从零开始搭建 Ubuntu 软路由：Mihomo + Zashboard 配置指南

y2k38

2026-06-29

mihomo, zashboard

为了避免频繁给PC、手机安装app配置机场，一个能自动分流的软路由就很有必要了

前置工作

# 禁用这个服务，不然每次开机都要花掉好几分钟
sudo systemctl disable systemd-networkd-wait-online.service

# 让nftables处理br0的流量
sudo modprobe br_netfilter

# 开机启动
echo "br_netfilter" | sudo tee -a /etc/modules

# 设置sysctl
sudo sysctl -w net.bridge.bridge-nf-call-iptables = 1
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables = 1

# 持久化
# 将下面的配置写入 /etc/sysctl.d/99-twist.conf
# net.bridge.bridge-nf-call-iptables = 1
# net.bridge.bridge-nf-call-ip6tables = 1

mihomo

安装mihomo

# 下载mihomo最新版
curl -LO https://github.com/MetaCubeX/mihomo/releases/download/v1.19.27/mihomo-linux-amd64-v3-v1.19.27.gz

# 校验
sha256sum mihomo-linux-amd64-v3-v1.19.27.gz
# sha256:c88b795ebad1f835156f17d33ca8d68bd6ea4dc68ba1be7f1d9910664faf4062

# 解压缩
gzip -d mihomo-linux-amd64-v3-v1.19.27.gz

# 添加执行权限并把文件放到指定位置
chmod +x mihomo-linux-amd64-v3-v1.19.27
sudo mv mihomo-linux-amd64-v3-v1.19.27 /usr/local/bin/mihomo

安装zashboard

# 创建目录
sudo mkdir -p /etc/mihomo /etc/mihomo/providers /etc/mihomo/ui

# 下载zashboard
curl -LO https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip

# 解压缩
sudo unzip gh-pages.zip -d /etc/mihomo/ui/
# /etc/mihomo/ui/zashboard-gh-pages

配置mihomo

mihomo跟clash-verge不太一样，要改成一个主配置config.yaml+若干订阅节点providers。订阅会自动下载，但只会用到其中的节点，其他规则等则会被忽略。

1 2	# 床架配置文件 sudo vi /etc/mihomo/config.yaml

内容是从一个机场的配置复制修改的，有删减，主要的改动是，把节点列表改为订阅列表use: [mysub]。mysub的配置会自动下载到providers目录。

# 锚点区

Proxy_first: &Proxy_first {type: select, proxies: [节点选择, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点, 全球直连], use: [mysub]}
Direct_first: &Direct_first {type: select, proxies: [全球直连, 节点选择, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点], use: [mysub]}
Include_all: &Include_all {type: select, proxies: [节点选择, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点, 全球直连], use: [mysub], include-all: true, exclude-filter: "(?i)(\U0001F7E2 直连)"}
Urltest_Base: &Urltest_Base {type: url-test, include-all: true, tolerance: 20, interval: 300, max-failed-times: 1, hidden: true}
PProviders: &PProviders {type: http, interval: 86400, health-check: {enable: true, url: 'https://www.gstatic.com/generate_204', interval: 300}, filter: '^(?!.*(拒绝|直连|群|邀请|返利|循环|官网|客服|网站|网址|获取|订阅|流量|到期|机场|下次|版本|官址|备用|过期|已用|联系|邮箱|工单|贩卖|通知|倒卖|防止|国内|地址|频道|无法|说明|提示|特别|访问|支持|教程|关注|更新|作者|加入|USE|USED|TOTAL|EXPIRE|EMAIL|Panel|Channel|Author|traffic))'}
# 全局配置
mixed-port: 7890
ipv6: false             # 能开就开，如果连不上就禁用试试
allow-lan: true
unified-delay: true
tcp-concurrent: true
# interface-name: eth0  # 路由器下根据情况指定出站接口

authentication:
  #  密码设置选项默认无
  - ""
skip-auth-prefixes:
  - 127.0.0.1/8
  - ::1/128
geodata-mode: false
# GEO 文件加载模式（standard：标准加载器/memconservative：专为内存受限 (小内存) 设备优化的加载器 (默认值)）

geodata-loader: standard
geo-auto-update: true
geo-update-interval: 48
geox-url:
  geosite: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geosite.dat"
  mmdb: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.metadb"
  geoip: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/geoip-lite.dat"
  asn: "https://github.com/MetaCubeX/meta-rules-dat/releases/download/latest/GeoLite2-ASN.mmdb"
# 控制面板
external-controller: 0.0.0.0:9090
secret: ""
#  密码设置选项，默认无，安装好了后最好都加上

external-ui: ui
external-ui-url: "https://github.com/Zephyruso/zashboard/archive/refs/heads/gh-pages.zip"
# 下载面板地址可更换：https://github.com/MetaCubeX/metacubexd/archive/refs/heads/gh-pages.zip

