从零开始搭建 Ubuntu 软路由:Mihomo + Zashboard 配置指南

为了避免频繁给PC、手机安装app配置机场,一个能自动分流的软路由就很有必要了

前置工作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 禁用这个服务,不然每次开机都要花掉好几分钟
sudo systemctl disable systemd-networkd-wait-online.service

# 让nftables处理br0的流量
sudo modprobe br_netfilter

# 开机启动
echo "br_netfilter" | sudo tee -a /etc/modules

# 设置sysctl
sudo sysctl -w net.bridge.bridge-nf-call-iptables = 1
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables = 1

# 持久化
# 将下面的配置写入 /etc/sysctl.d/99-twist.conf
# net.bridge.bridge-nf-call-iptables = 1
# net.bridge.bridge-nf-call-ip6tables = 1

mihomo

安装mihomo

1
2
3
4
5
6
7
8
9
10
11
12
13
# 下载mihomo最新版
curl -LO https://github.com/MetaCubeX/mihomo/releases/download/v1.19.27/mihomo-linux-amd64-v3-v1.19.27.gz

# 校验
sha256sum mihomo-linux-amd64-v3-v1.19.27.gz
# sha256:c88b795ebad1f835156f17d33ca8d68bd6ea4dc68ba1be7f1d9910664faf4062

# 解压缩
gzip -d mihomo-linux-amd64-v3-v1.19.27.gz

# 添加执行权限并把文件放到指定位置
chmod +x mihomo-linux-amd64-v3-v1.19.27
sudo mv mihomo-linux-amd64-v3-v1.19.27 /usr/local/bin/mihomo

安装zashboard

1
2
3
4
5
6
7
8
9
# 创建目录
sudo mkdir -p /etc/mihomo /etc/mihomo/providers /etc/mihomo/ui

# 下载zashboard
curl -LO https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip

# 解压缩
sudo unzip gh-pages.zip -d /etc/mihomo/ui/
# /etc/mihomo/ui/zashboard-gh-pages

配置mihomo

mihomo跟clash-verge不太一样,要改成一个主配置config.yaml+若干订阅节点providers。订阅会自动下载,但只会用到其中的节点,其他规则等则会被忽略。

1
2
# 床架配置文件
sudo vi /etc/mihomo/config.yaml

内容是从一个机场的配置复制修改的,有删减,主要的改动是,把节点列表改为订阅列表use: [mysub]。mysub的配置会自动下载到providers目录。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
# 锚点区

Proxy_first: &Proxy_first {type: select, proxies: [节点选择, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点, 全球直连], use: [mysub]}
Direct_first: &Direct_first {type: select, proxies: [全球直连, 节点选择, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点], use: [mysub]}
Include_all: &Include_all {type: select, proxies: [节点选择, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点, 全球直连], use: [mysub], include-all: true, exclude-filter: "(?i)(\U0001F7E2 直连)"}
Urltest_Base: &Urltest_Base {type: url-test, include-all: true, tolerance: 20, interval: 300, max-failed-times: 1, hidden: true}
PProviders: &PProviders {type: http, interval: 86400, health-check: {enable: true, url: 'https://www.gstatic.com/generate_204', interval: 300}, filter: '^(?!.*(拒绝|直连|群|邀请|返利|循环|官网|客服|网站|网址|获取|订阅|流量|到期|机场|下次|版本|官址|备用|过期|已用|联系|邮箱|工单|贩卖|通知|倒卖|防止|国内|地址|频道|无法|说明|提示|特别|访问|支持|教程|关注|更新|作者|加入|USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author|traffic))'}
# 全局配置
mixed-port: 7890
ipv6: false # 能开就开,如果连不上就禁用试试
allow-lan: true
unified-delay: true
tcp-concurrent: true
# interface-name: eth0 # 路由器下根据情况指定出站接口

authentication:
# 密码设置选项默认无
- ""
skip-auth-prefixes:
- 127.0.0.1/8
- ::1/128
geodata-mode: false
# GEO 文件加载模式(standard:标准加载器/memconservative:专为内存受限 (小内存) 设备优化的加载器 (默认值))

geodata-loader: standard
geo-auto-update: true
geo-update-interval: 48
geox-url:
geosite: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
mmdb: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.metadb"
geoip: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.dat"
asn: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/GeoLite2-ASN.mmdb"
# 控制面板
external-controller: 0.0.0.0:9090
secret: ""
# 密码设置选项,默认无,安装好了后最好都加上

external-ui: ui
external-ui-url: "https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip"
# 下载面板地址可更换:https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip

# 匹配进程 always/strict/off
find-process-mode: strict
# global-client-fingerprint: random

keep-alive-idle: 600
keep-alive-interval: 30
# 策略组选择和fakeip缓存
profile:
store-selected: true
store-fake-ip: false
# 流量嗅探
sniffer:
enable: true
sniff:
HTTP:
ports: [80, 8080-8880]
override-destination: true
TLS:
ports: [443, 8443]
QUIC:
ports: [443, 8443]
force-domain:
- "*.v2ex.com"
skip-domain:
- "Mijia Cloud"
- "dlg.io.mi.com"
- "*.push.apple.com"
- "*.apple.com"
- "*.wechat.com"
- "*.qpic.cn"
- "*.qq.com"
- "*.wechatapp.com"
- "*.vivox.com"
# 向日葵服务

