#路由规则
规则将按照从上到下的顺序匹配,匹配到规则不再往下匹配。
如请求为 udp,而代理节点没有 udp 支持 (例如`ss`节点没写`udp: true`),则会继续向下匹配
出站策略:
DIRECT、REJECT、策略组名字、节点名字、sub-rule
  rules:
  - DOMAIN-SUFFIX,google.com,Proxy  #匹配域名后缀(交由Proxy代理服务器组)
  - DOMAIN,google.com,REJECT  #匹配域名(拒绝)
  - DOMAIN-KEYWORD,google,Proxy  #匹配域名关键字(交由Proxy代理服务器组)
  - IP-CIDR,127.0.0.0/8,DIRECT  #匹配数据目标IP(直连)
  - SRC-IP-CIDR,192.168.1.201/32,direct-wan1  #匹配数据发起IP(走WAN1口直连)
  - DST-PORT,80,DIRECT  #匹配数据目标端口(直连)(114-514/810-1919,65530)
  - SRC-PORT,7777,DIRECT  #匹配数据源端口(直连)
  - NETWORK,udp,DIRECT  #网络协议匹配
  - DSCP,4,DIRECT  #DSCP标记匹配 (仅限 tproxy udp 入站)
  - AND,((DOMAIN,baidu.com),(NETWORK,UDP)),DIRECT  #同时满足要求匹配
  - OR,((NETWORK,UDP),(DOMAIN,baidu.com)),REJECT  #满足任意要求匹配
  - NOT,((DOMAIN,baidu.com)),PROXY  #不匹配 baidu.com 的域名(交由Proxy代理服务器组)
  - RULE-SET,youtube,proxy  #规则集匹配
  - GEOSITE,youtube,PROXY  #GEOSITE数据库匹配
  - GEOIP,CN,DIRECT  #GEOIP数据库匹配
  - IP-ASN,13335,DIRECT  #目标ASN匹配(ASN数据库)
  - IN-TYPE,SOCKS/HTTP,PROXY
  - PROCESS-NAME,chrome.exe,PROXY
  - SUB-RULE,(NETWORK,tcp),sub-rule  #子规则匹配
  - MATCH,auto
墙内机器或者IPv6 only机器,安装 np 或者安装面板,可能会遇到连接 github 或者 ghrc.io 不通的情况,可以使用以下在 worker 上部署的反代项目

项目: https://github.com/fscarmen2/Cloudflare-Accel

demo: https://accel.forvps.gq/
GitHub
GitHub - fscarmen2/Cloudflare-Accel: 基于 Cloudflare Workers 的 GitHub 和 Docker 加速服务,自动生成加速链接与命令。
GitHub - fscarmen2/Cloudflare-Accel: 基于 Cloudflare Workers 的 GitHub 和 Docker 加速服务,自动生成加速链接与命令。
基于 Cloudflare Workers 的 GitHub 和 Docker 加速服务,自动生成加速链接与命令。 - fscarmen2/Cloudflare-Accel
#!/usr/sbin/nft -f

flush ruleset

define RESERVED_IP = {
    0.0.0.0/8,
    10.0.0.0/8,
    127.0.0.0/8,
    169.254.0.0/16,
    172.16.0.0/12,
    192.0.0.0/24,
    192.168.0.0/16,
    224.0.0.0/4,
    240.0.0.0/4
}

define LOCAL_NET = { 10.10.10.0/24 }

define REMOTE_DNS_IP = {
    1.1.1.1,
    1.0.0.1,
    8.8.8.8,
    8.8.4.4
}

table ip mihomo {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        ip daddr $REMOTE_DNS_IP return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip protocol tcp tproxy to :7895 meta mark set 1
        ip protocol udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        ip daddr $REMOTE_DNS_IP return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip protocol tcp meta mark set 1
        ip protocol udp meta mark set 1
    }
}

