维护烦恼。
# 3. 分割 DNS (Split DNS): 智能区分国内外域名解析,有效抗 DNS 污染,兼顾速度与准确性。
# 4. 逻辑化规则排序: 通过精心设计的规则匹配顺序,实现精确的流量控制。
#
#--------------------------------------------------------------------------------#
#----------------#
# 常规配置 #
#----------------#
# HTTP 代理端口
port: 7890
# SOCKS5 代理端口
socks-port: 7891
# 允许局域网连接,设为 true 后,局域网内其他设备可将本机作为网关使用
allow-lan: true
# 代理模式rule 表示规则模式,是本配置的核心
mode: rule
# 日志级别info 级别提供了足够的信息且不过于冗长
log-level: info
# 外部控制器,用于让 GUI 客户端 (如 Clash Verge) 或 WebUI (如 yacd) 控制 Clash 核心
external-controller: '127.0.0.1:9090'
# 外部 UI指定一个 WebUI 面板的目录,'dashboard' 是一个常见的选择
# external-ui: dashboard
#----------------#
# DNS 配置 #
#----------------#
dns:
enable: true
listen: 127.0.0.1:53
ipv6: false
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
fake-ip-filter:
- localhost
- '*.lan'
- '*.local'
- '*.arpa'
- time.*.com
- ntp.*.com
- +.market.xiaomi.com
- localhost.ptlogin2.qq.com
- '*.msftncsi.com'
- www.msftconnecttest.com
# [优化] 默认 DNS - 节点是 IP可用海外 DNS
# 仅用于解析 rule-providers 的 CDN 域名 (cdn.jsdelivr.net)
default-nameserver:
- 223.5.5.5 # 存在安全隐患,需要处理
- 119.29.29.29 # 存在安全隐患,需要处理
- 1.1.1.1
- 8.8.8.8
# [核心优化] 主 DNS - 海外加密 DNS 走专用代理组
# 通过 #🔰 DNS代理 强制所有海外 DNS 查询走代理
nameserver:
- 'https://dns.google/dns-query#🔰 DNS代理'
- 'https://cloudflare-dns.com/dns-query#🔰 DNS代理'
- 'https://dns.quad9.net/dns-query#🔰 DNS代理'
# Fallback DNS - 备用海外 DNS
fallback:
- 'https://dns.adguard-dns.com/dns-query#🔰 DNS代理'
- 'https://dns.opendns.com/dns-query#🔰 DNS代理'
# Fallback 过滤器 - 国内 IP 用 nameserver国外 IP 用 fallback
fallback-filter:
geoip: true
geoip-code: CN
ipcidr:
- 240.0.0.0/4
- 0.0.0.0/8
# [关键配置] 域名策略 DNS - 实现智能分流解析
nameserver-policy:
# === 海外服务强制走海外 DNS (over proxy) ===
# Google 全家桶
'+.google.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.google.com.hk':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.googleapis.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.googleusercontent.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.gstatic.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.gmail.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.youtube.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.ytimg.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.googlevideo.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.gvt1.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.gvt2.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.recaptcha.net':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.1e100.net':
- 'https://dns.google/dns-query#🔰 DNS代理'
# Gemini 服务
'+.gemini.google.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.generativelanguage.googleapis.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.aistudio.google.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.bard.google.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
# 其他海外服务
'+.github.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.githubusercontent.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.twitter.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.facebook.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.instagram.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.openai.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.chatgpt.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.anthropic.com':
- 'https://dns.google/dns-query#🔰 DNS代理'
'+.claude.ai':
- 'https://dns.google/dns-query#🔰 DNS代理'
# Proxy 规则集的域名走海外 DNS
'rule-set:proxy':
