dae一个参考配置

摘要

正在生成中……

分流配置

pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
pname(mosdns) -> must_rules # mosdns 的DNS流量不要走DAE

# 所有UDP流量走直连，除了DNS和Quic
l4proto(udp) && !dport(53, 443) -> direct

# ipv6 走直连，代理不支持
ipversion(6) -> direct

# 局域网内广播，防止被代理转发
dip(224.0.0.0/3, 'ff00::/8') -> direct

# qbittorrent 传入链接端口
sport(33915) -> direct
# DSCP规则（匹配 DSCP，可用于绕过 BT），见 https://github.com/daeuniverse/dae/discussions/295
dscp(4) -> direct

# https://github.com/daeuniverse/dae/discussions/298  Apple 设备未收到 Apple 推送通知
dip(17.0.0.0/8) -> direct

# 目标非常用端口都走直连，避免BT流量走代理
!dport(21,23,53,80,123,143,194,443,465,587,853,993,995,998) -> direct



mac("c8:bf:4c:3e:d1:bc") -> direct
# nintendo switch
mac("98:41:5c:20:54:db") -> direct
# 树莓派
mac("f2:db:f0:bd:02:5d") -> direct


# 一些域名
domain(keyword: 'syncthing.net') -> direct
domain(keyword: 'picacomic') -> direct
domain(keyword: 'mangacopy') -> direct
domain(keyword: 'tr.nyacat') -> direct
domain(keyword: 'tracker') -> direct
domain(keyword: 'ghproxy') -> direct
domain(keyword: 'gh-proxy') -> direct
domain(keyword: 'fgit') -> direct
domain(keyword: 'jsdelivr') -> direct
domain(keyword: 'nintendo') -> direct
domain(keyword: 'fanqiev2') -> direct
domain(keyword: 'announce') -> direct
domain(keyword: 'torrent') -> direct


# 阻断广告连接
domain(ext:'geosite.dat:category-ads') -> block

# 国内网站
domain(ext:'geosite.dat:category-games') -> direct
domain(ext:'geosite.dat:category-game-accelerator-cn') -> direct
domain(ext:'geosite.dat:alibaba') -> direct
domain(ext:'geosite.dat:bilibili') -> direct
domain(ext:'geosite.dat:bilibili2') -> direct
domain(ext:'geosite.dat:tencent') -> direct
domain(ext:'geosite.dat:zhihu') -> direct
domain(ext:'geosite.dat:cloudflare') -> direct
domain(ext:'geosite.dat:cloudflare-cn') -> direct
domain(ext:'geosite.dat:category-scholar-cn') -> direct
domain(ext:'geosite.dat:category-media-cn') -> direct
domain(ext:'geosite.dat:category-social-media-cn') -> direct
domain(ext:'geosite.dat:category-dev-cn') -> direct
domain(ext:'geosite.dat:category-bank-cn') -> direct
domain(ext:'geosite.dat:category-public-tracker') -> direct
domain(ext:'geosite.dat:mozilla') -> direct
domain(ext:'geosite.dat:picacg') -> direct
domain(ext:'geosite.dat:apple') -> direct
domain(ext:'geosite.dat:apple-cn') -> direct
domain(ext:'geosite.dat:icloud') -> direct
domain(ext:'geosite.dat:icloudprivaterelay') -> direct
domain(ext:'geosite.dat:nintendo') -> direct
domain(ext:'geosite.dat:speedtest') -> direct
domain(ext:'geosite.dat:cn') -> direct
domain(ext:'geosite.dat:china-list') -> direct
domain(ext:'geosite.dat:geolocation-cn') -> direct
domain(ext:'geosite.dat:private') -> direct

domain(suffix: 'windows.com') -> direct

dip(ext:'geoip.dat:private') -> direct
dip(ext:'geoip.dat:cn') -> direct


fallback: proxy

配合 mosdns

upstream {
  cndns: 'udp://127.0.0.1:6553'
  falldns: 'udp://127.0.0.1:6554'
}

routing {
  request {
    qname(ext:'geosite.dat:category-ads') -> reject
    qname(ext:'geosite.dat:category-ads-all') -> reject
    fallback: cndns
  }

  response {
            # 值得信赖的国外DNS
            upstream(falldns) -> accept
            # 可能被污染，走一遍国外DNS
            ip(geoip:private) && !qname(geosite:cn) -> falldns
						# 有些固件在DAE拦截DNS后还能正常解析主机名，但是有些固件就不行，这里过滤.lan（主机名后缀）
						# ip(geoip:private) && !qname(geosite:cn) && !qname(keyword: ".lan") -> falldns
            # 总是同意
            fallback: accept
  }
}