clash-template.yaml

mixed-port: 7890
allow-lan: true
mode: rule
log-level: info
ipv6: true
external-controller: 127.0.0.1:9090
# authentication:
#  - "user1:pass1"
#  - "user2:pass2"

sniffer: #【Meta专属】sniffer域名嗅探器
  enable: true
  sniffing:
    - tls
    - http
  skip-domain:
    - "Mijia Cloud"
    - "dlg.io.mi.com"
    - "+.apple.com"
  force-domain:
    # - "+"
    - "google.com"
    - "+.netflix.com"
  # port-whitelist:
  #   - 80
  #   - 443
  #   - 8000-9000
dns:
  enable: true
  ipv6: true
  enhanced-mode: fake-ip
  use-hosts: true
  nameserver:
    - 114.114.114.114
    - 223.6.6.6
    - 8.8.8.8
    - 119.29.29.29
    - tls://223.5.5.5:853
    - https://doh.pub/dns-query
    - "https://dns.alidns.com/dns-query#h3=true" #【Meta专属】强制HTTP/3
    - quic://dns.adguard.com:784
  fallback:
    - https://1.0.0.1/dns-query
    - tls://8.8.4.4:853
  fallback-filter:
    geoip: true
    geoip-code: CN
    geosite: #【Meta专属】设定geosite某分类使用fallback返回结果
      - gfw
    ipcidr:
      - 240.0.0.0/4
    domain:
      - "+.google.com"
      - "+.youtube.com"
      - "+.facebook.com"
      - "+.meta.com"
      - "+.twitter.com"
  fake-ip-filter:
    - "+.lan"
    - "+.localhost"
    - "+.localdomain"
    - "+.linksys.com"
    - "+.pool.ntp.org"
    - "+.stun.*.*"
    - "+.stun.*.*.*"
    - "+.stun.*.*.*.*"
    - "+.stun.*.*.*.*.*"
    - "*.n.n.srv.nintendo.net"
    - "+.stun.playstation.net"
    - "xbox.*.*.microsoft.com"
    - "*.*.xboxlive.com"
    - network-test.debian.org
    - "+.edu.cn"
    - localhost.ptlogin2.qq.com
tun:
  enable: true
  stack: system
  auto-route: true
  auto-detect-interface: true
  dns-hijack:
    - any:53
auto-redir:
  enable: true
  auto-route: true

proxies:
  # 支持的协议及加密算法示例请查阅 Clash 项目 README 以使用最新格式：https://github.com/Dreamacro/clash/blob/master/README.md

  # Shadowsocks 支持的加密方式:
  #   aes-128-gcm aes-192-gcm aes-256-gcm
  #   aes-128-cfb aes-192-cfb aes-256-cfb
  #   aes-128-ctr aes-192-ctr aes-256-ctr
  #   rc4-md5 chacha20-ietf xchacha20
  #   chacha20-ietf-poly1305 xchacha20-ietf-poly1305

  # Shadowsocks
  - name: "de-ss-6"
    type: ss
    server: _
    port: 21149
    cipher: aes-128-gcm
    password: _
    udp: true

  # Shadowsocks
  - name: "cn-nku312-ss-6"
    type: ss
    server: _
    port: 6931
    cipher: chacha20-ietf-poly1305
    password: _
    udp: true

  - name: "de-hys-6"
    type: hysteria
    server: _
    port: 21148
    auth_str: _
    alpn:
      - h3
    protocol: udp
    up: 110
    down: 110
    sni: wechat.com
    skip-cert-verify: true
    recv_window_conn: 17301504
    recv_window: 69206016
    disable_mtu_discovery: true

# 代理组策略
# 策略组示例请查阅 Clash 项目 README 以使用最新格式：https://github.com/Dreamacro/clash/blob/master/README.md
proxy-groups:
  - name: "manual"
    type: select
    disable-udp: true
    proxies:
      - "de-ss-6"
      - "cn-nku312-ss-6"
      - "de-hys-6"

  - name: "manual-with-udp"
    type: select
    disable-udp: false
    proxies:
      - "de-ss-6"
      - "cn-nku312-ss-6"
      - "de-hys-6"

  - name: "PROXY"
    type: select
    proxies:
      - "manual"
      - "manual-with-udp"

rule-providers:
  reject:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400

  icloud:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
    path: ./ruleset/icloud.yaml
    interval: 86400

  apple:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    path: ./ruleset/apple.yaml
    interval: 86400

  google:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
    path: ./ruleset/google.yaml
    interval: 86400

  proxy:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    path: ./ruleset/proxy.yaml
    interval: 86400

  direct:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    path: ./ruleset/direct.yaml
    interval: 86400

  private:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    path: ./ruleset/private.yaml
    interval: 86400

  gfw:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
    path: ./ruleset/gfw.yaml
    interval: 86400

  greatfire:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt"
    path: ./ruleset/greatfire.yaml
    interval: 86400

  tld-not-cn:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
    path: ./ruleset/tld-not-cn.yaml
    interval: 86400

  telegramcidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
    path: ./ruleset/telegramcidr.yaml
    interval: 86400

  cncidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
    path: ./ruleset/cncidr.yaml
    interval: 86400

  lancidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
    path: ./ruleset/lancidr.yaml
    interval: 86400

  applications:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
    path: ./ruleset/applications.yaml
    interval: 86400

rules:
  - DOMAIN,woiden.id,DIRECT
  - DOMAIN,hax.co.id,DIRECT
  - DOMAIN-SUFFIX,mobisys.cc,cn-nku312-ss-6
  - DOMAIN-SUFFIX,nankai.edu.cn,cn-nku312-ss-6
  - DOMAIN,wwwwodddd.com,DIRECT
  - DOMAIN-SUFFIX,googleapis.cn,PROXY
  - DOMAIN-SUFFIX,wakatime.com,DIRECT
  - DOMAIN-KEYWORD,eswin,DIRECT
  - DOMAIN-SUFFIX,transcliff.top,DIRECT
  - DOMAIN,www6.transcliff.top,cn-nku312-ss-6
  - DOMAIN,mc6.transcliff.top,cn-nku312-ss-6
  - DOMAIN,murmur6.transcliff.top,cn-nku312-ss-6
  - DOMAIN,time.is,DIRECT
  - DOMAIN-SUFFIX,ntyou.cc,DIRECT
  - DOMAIN,www.hostbuf.com,PROXY
  - DOMAIN-SUFFIX,overleaf.com,DIRECT
  - DOMAIN,clash.razord.top,DIRECT
  - DOMAIN,yacd.haishan.me,DIRECT
  - DOMAIN-SUFFIX,local,DIRECT
  - DOMAIN-SUFFIX,localdomain,DIRECT
  - DOMAIN-SUFFIX,localhost,DIRECT
  - RULE-SET,applications,DIRECT
  - RULE-SET,private,DIRECT
  - RULE-SET,reject,REJECT
  - RULE-SET,icloud,DIRECT
  - RULE-SET,apple,DIRECT
  - RULE-SET,google,DIRECT
  - RULE-SET,proxy,PROXY
  - RULE-SET,direct,DIRECT
  - RULE-SET,lancidr,DIRECT
  - RULE-SET,cncidr,DIRECT
  - RULE-SET,telegramcidr,PROXY
  - GEOIP,LAN,DIRECT
  - GEOIP,CN,DIRECT
  - MATCH,PROXY