# 匹配进程 always/strict/off
find-process-mode: strict
# global-client-fingerprint: random

keep-alive-idle: 600
keep-alive-interval: 30
# 策略组选择和fakeip缓存
profile:
  store-selected: true
  store-fake-ip: false
# 流量嗅探
sniffer:
  enable: true
  sniff:
    HTTP:
      ports: [80, 8080-8880]
      override-destination: true
    TLS:
      ports: [443, 8443]
    QUIC:
      ports: [443, 8443]
  force-domain:
    - "*.v2ex.com"
  skip-domain:
    - "Mijia Cloud"
    - "dlg.io.mi.com"
    - "*.push.apple.com"
    - "*.apple.com"
    - "*.wechat.com"
    - "*.qpic.cn"
    - "*.qq.com"
    - "*.wechatapp.com"
    - "*.vivox.com"
    # 向日葵服务

    - "*.oray.com"
    - "*.sunlogin.net"
# 代理模式
tun:
  enable: true        # 会自动生产网卡Meta跟nftables的规则
  stack: gvisor
  mtu: 9000
  dns-hijack:
    - "any:53"
    - "tcp://any:53"
  auto-route: true
  auto-redirect: true
  auto-detect-interface: true
  skip-proxy:
    - 192.168.0.0/23  # 你的 LAN 网段，避免 SSH 连不上
    - 192.168.10.0/24 # 你的 LAN 网段，避免 SSH 连不上
    - 127.0.0.0/8
# DNS模块
dns:
  enable: true
  listen: 0.0.0.0:1053
  ipv6: true
  prefer-h3: false # 是否开启 DoH 支持 HTTP/3，将并发尝试
  respect-rules: true
  # 模式切换 redir-host / fake-ip

  enhanced-mode: fake-ip
  fake-ip-range: 28.0.0.1/8
  fake-ip-range6: 2001:480:abcd::1/64
  # 模式切换 whitelist/blacklist 