- "*.oray.com"
- "*.sunlogin.net"
# 代理模式
tun:
enable: true # 会自动生产网卡Meta跟nftables的规则
stack: gvisor
mtu: 9000
dns-hijack:
- "any:53"
- "tcp://any:53"
auto-route: true
auto-redirect: true
auto-detect-interface: true
skip-proxy:
- 192.168.0.0/23 # 你的 LAN 网段,避免 SSH 连不上
- 192.168.10.0/24 # 你的 LAN 网段,避免 SSH 连不上
- 127.0.0.0/8
# DNS模块
dns:
enable: true
listen: 0.0.0.0:1053
ipv6: true
prefer-h3: false # 是否开启 DoH 支持 HTTP/3,将并发尝试
respect-rules: true
# 模式切换 redir-host / fake-ip

enhanced-mode: fake-ip
fake-ip-range: 28.0.0.1/8
fake-ip-range6: 2001:480:abcd::1/64
# 模式切换 whitelist/blacklist

# 黑名单模式表示如果匹配成功则不返回 Fake-IP, 白名单模式时只有匹配成功才返回 Fake-IP
fake-ip-filter-mode: blacklist
fake-ip-filter:
- "rule-set:fakeip_filter_domain,game_cn_domain,bank_cn_domain,wechat_domain,ai_cn_domain,NetEaseMusic_domain,fcm_domain,alibaba_domain,media_cn_domain,xiaomi_domain,steam_cn_domain,pt_cn_domain,public-tracker_domain,115_domain,aliyun_domain,direct_domain,apple_cn_domain,apple_firmware_domain,iptv_domain,private_domain,cn_domain"
default-nameserver:
- 119.29.29.29
- 180.184.1.1
proxy-server-nameserver:
- https://doh.pub/dns-query
- https://223.5.5.5/dns-query#h3=true
direct-nameserver:
- https://doh.pub/dns-query
- https://223.5.5.5/dns-query#h3=true
nameserver:
- https://dns.google/dns-query
- https://dns.cloudflare.com/dns-query
proxies:
- name: "\U0001F7E2 直连"
type: direct
udp: true
proxy-providers:
mysub:
type: http
url: "your_subscription_url"
interval: 3600
path: /etc/mihomo/providers/mysub.yaml
# 策略组
proxy-groups:
- {name: 节点选择, type: select, proxies: [香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点, 故障转移], include-all: true, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/select.png"}
- {name: YouTube, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/youtube.png"}
- {name: FCM, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/fcm.png"}
- {name: GoogleVPN, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/googlevpn.png"}
- {name: Google, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/google.png"}
- {name: Meta, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/meta.png"}
- {name: AI, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/ai.png"}
- {name: GitHub, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/github.png"}
- {name: OneDrive, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/onedrive.png"}
- {name: Microsoft, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/microsoft.png"}
- {name: Telegram, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/telegram.png"}
- {name: Discord, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/discord.png"}
- {name: Talkatone, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/talkatone.png"}
- {name: LINE, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/line.png"}
- {name: Signal, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/signal.png"}
- {name: TikTok, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/tiktok.png"}
- {name: NETFLIX, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/netflix.png"}
- {name: DisneyPlus, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/disney.png"}
- {name: HBO, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/hbo.png"}
- {name: Primevideo, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/primevideo.png"}
- {name: AppleTV, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/appletv.png"}
- {name: Apple, type: select, !!merge <<: *Direct_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/apple.png"}
- {name: Emby, type: select, !!merge <<: *Include_all, include-all: true, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/emby.png"}
- {name: 哔哩哔哩, type: select, !!merge <<: *Direct_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/bilibili.png"}
- {name: 哔哩东南亚, type: select, proxies: [节点选择, 新加坡节点, 全部节点, 自建/家宽节点, 全球直连], icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/bilibilit.png"}
- {name: 巴哈姆特, type: select, proxies: [台湾节点], icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/bahamut.png"}
- {name: Spotify, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/spotify.png"}
- {name: 国内媒体, type: select, !!merge <<: *Direct_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Chinese_media.png"}
- {name: Global-TV, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/global_tv.png"}
- {name: Global-Medial, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/global_media.png"}
- {name: 游戏平台, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/game.png"}
- {name: Speedtest, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/speedtest.png"}
- {name: PayPal, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/paypal.png"}
- {name: Wise, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/wise.png"}
- {name: 国外电商, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/shopping.png"}
- {name: STEAM, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/steam.png"}
- {name: 全球直连, type: select, proxies: ["\U0001F7E2 直连", "\U0001F517 代理", 全部节点], icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/direct.png"}
- {name: Final, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/final.png"}
- {name: 自建/家宽节点, type: select, include-all: true, filter: "(?=.*(?i)(自建|CF|The_house|private|home|家宽|hgc|HKT|HKBN|icable|Hinet|att))", exclude-filter: "(?=.*(?i)(Seattle))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/private_node.png"}
- {name: 香港节点, type: select, proxies: [香港自动, 香港均衡], include-all: true, filter: "(?=.*(?i)(港|hk|hongkong|Hong Kong|\U0001F1ED\U0001F1F0))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/Hongkong.png"}
