port: 7890 socks-port: 7891 redir-port: 7892 allow-lan: false mode: rule log-level: silent external-controller: '0.0.0.0:9090' secret: '' proxies: - name: "🇩🇪 xTom Hysteria2" type: hysteria2 server: 194.169.54.78 port: 8449 password: gGbxvQIGYnsd8KNv0DzwzA== sni: germany.domainbill.site skip-cert-verify: alpn: - h3 auth: gGbxvQIGYnsd8KNv0DzwzA== fast-open: false servername: germany.domainbill.site - name: "🇯🇵 WAP Hysteria2" type: hysteria2 server: 103.238.129.85 port: 8543 password: gGbxvQIGYnsd8KNv0DzwzA== sni: jpp.domainbill.site skip-cert-verify: alpn: - h3 auth: gGbxvQIGYnsd8KNv0DzwzA== fast-open: false servername: jpp.domainbill.site - name: "🇹🇼 GCP Hysteria2" type: hysteria2 server: 35.189.163.21 port: 8649 password: gGbxvQIGYnsd8KNv0DzwzA== sni: gcpaaaa.812371.xyz skip-cert-verify: alpn: - h3 auth: gGbxvQIGYnsd8KNv0DzwzA== fast-open: false servername: gcpaaaa.812371.xyz - name: "🇸🇬 AWS Hysteria2" type: hysteria2 server: 13.228.3.82 port: 8749 password: gGbxvQIGYnsd8KNv0DzwzA== sni: lightsailxjp.812371.xyz skip-cert-verify: alpn: - h3 auth: gGbxvQIGYnsd8KNv0DzwzA== fast-open: false servername: lightsailxjp.812371.xyz - name: "🇭🇰 WAP Hysteria2" type: hysteria2 server: 89.213.156.3 port: 8849 password: gGbxvQIGYnsd8KNv0DzwzA== sni: hkp.812371.xyz skip-cert-verify: alpn: - h3 auth: gGbxvQIGYnsd8KNv0DzwzA== fast-open: false servername: hkp.812371.xyz proxy-groups: - name: '🚀 节点选择' type: select proxies: - DIRECT - '🇯🇵 WAP Hysteria2' - '🇩🇪 xTom Hysteria2' - '🇸🇬 AWS Hysteria2' - '🇹🇼 GCP Hysteria2' - '🇭🇰 WAP Hysteria2' - name: "💚 NTRRR自动切换" type: fallback url: "https://stream.ntrrr.top" interval: 200 tolerance: 1000 proxies: - 🇹🇼 GCP Hysteria2 - 🇭🇰 WAP Hysteria2 - 🇯🇵 WAP Hysteria2 - name: '🌍 国外媒体' type: select proxies: - '🚀 节点选择' - '🎯 全球直连' - '🇩🇪 审计连接' - name: '📲 电报信息' type: select proxies: - '🚀 节点选择' - '🎯 全球直连' - '🇩🇪 审计连接' - name: 'Ⓜ️ 微软服务' type: select proxies: - '🎯 全球直连' - '🚀 节点选择' - '🇩🇪 审计连接' - name: '🍎 苹果服务' type: select proxies: - '🚀 节点选择' - '🎯 全球直连' - '🇩🇪 审计连接' - name: '📢 谷歌FCM' type: select proxies: - '🚀 节点选择' - '🎯 全球直连' - '🇩🇪 审计连接' - name: '🎯 全球直连' type: select proxies: - DIRECT - '🚀 节点选择' - name: '🛑 全球拦截' type: select proxies: - REJECT - DIRECT - name: '🍃 应用净化' type: select proxies: - REJECT - DIRECT - name: '🐟 漏网之鱼' type: select proxies: - '🚀 节点选择' - '🎯 全球直连' - '🇩🇪 审计连接' - name: '🇩🇪 审计连接' type: select proxies: - '🇩🇪 xTom Hysteria2' rules: - DOMAIN,stream.ntrrr.top,💚 NTRRR自动切换 - DOMAIN,emby2.misakaf.org ,🚀 节点选择 - IP-CIDR,194.169.54.78/8,🎯 全球直连 - IP-CIDR,13.113.147.158/8,🎯 全球直连 - DOMAIN-SUFFIX,bsapce.cn,🎯 全球直连 - DOMAIN-KEYWORD,hhanclub,🇩🇪 