  # 黑名单模式表示如果匹配成功则不返回 Fake-IP, 白名单模式时只有匹配成功才返回 Fake-IP
  fake-ip-filter-mode: blacklist
  fake-ip-filter:
    - "rule-set:fakeip_filter_domain,game_cn_domain,bank_cn_domain,wechat_domain,ai_cn_domain,NetEaseMusic_domain,fcm_domain,alibaba_domain,media_cn_domain,xiaomi_domain,steam_cn_domain,pt_cn_domain,public-tracker_domain,115_domain,aliyun_domain,direct_domain,apple_cn_domain,apple_firmware_domain,iptv_domain,private_domain,cn_domain"
  default-nameserver:
    - 119.29.29.29
    - 180.184.1.1
  proxy-server-nameserver:
    - https://doh.pub/dns-query
    - https://223.5.5.5/dns-query#h3=true
  direct-nameserver:
    - https://doh.pub/dns-query
    - https://223.5.5.5/dns-query#h3=true
  nameserver:
    - https://dns.google/dns-query
    - https://dns.cloudflare.com/dns-query
proxies:
    - name: "\U0001F7E2 直连"
      type: direct
      udp: true
proxy-providers:
  mysub:
    type: http
    url: "your_subscription_url"
    interval: 3600
    path: /etc/mihomo/providers/mysub.yaml
# 策略组
proxy-groups:
  - {name: 节点选择, type: select, proxies: [香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 自建/家宽节点, 故障转移], include-all: true, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/select.png"}
  - {name: YouTube, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/youtube.png"}
  - {name: FCM, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/fcm.png"}
  - {name: GoogleVPN, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/googlevpn.png"}
  - {name: Google, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/google.png"}
  - {name: Meta, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/meta.png"}
  - {name: AI, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/ai.png"}
  - {name: GitHub, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/github.png"}
  - {name: OneDrive, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/onedrive.png"}
  - {name: Microsoft, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/microsoft.png"}
  - {name: Telegram, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/telegram.png"}
  - {name: Discord, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/discord.png"}
  - {name: Talkatone, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/talkatone.png"}
  - {name: LINE, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/line.png"}
  - {name: Signal, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/signal.png"}
  - {name: TikTok, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/tiktok.png"}
  - {name: NETFLIX, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/netflix.png"}
  - {name: DisneyPlus, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/disney.png"}
  - {name: HBO, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/hbo.png"}
  - {name: Primevideo, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/primevideo.png"}
  - {name: AppleTV, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/appletv.png"}
  - {name: Apple, type: select, !!merge <<: *Direct_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/apple.png"}
  - {name: Emby, type: select, !!merge <<: *Include_all, include-all: true, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/emby.png"}
  - {name: 哔哩哔哩, type: select, !!merge <<: *Direct_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/bilibili.png"}
  - {name: 哔哩东南亚, type: select, proxies: [节点选择, 新加坡节点, 全部节点, 自建/家宽节点, 全球直连], icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/bilibilit.png"}
  - {name: 巴哈姆特, type: select, proxies: [台湾节点], icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/bahamut.png"}
  - {name: Spotify, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/spotify.png"}
  - {name: 国内媒体, type: select, !!merge <<: *Direct_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Chinese_media.png"}
  - {name: Global-TV, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/global_tv.png"}
  - {name: Global-Medial, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/global_media.png"}
  - {name: 游戏平台, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/game.png"}
  - {name: Speedtest, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/speedtest.png"}
  - {name: PayPal, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/paypal.png"}
  - {name: Wise, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/wise.png"}
  - {name: 国外电商, !!merge <<: *Proxy_first, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/shopping.png"}
  - {name: STEAM, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/steam.png"}
  - {name: 全球直连, type: select, proxies: ["\U0001F7E2 直连", "\U0001F517 代理", 全部节点], icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/direct.png"}
  - {name: Final, type: select, !!merge <<: *Include_all, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/final.png"}
  - {name: 自建/家宽节点, type: select, include-all: true, filter: "(?=.*(?i)(自建|CF|The_house|private|home|家宽|hgc|HKT|HKBN|icable|Hinet|att))", exclude-filter: "(?=.*(?i)(Seattle))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/private_node.png"}
  - {name: 香港节点, type: select, proxies: [香港自动, 香港均衡], include-all: true, filter: "(?=.*(?i)(港|hk|hongkong|Hong Kong|\U0001F1ED\U0001F1F0))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/Hongkong.png"}
  - {name: 新加坡节点, type: select, proxies: [新加坡自动, 新加坡均衡], include-all: true, filter: "(?=.*(?i)(新|\U0001F1F8\U0001F1EC|SG|singapore))", exclude-filter: "(?=.*(?i)(新西兰))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Singapore.png"}
  - {name: 日本节点, type: select, proxies: [日本自动, 日本均衡], include-all: true, filter: "(?=.*(?i)(日本|\U0001F1EF\U0001F1F5|JP|Japan))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Japan.png"}