- 'https://dns.google/dns-query#🔰 DNS代理'
- 'https://cloudflare-dns.com/dns-query#🔰 DNS代理'
'rule-set:google':
- 'https://dns.google/dns-query#🔰 DNS代理'
# === 国内服务使用国内 DNS (确保最佳 CDN) ===
# 工作内网域名 - 使用内网 DNS
'+.hq.cmcc':
- 192.168.78.39
'+.uavcmlc.com':
- 192.168.34.40
'ir.hq.cmcc':
- 192.168.78.39
'oa.cdcyy.cn':
- 192.168.78.39
'+.cdcyy.cn':
- 192.168.78.39
# 国内直连域名规则集 - 使用国内 DNS重要
# 这确保国内网站能获得最优 CDN 节点
'rule-set:direct':
- 223.5.5.5
- 119.29.29.29
- 180.184.1.1
# Apple/iCloud 服务 - 使用国内 DNS在中国有 CDN
'rule-set:apple':
- 223.5.5.5
- 119.29.29.29
'rule-set:icloud':
- 223.5.5.5
- 119.29.29.29
# 常见国内域名
'+.baidu.com':
- 223.5.5.5
- 119.29.29.29
'+.qq.com':
- 119.29.29.29
- 223.5.5.5
'+.taobao.com':
- 223.5.5.5
'+.tmall.com':
- 223.5.5.5
'+.jd.com':
- 119.29.29.29
'+.alipay.com':
- 223.5.5.5
'+.aliyun.com':
- 223.5.5.5
'+.163.com':
- 119.29.29.29
'+.126.com':
- 119.29.29.29
'+.sina.com.cn':
- 119.29.29.29
'+.weibo.com':
- 119.29.29.29
'+.douyin.com':
- 180.184.1.1
'+.bilibili.com':
- 119.29.29.29
'+.zhihu.com':
- 119.29.29.29
use-system-hosts: true
prefer-h3: false
# [优化] respect-rules: false
# 因为已使用 #🔰 DNS代理 和 nameserver-policy 精确控制
respect-rules: false
# [简化] 节点是 IP不需要解析可用任意 DNS
proxy-server-nameserver:
- 1.1.1.1
- 8.8.8.8
# 直连 DNS
direct-nameserver:
- 192.168.78.39
- 223.5.5.5
- 119.29.29.29
external-controller-cors: {}
proxies:
- type: vless
name: TC-HongKong
server: 43.154.83.213
port: 24443
uuid: f8702759-f402-4e85-92a6-8540d577de22
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: BFC-LosAngles
server: 45.143.128.143
port: 443
uuid: 302fbcb8-e096-46a1-906f-e879ec5ab0c5
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: xx.l4.ca.bg.107421.xyz
tls: true
udp: true
- type: vless
name: CF-HongKong-R-TCHK
server: 43.154.83.213
port: 24453
uuid: 93be1d17-8e02-449d-bb99-683ed46fbe50
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: FV-HongKong
server: 43.154.83.213
port: 24452
uuid: cdf0b19a-9524-48d5-b697-5f10bb567734
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: Care-DEU-Dusseldorf-R-TCHK
server: 43.154.83.213
port: 24451
uuid: 9fa9b4e7-d76d-4890-92cf-ce9251a76f59
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: Care-DEU-Dusseldorf
server: 85.121.125.113
port: 443
uuid: b1417d92-998d-410b-a5f3-cf144b6f043e
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: bingo.107421.xyz
tls: true
udp: true
- type: vless
name: Oracle-KOR-Seoul
server: 140.238.14.103
port: 443
uuid: 1089cc14-557e-47ac-ac85-c07957b3cce3
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: xx.s4.cc.hh.107421.xyz
tls: true
udp: true
- type: vless
name: FV-DEU-Frankfurt
server: 43.154.83.213
port: 24444
uuid: 6055eac4-dee7-463b-b575-d30ea94bb768
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: FV-KOR-Seoul
server: 43.154.83.213
port: 24445
uuid: 1cd284b2-d3d8-4165-b773-893f836c2b51
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: FV-JPN-Tokyo
server: 43.154.83.213
port: 24446
uuid: bf0e9c35-84a9-460e-b5bf-2fa9f2fb3bca
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: FV-GBR-London
server: 43.154.83.213
port: 24447
uuid: adc19390-373d-4dfc-b0f6-19fab1b6fbf6
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: FV-SGP
server: 43.154.83.213
port: 24448
uuid: e31bc28e-8ebd-4d72-a98e-9227f26dfac3
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: Oracle-KOR-Seoul-R-TCHK
server: 43.154.83.213
port: 24449
uuid: 7e27da0c-3013-4ed4-817b-50cc76a0bf81