- {name: 新加坡节点, type: select, proxies: [新加坡自动, 新加坡均衡], include-all: true, filter: "(?=.*(?i)(新|\U0001F1F8\U0001F1EC|SG|singapore))", exclude-filter: "(?=.*(?i)(新西兰))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Singapore.png"}
- {name: 日本节点, type: select, proxies: [日本自动, 日本均衡], include-all: true, filter: "(?=.*(?i)(日本|\U0001F1EF\U0001F1F5|JP|Japan))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Japan.png"}
- {name: 台湾节点, type: select, proxies: [台湾自动, 台湾均衡], include-all: true, filter: "(?=.*(?i)(台|\U0001F1F9\U0001F1FC|TW|Taiwan))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Taiwan_China.png"}
- {name: 美国节点, type: select, proxies: [美国自动, 美国均衡], include-all: true, filter: "(?=.*(?i)(美|\U0001F1FA\U0001F1F2|\U0001F1FA\U0001F1F8|US|America|United States|UnitedState|Los Angeles|Chicago|Ashburn|Seattle|Kansas))", exclude-filter: "(?=.*(?i)(Australia|Russia|RUS))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/America.png"}
- {name: 欧洲节点, type: select, include-all: true, filter: "(?=.*(?i)(\U0001F1E6\U0001F1F1|\U0001F1E6\U0001F1E9|\U0001F1E6\U0001F1F9|\U0001F1E7\U0001F1FE|\U0001F1E7\U0001F1EA|\U0001F1E7\U0001F1E6|\U0001F1E7\U0001F1EC|\U0001F1ED\U0001F1F7|\U0001F1E8\U0001F1FE|\U0001F1E8\U0001F1FF|\U0001F1E9\U0001F1F0|\U0001F1EA\U0001F1EA|\U0001F1EB\U0001F1EE|\U0001F1EB\U0001F1F7|\U0001F1E9\U0001F1EA|\U0001F1EC\U0001F1F7|\U0001F1ED\U0001F1FA|\U0001F1EE\U0001F1F8|\U0001F1EE\U0001F1EA|\U0001F1EE\U0001F1F9|\U0001F1FD\U0001F1F0|\U0001F1F1\U0001F1FB|\U0001F1F1\U0001F1EE|\U0001F1F1\U0001F1F9|\U0001F1F1\U0001F1FA|\U0001F1F2\U0001F1F9|\U0001F1F2\U0001F1E9|\U0001F1F2\U0001F1E8|\U0001F1F2\U0001F1EA|\U0001F1F3\U0001F1F1|\U0001F1F2\U0001F1F0|\U0001F1F3\U0001F1F4|\U0001F1F5\U0001F1F1|\U0001F1F5\U0001F1F9|\U0001F1F7\U0001F1F4|\U0001F1F7\U0001F1FA|\U0001F1F8\U0001F1F2|\U0001F1F7\U0001F1F8|\U0001F1F8\U0001F1F0|\U0001F1F8\U0001F1EE|\U0001F1EA\U0001F1F8|\U0001F1F8\U0001F1EA|\U0001F1E8\U0001F1ED|\U0001F1F9\U0001F1F7|\U0001F1FA\U0001F1E6|\U0001F1EC\U0001F1E7|\U0001F1FB\U0001F1E6))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/European.png"}
- {name: 全部节点, type: select, include-all: true, tolerance: 20, interval: 300, exclude-filter: "(?i)(\U0001F7E2 直连)", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/all.png"}
- {name: 香港自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(香港|hk|hongkong|Hong Kong|\U0001F1ED\U0001F1F0))", exclude-filter: "(?=.*(?i)(The_HK_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/hk_automatic_selection.png"}
- {name: 新加坡自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(新|\U0001F1F8\U0001F1EC|SG|Singapore))", exclude-filter: "(?=.*(?i)(The_SG_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus|新西兰))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/sg_automatic_selection.png"}
- {name: 日本自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(日本|\U0001F1EF\U0001F1F5|JP|Japan))", exclude-filter: "(?=.*(?i)(The_JP_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/jp_automatic_selection.png"}
- {name: 台湾自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(台|\U0001F1F9\U0001F1FC|TW|Taiwan))", exclude-filter: "(?=.*(?i)(The_TW_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/tw_automatic_selection.png"}
- {name: 美国自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(美|\U0001F1FA\U0001F1F2|\U0001F1FA\U0001F1F8|US|America|United States|UnitedState|Los Angeles|Chicago|Ashburn|Seattle|Kansas))", exclude-filter: "(?=.*(?i)(The_US_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|russia|austria|plus|traffic|Australia|rus|aus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/usa_automatic_selection.png"}
- {name: 香港均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(香港|hk|hongkong|Hong Kong|\U0001F1ED\U0001F1F0))", exclude-filter: "(?=.*(?i)(The_HK_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
- {name: 新加坡均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(新|\U0001F1F8\U0001F1EC|SG|Singapore))", exclude-filter: "(?=.*(?i)(The_SG_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus|新西兰))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
- {name: 日本均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(日本|\U0001F1EF\U0001F1F5|JP|Japan))", exclude-filter: "(?=.*(?i)(The_JP_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
- {name: 台湾均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(台|\U0001F1F9\U0001F1FC|TW|Taiwan))", exclude-filter: "(?=.*(?i)(The_TW_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
- {name: 美国均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(美|\U0001F1FA\U0001F1F2|\U0001F1FA\U0001F1F8|US|America|United States|UnitedState|Ashburn|Kansas|Seattle))", exclude-filter: "(?=.*(?i)(The_US_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|russia|austria|plus|traffic|Australia|rus|aus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
- {name: "\U0001F517 代理", type: select, hidden: true, proxies: [节点选择]}
- {name: 故障转移, type: fallback, include-all: true, interval: 300, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/fallback.png"}
- {name: GLOBAL, type: select, include-all: true, proxies: [节点选择, YouTube, GoogleVPN, FCM, Google, Meta, AI, GitHub, OneDrive, Microsoft, Telegram, Discord, Talkatone, LINE, Signal, TikTok, NETFLIX, DisneyPlus, HBO, Primevideo, AppleTV, Apple, Emby, 哔哩哔哩, 哔哩东南亚, 巴哈姆特, Spotify, 国内媒体, Global-TV, Global-Medial, 游戏平台, Speedtest, PayPal, Wise, 国外电商, STEAM, 全球直连, Final, 自建/家宽节点, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 香港自动, 新加坡自动, 日本自动, 台湾自动, 美国自动, 香港均衡, 新加坡均衡, 日本均衡, 台湾均衡, 美国均衡, 故障转移], exclude-filter: "(?i)(\U0001F7E2 直连)", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/global.png"}