  - {name: 台湾节点, type: select, proxies: [台湾自动, 台湾均衡], include-all: true, filter: "(?=.*(?i)(台|\U0001F1F9\U0001F1FC|TW|Taiwan))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/Taiwan_China.png"}
  - {name: 美国节点, type: select, proxies: [美国自动, 美国均衡], include-all: true, filter: "(?=.*(?i)(美|\U0001F1FA\U0001F1F2|\U0001F1FA\U0001F1F8|US|America|United States|UnitedState|Los Angeles|Chicago|Ashburn|Seattle|Kansas))", exclude-filter: "(?=.*(?i)(Australia|Russia|RUS))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/America.png"}
  - {name: 欧洲节点, type: select, include-all: true, filter: "(?=.*(?i)(\U0001F1E6\U0001F1F1|\U0001F1E6\U0001F1E9|\U0001F1E6\U0001F1F9|\U0001F1E7\U0001F1FE|\U0001F1E7\U0001F1EA|\U0001F1E7\U0001F1E6|\U0001F1E7\U0001F1EC|\U0001F1ED\U0001F1F7|\U0001F1E8\U0001F1FE|\U0001F1E8\U0001F1FF|\U0001F1E9\U0001F1F0|\U0001F1EA\U0001F1EA|\U0001F1EB\U0001F1EE|\U0001F1EB\U0001F1F7|\U0001F1E9\U0001F1EA|\U0001F1EC\U0001F1F7|\U0001F1ED\U0001F1FA|\U0001F1EE\U0001F1F8|\U0001F1EE\U0001F1EA|\U0001F1EE\U0001F1F9|\U0001F1FD\U0001F1F0|\U0001F1F1\U0001F1FB|\U0001F1F1\U0001F1EE|\U0001F1F1\U0001F1F9|\U0001F1F1\U0001F1FA|\U0001F1F2\U0001F1F9|\U0001F1F2\U0001F1E9|\U0001F1F2\U0001F1E8|\U0001F1F2\U0001F1EA|\U0001F1F3\U0001F1F1|\U0001F1F2\U0001F1F0|\U0001F1F3\U0001F1F4|\U0001F1F5\U0001F1F1|\U0001F1F5\U0001F1F9|\U0001F1F7\U0001F1F4|\U0001F1F7\U0001F1FA|\U0001F1F8\U0001F1F2|\U0001F1F7\U0001F1F8|\U0001F1F8\U0001F1F0|\U0001F1F8\U0001F1EE|\U0001F1EA\U0001F1F8|\U0001F1F8\U0001F1EA|\U0001F1E8\U0001F1ED|\U0001F1F9\U0001F1F7|\U0001F1FA\U0001F1E6|\U0001F1EC\U0001F1E7|\U0001F1FB\U0001F1E6))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/European.png"}
  - {name: 全部节点, type: select, include-all: true, tolerance: 20, interval: 300, exclude-filter: "(?i)(\U0001F7E2 直连)", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/all.png"}
  - {name: 香港自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(香港|hk|hongkong|Hong Kong|\U0001F1ED\U0001F1F0))", exclude-filter: "(?=.*(?i)(The_HK_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/hk_automatic_selection.png"}
  - {name: 新加坡自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(新|\U0001F1F8\U0001F1EC|SG|Singapore))", exclude-filter: "(?=.*(?i)(The_SG_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus|新西兰))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/sg_automatic_selection.png"}
  - {name: 日本自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(日本|\U0001F1EF\U0001F1F5|JP|Japan))", exclude-filter: "(?=.*(?i)(The_JP_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/jp_automatic_selection.png"}
  - {name: 台湾自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(台|\U0001F1F9\U0001F1FC|TW|Taiwan))", exclude-filter: "(?=.*(?i)(The_TW_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/tw_automatic_selection.png"}
  - {name: 美国自动, !!merge <<: *Urltest_Base, filter: "(?=.*(?i)(美|\U0001F1FA\U0001F1F2|\U0001F1FA\U0001F1F8|US|America|United States|UnitedState|Los Angeles|Chicago|Ashburn|Seattle|Kansas))", exclude-filter: "(?=.*(?i)(The_US_automation|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|russia|austria|plus|traffic|Australia|rus|aus))", icon: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/icon/usa_automatic_selection.png"}
  - {name: 香港均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(香港|hk|hongkong|Hong Kong|\U0001F1ED\U0001F1F0))", exclude-filter: "(?=.*(?i)(The_HK_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
  - {name: 新加坡均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(新|\U0001F1F8\U0001F1EC|SG|Singapore))", exclude-filter: "(?=.*(?i)(The_SG_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus|新西兰))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
  - {name: 日本均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(日本|\U0001F1EF\U0001F1F5|JP|Japan))", exclude-filter: "(?=.*(?i)(The_JP_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
  - {name: 台湾均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(台|\U0001F1F9\U0001F1FC|TW|Taiwan))", exclude-filter: "(?=.*(?i)(The_TW_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|traffic|plus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
  - {name: 美国均衡, type: load-balance, include-all: true, strategy: consistent-hashing, hidden: true, filter: "(?=.*(?i)(美|\U0001F1FA\U0001F1F2|\U0001F1FA\U0001F1F8|US|America|United States|UnitedState|Ashburn|Kansas|Seattle))", exclude-filter: "(?=.*(?i)(The_US_balance|wcloud|0倍|0\\.1倍|0\\.01倍|0\\.3X|0\\.2x|0\\.5x|3X|2x|1\\.5x|russia|austria|plus|traffic|Australia|rus|aus))", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/load-balance.png"}
  - {name: "\U0001F517 代理", type: select, hidden: true, proxies: [节点选择]}
  - {name: 故障转移, type: fallback, include-all: true, interval: 300, icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/fallback.png"}
  - {name: GLOBAL, type: select, include-all: true, proxies: [节点选择, YouTube, GoogleVPN, FCM, Google, Meta, AI, GitHub, OneDrive, Microsoft, Telegram, Discord, Talkatone, LINE, Signal, TikTok, NETFLIX, DisneyPlus, HBO, Primevideo, AppleTV, Apple, Emby, 哔哩哔哩, 哔哩东南亚, 巴哈姆特, Spotify, 国内媒体, Global-TV, Global-Medial, 游戏平台, Speedtest, PayPal, Wise, 国外电商, STEAM, 全球直连, Final, 自建/家宽节点, 香港节点, 新加坡节点, 日本节点, 台湾节点, 美国节点, 欧洲节点, 全部节点, 香港自动, 新加坡自动, 日本自动, 台湾自动, 美国自动, 香港均衡, 新加坡均衡, 日本均衡, 台湾均衡, 美国均衡, 故障转移], exclude-filter: "(?i)(\U0001F7E2 直连)", icon: "https://pub-8feead0908f649a8b94397f152fb9cba.r2.dev/global.png"}
rules:
  - RULE-SET,wechat_domain,全球直连
  - RULE-SET,wechat_asn,全球直连,no-resolve
  - RULE-SET,speedtest_domain,Speedtest
  - RULE-SET,Cloudflare_domain,节点选择
  - RULE-SET,Wise_domain,Wise
  - RULE-SET,paypal_domain,PayPal
  - RULE-SET,proxy_domain,节点选择
  - RULE-SET,biliintl_domain,哔哩东南亚
  - RULE-SET,bilibili_domain,哔哩哔哩
  - RULE-SET,bilibili_ip,哔哩哔哩,no-resolve
