2023-02-25 01:38:21 +07:00
|
|
|
# Routing
|
2023-01-30 17:13:43 +07:00
|
|
|
|
2023-05-20 23:41:44 +07:00
|
|
|
## Examples
|
2023-01-30 17:13:43 +07:00
|
|
|
|
|
|
|
```shell
|
2023-04-02 11:02:57 +07:00
|
|
|
### Built-in outbounds: block, direct, must_rules
|
|
|
|
|
|
|
|
# must_rules means no redirecting DNS traffic to dae and continue to matching.
|
|
|
|
# For single rule, the difference between "direct" and "must_direct" is that "direct" will hijack and process DNS request
|
|
|
|
# (for traffic split use), but "must_direct" will not. "must_direct" is useful when there are traffic loops of DNS requests.
|
|
|
|
# "must_direct" can also be written as "direct(must)".
|
2023-04-02 10:07:53 +07:00
|
|
|
# Similarly, "must_groupname" is also supported to NOT hijack and process DNS traffic, which equals to "groupname(must)".
|
2023-01-30 17:13:43 +07:00
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### fallback outbound
|
2023-02-18 02:01:51 +07:00
|
|
|
# If no rule matches, traffic will go through the outbound defined by fallback.
|
|
|
|
fallback: my_group
|
2023-01-30 17:13:43 +07:00
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Domain rule
|
2023-01-30 17:13:43 +07:00
|
|
|
domain(suffix: v2raya.org) -> my_group
|
|
|
|
# equals to domain(v2raya.org) -> my_group
|
2023-04-02 10:07:53 +07:00
|
|
|
domain(full: dns.google.com) -> my_group
|
2023-01-30 17:13:43 +07:00
|
|
|
domain(keyword: facebook) -> my_group
|
2023-04-10 15:17:19 +07:00
|
|
|
domain(regex: '\.goo.*\.com$') -> my_group
|
2023-01-30 17:13:43 +07:00
|
|
|
domain(geosite:category-ads) -> block
|
|
|
|
domain(geosite:cn)->direct
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Dest IP rule
|
2023-02-25 02:12:35 +07:00
|
|
|
dip(8.8.8.8) -> direct
|
|
|
|
dip(101.97.0.0/16) -> direct
|
|
|
|
dip(geoip:private) -> direct
|
2023-01-30 17:13:43 +07:00
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Source IP rule
|
2023-01-30 17:13:43 +07:00
|
|
|
sip(192.168.0.0/24) -> my_group
|
|
|
|
sip(192.168.50.0/24) -> direct
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Dest port rule
|
2023-02-25 02:12:35 +07:00
|
|
|
dport(80) -> direct
|
|
|
|
dport(10080-30000) -> direct
|
2023-01-30 17:13:43 +07:00
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Source port rule
|
2023-01-30 17:13:43 +07:00
|
|
|
sport(38563) -> direct
|
|
|
|
sport(10080-30000) -> direct
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Level 4 protocol rule:
|
2023-01-30 17:13:43 +07:00
|
|
|
l4proto(tcp) -> my_group
|
|
|
|
l4proto(udp) -> direct
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### IP version rule:
|
2023-01-30 17:13:43 +07:00
|
|
|
ipversion(4) -> block
|
|
|
|
ipversion(6) -> ipv6_group
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Source MAC rule
|
2023-01-31 18:33:53 +07:00
|
|
|
mac('02:42:ac:11:00:02') -> direct
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Process Name rule (only support localhost process when binding to WAN)
|
2023-01-31 18:33:53 +07:00
|
|
|
pname(curl) -> direct
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Multiple domains rule
|
2023-01-30 17:13:43 +07:00
|
|
|
domain(keyword: google, suffix: www.twitter.com, suffix: v2raya.org) -> my_group
|
2023-02-20 17:06:54 +07:00
|
|
|
### Multiple IP rule
|
2023-02-25 02:12:35 +07:00
|
|
|
dip(geoip:cn, geoip:private) -> direct
|
|
|
|
dip(9.9.9.9, 223.5.5.5) -> direct
|
2023-01-30 17:13:43 +07:00
|
|
|
sip(192.168.0.6, 192.168.0.10, 192.168.0.15) -> direct
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### 'And' rule
|
2023-02-25 02:12:35 +07:00
|
|
|
dip(geoip:cn) && dport(80) -> direct
|
|
|
|
dip(8.8.8.8) && l4proto(tcp) && dport(1-1023, 8443) -> my_group
|
|
|
|
dip(1.1.1.1) && sip(10.0.0.1, 172.20.0.0/16) -> direct
|
2023-01-30 17:13:43 +07:00
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### 'Not' rule
|
2023-01-30 17:13:43 +07:00
|
|
|
!domain(geosite:google-scholar,
|
|
|
|
geosite:category-scholar-!cn,
|
|
|
|
geosite:category-scholar-cn
|
|
|
|
) -> my_group
|
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Little more complex rule
|
2023-01-30 17:13:43 +07:00
|
|
|
domain(geosite:geolocation-!cn) &&
|
|
|
|
!domain(geosite:google-scholar,
|
|
|
|
geosite:category-scholar-!cn,
|
|
|
|
geosite:category-scholar-cn
|
|
|
|
) -> my_group
|
2023-02-11 23:53:33 +07:00
|
|
|
|
2023-02-20 17:06:54 +07:00
|
|
|
### Customized DAT file
|
2023-02-11 23:53:33 +07:00
|
|
|
domain(ext:"yourdatfile.dat:yourtag")->direct
|
2023-02-25 02:12:35 +07:00
|
|
|
dip(ext:"yourdatfile.dat:yourtag")->direct
|
2023-02-20 17:06:54 +07:00
|
|
|
|
2023-06-04 10:56:01 +07:00
|
|
|
### Set fwmark
|
|
|
|
# Mark is useful when you want to redirect traffic to specific interface (such as wireguard) or for other advanced uses.
|
2023-02-20 17:06:54 +07:00
|
|
|
|
|
|
|
# An example of redirecting Disney traffic to wg0 is given here.
|
|
|
|
# You need set ip rule and ip table like this:
|
|
|
|
# 1. Set all traffic with mark 0x800/0x800 to use route table 1145:
|
|
|
|
# >> ip rule add fwmark 0x800/0x800 table 1145
|
|
|
|
# >> ip -6 rule add fwmark 0x800/0x800 table 1145
|
|
|
|
# 2. Set default route of route table 1145:
|
|
|
|
# >> ip route add default dev wg0 scope global table 1145
|
|
|
|
# >> ip -6 route add default dev wg0 scope global table 1145
|
|
|
|
# Notice that interface wg0, mark 0x800, table 1145 can be set by preferences, but cannot conflict.
|
|
|
|
# 3. Set routing rules in dae config file.
|
|
|
|
domain(geosite:disney) -> direct(mark: 0x800)
|
2023-04-02 11:02:57 +07:00
|
|
|
|
|
|
|
### Must rules
|
|
|
|
# For following rules, DNS requests will be forcibly redirected to dae except from mosdns.
|
|
|
|
# Different from must_direct/must_my_group, traffic from mosdns will continue to match other rules.
|
|
|
|
pname(mosdns) -> must_rules
|
|
|
|
ip(geoip:cn) -> direct
|
|
|
|
domain(geosite:cn) -> direct
|
|
|
|
fallback: my_group
|
2023-01-30 17:13:43 +07:00
|
|
|
```
|