rules:
- RULE-SET,wechat_domain,全球直连
- RULE-SET,wechat_asn,全球直连,no-resolve
- RULE-SET,speedtest_domain,Speedtest
- RULE-SET,Cloudflare_domain,节点选择
- RULE-SET,Wise_domain,Wise
- RULE-SET,paypal_domain,PayPal
- RULE-SET,proxy_domain,节点选择
- RULE-SET,biliintl_domain,哔哩东南亚
- RULE-SET,bilibili_domain,哔哩哔哩
- RULE-SET,bilibili_ip,哔哩哔哩,no-resolve
- RULE-SET,bahamut_domain,巴哈姆特
- RULE-SET,bank_cn_domain,全球直连
- RULE-SET,ai_cn_domain,全球直连
- RULE-SET,direct_domain,全球直连
- RULE-SET,alibaba_domain,全球直连
- RULE-SET,115_domain,全球直连
- RULE-SET,aliyun_domain,全球直连
- RULE-SET,github_domain,GitHub
- RULE-SET,gitbook_domain,GitHub
- RULE-SET,googlevpn_domain,GoogleVPN
- RULE-SET,youtube_domain,YouTube
- RULE-SET,fcm_domain,FCM
- RULE-SET,google_domain,Google
- RULE-SET,google_asn_cn,Google,no-resolve
- RULE-SET,google_ip,Google,no-resolve
- RULE-SET,onedrive_domain,OneDrive
- RULE-SET,microsoft_domain,Microsoft
- RULE-SET,ai!cn_domain,AI
- RULE-SET,ai_domain,AI
- RULE-SET,openai_domain,AI
- RULE-SET,telegram_domain,Telegram
- RULE-SET,telegram_ip,Telegram,no-resolve
- RULE-SET,line_domain,LINE
- RULE-SET,talkatone_domain,Talkatone
- RULE-SET,talkatone_ip,Talkatone,no-resolve
- RULE-SET,discord_domain,Discord
- RULE-SET,discord_asn,Discord,no-resolve
- RULE-SET,signal_domain,Signal
- RULE-SET,tencent!cn_domain,节点选择
- RULE-SET,tencent_domain,全球直连
- RULE-SET,iptv_domain,全球直连
- RULE-SET,private_domain,全球直连
- DOMAIN-KEYWORD,hk.tv.global.mi.com,节点选择
- RULE-SET,xiaomi_domain,全球直连
- RULE-SET,steam_cn_domain,全球直连
- RULE-SET,steamcdn_domain,全球直连
- RULE-SET,steamcdn_ip,全球直连,no-resolve
- RULE-SET,NetEaseMusic_domain,全球直连
- RULE-SET,NetEaseMusic_ip,全球直连,no-resolve
- RULE-SET,pt_cn_domain,全球直连
- RULE-SET,public-tracker_domain,全球直连
- RULE-SET,media_cn_domain,国内媒体
- RULE-SET,appleTV_domain,AppleTV
- RULE-SET,apple_cn_domain,全球直连
- RULE-SET,apple_firmware_domain,Apple
- RULE-SET,apple_domain,Apple
- RULE-SET,tiktok_domain,TikTok
- RULE-SET,netflix_domain,NETFLIX
- RULE-SET,netflix_ip,NETFLIX,no-resolve
- RULE-SET,disney_domain,DisneyPlus
- RULE-SET,hbo_domain,HBO
- RULE-SET,primevideo_domain,Primevideo
- RULE-SET,emby_domain,Emby
- RULE-SET,emby_ip,Emby,no-resolve
- RULE-SET,spotify_domain,Spotify
- RULE-SET,facebook_domain,Meta
- RULE-SET,whatsapp_domain,Meta
- RULE-SET,instagram_domain,Meta
- RULE-SET,threads_domain,Meta
- RULE-SET,meta_domain,Meta
- RULE-SET,facebook_ip,Meta,no-resolve
- DOMAIN-SUFFIX,mytvsuper.com,Global-TV
- DOMAIN-SUFFIX,mytv.com.hk,Global-TV
- RULE-SET,twitch_domain,Global-TV
- RULE-SET,porn_domain,Global-TV
- RULE-SET,TVB_domain,Global-TV
- RULE-SET,media!cn_domain,Global-Medial
- RULE-SET,twitter_ip,节点选择,no-resolve
- RULE-SET,steam_domain,STEAM
- RULE-SET,Epic_domain,游戏平台
- RULE-SET,EA_domain,游戏平台
- RULE-SET,Blizzard_domain,游戏平台
- RULE-SET,UBI_domain,游戏平台
- RULE-SET,Sony_domain,游戏平台
- RULE-SET,Nintendo_domain,游戏平台
- RULE-SET,ifast_domain,全球直连
- RULE-SET,Amazon_domain,国外电商
- RULE-SET,Amazon_ip,国外电商,no-resolve
- RULE-SET,Shopee_domain,国外电商
- RULE-SET,Shopify_domain,国外电商
- RULE-SET,ebay_domain,国外电商
- RULE-SET,gfw_domain,节点选择
- RULE-SET,geolocation-!cn,节点选择
- RULE-SET,cn_domain,全球直连
- RULE-SET,private_ip,全球直连,no-resolve
- RULE-SET,cn_ip,全球直连,no-resolve
- MATCH,Final
rule-anchor:
ip: &ip {type: http, interval: 86400, behavior: ipcidr, format: mrs}
ip_text: &ip_text {type: http, interval: 86400, behavior: ipcidr, format: text}
ip_yaml: &ip_yaml {type: http, interval: 86400, behavior: ipcidr, format: yaml}
domain: &domain {type: http, interval: 86400, behavior: domain, format: mrs}
domain_text: &domain_text {type: http, interval: 86400, behavior: domain, format: text}
domain_yaml: &domain_yaml {type: http, interval: 86400, behavior: domain, format: yaml}
class: &class {type: http, interval: 86400, behavior: classical, format: text}
class_yaml: &class_yaml {type: http, interval: 86400, behavior: classical, format: yaml}
rule-providers:
private_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/private.mrs"}
bank_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-bank-cn.mrs"}
xiaomi_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/xiaomi.mrs"}
biliintl_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/bilibili%40!cn.mrs"}
bilibili_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/bilibili.mrs"}
bahamut_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/bahamut.mrs"}
spotify_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/spotify.mrs"}
steam_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/steam%40cn.mrs"}
steamcdn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/Steam-domain.mrs"}
steam_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/steam.mrs"}
ai!cn_domain: {!!merge <<: *domain, url: "https://github.com/MetaCubeX/meta-rules-dat/raw/refs/heads/meta/geo/geosite/category-ai-!cn.mrs"}
openai_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/openai.mrs"}
youtube_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/youtube.mrs"}
google_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/google.mrs"}
github_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/github.mrs"}
telegram_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/telegram.mrs"}
netflix_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/netflix.mrs"}
paypal_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/paypal.mrs"}
onedrive_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/onedrive.mrs"}
microsoft_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/microsoft.mrs"}
apple_firmware_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/applefirmware.mrs"}