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: Oracle-JPN-Tokyo-R-TCHK
server: 43.154.83.213
port: 25000
uuid: c751811a-404f-4a05-bc41-5d572e741398
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: Oracle-USA-Phoenix-R-TCHK
server: 43.154.83.213
port: 25001
uuid: fce2a9c6-1380-4ffa-ba84-6b9ec9ee2eea
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- type: vless
name: FV-USA-LosAngles
server: 43.154.83.213
port: 24450
uuid: 56fb312c-bdb0-48ca-bf66-4a2dd34040c6
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: book.107421.xyz
tls: true
udp: true
- name: CF_VIDEO_1
type: vless
server: bingo.pp.icederce.ip-ddns.com
port: 8443
uuid: 86c50e3a-5b87-49dd-bd20-03c7f2735e40
udp: false
tls: true
network: ws
servername: pp.icederce.ip-ddns.com
ws-opts:
path: "/?ed=2560"
headers:
Host: pp.icederce.ip-ddns.com
- name: CF_VIDEO_2
type: vless
server: bingo.icederce.ip-ddns.com
port: 8443
uuid: 86c50e3a-5b87-49dd-bd20-03c7f2735e40
udp: false
tls: true
network: ws
servername: pp.icederce.ip-ddns.com
ws-opts:
path: "/?ed=2560"
headers:
Host: pp.icederce.ip-ddns.com
- type: socks5
name: TC-CHN-Shanghai
server: 42.192.52.227
port: 22887
username: zeaslity
password: a1f090ea-e39c-49e7-a3be-9af26b6ce563
udp: true
- type: vless
name: Oracle-JPN-Tokyo-R-OSel
server: 140.238.14.103
port: 20443
uuid: 21dab95b-088e-47bd-8351-609fd23cb33c
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: xx.t2.ll.c0.107421.xyz
tls: true
udp: true
- type: vless
name: Oracle-JPN-Osaka-R-OSel
server: 140.238.14.103
port: 21443
uuid: 4c2dd763-56e5-408f-bc8f-dbf4c1fe41f9
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: xx.o1.vl.s4.107421.xyz
tls: true
udp: true
- type: vless
name: Oracle-USA-Phoneix-R-OSel
server: 140.238.14.103
port: 22443
uuid: de576486-e254-4d9d-949a-37088358ec23
skip-cert-verify: false
network: tcp
flow: xtls-rprx-vision
servername: xx.p2.vl.s4.107421.xyz
tls: true
udp: true
- { "type": "socks5","name": "onetools-35-71","server": "192.168.35.71","port": 22888,"username": "zeaslity","password": "password","udp": true }
proxy-groups:
- name: 🚀 节点选择
type: select
proxies:
- TC-HongKong
- BFC-LosAngles
- FV-HongKong
- Care-DEU-Dusseldorf-R-TCHK
- Oracle-KOR-Seoul-R-TCHK
- Oracle-JPN-Tokyo-R-TCHK
- Oracle-USA-Phoenix-R-TCHK
- Care-DEU-Dusseldorf
- Oracle-KOR-Seoul
- FV-DEU-Frankfurt
- FV-KOR-Seoul
- FV-JPN-Tokyo
- FV-GBR-London
- FV-USA-LosAngles
- CF-HongKong-R-TCHK
- FV-SGP
- CF_VIDEO_1
- CF_VIDEO_2
- Oracle-JPN-Tokyo-R-OSel
- Oracle-JPN-Osaka-R-OSel
- Oracle-USA-Phoneix-R-OSel
- TC-CHN-Shanghai
- ♻️ 自动选择
- DIRECT
# [新增] DNS 专用代理组 - 所有海外 DNS 查询走这里
- name: 🔰 DNS代理
type: select
proxies:
- BFC-LosAngles # 优先使用美国节点(距离 Google DNS 近)
- TC-HongKong # 亚洲备选
- Oracle-JPN-Tokyo-R-TCHK
- ♻️ 自动选择
- name: ♻️ 自动选择
type: url-test
url: https://www.gstatic.com/generate_204
interval: 300
tolerance: 50
proxies:
- BFC-LosAngles
- TC-HongKong
- Oracle-JPN-Tokyo-R-TCHK
- Oracle-USA-Phoenix-R-TCHK
- Oracle-KOR-Seoul
- Care-DEU-Dusseldorf
- Oracle-JPN-Tokyo-R-OSel
- Oracle-JPN-Osaka-R-OSel
- Oracle-USA-Phoneix-R-OSel
- name: 🌍 国外媒体
type: select
proxies:
- 🚀 节点选择
- ♻️ 自动选择
- 🎯 全球直连
- name: 📲 电报信息
type: select
proxies:
- 🚀 节点选择
- ♻️ 自动选择
- 🎯 全球直连
- name: Ⓜ️ 微软服务
type: select
proxies:
- 🎯 全球直连
- 🚀 节点选择
- name: 🍎 苹果服务
type: select
proxies:
- 🎯 全球直连
- 🚀 节点选择
- name: 💩 工作直连
type: select
proxies:
- DIRECT
- onetools-35-71
- name: 💩 工作代理
type: select
proxies:
- onetools-35-71
- DIRECT
- name: 🎯 全球直连
type: select
proxies:
- DIRECT
- 🚀 节点选择
- ♻️ 自动选择
- name: 🛑 全球拦截
type: select
proxies:
- REJECT
- DIRECT
- name: 🍃 应用净化
type: select
proxies:
- REJECT
- DIRECT
- name: 🐟 漏网之鱼
type: select
proxies:
- 🚀 节点选择
- 🎯 全球直连
- ♻️ 自动选择
- TC-HongKong
- Oracle-KOR-Seoul
#----------------#
# 规则集定义 #
#----------------#
# Rule Providers 用于从网络动态加载规则列表,实现规则的自动更新
rule-providers: # 广告、追踪器、恶意域名规则集
reject:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
path: ./ruleset/reject.yaml
interval: 604800 # 更新间隔: 7天
# iCloud 服务规则集
icloud:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
path: ./ruleset/icloud.yaml
interval: 604800
# 苹果服务规则集
apple:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
path: ./ruleset/apple.yaml
interval: 604800
# 谷歌服务规则集
google:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
path: ./ruleset/google.yaml
interval: 604800
# 需要代理的域名规则集
proxy:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
path: ./ruleset/proxy.yaml
interval: 604800
# 需要直连的域名规则集
direct:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
path: ./ruleset/direct.yaml
interval: 604800
# 私有网络域名规则集
private:
type: http
behavior: domain
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
path: ./ruleset/private.yaml
interval: 604800
# 中国大陆 IP 段规则集
cncidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
path: ./ruleset/cncidr.yaml
interval: 604800
# 局域网 IP 段规则集
lancidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
path: ./ruleset/lancidr.yaml
interval: 604800
# Telegram 服务器 IP 段规则集
telegramcidr:
type: http
behavior: ipcidr
url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
path: ./ruleset/telegramcidr.yaml
interval: 604800
#----------------#
# 分流规则 #
#----------------#
# [优化] 规则优先级重新排序,防止 Google 被 CNCIDR 劫持
rules:
# 1. 拦截规则
- RULE-SET,reject,🛑 全球拦截
# 2. 本地/内网流量
- RULE-SET,lancidr,DIRECT
- RULE-SET,private,DIRECT
# 3. Google 规则 - 必须在 CNCIDR 之前
- RULE-SET,google,🌍 国外媒体
- DOMAIN-SUFFIX,google.com,🌍 国外媒体
- DOMAIN-SUFFIX,google.com.hk,🌍 国外媒体
- DOMAIN-SUFFIX,googleapis.com,🌍 国外媒体
- DOMAIN-SUFFIX,googleusercontent.com,🌍 国外媒体
- DOMAIN-SUFFIX,gstatic.com,🌍 国外媒体
- DOMAIN-SUFFIX,gmail.com,🌍 国外媒体
- DOMAIN-SUFFIX,youtube.com,🌍 国外媒体
- DOMAIN-SUFFIX,ytimg.com,🌍 国外媒体
- DOMAIN-SUFFIX,googlevideo.com,🌍 国外媒体
- DOMAIN-SUFFIX,gvt1.com,🌍 国外媒体
- DOMAIN-SUFFIX,gvt2.com,🌍 国外媒体
- DOMAIN-SUFFIX,recaptcha.net,🌍 国外媒体
- DOMAIN-SUFFIX,1e100.net,🌍 国外媒体
- DOMAIN-KEYWORD,google,🌍 国外媒体
- # Gemini 专用规则
- DOMAIN-SUFFIX,gemini.google.com,🌍 国外媒体
- DOMAIN-SUFFIX,generativelanguage.googleapis.com,🌍 国外媒体
- DOMAIN-SUFFIX,aistudio.google.com,🌍 国外媒体
- DOMAIN-SUFFIX,bard.google.com,🌍 国外媒体
- DOMAIN-KEYWORD,gemini,🌍 国外媒体
# 4. Google IP 段 - no-resolve 避免额外 DNS 查询
- IP-CIDR,142.250.0.0/15,🌍 国外媒体,no-resolve
- IP-CIDR,172.217.0.0/16,🌍 国外媒体,no-resolve
- IP-CIDR,216.58.192.0/19,🌍 国外媒体,no-resolve
- IP-CIDR,74.125.0.0/16,🌍 国外媒体,no-resolve
# 5. 工作域名
- DOMAIN-SUFFIX,cdcyy.cn,💩 工作直连
- DOMAIN-SUFFIX,hq.cmcc,💩 工作直连
- DOMAIN-SUFFIX,wdd.io,💩 工作直连
- DOMAIN-SUFFIX,harbor.cdcyy.com.cn,💩 工作直连
- DOMAIN-SUFFIX,ecs.io,💩 工作直连
- DOMAIN-SUFFIX,uavcmlc.com,💩 工作直连
# 6. Apple/iCloud
- RULE-SET,icloud,🍎 苹果服务
- RULE-SET,apple,🍎 苹果服务
# 7. Telegram
- RULE-SET,telegramcidr,📲 电报信息
# 8. 其他代理规则
- RULE-SET,proxy,🌍 国外媒体
# 9. 国内直连域名
- RULE-SET,direct,🎯 全球直连
# 10. 国内 IP 段
- RULE-SET,cncidr,DIRECT
# 11. GeoIP
- GEOIP,CN,DIRECT
# 12. 兜底
- MATCH,🐟 漏网之鱼
Reference in New Issue View Git Blame Copy Permalink