  - RULE-SET,bahamut_domain,巴哈姆特
  - RULE-SET,bank_cn_domain,全球直连
  - RULE-SET,ai_cn_domain,全球直连
  - RULE-SET,direct_domain,全球直连
  - RULE-SET,alibaba_domain,全球直连
  - RULE-SET,115_domain,全球直连
  - RULE-SET,aliyun_domain,全球直连
  - RULE-SET,github_domain,GitHub
  - RULE-SET,gitbook_domain,GitHub
  - RULE-SET,googlevpn_domain,GoogleVPN
  - RULE-SET,youtube_domain,YouTube
  - RULE-SET,fcm_domain,FCM
  - RULE-SET,google_domain,Google
  - RULE-SET,google_asn_cn,Google,no-resolve
  - RULE-SET,google_ip,Google,no-resolve
  - RULE-SET,onedrive_domain,OneDrive
  - RULE-SET,microsoft_domain,Microsoft
  - RULE-SET,ai!cn_domain,AI
  - RULE-SET,ai_domain,AI
  - RULE-SET,openai_domain,AI
  - RULE-SET,telegram_domain,Telegram
  - RULE-SET,telegram_ip,Telegram,no-resolve
  - RULE-SET,line_domain,LINE
  - RULE-SET,talkatone_domain,Talkatone
  - RULE-SET,talkatone_ip,Talkatone,no-resolve
  - RULE-SET,discord_domain,Discord
  - RULE-SET,discord_asn,Discord,no-resolve
  - RULE-SET,signal_domain,Signal
  - RULE-SET,tencent!cn_domain,节点选择
  - RULE-SET,tencent_domain,全球直连
  - RULE-SET,iptv_domain,全球直连
  - RULE-SET,private_domain,全球直连
  - DOMAIN-KEYWORD,hk.tv.global.mi.com,节点选择
  - RULE-SET,xiaomi_domain,全球直连
  - RULE-SET,steam_cn_domain,全球直连
  - RULE-SET,steamcdn_domain,全球直连
  - RULE-SET,steamcdn_ip,全球直连,no-resolve
  - RULE-SET,NetEaseMusic_domain,全球直连
  - RULE-SET,NetEaseMusic_ip,全球直连,no-resolve
  - RULE-SET,pt_cn_domain,全球直连
  - RULE-SET,public-tracker_domain,全球直连
  - RULE-SET,media_cn_domain,国内媒体
  - RULE-SET,appleTV_domain,AppleTV
  - RULE-SET,apple_cn_domain,全球直连
  - RULE-SET,apple_firmware_domain,Apple
  - RULE-SET,apple_domain,Apple
  - RULE-SET,tiktok_domain,TikTok
  - RULE-SET,netflix_domain,NETFLIX
  - RULE-SET,netflix_ip,NETFLIX,no-resolve
  - RULE-SET,disney_domain,DisneyPlus
  - RULE-SET,hbo_domain,HBO
  - RULE-SET,primevideo_domain,Primevideo
  - RULE-SET,emby_domain,Emby
  - RULE-SET,emby_ip,Emby,no-resolve
  - RULE-SET,spotify_domain,Spotify
  - RULE-SET,facebook_domain,Meta
  - RULE-SET,whatsapp_domain,Meta
  - RULE-SET,instagram_domain,Meta
  - RULE-SET,threads_domain,Meta
  - RULE-SET,meta_domain,Meta
  - RULE-SET,facebook_ip,Meta,no-resolve
  - DOMAIN-SUFFIX,mytvsuper.com,Global-TV
  - DOMAIN-SUFFIX,mytv.com.hk,Global-TV
  - RULE-SET,twitch_domain,Global-TV
  - RULE-SET,porn_domain,Global-TV
  - RULE-SET,TVB_domain,Global-TV
  - RULE-SET,media!cn_domain,Global-Medial
  - RULE-SET,twitter_ip,节点选择,no-resolve
  - RULE-SET,steam_domain,STEAM
  - RULE-SET,Epic_domain,游戏平台
  - RULE-SET,EA_domain,游戏平台
  - RULE-SET,Blizzard_domain,游戏平台
  - RULE-SET,UBI_domain,游戏平台
  - RULE-SET,Sony_domain,游戏平台
  - RULE-SET,Nintendo_domain,游戏平台
  - RULE-SET,ifast_domain,全球直连
  - RULE-SET,Amazon_domain,国外电商
  - RULE-SET,Amazon_ip,国外电商,no-resolve
  - RULE-SET,Shopee_domain,国外电商
  - RULE-SET,Shopify_domain,国外电商
  - RULE-SET,ebay_domain,国外电商
  - RULE-SET,gfw_domain,节点选择
  - RULE-SET,geolocation-!cn,节点选择
  - RULE-SET,cn_domain,全球直连
  - RULE-SET,private_ip,全球直连,no-resolve
  - RULE-SET,cn_ip,全球直连,no-resolve
  - MATCH,Final
rule-anchor:
  ip: &ip {type: http, interval: 86400, behavior: ipcidr, format: mrs}
  ip_text: &ip_text {type: http, interval: 86400, behavior: ipcidr, format: text}
  ip_yaml: &ip_yaml {type: http, interval: 86400, behavior: ipcidr, format: yaml}
  domain: &domain {type: http, interval: 86400, behavior: domain, format: mrs}
  domain_text: &domain_text {type: http, interval: 86400, behavior: domain, format: text}
  domain_yaml: &domain_yaml {type: http, interval: 86400, behavior: domain, format: yaml}
  class: &class {type: http, interval: 86400, behavior: classical, format: text}
  class_yaml: &class_yaml {type: http, interval: 86400, behavior: classical, format: yaml}
rule-providers:
  private_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/private.mrs"}
  bank_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-bank-cn.mrs"}
  xiaomi_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/xiaomi.mrs"}
  biliintl_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/bilibili%40!cn.mrs"}
  bilibili_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/bilibili.mrs"}
  bahamut_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/bahamut.mrs"}
  spotify_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/spotify.mrs"}
  steam_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/steam%40cn.mrs"}
  steamcdn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/Steam-domain.mrs"}
  steam_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/steam.mrs"}
  ai!cn_domain: {!!merge <<: *domain, url: "https://github.com/MetaCubeX/meta-rules-dat/raw/refs/heads/meta/geo/geosite/category-ai-!cn.mrs"}
  openai_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/openai.mrs"}
  youtube_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/youtube.mrs"}
  google_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/google.mrs"}
  github_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/github.mrs"}
  telegram_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/telegram.mrs"}
  netflix_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/netflix.mrs"}
  paypal_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/paypal.mrs"}
  onedrive_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/onedrive.mrs"}
  microsoft_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/microsoft.mrs"}
  apple_firmware_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/applefirmware.mrs"}
  apple_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/apple.mrs"}
  speedtest_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/ookla-speedtest.mrs"}
  tiktok_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/tiktok.mrs"}
