From ada7fceacaebf7f3dd735560a979df6201f776c7 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 26 Jun 2025 17:04:11 +0800 Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=96=B0=20loon/loon.conf?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- loon/loon.conf | 39 ++++++++++++++++++++++++++++++++------- 1 file changed, 32 insertions(+), 7 deletions(-) diff --git a/loon/loon.conf b/loon/loon.conf index 046528d..22d8b99 100644 --- a/loon/loon.conf +++ b/loon/loon.conf @@ -8,21 +8,21 @@ ip-mode = dual ipv6-vif = off -# DNS配置 - 增强防泄露 -dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114 -doh-server = https://doh.pub/dns-query,https://dns.alidns.com/dns-query,https://1.1.1.1/dns-query +# DNS配置 - 增强防泄露并优化速度 +dns-server = system,119.29.29.29,223.5.5.5,114.114.114.114,180.76.76.76 +doh-server = https://doh.pub/dns-query,https://dns.alidns.com/dns-query doq-server = quic://dns.adguard.com:784 doh3-server = h3://223.5.5.5/dns-query,h3://223.6.6.6/dns-query -# DNS安全配置 +# DNS安全配置 - 强化防泄露 sni-sniffing = true disable-stun = true dns-reject-mode = LoopbackIP domain-reject-mode = DNS -hijack-dns = *:53,8.8.8.8:53,8.8.4.4:53,1.1.1.1:53 +hijack-dns = *:53 # Real IP配置 - 防止FakeIP导致的问题 -real-ip = *.apple.com,*.icloud.com,*.push.apple.com,sequoia.apple.com,seed-sequoia.siri.apple.com,*.mzstatic.com,*.itunes.apple.com,*.crashlytics.com,*.facebook.com,*.instagram.com +real-ip = *.apple.com,*.icloud.com,*.push.apple.com,sequoia.apple.com,seed-sequoia.siri.apple.com,*.mzstatic.com,*.itunes.apple.com,*.crashlytics.com,*.facebook.com,*.instagram.com,*.812371.xyz,cnfus.812371.xyz,racknerdus.812371.xyz,niiiepl.812371.xyz # 网络配置 udp-fallback-mode = REJECT @@ -47,6 +47,9 @@ geoip-url = https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat skip-proxy = 192.168.0.0/16,10.0.0.0/8,172.16.0.0/12,localhost,*.local,e.crashlynatics.com bypass-tun = 10.0.0.0/8,100.64.0.0/10,127.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.0.0.0/24,192.0.2.0/24,192.88.99.0/24,192.168.0.0/16,198.51.100.0/24,203.0.113.0/24,224.0.0.0/4,255.255.255.255/32 +# 防止WebRTC泄露 +disable-udp-ports = 80,443 + [Proxy] 🇯🇵 WAP SS = shadowsocks,103.238.129.85,8546,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false 🇯🇵 橙子云 SS = shadowsocks,74.113.96.208,21001,2022-blake3-aes-128-gcm,"gGbxvQIGYnsd8KNv0DzwzA==",fast-open=true,udp=true,block-quic=false @@ -98,16 +101,24 @@ isif = http://152.53.33.92:50004/hatGZgTX6VUe2T2EwZJjf4PY3sr7/download/isif18r?t [Proxy Chain] [Rule] -# DNS防泄露规则 +# DNS防泄露规则 - 强化版 DOMAIN,dns.google,REJECT DOMAIN,dns.google.com,REJECT DOMAIN,dns64.dns.google,REJECT DOMAIN,cloudflare-dns.com,REJECT DOMAIN-SUFFIX,doh.opendns.com,REJECT +DOMAIN-KEYWORD,dnsleaktest,REJECT +DOMAIN-KEYWORD,ipleak,REJECT +DOMAIN-KEYWORD,whoer,REJECT +DOMAIN,browserleaks.com,REJECT +DOMAIN,ipx.ac,REJECT IP-CIDR,8.8.8.8/32,REJECT,no-resolve IP-CIDR,8.8.4.4/32,REJECT,no-resolve IP-CIDR,1.1.1.1/32,REJECT,no-resolve IP-CIDR,1.0.0.1/32,REJECT,no-resolve +IP-CIDR,208.67.222.222/32,REJECT,no-resolve +IP-CIDR,208.67.220.220/32,REJECT,no-resolve +IP-CIDR,9.9.9.9/32,REJECT,no-resolve # 工具应用 DOMAIN-KEYWORD,1password,🐧 论坛 @@ -173,6 +184,14 @@ dns.google = reject 1.0.0.1 = reject 208.67.222.222 = reject 208.67.220.220 = reject +9.9.9.9 = reject +149.112.112.112 = reject +# 阻止DNS泄露检测网站 +dnsleaktest.com = reject +ipleak.net = reject +whoer.net = reject +browserleaks.com = reject +ipx.ac = reject # 苹果服务使用直连DNS *.apple.com = server:system @@ -187,6 +206,12 @@ dns.google = reject *.weibo.com = server:119.29.29.29 *.douyin.com = server:223.5.5.5 +# 特定域名使用快速DNS +*.812371.xyz = server:119.29.29.29 +cnfus.812371.xyz = server:119.29.29.29 +racknerdus.812371.xyz = server:119.29.29.29 +niiiepl.812371.xyz = server:119.29.29.29 + [Rewrite] [Script]