自动摘要
正在生成中……
分流配置
pname(NetworkManager, systemd-resolved, dnsmasq) -> must_direct
pname(mosdns) -> must_rules # mosdns 的DNS流量不要走DAE
# 所有UDP流量走直连,除了DNS和Quic
l4proto(udp) && !dport(53, 443) -> direct
# ipv6 走直连,代理不支持
ipversion(6) -> direct
# 局域网内广播,防止被代理转发
dip(224.0.0.0/3, 'ff00::/8') -> direct
# qbittorrent 传入链接端口
sport(33915) -> direct
# DSCP规则(匹配 DSCP,可用于绕过 BT),见 https://github.com/daeuniverse/dae/discussions/295
dscp(4) -> direct
# https://github.com/daeuniverse/dae/discussions/298 Apple 设备未收到 Apple 推送通知
dip(17.0.0.0/8) -> direct
# 目标非常用端口都走直连,避免BT流量走代理
!dport(21,23,53,80,123,143,194,443,465,587,853,993,995,998) -> direct
mac("c8:bf:4c:3e:d1:bc") -> direct
# nintendo switch
mac("98:41:5c:20:54:db") -> direct
# 树莓派
mac("f2:db:f0:bd:02:5d") -> direct
# 一些域名
domain(keyword: 'syncthing.net') -> direct
domain(keyword: 'picacomic') -> direct
domain(keyword: 'mangacopy') -> direct
domain(keyword: 'tr.nyacat') -> direct
domain(keyword: 'tracker') -> direct
domain(keyword: 'ghproxy') -> direct
domain(keyword: 'gh-proxy') -> direct
domain(keyword: 'fgit') -> direct
domain(keyword: 'jsdelivr') -> direct
domain(keyword: 'nintendo') -> direct
domain(keyword: 'fanqiev2') -> direct
domain(keyword: 'announce') -> direct
domain(keyword: 'torrent') -> direct
# 阻断广告连接
domain(ext:'geosite.dat:category-ads') -> block
# 国内网站
domain(ext:'geosite.dat:category-games') -> direct
domain(ext:'geosite.dat:category-game-accelerator-cn') -> direct
domain(ext:'geosite.dat:alibaba') -> direct
domain(ext:'geosite.dat:bilibili') -> direct
domain(ext:'geosite.dat:bilibili2') -> direct
domain(ext:'geosite.dat:tencent') -> direct
domain(ext:'geosite.dat:zhihu') -> direct
domain(ext:'geosite.dat:cloudflare') -> direct
domain(ext:'geosite.dat:cloudflare-cn') -> direct
domain(ext:'geosite.dat:category-scholar-cn') -> direct
domain(ext:'geosite.dat:category-media-cn') -> direct
domain(ext:'geosite.dat:category-social-media-cn') -> direct
domain(ext:'geosite.dat:category-dev-cn') -> direct
domain(ext:'geosite.dat:category-bank-cn') -> direct
domain(ext:'geosite.dat:category-public-tracker') -> direct
domain(ext:'geosite.dat:mozilla') -> direct
domain(ext:'geosite.dat:picacg') -> direct
domain(ext:'geosite.dat:apple') -> direct
domain(ext:'geosite.dat:apple-cn') -> direct
domain(ext:'geosite.dat:icloud') -> direct
domain(ext:'geosite.dat:icloudprivaterelay') -> direct
domain(ext:'geosite.dat:nintendo') -> direct
domain(ext:'geosite.dat:speedtest') -> direct
domain(ext:'geosite.dat:cn') -> direct
domain(ext:'geosite.dat:china-list') -> direct
domain(ext:'geosite.dat:geolocation-cn') -> direct
domain(ext:'geosite.dat:private') -> direct
domain(suffix: 'windows.com') -> direct
dip(ext:'geoip.dat:private') -> direct
dip(ext:'geoip.dat:cn') -> direct
fallback: proxy
配合 mosdns
upstream {
cndns: 'udp://127.0.0.1:6553'
falldns: 'udp://127.0.0.1:6554'
}
routing {
request {
qname(ext:'geosite.dat:category-ads') -> reject
qname(ext:'geosite.dat:category-ads-all') -> reject
fallback: cndns
}
response {
# 值得信赖的国外DNS
upstream(falldns) -> accept
# 可能被污染,走一遍国外DNS
ip(geoip:private) && !qname(geosite:cn) -> falldns
# 有些固件在DAE拦截DNS后还能正常解析主机名,但是有些固件就不行,这里过滤.lan(主机名后缀)
# ip(geoip:private) && !qname(geosite:cn) && !qname(keyword: ".lan") -> falldns
# 总是同意
fallback: accept
}
}