审计连接 - DOMAIN-SUFFIX,ozoo.top,🇩🇪 审计连接 - RULE-SET,applications,🎯 全球直连 - DOMAIN,clash.razord.top,🎯 全球直连 - DOMAIN,yacd.haishan.me,🎯 全球直连 - RULE-SET,private,🎯 全球直连 - RULE-SET,reject,🍃 应用净化 - RULE-SET,icloud,🍎 苹果服务 - RULE-SET,apple,🍎 苹果服务 - RULE-SET,google,📢 谷歌FCM - RULE-SET,proxy,🚀 节点选择 - RULE-SET,direct,🎯 全球直连 - RULE-SET,lancidr,🎯 全球直连 - RULE-SET,cncidr,🎯 全球直连 - RULE-SET,telegramcidr,📲 电报信息 - GEOIP,LAN,🎯 全球直连 - GEOIP,CN,🎯 全球直连 - MATCH,🐟 漏网之鱼 rule-providers: reject: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt" path: ./ruleset/reject.yaml interval: 86400 icloud: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt" path: ./ruleset/icloud.yaml interval: 86400 apple: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt" path: ./ruleset/apple.yaml interval: 86400 google: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt" path: ./ruleset/google.yaml interval: 86400 proxy: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt" path: ./ruleset/proxy.yaml interval: 86400 direct: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt" path: ./ruleset/direct.yaml interval: 86400 private: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt" path: ./ruleset/private.yaml interval: 86400 gfw: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt" path: ./ruleset/gfw.yaml interval: 86400 tld-not-cn: type: http behavior: domain url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt" path: ./ruleset/tld-not-cn.yaml interval: 86400 telegramcidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt" path: ./ruleset/telegramcidr.yaml interval: 86400 cncidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt" path: ./ruleset/cncidr.yaml interval: 86400 lancidr: type: http behavior: ipcidr url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt" path: ./ruleset/lancidr.yaml interval: 86400 applications: type: http behavior: classical url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt" path: ./ruleset/applications.yaml interval: 86400 # DNS 服务器配置(可选;若不配置,程序内置的 DNS 服务会被关闭) dns: enable: true listen: 0.0.0.0:53 ipv6: true # 当此选项为 false 时, AAAA 请求将返回空 # 以下填写的 DNS 服务器将会被用来解析 DNS 服务的域名 # 仅填写 DNS 服务器的 IP 地址 default-nameserver: - 114.114.114.114 - 223.5.5.5 - 8.8.8.8 enhanced-mode: fake-ip # 或 redir-host fake-ip-range: 198.18.0.1/16 # Fake IP 地址池 (CIDR 形式) # use-hosts: true # 查询 hosts 并返回 IP 记录 # 在以下列表的域名将不会被解析为 fake ip,这些域名相关的解析请求将会返回它们真实的 IP 地址 fake-ip-filter: # 以下域名列表参考自 vernesong/OpenClash 项目,并由 Hackl0us 整理补充 - '*.lan' - '*.localdomain' - '*.example' - '*.invalid' - '*.localhost' - '*.test' - '*.local' - '*.home.arpa' - 'time.