apple_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/apple.mrs"}
speedtest_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/ookla-speedtest.mrs"}
tiktok_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/tiktok.mrs"}
gfw_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/gfw.mrs"}
geolocation-!cn: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/geolocation-!cn.mrs"}
cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/cn.mrs"}
media_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-media-cn.mrs"}
media!cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-social-media-!cn.mrs"}
Cloudflare_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/cloudflare.mrs"}
gitbook_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/gitbook.mrs"}
disney_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/disney.mrs"}
hbo_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/hbo.mrs"}
primevideo_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/primevideo.mrs"}
NetEaseMusic_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/NetEaseMusic-domain.mrs"}
Amazon_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/amazon.mrs"}
Shopee_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/shopee.mrs"}
ebay_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/ebay.mrs"}
appleTV_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/appletv.mrs"}
Epic_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/epicgames.mrs"}
EA_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/ea.mrs"}
Blizzard_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/blizzard.mrs"}
UBI_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/ubi.mrs"}
Sony_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/sony.mrs"}
Nintendo_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/nintendo.mrs"}
facebook_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/facebook.mrs"}
whatsapp_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/whatsapp.mrs"}
instagram_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/instagram.mrs"}
threads_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/threads.mrs"}
meta_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/meta.mrs"}
Wise_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/wise.mrs"}
ifast_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/ifast.mrs"}
line_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/line.mrs"}
talkatone_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/Talkatone-domain.mrs"}
Shopify_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/shopify.mrs"}
signal_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/signal.mrs"}
wechat_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/WeChat.mrs"}
proxy_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/proxy.mrs"}
direct_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/direct.mrs"}
apple_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/apple%40cn.mrs"}
alibaba_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/alibaba.mrs"}
tencent!cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/tencent%40!cn.mrs"}
tencent_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/tencent.mrs"}
ai_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-ai-cn.mrs"}
discord_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/discord.mrs"}
fcm_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/googlefcm.mrs"}
emby_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/emby.mrs"}
pt_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-pt.mrs"}
public-tracker_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-public-tracker.mrs"}
115_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/115.mrs"}
aliyun_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/aliyun.mrs"}
twitch_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/twitch.mrs"}
porn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-porn.mrs"}
iptv_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/iptv.mrs"}
googlevpn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/googleVPN.mrs"}
ai_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/ai.mrs"}
TVB_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/tvb.mrs"}
game_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-games%40cn.mrs"}
fakeip_filter_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/fakeip-filter.mrs"}
bilibili_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo-lite/geoip/bilibili.mrs"}
cn_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/cn.mrs"}
google_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/google.mrs"}
telegram_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/telegram.mrs"}
netflix_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/netflix.mrs"}
Amazon_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/amazon-ip.mrs"}
facebook_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geoip/facebook.mrs"}
twitter_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geoip/twitter.mrs"}
private_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geoip/private.mrs"}
talkatone_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/Talkatone-ip.mrs"}
steamcdn_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/steamCDN-ip.mrs"}
NetEaseMusic_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/NetEaseMusic-ip.mrs"}
emby_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/emby-ip.mrs"}
google_asn_cn: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/AS24424.mrs"}
discord_asn: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/AS49544.mrs"}
wechat_asn: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/AS132203.mrs"}

