-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdefault.yaml
230 lines (216 loc) · 6.36 KB
/
default.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
mode: rule
log-level: warning # 日志等级 silent/error/warning/info/debug
ipv6: false # 开启 IPv6 总开关,关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录
external-controller: 0.0.0.0:9090 # RESTful API 监听地址
secret: "" # `Authorization:Bearer ${secret}`
mixed-port: 7890 # HTTP(S) 和 SOCKS 代理混合端口
redir-port: 7891 # 透明代理端口,用于 Linux 和 MacOS
tproxy-port: 7892 # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
port: 7893
socks-port: 7894
allow-lan: true # 允许局域网连接
bind-address: "*" # 绑定 IP 地址,仅作用于 allow-lan 为 true,'*'表示所有地址
tun:
enable: true
stack: mixed # gvisor/mixed
device: Mihomo
dns-hijack:
- tcp://any:53
# - any:53 # 需要劫持的 DNS
auto-detect-interface: true # 自动识别出口网卡
auto-route: false # 配置路由表
auto-redirect: false # 自动配置 iptables 以重定向 TCP 连接。仅支持 Linux。带有 auto-redirect 的 auto-route 现在可以在路由器上按预期工作,无需干预。
endpoint-independent-nat: true # 启用独立于端点的 NAT
# include-interface: # 限制被路由的接口。默认不限制,与 `exclude-interface` 冲突
# - "lan0"
# exclude-interface: # 排除路由的接口,与 `include-interface` 冲突
# - "lan1"
# 当 auto-route与auto-redirect 为true时, 若 route-exclude-address-set 非空,生成的防火墙链路略有区别
# 此时可在nftables下 过滤源地址
# nft insert rule inet mihomo prerouting ip saddr {192.168.1.1/24} return
# route-exclude-address-set:
# - LocalAreaNetwork
dns:
enable: true
ipv6: false
listen: 0.0.0.0:7874
respect-rules: true
proxy-server-nameserver:
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
# # redir-host模式
# enhanced-mode: redir-host
# nameserver:
# - https://dns.google/dns-query
# - https://cloudflare-dns.com/dns-query
# default-nameserver:
# - 8.8.8.8
# - 1.1.1.1
# nameserver-policy:
# # "*,+.lan,+.in-addr.arpa,geosite:private": "127.0.0.1:53" # 内网主机名解析 默认dnsmasq端口53,当路由端需要反向dns解析时启用
# "geosite:cn":
# - https://doh.pub/dns-query
# - https://dns.alidns.com/dns-query
# fake-ip模式
enhanced-mode: fake-ip
fake-ip-range: 198.18.0.1/16
nameserver:
- https://doh.pub/dns-query
- https://dns.alidns.com/dns-query
default-nameserver:
- 119.29.29.29
- 223.5.5.5
# nameserver-policy:
# "*,+.lan,+.in-addr.arpa,geosite:private": "127.0.0.1:53" # 内网主机名解析 默认dnsmasq端口53,当路由端需要反向dns解析时启用
fake-ip-filter:
- '*.localdomain'
- '*.example'
- '*.invalid'
- '*.localhost'
- '*.test'
- '*.local'
- '*.home.arpa'
- time.*.com
- time.*.gov
- time.*.edu.cn
- time.*.apple.com
- time-ios.apple.com
- time1.*.com
- time2.*.com
- time3.*.com
- time4.*.com
- time5.*.com
- time6.*.com
- time7.*.com
- ntp.*.com
- ntp1.*.com
- ntp2.*.com
- ntp3.*.com
- ntp4.*.com
- ntp5.*.com
- ntp6.*.com
- ntp7.*.com
- '*.time.edu.cn'
- '*.ntp.org.cn'
- +.pool.ntp.org
- time1.cloud.tencent.com
- music.163.com
- '*.music.163.com'
- '*.126.net'
- musicapi.taihe.com
- music.taihe.com
- songsearch.kugou.com
- trackercdn.kugou.com
- '*.kuwo.cn'
- api-jooxtt.sanook.com
- api.joox.com
- joox.com
- y.qq.com
- '*.y.qq.com'
- streamoc.music.tc.qq.com
- mobileoc.music.tc.qq.com
- isure.stream.qqmusic.qq.com
- dl.stream.qqmusic.qq.com
- aqqmusic.tc.qq.com
- amobile.music.tc.qq.com
- '*.xiami.com'
- '*.music.migu.cn'
- music.migu.cn
- +.msftconnecttest.com
- +.msftncsi.com
- localhost.ptlogin2.qq.com
- localhost.sec.qq.com
- +.qq.com
- +.tencent.com
- +.srv.nintendo.net
- '*.n.n.srv.nintendo.net'
- +.cdn.nintendo.net
- +.stun.playstation.net
- xbox.*.*.microsoft.com
- '*.*.xboxlive.com'
- xbox.*.microsoft.com
- xnotify.xboxlive.com
- +.battlenet.com.cn
- +.wotgame.cn
- +.wggames.cn
- +.wowsgame.cn
- +.wargaming.net
- proxy.golang.org
- stun.*.*
- stun.*.*.*
- +.stun.*.*
- +.stun.*.*.*
- +.stun.*.*.*.*
- +.stun.*.*.*.*.*
- heartbeat.belkin.com
- '*.linksys.com'
- '*.linksyssmartwifi.com'
- '*.router.asus.com'
- mesu.apple.com
- swscan.apple.com
- swquery.apple.com
- swdownload.apple.com
- swcdn.apple.com
- swdist.apple.com
- lens.l.google.com
- stun.l.google.com
- na.b.g-tun.com
- +.nflxvideo.net
- '*.square-enix.com'
- '*.finalfantasyxiv.com'
- '*.ffxiv.com'
- '*.ff14.sdo.com'
- ff.dorado.sdo.com
- '*.mcdn.bilivideo.cn'
- +.media.dssott.com
- shark007.net
- Mijia Cloud
- +.cmbchina.com
- +.cmbimg.com
- local.adguard.org
- +.sandai.net
- +.n0808.com
- +.uu.163.com
- ps.res.netease.com
- geosite:cn
- some.url # fix LOL connection issue
external-ui: ui
external-ui-name: metacubexd
external-ui-url: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip"
unified-delay: true # 统一延迟
tcp-concurrent: false # TCP 并发
#自定义 geodata url
geodata-mode: true
geodata-loader: standard
geox-url:
geoip: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip.dat"
geosite: "https://mirror.ghproxy.com/https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
geo-auto-update: false # 是否自动更新 geodata
geo-update-interval: 24 # 更新间隔,单位:小时
# find-process-mode has 3 values:always, strict, off
# - always, 开启,强制匹配所有进程
# - strict, 默认,由 mihomo 判断是否开启
# - off, 不匹配进程,推荐在路由器上使用此模式
find-process-mode: "off"
profile:
store-selected: true # 存储 select 选择记录
# store-fake-ip: false # 持久化 fake-ip
sniffer:
enable: true
parse-pure-ip: true
force-dns-mapping: true
override-destination: false
sniff:
HTTP:
ports:
- 80
- 443
override-destination: false
TLS:
ports:
- 443
QUIC:
ports:
- 443
skip-domain:
- +.push.apple.com