更新 loon/loon.conf

2025-06-26 17:09:36 +08:00 · 2025-06-26 17:09:36 +08:00 · 01b0dd6ae3
commit 01b0dd6ae3
parent ada7fceaca
1 changed files with 8 additions and 44 deletions
--- a/loon/loon.conf
+++ b/loon/loon.conf
@ -8,18 +8,16 @@
 ip-mode = dual
 ipv6-vif = off

-# DNS配置 - 增强防泄露并优化速度
-dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114,180.76.76.76
+# DNS配置 - 平衡防泄露和连接稳定性
+dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114
 doh-server = https://doh.pub/dns-query,https://dns.alidns.com/dns-query
 doq-server = quic://dns.adguard.com:784
-doh3-server = h3://223.5.5.5/dns-query,h3://223.6.6.6/dns-query

-# DNS安全配置 - 强化防泄露
+# DNS安全配置
 sni-sniffing = true
 disable-stun = true
 dns-reject-mode = LoopbackIP
 domain-reject-mode = DNS
-hijack-dns = *:53

 # Real IP配置 - 防止FakeIP导致的问题
 real-ip = *.apple.com,*.icloud.com,*.push.apple.com,sequoia.apple.com,seed-sequoia.siri.apple.com,*.mzstatic.com,*.itunes.apple.com,*.crashlytics.com,*.facebook.com,*.instagram.com,*.812371.xyz,cnfus.812371.xyz,racknerdus.812371.xyz,niiiepl.812371.xyz
@ -47,9 +45,6 @@ geoip-url = https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat
 skip-proxy = 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,localhost,*.local,e.crashlynatics.com
 bypass-tun = 10.0.0.0/8,100.64.0.0/10,127.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.0.0.0/24,192.0.2.0/24,192.88.99.0/24,192.168.0.0/16,198.51.100.0/24,203.0.113.0/24,224.0.0.0/4,255.255.255.255/32

-# 防止WebRTC泄露
-disable-udp-ports = 80,443
-
 [Proxy]
 🇯🇵 WAP SS = shadowsocks,103.238.129.85,8546,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false
 🇯🇵 橙子云 SS = shadowsocks,74.113.96.208,21001,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false
@ -101,24 +96,9 @@ isif = http://152.53.33.92:50004/hatGZgTX6VUe2T2EwZJjf4PY3sr7/download/isif18r?t

 [Proxy Chain]
 [Rule]
-# DNS防泄露规则 - 强化版
-DOMAIN,dns.google,REJECT
-DOMAIN,dns.google.com,REJECT
-DOMAIN,dns64.dns.google,REJECT
-DOMAIN,cloudflare-dns.com,REJECT
-DOMAIN-SUFFIX,doh.opendns.com,REJECT
+# DNS防泄露规则 - 温和版
 DOMAIN-KEYWORD,dnsleaktest,REJECT
 DOMAIN-KEYWORD,ipleak,REJECT
-DOMAIN-KEYWORD,whoer,REJECT
-DOMAIN,browserleaks.com,REJECT
-DOMAIN,ipx.ac,REJECT
-IP-CIDR,8.8.8.8/32,REJECT,no-resolve
-IP-CIDR,8.8.4.4/32,REJECT,no-resolve
-IP-CIDR,1.1.1.1/32,REJECT,no-resolve
-IP-CIDR,1.0.0.1/32,REJECT,no-resolve
-IP-CIDR,208.67.222.222/32,REJECT,no-resolve
-IP-CIDR,208.67.220.220/32,REJECT,no-resolve
-IP-CIDR,9.9.9.9/32,REJECT,no-resolve

 # 工具应用
 DOMAIN-KEYWORD,1password,🐧 论坛
@ -175,23 +155,10 @@ https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/OKX/OK
 https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/Gemini/Gemini.list, policy=🤖 Gemini, tag=Gemini, enabled=true
 https://cdn.jsdelivr.net/gh/blackmatrix7/ios_rule_script@master/rule/Loon/WeChat/WeChat.list, policy=🎯 全球直连, tag=WeChat, enabled=true
 [Host]
-# DNS映射 - 防止DNS泄露
-# 阻止常见的DNS泄露地址
-dns.google = reject
-8.8.8.8 = reject
-8.8.4.4 = reject
-1.1.1.1 = reject
-1.0.0.1 = reject
-208.67.222.222 = reject
-208.67.220.220 = reject
-9.9.9.9 = reject
-149.112.112.112 = reject
-# 阻止DNS泄露检测网站
+# DNS映射 - 温和的防泄露
+# 阻止部分DNS泄露检测网站
 dnsleaktest.com = reject
 ipleak.net = reject
-whoer.net = reject
-browserleaks.com = reject
-ipx.ac = reject

 # 苹果服务使用直连DNS
 *.apple.com = server:system
@ -206,11 +173,8 @@ ipx.ac = reject
 *.weibo.com = server:119.29.29.29
 *.douyin.com = server:223.5.5.5

-# 特定域名使用快速DNS
-*.812371.xyz = server:119.29.29.29
-cnfus.812371.xyz = server:119.29.29.29
-racknerdus.812371.xyz = server:119.29.29.29
-niiiepl.812371.xyz = server:119.29.29.29
+# 特定域名优化 - 仅使用系统DNS
+*.812371.xyz = server:system

 [Rewrite]