运行并测试

在一个terminal运行mihomo

1
2
#
sudo /usr/local/bin/mihomo -d /etc/mihomo

另一个terminal访问指定网站看是否能得到响应

1
2
3
4
export ALL_PROXY=http://127.0.0.1:7890

curl -i https://www.google.com/
curl -i https://www.baidu.com/

查看日志,看是按照规则分流还是有异常的情况

1
2
3
4
# 查看全部日志
sudo journalctl -xeu mihomo.service
# 类似tail -f,持续观察最新日志
sudo journalctl -u mihomo.service -f

开机启动

1
2
# 创建systemd文件
sudo vi /etc/systemd/system/mihomo.service

写入如下内容

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
[Unit]
Description=Mihomo Proxy Service
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/mihomo -d /etc/mihomo
Restart=always
RestartSec=3
LimitNOFILE=512000

User=mihomo
Group=mihomo

# 非root用户加入下面几个指令
# CAP_NET_ADMIN: 允许创建 tun 网卡、配置路由表
# CAP_NET_BIND_SERVICE: 允许绑定 1024 以下的特权端口(比如你想监听 53 端口)
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

执行命令

1
2
sudo systemctl daemon-reload
sudo systemctl enable --now mihomo.service

配置软路由

先查看下网卡

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
ip a

# 输出如下
#
# 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
# link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# inet 127.0.0.1/8 scope host lo
# valid_lft forever preferred_lft forever
# inet6 ::1/128 scope host noprefixroute
# valid_lft forever preferred_lft forever
# 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
# link/ether 00:90:27:f2:96:44 brd ff:ff:ff:ff:ff:ff
# altname enx009027f29644
# inet 192.168.0.149/23 brd 192.168.1.255 scope global dynamic noprefixroute enp3s0
# valid_lft 85512sec preferred_lft 85512sec
# inet6 fe80::2901:dbe8:340b:3e0d/64 scope link noprefixroute
# valid_lft forever preferred_lft forever
# 3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq master br0 state DOWN group default qlen 1000
# link/ether 00:90:27:f2:96:45 brd ff:ff:ff:ff:ff:ff
# altname enx009027f29645
# 4: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
# link/ether 44:0f:b4:f8:2a:db brd ff:ff:ff:ff:ff:ff
# altname wlx440fb4f82adb
# inet6 fe80::460f:b4ff:fef8:2adb/64 scope link proto kernel_ll
# valid_lft forever preferred_lft forever

