引入
路由器中的代理方式已全部换成TPROXY,TCP和UDP都是TPROXY,DNS使用Redit-Host
如果是客户端使用,仍然推荐使用fake-ip
具体配置
port: 8080
socks-port: 1080
allow-lan: true
bind-address: "*"
mode: rule
log-level: debug
ipv6: false
profile:
store-selected: true
store-fake-ip: false
unified-delay: true
tcp-concurrent: true
dns-servers:
proxy-doh: &proxy-doh 10.115.15.1:1553
direct-doh: &direct-doh 10.115.15.1:1563
dns:
enable: true
cache-algorithm: arc
respect-rules: true
prefer-h3: false
use-system-hosts: true
ipv6: false
listen: "[::]:1053"
enhanced-mode: redir-host
use-hosts: true
rebind: false
default-nameserver:
- 223.5.5.5
proxy-server-nameserver:
- 223.5.5.5
nameserver:
- *proxy-doh
nameserver-policy:
"rule-set:violet-ruleset-proxy":
- *proxy-doh
"rule-set:violet-ruleset-direct":
- *direct-doh
"rule-set:violet-ruleset-dns":
- *proxy-doh
"geosite:category-games,category-game-platforms-download,category-game-accelerator-cn":
- *direct-doh
"geosite:category-ai-!cn,tiktok,spotify":
- *proxy-doh
"geosite:geolocation-!cn@cn":
- *direct-doh
"geosite:geolocation-!cn,geolocation-cn@!cn":
- *proxy-doh
"geosite:geolocation-cn,tld-cn":
- *direct-doh
"geosite:category-dev":
- *proxy-doh
proxies:
- name: BWH_US
- name: DMIT_TYO
default-group: &default-group
proxies: [PROXY, DIRECT]
proxy-groups:
- { name: PROXY, type: select, proxies: [BWH_US, DMIT_TYO, DIRECT] }
- { name: DNS, type: select, <<: *default-group }
- { name: GAME, type: select, <<: *default-group }
- { name: MATCH, type: select, <<: *default-group }
rule-providers:
violet-ruleset-proxy:
type: http
behavior: classical
format: yaml
url: ""
violet-ruleset-direct:
type: http
behavior: classical
format: yaml
url: ""
violet-ruleset-dns:
type: http
behavior: classical
format: yaml
url: ""
rules:
- AND,((NETWORK,UDP),(DST-PORT,443)),REJECT
- RULE-SET,violet-ruleset-proxy,PROXY
- RULE-SET,violet-ruleset-direct,DIRECT
- RULE-SET,violet-ruleset-dns,DNS
- GEOSITE,category-games,GAME
- GEOSITE,category-game-platforms-download,GAME
- GEOSITE,category-game-accelerator-cn,GAME
- GEOSITE,geolocation-!cn@cn,DIRECT
- GEOSITE,geolocation-!cn,PROXY
- GEOSITE,geolocation-cn@!cn,PROXY
- GEOSITE,geolocation-cn,DIRECT
- GEOSITE,tld-cn,DIRECT
- GEOSITE,category-dev,PROXY
- GEOIP,CN,DIRECT
- GEOIP,private,DIRECT
- MATCH,MATCH
find-process-mode: off
keep-alive-idle: 600
keep-alive-interval: 15
external-ui: ui
external-ui-url: https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip
external-controller: "[::]:9090"
secret: "998879"
mixed-port: 7890
redir-port: 7891
tproxy-port: 7892
tun:
enable: false
auto-route: false
auto-redirect: false
auto-detect-interface: false
device: nikki
stack: system
mtu: 9000
gso: true
gso-max-size: 65536
endpoint-independent-nat: false
sniffer:
enable: true
force-dns-mapping: false
parse-pure-ip: true
override-destination: true
sniff:
HTTP:
ports: [80, 8080-8880]
TLS:
ports: [443, 8443]
QUIC:
ports: [443, 8443]
geodata-mode: true
geodata-loader: standard
geox-url:
geosite: https://testingcf.jsdelivr.net/gh/v2fly/domain-list-community@release/dlc.dat
mmdb: https://ghfast.top/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.metadb
geoip: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/geoip.dat
asn: https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/GeoLite2-ASN.mmdb
geo-auto-update: true
geo-update-interval: 30此处只对部分配置做出说明
DNS配置
rebind: false
default-nameserver:
- 223.5.5.5
nameserver:
- https://cloudflare-dns.com/dns-query
nameserver-policy:
"geosite:cn,private,category-game-accelerator-cn,category-games,apple,apple-cn":
- 127.0.0.1:53
proxy-server-nameserver:
- 127.0.0.1:53- rebind:如果DNS返回的IP为内网IP则丢弃,关闭原因是对自己使用的DNS提供商足够自信,不会有DNS污染,自己有一些服务部署在内网,配置了域名,需要获取到内网IP
- default-nameserver:用于解析nameserver中的IP,也可以使用基于IP的HTTPS
- nameserver:默认DNS,除了nameserver-policy中指定的,其余都使用这个DNS
- nameserver-policy:DNS分流规则
- geosite,private,category-game-accelerator-cn,category-games,apple,apple-cn:直连DNS
- proxy-server-nameserver:节点中的域名解析为IP使用的DNS
嗅探
启用并配置对应需要嗅探的端口
其他
- find-process-mode:匹配进程,路由器中不需要
- tun:不需要,使用TPROXY
最终效果
类型为TProxy 域名匹配规则生效 分流正常
