github.com/yaling888/clash@v1.53.0/examples/template/local-client.yaml (about) 1 ################################################################### 2 # 3 # Work as a single local client, just replace the Subscription-1 URL. 4 # 作为本地客户端使用,只需替换Subscription-1的订阅链接. 5 # 6 ################################################################### 7 8 #mixed-port: 7890 9 #mitm-port: 7891 10 11 allow-lan: false 12 13 bind-address: '*' 14 15 # rule / script / global / direct (default value is rule) 16 mode: rule 17 18 # set log level to stdout (default value is info) 19 # debug / info / warning / error 20 log-level: warning 21 22 ipv6: false 23 24 sniffing: false 25 26 force-cert-verify: true 27 28 profile: 29 store-selected: true 30 store-fake-ip: true 31 # tracing: false # default value is true 32 33 experimental: 34 # udp-fallback-policy: 'proxy' # a proxy that supports UDP 35 36 # A RESTful API for clash 37 external-controller: 127.0.0.1:9090 38 39 # Secret for RESTful API (Optional) 40 #secret: xxxx 41 42 external-ui: ./dashboard 43 44 # outbound interface name 45 #interface-name: en0 46 47 tun: 48 enable: true 49 stack: system # system or gvisor, use gvisor on Windows if system not work 50 device: tun://utun 51 dns-hijack: 52 - any:53 53 - tcp://any:53 54 auto-route: true # auto set global route 55 auto-detect-interface: true # conflict with interface-name 56 57 hosts: 58 'localhost': '127.0.0.1' 59 60 dns: 61 enable: true 62 use-hosts: true 63 ipv6: false 64 remote-dns-resolve: true # default value is true 65 enhanced-mode: fake-ip 66 fake-ip-range: 198.18.0.1/16 67 # listen: 127.0.0.1:53 68 # nameserver-policy: 69 # '+.example.com': 192.168.1.254 70 default-nameserver: 71 - 119.29.29.29 72 - 223.6.6.6 73 proxy-server-nameserver: 74 - https://1.12.12.12/dns-query 75 - https://223.5.5.5/dns-query 76 nameserver: 77 - https://120.53.53.53/dns-query 78 - tls://223.6.6.6:853 79 remote-nameserver: 80 - tls://8.8.8.8:853 81 - tls://1.1.1.1:853 82 fallback: 83 - tcp://8.8.8.8:53#DNS-Proxy # if set `remote-dns-resolve` to false, then enable it. 84 fake-ip-filter: 85 - '*.lan' 86 # - '+.example.com' 87 fallback-filter: 88 geoip: false 89 geosite: 90 - gfw 91 # domain: 92 # - '+.example.com' 93 ipcidr: 94 - 0.0.0.0/32 95 96 #mitm: 97 # hosts: 98 # - '+.google.cn' 99 # rules: 100 # - ^https?://(.*)google\.cn(.*) url 307 https://$1google.com$2 101 102 proxy-groups: 103 - name: Auto 104 type: url-test 105 interval: 1200 106 tolerance: 150 107 url: http://www.gstatic.com/generate_204 108 use: &Use 109 - Subscription-1 110 111 - name: Geo-HK 112 type: url-test 113 interval: 600 114 tolerance: 100 115 url: http://www.gstatic.com/generate_204 116 filter: "HongKong|HK|香港" 117 use: *Use 118 119 - name: Geo-TW 120 type: url-test 121 interval: 600 122 tolerance: 100 123 url: http://www.gstatic.com/generate_204 124 filter: "Taiwan|TW|台湾" 125 use: *Use 126 127 - name: Geo-SG 128 type: url-test 129 interval: 600 130 tolerance: 100 131 url: http://www.gstatic.com/generate_204 132 filter: "Singapore|SG|新加坡" 133 use: *Use 134 135 - name: Geo-JP 136 type: url-test 137 interval: 600 138 tolerance: 100 139 url: http://www.gstatic.com/generate_204 140 filter: "Japan|JP|日本" 141 use: *Use 142 143 - name: Geo-US 144 type: url-test 145 interval: 600 146 tolerance: 100 147 url: http://www.gstatic.com/generate_204 148 filter: "America|United States|US|美国" 149 use: *Use 150 151 - name: Geo-UK 152 type: url-test 153 interval: 600 154 tolerance: 100 155 url: http://www.gstatic.com/generate_204 156 filter: "Britain|England|UK|英国" 157 use: *Use 158 159 - name: Geo-DE 160 type: url-test 161 interval: 600 162 tolerance: 100 163 url: http://www.gstatic.com/generate_204 164 filter: "Germany|Deutsch|DE|德国" 165 use: *Use 166 167 - name: Geo-CN 168 type: select 169 disable-dns: true 170 filter: "China|CN|中国" 171 use: *Use 172 proxies: 173 - DIRECT 174 175 - name: Block 176 type: select 177 use: *Use 178 proxies: 179 - REJECT 180 - DIRECT 181 - Geo-HK 182 - Geo-TW 183 - Geo-SG 184 - Geo-JP 185 - Geo-US 186 - Geo-UK 187 - Geo-DE 188 - Geo-CN 189 190 - name: Proxy 191 type: select 192 use: *Use 193 proxies: 194 - Auto 195 - Geo-HK 196 - Geo-TW 197 - Geo-SG 198 - Geo-JP 199 - Geo-US 200 - Geo-UK 201 - Geo-DE 202 - Geo-CN 203 - DIRECT 204 - Block 205 206 - name: DNS-Proxy 207 type: select 208 use: *Use 209 proxies: &Proxy 210 - Proxy 211 - Auto 212 - Geo-HK 213 - Geo-TW 214 - Geo-SG 215 - Geo-JP 216 - Geo-US 217 - Geo-UK 218 - Geo-DE 219 - Geo-CN 220 - DIRECT 221 - Block 222 223 - name: Netflix 224 type: select 225 use: *Use 226 proxies: *Proxy 227 228 - name: Apple 229 type: select 230 use: *Use 231 proxies: *Proxy 232 233 - name: iCloud 234 type: select 235 use: *Use 236 proxies: *Proxy 237 238 - name: MicrosoftCN 239 type: select 240 use: *Use 241 proxies: *Proxy 242 243 - name: PayPal 244 type: select 245 use: *Use 246 proxies: *Proxy 247 248 - name: Steam 249 type: select 250 use: *Use 251 proxies: *Proxy 252 253 - name: Game 254 type: select 255 use: *Use 256 proxies: *Proxy 257 258 - name: Facebook 259 type: select 260 use: *Use 261 proxies: *Proxy 262 263 - name: Twitter 264 type: select 265 use: *Use 266 proxies: *Proxy 267 268 - name: Telegram 269 type: select 270 use: *Use 271 proxies: *Proxy 272 273 - name: GlobalTV 274 type: select 275 use: *Use 276 proxies: *Proxy 277 278 - name: YouTube 279 type: select 280 use: *Use 281 proxies: *Proxy 282 283 - name: Spotify 284 type: select 285 use: *Use 286 proxies: *Proxy 287 288 - name: SpeedTest 289 type: select 290 use: *Use 291 proxies: *Proxy 292 293 - name: Download 294 type: select 295 use: *Use 296 proxies: *Proxy 297 298 - name: CN 299 type: select 300 disable-dns: true 301 use: *Use 302 proxies: *Proxy 303 304 - name: Mismatch 305 type: select 306 use: *Use 307 proxies: *Proxy 308 309 proxy-providers: 310 Subscription-1: 311 type: http 312 url: "URL" # replace this URL with your provider's subscription link 313 path: ./providers/Subscription-1.yaml 314 interval: 6h 315 # prefix-name: "S-" 316 # url-proxy: true 317 # udp: true 318 header: 319 User-Agent: 320 - "Clash/v1.11.8" 321 health-check: 322 enable: false 323 interval: 0 324 url: http://www.gstatic.com/generate_204 325 # lazy: false # default value is true 326 327 script: 328 # path: ./script.star 329 code: | 330 blockHosts = ['analytics', 'adservice', 'firebase', 'bugly', 'safebrowsing', 'doubleclick'] 331 directHosts = ['iosapps.itunes.apple.com', 'jetbrains.com', 