# ============ IPv6 改为 set 而不是 define ============
table ip6 mihomo {

    set reserved_ip6 {
        type ipv6_addr;
        flags interval;
        elements = {
            ::1/128,
            ::/128,
            fe80::/10,
            ff00::/8,
            fc00::/7,
            2001:db8::/32,
            fec0::/10
        }
    }

    set remote_dns_ip6 {
        type ipv6_addr;
        elements = {
            2001:4860:4860::8888,
            2001:4860:4860::8844,
            2606:4700:4700::1111,
            2606:4700:4700::1001
        }
    }



    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip6 daddr @reserved_ip6 return
        ip6 daddr @remote_dns_ip6 return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip6 nexthdr tcp tproxy to :7895 meta mark set 1
        ip6 nexthdr udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip6 daddr @reserved_ip6 return
        ip6 daddr @remote_dns_ip6 return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip6 nexthdr tcp meta mark set 1
        ip6 nexthdr udp meta mark set 1
    }
}
#!/usr/sbin/nft -f

flush ruleset

define RESERVED_IP = {
    100.64.0.0/10,
    127.0.0.0/8,
    169.254.0.0/16,
    172.16.0.0/12,
    192.0.0.0/24,
    224.0.0.0/4,
    240.0.0.0/4,
    255.255.255.255/32
}

define RESERVED_IP6 = {
    ::1/128,
    ::/128,
    fe80::/10,
    ff00::/8,
    fc00::/7,
    2001:db8::/32,
    fec0::/10
}

define LOCAL_NET = { 10.10.10.0/24 }
define LOCAL_NET6 = { fddd:dddd::/64 }

table ip mihomo {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        udp dport { 123 } return
        meta mark 1234 return
        ip protocol tcp tproxy to :7895 meta mark set 1
        ip protocol udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        udp dport { 123 } return
        meta mark 1234 return
        ip protocol tcp meta mark set 1
        ip protocol udp meta mark set 1
    }
}

table ip6 mihomo {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip6 daddr $RESERVED_IP6 return
        ip6 daddr $LOCAL_NET6 return
        meta mark 1234 return
        ip6 nexthdr tcp tproxy to :7895 meta mark set 1
        ip6 nexthdr udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip6 daddr $RESERVED_IP6 return
        ip6 daddr $LOCAL_NET6 return
        meta mark 1234 return
        ip6 nexthdr tcp meta mark set 1
        ip6 nexthdr udp meta mark set 1
    }

