github.com/sagernet/sing-box@v1.9.0-rc.20/docs/configuration/route/rule.md (about) 1 !!! quote "Changes in sing-box 1.8.0" 2 3 :material-plus: [rule_set](#rule_set) 4 :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) 5 :material-plus: [source_ip_is_private](#source_ip_is_private) 6 :material-plus: [ip_is_private](#ip_is_private) 7 :material-delete-clock: [source_geoip](#source_geoip) 8 :material-delete-clock: [geoip](#geoip) 9 :material-delete-clock: [geosite](#geosite) 10 11 ### Structure 12 13 ```json 14 { 15 "route": { 16 "rules": [ 17 { 18 "inbound": [ 19 "mixed-in" 20 ], 21 "ip_version": 6, 22 "network": [ 23 "tcp" 24 ], 25 "auth_user": [ 26 "usera", 27 "userb" 28 ], 29 "protocol": [ 30 "tls", 31 "http", 32 "quic" 33 ], 34 "domain": [ 35 "test.com" 36 ], 37 "domain_suffix": [ 38 ".cn" 39 ], 40 "domain_keyword": [ 41 "test" 42 ], 43 "domain_regex": [ 44 "^stun\\..+" 45 ], 46 "geosite": [ 47 "cn" 48 ], 49 "source_geoip": [ 50 "private" 51 ], 52 "geoip": [ 53 "cn" 54 ], 55 "source_ip_cidr": [ 56 "10.0.0.0/24", 57 "192.168.0.1" 58 ], 59 "source_ip_is_private": false, 60 "ip_cidr": [ 61 "10.0.0.0/24", 62 "192.168.0.1" 63 ], 64 "ip_is_private": false, 65 "source_port": [ 66 12345 67 ], 68 "source_port_range": [ 69 "1000:2000", 70 ":3000", 71 "4000:" 72 ], 73 "port": [ 74 80, 75 443 76 ], 77 "port_range": [ 78 "1000:2000", 79 ":3000", 80 "4000:" 81 ], 82 "process_name": [ 83 "curl" 84 ], 85 "process_path": [ 86 "/usr/bin/curl" 87 ], 88 "package_name": [ 89 "com.termux" 90 ], 91 "user": [ 92 "sekai" 93 ], 94 "user_id": [ 95 1000 96 ], 97 "clash_mode": "direct", 98 "wifi_ssid": [ 99 "My WIFI" 100 ], 101 "wifi_bssid": [ 102 "00:00:00:00:00:00" 103 ], 104 "rule_set": [ 105 "geoip-cn", 106 "geosite-cn" 107 ], 108 "rule_set_ipcidr_match_source": false, 109 "invert": false, 110 "outbound": "direct" 111 }, 112 { 113 "type": "logical", 114 "mode": "and", 115 "rules": [], 116 "invert": false, 117 "outbound": "direct" 118 } 119 ] 120 } 121 } 122 123 ``` 124 125 !!! note "" 126 127 You can ignore the JSON Array [] tag when the content is only one item 128 129 ### Default Fields 130 131 !!! note "" 132 133 The default rule uses the following matching logic: 134 (`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `geosite` || `geoip` || `ip_cidr` || `ip_is_private`) && 135 (`port` || `port_range`) && 136 (`source_geoip` || `source_ip_cidr` || `source_ip_is_private`) && 137 (`source_port` || `source_port_range`) && 138 `other fields` 139 140 Additionally, included rule sets can be considered merged rather than as a single rule sub-item. 141 142 #### inbound 143 144 Tags of [Inbound](/configuration/inbound/). 145 146 #### ip_version 147 148 4 or 6. 149 150 Not limited if empty. 151 152 #### auth_user 153 154 Username, see each inbound for details. 155 156 #### protocol 157 158 Sniffed protocol, see [Sniff](/configuration/route/sniff/) for details. 159 160 #### network 161 162 `tcp` or `udp`. 163 164 #### domain 165 166 Match full domain. 167 168 #### domain_suffix 169 170 Match domain suffix. 171 172 #### domain_keyword 173 174 Match domain using keyword. 175 176 #### domain_regex 177 178 Match domain using regular expression. 179 180 #### geosite 181 182 !!! failure "Deprecated in sing-box 1.8.0" 183 184 Geosite is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geosite-to-rule-sets). 185 186 Match geosite. 187 188 #### source_geoip 189 190 !!! failure "Deprecated in sing-box 1.8.0" 191 192 GeoIP is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geoip-to-rule-sets). 193 194 Match source geoip. 195 196 #### geoip 197 198 !!! failure "Deprecated in sing-box 1.8.0" 199 200 GeoIP is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geoip-to-rule-sets). 201 202 Match geoip. 203 204 #### source_ip_cidr 205 206 Match source IP CIDR. 207 208 #### ip_is_private 209 210 !!! question "Since sing-box 1.8.0" 211 212 Match non-public IP. 213 214 #### ip_cidr 215 216 Match IP CIDR. 217 218 #### source_ip_is_private 219 220 !!! question "Since sing-box 1.8.0" 221 222 Match non-public source IP. 223 224 #### source_port 225 226 Match source port. 227 228 #### source_port_range 229 230 Match source port range. 231 232 #### port 233 234 Match port. 235 236 #### port_range 237 238 Match port range. 239 240 #### process_name 241 242 !!! quote "" 243 244 Only supported on Linux, Windows, and macOS. 245 246 Match process name. 247 248 #### process_path 249 250 !!! quote "" 251 252 Only supported on Linux, Windows, and macOS. 253 254 Match process path. 255 256 #### package_name 257 258 Match android package name. 259 260 #### user 261 262 !!! quote "" 263 264 Only supported on Linux. 265 266 Match user name. 267 268 #### user_id 269 270 !!! quote "" 271 272 Only supported on Linux. 273 274 Match user id. 275 276 #### clash_mode 277 278 Match Clash mode. 279 280 #### wifi_ssid 281 282 !!! quote "" 283 284 Only supported in graphical clients on Android and Apple platforms. 285 286 Match WiFi SSID. 287 288 #### wifi_bssid 289 290 !!! quote "" 291 292 Only supported in graphical clients on Android and Apple platforms. 293 294 Match WiFi BSSID. 295 296 #### rule_set 297 298 !!! question "Since sing-box 1.8.0" 299 300 Match [Rule Set](/configuration/route/#rule_set). 301 302 #### rule_set_ipcidr_match_source 303 304 !!! question "Since sing-box 1.8.0" 305 306 Make `ipcidr` in rule sets match the source IP. 307 308 #### invert 309 310 Invert match result. 311 312 #### outbound 313 314 ==Required== 315 316 Tag of the target outbound. 317 318 ### Logical Fields 319 320 #### type 321 322 `logical` 323 324 #### mode 325 326 ==Required== 327 328 `and` or `or` 329 330 #### rules 331 332 ==Required== 333 334 Included rules.