'msftconnecttest.com'] 332 333 def main(ctx, metadata): 334 processName = ctx.resolve_process_name(metadata) 335 if processName == 'apsd': 336 return "DIRECT" 337 338 if processName == 'Telegram': 339 return "Telegram" 340 341 network = metadata["network"] 342 dst_port = int(metadata["dst_port"]) 343 if network == 'udp' and dst_port == 443: 344 return "REJECT" 345 346 if network == "udp" and (dst_port == 123 or (dst_port >= 136 and dst_port <=139)): 347 return "DIRECT" 348 349 host = metadata["host"] 350 for kw in blockHosts: 351 if kw in host: 352 return "REJECT" 353 354 if ctx.rule_providers['category-ads-all'].match(metadata): 355 return "Block" 356 357 for kw in directHosts: 358 if kw in host: 359 return "DIRECT" 360 361 if ctx.rule_providers['icloud'].match(metadata): 362 return "iCloud" 363 364 if ctx.rule_providers['apple'].match(metadata): 365 return "Apple" 366 367 if ctx.rule_providers['microsoft@cn'].match(metadata): 368 return "MicrosoftCN" 369 370 if ctx.rule_providers['paypal@cn'].match(metadata): 371 return "CN" 372 373 if ctx.rule_providers['paypal'].match(metadata): 374 return "PayPal" 375 376 if ctx.rule_providers['twitter'].match(metadata): 377 return "Twitter" 378 379 if ctx.rule_providers['facebook'].match(metadata): 380 return "Facebook" 381 382 if ctx.rule_providers['youtube'].match(metadata): 383 return "YouTube" 384 385 if ctx.rule_providers['geolocation-!cn'].match(metadata): 386 return "Proxy" 387 388 if ctx.rule_providers['geolocation-cn'].match(metadata): 389 return "CN" 390 391 code = "" 392 ip = metadata["dst_ip"] 393 if ip != "": 394 code = ctx.geoip(ip) 395 if code == "PRIVATE" or code == "LAN": 396 return "DIRECT" 397 if code == "TELEGRAM": 398 return "Telegram" 399 else: 400 ip = ctx.resolve_ip(host) 401 402 if ip == "": 403 return "Mismatch" 404 405 code = ctx.geoip(ip) if code == "" else code 406 if code == "CN": 407 return "CN" 408 409 return "Mismatch" # default policy for requests which are not matched by any other script 410 411 engine: expr # or starlark (10x to 20x slower) 412 shortcuts: 413 QUIC: | 414 network == "udp" and dst_port == 443 415 Privacy: | 416 any(["analytics", "adservice", "firebase", "safebrowsing", "doubleclick", "bugly", "bugsnag"], host contains #) 417 BilibiliUdp: | 418 network == "udp" and match_provider("bilibili") 419 DirectUdp: | 420 network == "udp" and (dst_port == 123 or (dst_port >= 136 and dst_port <=139)) 421 422 rules: 423 - PROCESS-NAME,apsd,DIRECT 424 425 - GEOIP,private,DIRECT,no-resolve 426 - GEOIP,telegram,Telegram,no-resolve 427 428 - SCRIPT,QUIC,REJECT # Disable QUIC 429 - SCRIPT,Privacy,REJECT 430 - SCRIPT,BilibiliUdp,REJECT 431 - SCRIPT,DirectUdp,DIRECT 432 433 - GEOSITE,category-ads-all,Block 434 435 - DOMAIN-SUFFIX,jetbrains.com,DIRECT 436 - DOMAIN-SUFFIX,msftconnecttest.com,DIRECT 437 - DOMAIN,iosapps.itunes.apple.com,DIRECT 438 439 - GEOSITE,icloud,iCloud 440 - GEOSITE,apple,Apple 441 - GEOSITE,microsoft@cn,MicrosoftCN 442 - GEOSITE,paypal@cn,CN 443 - GEOSITE,paypal,PayPal 444 - GEOSITE,twitter,Twitter 445 - GEOSITE,facebook,Facebook 446 - GEOSITE,youtube,YouTube 447 - GEOSITE,geolocation-!cn,Proxy 448 - GEOSITE,geolocation-cn,CN 449 450 - GEOIP,cn,CN 451 452 - MATCH,Mismatch