    chain forward {
        type filter hook forward priority mangle; policy accept;
        #IPv6 TCP MSS 修正规则(适配 MTU=1280,MSS=1220)
        tcp flags syn tcp option maxseg size set 1280
    }
}
Z
^(?!".*",$).*\R?
\1,
.*"tag":\s*(".*?"),?.*
快连-2025-05-23.log
10.2 KB
pkg install -y wget
pkg install -y gawk
pkg install -y screen
pkg install -y resolv-conf
pkg install -y ca-certificates
pkg install -y proot
mkdir ~/gost && cd ~/gost
REPO="go-gost/gost"
API_URL="https://api.github.com/repos/$REPO/releases"
response=$(curl -s "$API_URL")
download_link=$(echo "$response" | grep "linux_arm64" | cut -d'"' -f 4 | head -n 2 | tail -n 1)
package_name=$(echo "$response" | grep "linux_arm64" | cut -d'"' -f 4 | head -n 1)
wget "$download_link"
tar zxvf "$package_name"
rm -f "$package_name" README* LICENSE*
cd . > config.yaml
echo 'services:' >> config.yaml
echo '  - name: service-0' >> config.yaml
echo '    addr: ":10808"' >> config.yaml
echo '    resolver: resolver-0' >> config.yaml
echo '    handler:' >> config.yaml
echo '      type: socks5' >> config.yaml
echo '      metadata:' >> config.yaml
echo '        udp: true' >> config.yaml
echo '        udpbuffersize: 4096' >> config.yaml
echo '    listener:' >> config.yaml
echo '      type: tcp' >> config.yaml
echo 'resolvers:' >> config.yaml
echo '  - name: resolver-0' >> config.yaml
echo '    nameservers:' >> config.yaml
echo '      - addr: https://dns.google/dns-query' >> config.yaml
echo '        prefer: ipv6' >> config.yaml
echo '        ttl: 5m0s' >> config.yaml
echo '        async: true' >> config.yaml
cd /data/data/com.termux/files/usr/etc/profile.d
cd . > gost.sh
echo '#!/data/data/com.termux/files/usr/bin/bash' >> gost.sh
echo 'screen -wipe' >> gost.sh
echo "screen -ls | grep Detached | cut -d. -f1 | awk '{print $1}' | xargs kill" >> gost.sh
echo "screen -dmS myscreen bash -c 'cd ~/gost && proot -b $PREFIX/etc/resolv.conf:/etc/resolv.conf -b $PREFIX/etc/tls/cert.pem:/etc/ssl/certs/ca-certificates.crt ./gost -C config.yaml'" >> gost.sh
chmod +x gost.sh
exit
"tag": "netflix",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-netflix.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "hulu",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-hulu.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "disney",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-disney.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "hbo",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-hbo.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "amazon",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-amazon.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "bahamut",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-bahamut.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "geolocation-!cn",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-geolocation-!cn.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "telegram-ip",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geoip/geoip-telegram.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
}
],
"rules": [
{
"protocol": "dns",
"outbound": "dns-out"
},
{
"inbound": "dns-in",
"outbound": "dns-out"
},
{
"clash_mode": "direct",
"outbound": "DIRECT"
},
{
"clash_mode": "global",
"outbound": "GLOBAL"
},
{
"rule_set": [
"category-ads-all"
],
"outbound": "🛑 广告拦截"
},
{
"rule_set": [
"openai",
"anthropic",
"jetbrains-ai",
"perplexity"
],
"outbound": "💬 AI 服务"
},
{
"rule_set": [
"telegram-ip"
],
"outbound": "📲 电报消息"
},
{
"rule_set": [
"github",
"gitlab"
],
"outbound": "🐱 Github"
},
{
"rule_set": [
"youtube1"
],
"outbound": "DIRECT"
},
{
"rule_set": [
"netflix",
"hulu",
"disney",
"hbo",
"amazon",
"bahamut"
],
"outbound": "🎬 流媒体"
}
],
"auto_detect_interface": true,
"final": "🐟 漏网之鱼",
"default_mark": 1
},
"experimental": {
"clash_api": {
"external_controller": "0.0.0.0:9090",
"external_ui": "/usr/local/etc/sing-box/ui",
"secret": "",
"default_mode": "rule"
},
"cache_file": {
"enabled": true,
"path": "/usr/local/etc/sing-box/cache.db",
"cache_id": "my_profile1",
"store_fakeip": true
}
}
}
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "selector",
"tag": "🐱 Github",
"outbounds": [
"🚀 节点选择",
"DIRECT",
"REJECT",
"⚡️ 自动选择",
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "selector",
"tag": "🎬 流媒体",
"outbounds": [
"🚀 节点选择",
"DIRECT",
"REJECT",
"⚡️ 自动选择",
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "selector",
"tag": "🐟 漏网之鱼",
"outbounds": [
"🚀 节点选择",
"DIRECT",
"REJECT",
"⚡️ 自动选择",
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "selector",
"tag": "🛑 广告拦截",
"outbounds": [
"DIRECT",
"REJECT"
]
}
],
"route": {
"rule_set": [
{
"tag": "category-ads-all",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-category-ads-all.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "openai",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-openai.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "anthropic",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-anthropic.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "jetbrains-ai",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-jetbrains-ai.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "perplexity",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-perplexity.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "youtube1",
"type": "remote",
"format": "binary",
"url": "https://github.com/zxy2012/youtube/raw/refs/heads/main/v6.srs",
"download_detour": "⚡️ 自动选择"
},
{
"tag": "github",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-github.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
"tag": "gitlab",
"type": "remote",
"format": "binary",
"url": "https://github.com/lyc8503/sing-box-rules/raw/rule-set-geosite/geosite-gitlab.srs",
"download_detour": "⚡️ 自动选择",
"update_interval": "7d"
},
{
{
"dns": {
"servers": [
{
"tag": "ytbv",
"address": "https://sandbox.opendns.com/dns-query",
"client_subnet": "2a04:fa87:fffd::c000:42a8",
"address_resolver": "onedns",
"strategy": "ipv6_only",
"detour": "DIRECT"
},
{
"tag": "onedns",
"address": "tls://223.5.5.5:853",
"detour": "DIRECT"
},
{
"tag": "dns_refused",
"address": "rcode://refused"
},
{
"tag": "fakeipDNS",
"address": "fakeip",
"strategy": "ipv4_only"
}
],
"rules": [
{
"outbound": "any",
"server": "onedns"
},
{
"rule_set": [
"youtube1"
],
"server": "ytbv"
},
{
"inbound": "dns-in",
"server": "fakeipDNS",
"disable_cache": true,
"rewrite_ttl": 1
}
],
"fakeip": {
"enabled": true,
"inet4_range": "198.18.0.0/15",
"inet6_range": "f2b0::/18"
},
"independent_cache": true
},
"ntp": {
"enabled": true,
"server": "time.apple.com",
"server_port": 123,
"interval": "30m",
"detour": "DIRECT"
},
"inbounds": [
{
"type": "socks",
"listen": "::",
"listen_port": 7891
},
{
"type": "direct",
"tag": "dns-in",
"listen": "::",
"listen_port": 5353
},
{
"type": "tproxy",
"tag": "tproxy-in",
"listen": "::",
"listen_port": 7896,
"tcp_fast_open": true,
"sniff": true,
"sniff_override_destination": false,
"sniff_timeout": "100ms"
}
],
"outbounds": [
{
"type": "direct",
"tag": "DIRECT"
},
{
"type": "block",
"tag": "REJECT"
},
{
"type": "dns",
"tag": "dns-out"
},

