From 3cc455d781619e4374a88f3df644ebd24730a16e Mon Sep 17 00:00:00 2001 From: Conners Hua Date: Sun, 17 Jan 2021 17:02:53 +0800 Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=A9=20Update=20clash=20configuration?= =?UTF-8?q?=20options?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Clash/Inbound.yaml | 65 ++++++++++++++++++++++++++++++--------------- Clash/Outbound.yaml | 51 ++++++++++++++++++++++++----------- 2 files changed, 79 insertions(+), 37 deletions(-) diff --git a/Clash/Inbound.yaml b/Clash/Inbound.yaml index b39fcb4..a9ffb2a 100644 --- a/Clash/Inbound.yaml +++ b/Clash/Inbound.yaml @@ -4,9 +4,12 @@ # Port of SOCKS5 proxy server on the local end # socks-port: 7891 -# Transparent proxy server port for Linux and macOS +# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) # redir-port: 7892 +# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) +# tproxy-port: 7893 + # HTTP(S) and SOCKS5 server on the same port mixed-port: 7890 @@ -15,7 +18,7 @@ mixed-port: 7890 # - "user1:pass1" # - "user2:pass2" -# Set to true to allow connections to local-end server from +# Set to true to allow connections to the local-end server from # other LAN IP addresses allow-lan: false @@ -36,7 +39,7 @@ mode: rule log-level: info # When set to false, resolver won't translate hostnames to IPv6 addresses -ipv6: true +ipv6: false # RESTful web API listening address external-controller: 127.0.0.1:9090 @@ -54,49 +57,53 @@ external-controller: 127.0.0.1:9090 # Outbound interface name # interface-name: en0 -# Static hosts for DNS server and connection establishment, only works -# when `dns.enhanced-mode` is `redir-host`. +# Static hosts for DNS server and connection establishment (like /etc/hosts) # # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) -# Non-wildcard domain names has a higher priority than wildcard domain names +# Non-wildcard domain names have a higher priority than wildcard domain names # e.g. foo.example.com > *.example.com > .example.com # P.S. +.foo.com equals to .foo.com and foo.com hosts: - 'mtalk.google.com': 108.177.125.188 # '*.clash.dev': 127.0.0.1 # '.dev': 127.0.0.1 # 'alpha.clash.dev': '::1' # DNS server settings -# This section is optional. When not present, DNS server will be disabled. +# This section is optional. When not present, the DNS server will be disabled. dns: enable: false listen: 0.0.0.0:53 - # ipv6: false # when false, response to AAAA questions will be empty + # ipv6: false # when the false, response to AAAA questions will be empty # These nameservers are used to resolve the DNS nameserver hostnames below. # Specify IP addresses only default-nameserver: - - 114.114.114.114 - 8.8.8.8 + - 1.0.0.1 enhanced-mode: redir-host # or fake-ip fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR + # use-hosts: true # lookup hosts and return IP record # Hostnames in this list will not be resolved with fake IPs # i.e. questions to these domain names will always be answered with their # real IP addresses - # fake-ip-filter: - # - '*.lan' - # - localhost.ptlogin2.qq.com + fake-ip-filter: + - '*.lan' + - localhost.ptlogin2.qq.com + - '+.srv.nintendo.net' + - '+.stun.playstation.net' + - '+.msftconnecttest.com' + - '+.msftncsi.com' + - '+.xboxlive.com' + - 'msftconnecttest.com' + - 'xbox.*.microsoft.com' # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. # All DNS questions are sent directly to the nameserver, without proxies # involved. Clash answers the DNS question with the first result gathered. nameserver: - - 114.114.114.114 # default value - - 8.8.8.8 # default value - - tls://dns.rubyfish.cn:853 # DNS over TLS - - https://1.1.1.1/dns-query # DNS over HTTPS + - 8.8.8.8 + - 1.0.0.1 # When `fallback` is present, the DNS server will send concurrent requests # to the servers in this section along with servers in `nameservers`. @@ -112,17 +119,33 @@ dns: # IP address resolved with servers in `nameserver` is used when # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. # - # If `fallback-filter.geoip` is false, results from `fallback` nameservers - # are always used, and answers from `nameservers` are discarded. + # If `fallback-filter.geoip` is false, results from `nameserver` nameservers + # are always used if not match `fallback-filter.ipcidr`. # # This is a countermeasure against DNS pollution attacks. fallback-filter: geoip: true ipcidr: # - 240.0.0.0/4 + # domain: + # - '+.google.com' + # - '+.facebook.com' + # - '+.youtube.com' + +# +# https://github.com/Dreamacro/clash/wiki/premium-core-features +# +# tun: +# enable: true +# stack: system # or gvisor +# # dns-hijack: +# # - 8.8.8.8:53 +# # - tcp://8.8.8.8:53 +# macOS-auto-route: true # auto set global route +# macOS-auto-detect-interface: true # conflict with interface-name proxies: -# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md +# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration # Shadowsocks(Websocket + TLS) - name: "CN1" @@ -194,7 +217,7 @@ proxy-providers: # url: http://www.gstatic.com/generate_204 proxy-groups: -# 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md +# 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration # Fallback - name: "Fallback" diff --git a/Clash/Outbound.yaml b/Clash/Outbound.yaml index dbe9c0f..033165c 100644 --- a/Clash/Outbound.yaml +++ b/Clash/Outbound.yaml @@ -4,9 +4,12 @@ # Port of SOCKS5 proxy server on the local end # socks-port: 7891 -# Transparent proxy server port for Linux and macOS +# Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) # redir-port: 7892 +# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) +# tproxy-port: 7893 + # HTTP(S) and SOCKS5 server on the same port mixed-port: 7890 @@ -15,7 +18,7 @@ mixed-port: 7890 # - "user1:pass1" # - "user2:pass2" -# Set to true to allow connections to local-end server from +# Set to true to allow connections to the local-end server from # other LAN IP addresses allow-lan: false @@ -54,11 +57,10 @@ external-controller: 127.0.0.1:9090 # Outbound interface name # interface-name: en0 -# Static hosts for DNS server and connection establishment, only works -# when `dns.enhanced-mode` is `redir-host`. +# Static hosts for DNS server and connection establishment (like /etc/hosts) # # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) -# Non-wildcard domain names has a higher priority than wildcard domain names +# Non-wildcard domain names have a higher priority than wildcard domain names # e.g. foo.example.com > *.example.com > .example.com # P.S. +.foo.com equals to .foo.com and foo.com hosts: @@ -68,11 +70,11 @@ hosts: # 'alpha.clash.dev': '::1' # DNS server settings -# This section is optional. When not present, DNS server will be disabled. +# This section is optional. When not present, the DNS server will be disabled. dns: enable: false listen: 0.0.0.0:53 - # ipv6: false # when false, response to AAAA questions will be empty + # ipv6: false # when the false, response to AAAA questions will be empty # These nameservers are used to resolve the DNS nameserver hostnames below. # Specify IP addresses only @@ -81,7 +83,8 @@ dns: - 1.0.0.1 enhanced-mode: redir-host # or fake-ip fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR - + # use-hosts: true # lookup hosts and return IP record + # Hostnames in this list will not be resolved with fake IPs # i.e. questions to these domain names will always be answered with their # real IP addresses @@ -101,15 +104,15 @@ dns: # involved. Clash answers the DNS question with the first result gathered. nameserver: - 119.29.29.29 - # - tls://dns.rubyfish.cn:853 # DNS over TLS - # - https://1.1.1.1/dns-query # DNS over HTTPS + - tls://dns.rubyfish.cn:853 # DNS over TLS + - https://1.1.1.1/dns-query # DNS over HTTPS # When `fallback` is present, the DNS server will send concurrent requests # to the servers in this section along with servers in `nameservers`. # The answers from fallback servers are used when the GEOIP country # is not `CN`. - fallback: - - https://cloudflare-dns.com/dns-query + # fallback: + # - tcp://1.1.1.1 # If IP addresses resolved with servers in `nameservers` are in the specified # subnets below, they are considered invalid and results from `fallback` @@ -118,17 +121,33 @@ dns: # IP address resolved with servers in `nameserver` is used when # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. # - # If `fallback-filter.geoip` is false, results from `fallback` nameservers - # are always used, and answers from `nameservers` are discarded. + # If `fallback-filter.geoip` is false, results from `nameserver` nameservers + # are always used if not match `fallback-filter.ipcidr`. # # This is a countermeasure against DNS pollution attacks. fallback-filter: geoip: true ipcidr: # - 240.0.0.0/4 + # domain: + # - '+.google.com' + # - '+.facebook.com' + # - '+.youtube.com' + +# +# https://github.com/Dreamacro/clash/wiki/premium-core-features +# +# tun: +# enable: true +# stack: system # or gvisor +# # dns-hijack: +# # - 8.8.8.8:53 +# # - tcp://8.8.8.8:53 +# macOS-auto-route: true # auto set global route +# macOS-auto-detect-interface: true # conflict with interface-name proxies: -# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md +# 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration # Shadowsocks(Websocket + TLS) - name: "1" @@ -219,7 +238,7 @@ proxy-providers: # url: http://www.gstatic.com/generate_204 proxy-groups: -# 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/blob/master/README.md +# 策略组示例请查阅 Clash 项目 README 以使用最新格式:https://github.com/Dreamacro/clash/wiki/configuration # # 策略组说明