*.com' - 'time.*.gov' - 'time.*.edu.cn' - 'time.*.apple.com' - 'time1.*.com' - 'time2.*.com' - 'time3.*.com' - 'time4.*.com' - 'time5.*.com' - 'time6.*.com' - 'time7.*.com' - 'ntp.*.com' - 'ntp1.*.com' - 'ntp2.*.com' - 'ntp3.*.com' - 'ntp4.*.com' - 'ntp5.*.com' - 'ntp6.*.com' - 'ntp7.*.com' - '*.time.edu.cn' - '*.ntp.org.cn' - '+.pool.ntp.org' - 'time1.cloud.tencent.com' - 'music.163.com' - '*.music.163.com' - '*.126.net' - 'musicapi.taihe.com' - 'music.taihe.com' - 'songsearch.kugou.com' - 'trackercdn.kugou.com' - '*.kuwo.cn' - 'api-jooxtt.sanook.com' - 'api.joox.com' - 'joox.com' - 'y.qq.com' - '*.y.qq.com' - 'streamoc.music.tc.qq.com' - 'mobileoc.music.tc.qq.com' - 'isure.stream.qqmusic.qq.com' - 'dl.stream.qqmusic.qq.com' - 'aqqmusic.tc.qq.com' - 'amobile.music.tc.qq.com' - '*.xiami.com' - '*.music.migu.cn' - 'music.migu.cn' - '*.msftconnecttest.com' - '*.msftncsi.com' - 'msftconnecttest.com' - 'msftncsi.com' - 'localhost.ptlogin2.qq.com' - 'localhost.sec.qq.com' - '+.srv.nintendo.net' - '+.stun.playstation.net' - 'xbox.*.microsoft.com' - '*.*.xboxlive.com' - '+.battlenet.com.cn' - '+.wotgame.cn' - '+.wggames.cn' - '+.wowsgame.cn' - '+.wargaming.net' - 'proxy.golang.org' - 'stun.*.*' - 'stun.*.*.*' - '+.stun.*.*' - '+.stun.*.*.*' - '+.stun.*.*.*.*' - 'heartbeat.belkin.com' - '*.linksys.com' - '*.linksyssmartwifi.com' - '*.router.asus.com' - 'mesu.apple.com' - 'swscan.apple.com' - 'swquery.apple.com' - 'swdownload.apple.com' - 'swcdn.apple.com' - 'swdist.apple.com' - 'lens.l.google.com' - 'stun.l.google.com' - '+.nflxvideo.net' - '*.square-enix.com' - '*.finalfantasyxiv.com' - '*.ffxiv.com' - '*.mcdn.bilivideo.cn' - WORKGROUP # 支持 UDP / TCP / DoT / DoH 协议的 DNS 服务,可以指明具体的连接端口号。 # 所有 DNS 请求将会直接发送到服务器,不经过任何代理。 # Clash 会使用最先获得的解析记录回复 DNS 请求 nameserver: - https://doh.pub/dns-query - https://dns.alidns.com/dns-query # 当 fallback 参数被配置时, DNS 请求将同时发送至上方 nameserver 列表和下方 fallback 列表中配置的所有 DNS 服务器. # 当解析得到的 IP 地址的地理位置不是 CN 时,clash 将会选用 fallback 中 DNS 服务器的解析结果。 # fallback: # - https://dns.google/dns-query # 如果使用 nameserver 列表中的服务器解析的 IP 地址在下方列表中的子网中,则它们被认为是无效的, # Clash 会选用 fallback 列表中配置 DNS 服务器解析得到的结果。 # # 当 fallback-filter.geoip 为 true 且 IP 地址的地理位置为 CN 时, # Clash 会选用 nameserver 列表中配置 DNS 服务器解析得到的结果。 # # 当 fallback-filter.geoip 为 false, 如果解析结果不在 fallback-filter.ipcidr 范围内, # Clash 总会选用 nameserver 列表中配置 DNS 服务器解析得到的结果。 # # 采取以上逻辑进行域名解析是为了对抗 DNS 投毒攻击。 fallback-filter: geoip: false ipcidr: - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 domain: - '+.google.com' - '+.facebook.com' - '+.youtube.com' - '+.githubusercontent.com' - '+.googlevideo.com'