  gfw_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/gfw.mrs"}
  geolocation-!cn: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/geolocation-!cn.mrs"}
  cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geosite/cn.mrs"}
  media_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-media-cn.mrs"}
  media!cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-social-media-!cn.mrs"}
  Cloudflare_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/cloudflare.mrs"}
  gitbook_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/gitbook.mrs"}
  disney_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/disney.mrs"}
  hbo_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/hbo.mrs"}
  primevideo_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/primevideo.mrs"}
  NetEaseMusic_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/NetEaseMusic-domain.mrs"}
  Amazon_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/amazon.mrs"}
  Shopee_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/shopee.mrs"}
  ebay_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/ebay.mrs"}
  appleTV_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/appletv.mrs"}
  Epic_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/epicgames.mrs"}
  EA_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/ea.mrs"}
  Blizzard_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/blizzard.mrs"}
  UBI_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/ubi.mrs"}
  Sony_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/sony.mrs"}
  Nintendo_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/nintendo.mrs"}
  facebook_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/facebook.mrs"}
  whatsapp_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/whatsapp.mrs"}
  instagram_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/instagram.mrs"}
  threads_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/threads.mrs"}
  meta_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/meta.mrs"}
  Wise_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/wise.mrs"}
  ifast_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/ifast.mrs"}
  line_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/line.mrs"}
  talkatone_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/Talkatone-domain.mrs"}
  Shopify_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/shopify.mrs"}
  signal_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/signal.mrs"}
  wechat_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/WeChat.mrs"}
  proxy_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/proxy.mrs"}
  direct_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/direct.mrs"}
  apple_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/apple%40cn.mrs"}
  alibaba_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/alibaba.mrs"}
  tencent!cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/tencent%40!cn.mrs"}
  tencent_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/tencent.mrs"}
  ai_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-ai-cn.mrs"}
  discord_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/discord.mrs"}
  fcm_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/googlefcm.mrs"}
  emby_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/emby.mrs"}
  pt_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-pt.mrs"}
  public-tracker_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-public-tracker.mrs"}
  115_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/115.mrs"}
  aliyun_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/aliyun.mrs"}
  twitch_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/twitch.mrs"}
  porn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-porn.mrs"}
  iptv_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/iptv.mrs"}
  googlevpn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/googleVPN.mrs"}
  ai_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/ai.mrs"}
  TVB_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/tvb.mrs"}
  game_cn_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geosite/category-games%40cn.mrs"}
  fakeip_filter_domain: {!!merge <<: *domain, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/Domain/fakeip-filter.mrs"}
  bilibili_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo-lite/geoip/bilibili.mrs"}
  cn_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/cn.mrs"}
  google_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/google.mrs"}
  telegram_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/telegram.mrs"}
  netflix_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/meta/geo/geoip/netflix.mrs"}
  Amazon_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/amazon-ip.mrs"}
  facebook_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geoip/facebook.mrs"}
  twitter_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geoip/twitter.mrs"}
  private_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/MetaCubeX/meta-rules-dat/refs/heads/meta/geo/geoip/private.mrs"}
  talkatone_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/Talkatone-ip.mrs"}
  steamcdn_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/steamCDN-ip.mrs"}
  NetEaseMusic_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/NetEaseMusic-ip.mrs"}
  emby_ip: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/emby-ip.mrs"}
  google_asn_cn: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/AS24424.mrs"}
  discord_asn: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/AS49544.mrs"}
  wechat_asn: {!!merge <<: *ip, url: "https://raw.githubusercontent.com/Lanlan13-14/Rules/refs/heads/main/rules/IP/AS132203.mrs"}