网络拓扑

配置WAN跟LAN

1
2
# 新建一个文件,用于合并/覆盖
sudo vi /etc/netplan/01-router.yaml

netplan会自动合并/覆盖

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
network:
version: 2
renderer: networkd

ethernets:
# WAN
enp3s0:
dhcp4: true
dhcp6: false

# LAN
enp4s0:
dhcp4: false
dhcp6: false

bridges:
br0:
interfaces:
- enp4s0
# 我只有两个网口,一个用作WAN,剩下的就写到这里做LAN
addresses:
- 192.168.10.1/24

执行命令使生效

1
2
3
4
# 文件的权限要修改
sudo chmod 600 /etc/netplan/01-router.yaml

sudo netplan apply

开启内核转发

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
# Twist

# 扩大系统文件句柄和网络队列,应对高并发
# 系统连接上限
fs.file-max = 512000
net.core.somaxconn = 4096
net.ipv4.tcp_max_tw_buckets = 4096
# 网络队列
net.core.netdev_max_backlog = 256000
net.ipv4.tcp_max_syn_backlog = 8192

# 扩大 TCP/UDP 内存缓冲区(核心:防高带宽下丢包)
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.ipv4.udp_mem = 25600 51200 102400
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864

# 开启 BBR 拥塞控制算法(核心:网络提速免断连)
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

# 开启反向路径过滤,防止IP欺骗
net.ipv4.conf.all.rp_filter = 1

# 基础网络性能微调
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_fastopen = 3
net.ipv4.ip_local_port_range = 49152 65535

# 建议保留
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_mtu_probing = 2
net.ipv4.conf.all.arp_announce = 1

# 转发
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

# 前面的桥接网络br0需要
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

# 如果你是多宽带多拨/负载均衡
net.ipv4.fib_multipath_hash_policy = 1
net.ipv4.fib_multipath_use_neigh = 1

# 如果需要获取运营商的 IPv6
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.accept_ra = 2

# 配合 nftables 策略路由、多线分流
net.ipv4.fwmark_reflect = 1
net.ipv4.tcp_fwmark_accept = 1

搭建 DHCP 服务器

给LAN配置DHCP服务器,分配IP地址

1
2
# 安装dnsmasq
sudo apt install dnsmasq

修改配置文件

1
sudo vi /etc/dnsmasq.conf

内容如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 只在内网网桥 br0 上提供服务
interface=br0

# 关闭 dnsmasq 读取系统的 /etc/resolv.conf
no-resolv

# 将本地 127.0.0.1#1053(Mihomo)设为唯一的上游 DNS 服务器
server=127.0.0.1#1053

# 分配给下游设备的 IP 地址池,以及租期(12小时)
dhcp-range=192.168.10.50,192.168.10.200,255.255.255.0,12h

# 告诉下游设备,网关是这台软路由自己
dhcp-option=3,192.168.10.1

# 告诉下游设备,DNS 服务器是谁(可以用我们最开始配置的 Mihomo,或者直接给 223.5.5.5)
dhcp-option=6,192.168.10.1

设置开机启动

1
sudo systemctl enable --now dnsmasq.service

配置防火墙 NAT 规则

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
#!/usr/sbin/nft -f

flush ruleset

table inet filter {
chain input {
type filter hook input priority 0; policy drop;

jump before-input
jump main-input
jump after-input

drop
}

# Stage 1: 核心基础安全与协议放行
chain before-input {
# 放行本地环回
iifname "lo" counter accept

# 放行已建立的连接
ct state established,related counter accept
ct state invalid counter drop

# 允许基础 IPv4 ICMP (Ping 等)
ip protocol icmp icmp type echo-request limit rate 10/second burst 20 packets counter accept
ip protocol icmp icmp type { destination-unreachable, time-exceeded, parameter-problem } counter accept

# 允许完整 IPv6 ICMP (必须包含邻居发现 nd-* 否则 IPv6 会断网)
meta l4proto ipv6-icmp icmpv6 type { echo-reply, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept
meta l4proto ipv6-icmp icmpv6 type { nd-router-solicit, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } counter accept
meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 10/second burst 20 packets counter accept
}

# Stage 2: 针对外网(WAN口)主动开放的端口
chain main-input {
tcp dport 22 ct state new limit rate 5/minute burst 5 packets counter accept comment "ssh-limited"

# Web 服务
tcp dport 80 counter accept comment "tcp-80"
tcp dport 443 counter accept comment "tcp-443"
udp dport 443 counter accept comment "udp-443"