},
{
"type": "selector",
"tag": "🚀 节点选择",
"outbounds": [
"⚡️ 自动选择",
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "urltest",
"tag": "⚡️ 自动选择",
"outbounds": [
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "selector",
"tag": "GLOBAL",
"outbounds": [
"🚀 节点选择",
"DIRECT",
"REJECT",
"⚡️ 自动选择",
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "selector",
"tag": "💬 AI 服务",
"outbounds": [
"🚀 节点选择",
"DIRECT",
"REJECT",
"⚡️ 自动选择",
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"🇭🇰 香港",
"🇹🇼 台湾",
"🇰🇷 arm-tailscale",
"🇰🇷 arm1",
"🇺🇸 Racknerd",
"🇭🇰 CAC 香港 01",
"🇨🇦 CAC 加拿大 01",
"🇩🇪 CAC 德国 01",
"🇺🇸 CAC 美国 01",
"🇯🇵 CAC 日本 01"
]
},
{
"type": "selector",
"tag": "📲 电报消息",
"outbounds": [
"🚀 节点选择",
"DIRECT",
"REJECT",
"⚡️ 自动选择",
"香港 - LUMEN",
"🇭🇰 CAC 香港 02",
"HKG",
"🇵🇱 波兰",
"🇯🇵 Gcore",
"🇯🇵 日本",
"🇸🇬 新加坡",
"ipv4_only"
{
"tag": "nodedns",
"address": "https://208.67.220.220/dns-query",
"client_subnet": "2a04:fa87:fffd::c000:42a8",
"detour": "direct",
"strategy": "prefer_ipv6"
},
https://github.com/yutian81/CFTools
GitHub
GitHub - yutian81/CFTools: 这里搜集了一些可以利用 cloudflare workers 部署的免费服务
这里搜集了一些可以利用 cloudflare workers 部署的免费服务. Contribute to yutian81/CFTools development by creating an account on GitHub.
http://10.10.10.77:3001/toDWdUW1hYzE295V79ma/download/dlg?target=QX
http://10.10.10.77:3001/toDWdUW1hYzE295V79ma/download/collection/count?target=QX
https://raw.githubusercontent.com/Peng-YM/Sub-Store/master/config/QX.snippet
Before
After
Back to Top