运行并测试

在一个terminal运行mihomo

1 2	# sudo /usr/local/bin/mihomo -d /etc/mihomo

另一个terminal访问指定网站看是否能得到响应

export ALL_PROXY=http://127.0.0.1:7890

curl -i https://www.google.com/
curl -i https://www.baidu.com/

查看日志，看是按照规则分流还是有异常的情况

# 查看全部日志
sudo journalctl -xeu mihomo.service
# 类似tail -f，持续观察最新日志
sudo journalctl -u mihomo.service -f

开机启动

1 2	# 创建systemd文件 sudo vi /etc/systemd/system/mihomo.service

写入如下内容

[Unit]
Description=Mihomo Proxy Service
After=network.target

[Service]
Type=simple
ExecStart=/usr/local/bin/mihomo -d /etc/mihomo
Restart=always
RestartSec=3
LimitNOFILE=512000

User=mihomo
Group=mihomo

# 非root用户加入下面几个指令
# CAP_NET_ADMIN: 允许创建 tun 网卡、配置路由表
# CAP_NET_BIND_SERVICE: 允许绑定 1024 以下的特权端口（比如你想监听 53 端口）
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

执行命令

1 2	sudo systemctl daemon-reload sudo systemctl enable --now mihomo.service

配置软路由

先查看下网卡

ip a

# 输出如下
#
# 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
#     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
#     inet 127.0.0.1/8 scope host lo
#        valid_lft forever preferred_lft forever
#     inet6 ::1/128 scope host noprefixroute
#        valid_lft forever preferred_lft forever
# 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
#     link/ether 00:90:27:f2:96:44 brd ff:ff:ff:ff:ff:ff
#     altname enx009027f29644
#     inet 192.168.0.149/23 brd 192.168.1.255 scope global dynamic noprefixroute enp3s0
#        valid_lft 85512sec preferred_lft 85512sec
#     inet6 fe80::2901:dbe8:340b:3e0d/64 scope link noprefixroute
#        valid_lft forever preferred_lft forever
# 3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq master br0 state DOWN group default qlen 1000
#     link/ether 00:90:27:f2:96:45 brd ff:ff:ff:ff:ff:ff
#     altname enx009027f29645
# 4: wlp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
#     link/ether 44:0f:b4:f8:2a:db brd ff:ff:ff:ff:ff:ff
#     altname wlx440fb4f82adb
#     inet6 fe80::460f:b4ff:fef8:2adb/64 scope link proto kernel_ll
#        valid_lft forever preferred_lft forever