# Mihomo 代理与控制端口(全局放行,不管是上游还是下游设备都能直接用)
tcp dport 1053 counter accept comment "tcp-1053"
udp dport 1053 counter accept comment "udp-1053"
tcp dport 7890 counter accept comment "tcp-7890"
udp dport 7890 counter accept comment "udp-7890"
tcp dport 9090 counter accept comment "tcp-9090"
udp dport 9090 counter accept comment "udp-9090"
}

# Stage 3: 兜底日志
chain after-input {
limit rate 3/minute burst 10 packets counter log prefix "[nft BLOCK INPUT] "
}

# 转发链(软路由核心)
chain forward {
type filter hook forward priority 0; policy drop;

# MSS clamping (avoid fragmentation)
tcp flags syn tcp option maxseg size set rt mtu

# Allow Established/Related forwarded traffic
ct state established,related counter accept

# 放行局域网网桥向外转发(去往 WAN 口或 Meta 代理网卡)
iifname "br0" counter accept comment "Allow LAN Forward"

# 允许流量发送至公网网卡
oifname "enp3s0" counter accept comment "Allow To WAN"
}

# Output Chain
chain output {
type filter hook output priority 0; policy accept;

jump before-output
jump main-output
}

chain before-output {

}

chain main-output {

}
}

# IPv4 NAT Table (Source Address Masquerading)
table ip nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;

oifname "enp3s0" masquerade comment "Dynamic WAN Masquerade"
}
}

# IPv6 NAT Table (Source Address Masquerading)
table ip6 nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;

oifname "enp3s0" masquerade comment "Dynamic WAN Masquerade"
}
}

测试验证

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 执行查看是否有异常,不加载仅校验,dry-run
sudo nft -c -f /etc/nftables.conf

# 重启服务
sudo systemctl restart nftables mihomo

# 列出所有table
sudo nft list tables

# 输出如下
# table inet filter
# table ip nat
# table ip6 nat
# table inet mihomo

# 列出所有完整规则集,包括handle
sudo nft -a list ruleset

# 设置开机启动
sudo systemctl enable --now nftables.service

配置WiFi

WiFi配置不通过netplan,使用hostapd

1
2
# 安装
sudo apt install hostapd

修改配置

1
sudo vi /etc/hostapd/hostapd.conf

内容如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# 基础定义
interface=wlp5s0
bridge=br0
driver=nl80211
ssid=MySoftRouter_WiFi

# 频段与信道(选择 a 模式跑 5G,信道 0 自动选择,信道 149 中国最标准的 5G 纯净信道,任何国行手机都能搜到)
hw_mode=a
channel=149

# 国家码与自动信道必要参数
ieee80211d=1
country_code=CN

# 现代无线协议开关(暂时关闭未编译的 WiFi 7 项,确保顺利启动)
ieee80211n=1 # 开启 WiFi 4
ieee80211ac=1 # 开启 WiFi 5
ieee80211ax=1 # 开启 WiFi 6 (HE)

# 强制启用现代加密算法(消灭 disabling HT/VHT/HE 报错)
wpa_pairwise=CCMP
rsn_pairwise=CCMP

# 终极兼容安全配置:WPA2(PSK) + WPA3(SAE) 混合模式
# 这样不仅老手机能连,新手机也能用 WPA3 握手
wpa=2
wpa_key_mgmt=WPA-PSK SAE
ieee80211w=1 # 开启管理帧保护(1为可选,WPA2/WPA3混合模式必须设为1)
wpa_passphrase=YourStrongPassword123

# hostapd_cli依赖
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

重启/开机启动

1
2
sudo systemctl restart hostapd
sudo systemctl enable hostapd

射频检查

1
2
3
4
5
6
7
8
9
10
11
# 查看网卡开关状态
rfkill list

# 如果国家设置错误或者是intel的5G,可能会被blocked
#
# 0: hci0: Bluetooth
# Soft blocked: no
# Hard blocked: no
# 1: phy0: Wireless LAN
# Soft blocked: no
# Hard blocked: no

网卡检查

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# 查看网卡状态与模式
iw dev

# phy#0
# Interface wlp5s0
# ifindex 6
# wdev 0x1
# addr 44:0f:b4:f8:2a:db
# ssid MySoftRouter_WiFi
# type AP
# channel 149 (5745 MHz), width: 20 MHz, center1: 5745 MHz
# txpower 3.00 dBm
# multicast TXQ:
# qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets
# 0 0 103 0 0 0 0 21122 132

# 查看硬件参数
iw list

# 连接的客户端(在 hostapd_cli 故障时救急)
iw dev wlp5s0 station dump

# 扫描周围的 WiFi 信号(排查干扰)
# ap模式下不支持,需要关闭hostapd并改回普通模式
# sudo iw dev wlp5s0 set type managed
iw dev wlp5s0 scan

用户管理

1
2
3
4
5
6
7
8
# 查看所有当前连接的设备 MAC 列表
sudo hostapd_cli all_sta

# 查看热点运行的综合状态,包括可以设置的参数
sudo hostapd_cli status

# 将某个恶意连接的设备强制踢下线
sudo hostapd_cli deauthenticate <客户端的MAC地址>