网络拓扑

配置WAN跟LAN

1 2	# 新建一个文件，用于合并/覆盖 sudo vi /etc/netplan/01-router.yaml

netplan会自动合并/覆盖

network:
  version: 2
  renderer: networkd

  ethernets:
    # WAN
    enp3s0:
      dhcp4: true
      dhcp6: false

    # LAN
    enp4s0:
      dhcp4: false
      dhcp6: false

  bridges:
    br0:
      interfaces:
        - enp4s0
        # 我只有两个网口，一个用作WAN，剩下的就写到这里做LAN
      addresses:
        - 192.168.10.1/24

执行命令使生效

# 文件的权限要修改
sudo chmod 600 /etc/netplan/01-router.yaml

sudo netplan apply

开启内核转发

# Twist

# 扩大系统文件句柄和网络队列，应对高并发
# 系统连接上限
fs.file-max = 512000
net.core.somaxconn = 4096
net.ipv4.tcp_max_tw_buckets = 4096
# 网络队列
net.core.netdev_max_backlog = 256000
net.ipv4.tcp_max_syn_backlog = 8192

# 扩大 TCP/UDP 内存缓冲区（核心：防高带宽下丢包）
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.ipv4.udp_mem = 25600 51200 102400
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864

# 开启 BBR 拥塞控制算法（核心：网络提速免断连）
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

# 开启反向路径过滤，防止IP欺骗
net.ipv4.conf.all.rp_filter = 1

# 基础网络性能微调
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_dsack = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_fastopen = 3
net.ipv4.ip_local_port_range = 49152 65535

# 建议保留
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_mtu_probing = 2
net.ipv4.conf.all.arp_announce = 1

# 转发
net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1

# 前面的桥接网络br0需要
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

# 如果你是多宽带多拨/负载均衡
net.ipv4.fib_multipath_hash_policy = 1
net.ipv4.fib_multipath_use_neigh = 1

# 如果需要获取运营商的 IPv6
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.accept_ra = 2

# 配合 nftables 策略路由、多线分流
net.ipv4.fwmark_reflect = 1
net.ipv4.tcp_fwmark_accept = 1

搭建 DHCP 服务器

给LAN配置DHCP服务器，分配IP地址

1 2	# 安装dnsmasq sudo apt install dnsmasq

修改配置文件

1	sudo vi /etc/dnsmasq.conf

内容如下

# 只在内网网桥 br0 上提供服务
interface=br0

# 关闭 dnsmasq 读取系统的 /etc/resolv.conf 
no-resolv

# 将本地 127.0.0.1#1053（Mihomo）设为唯一的上游 DNS 服务器
server=127.0.0.1#1053

# 分配给下游设备的 IP 地址池，以及租期（12小时）
dhcp-range=192.168.10.50,192.168.10.200,255.255.255.0,12h

# 告诉下游设备，网关是这台软路由自己
dhcp-option=3,192.168.10.1

# 告诉下游设备，DNS 服务器是谁（可以用我们最开始配置的 Mihomo，或者直接给 223.5.5.5）
dhcp-option=6,192.168.10.1

设置开机启动

1	sudo systemctl enable --now dnsmasq.service

配置防火墙 NAT 规则

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        jump before-input
        jump main-input
        jump after-input

        drop
    }

    # Stage 1: 核心基础安全与协议放行
    chain before-input {
        # 放行本地环回
        iifname "lo" counter accept

        # 放行已建立的连接
        ct state established,related counter accept
        ct state invalid counter drop

        # 允许基础 IPv4 ICMP (Ping 等)
        ip protocol icmp icmp type echo-request limit rate 10/second burst 20 packets counter accept
        ip protocol icmp icmp type { destination-unreachable, time-exceeded, parameter-problem } counter accept

        # 允许完整 IPv6 ICMP (必须包含邻居发现 nd-* 否则 IPv6 会断网)
        meta l4proto ipv6-icmp icmpv6 type { echo-reply, destination-unreachable, packet-too-big, time-exceeded, parameter-problem } counter accept
        meta l4proto ipv6-icmp icmpv6 type { nd-router-solicit, nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } counter accept
        meta l4proto ipv6-icmp icmpv6 type echo-request limit rate 10/second burst 20 packets counter accept
    }

    # Stage 2: 针对外网（WAN口）主动开放的端口
    chain main-input {
        tcp dport 22 ct state new limit rate 5/minute burst 5 packets counter accept comment "ssh-limited"

        # Web 服务
        tcp dport 80 counter accept comment "tcp-80"
        tcp dport 443 counter accept comment "tcp-443"
        udp dport 443 counter accept comment "udp-443"

        # Mihomo 代理与控制端口（全局放行，不管是上游还是下游设备都能直接用）
        tcp dport 1053 counter accept comment "tcp-1053"
        udp dport 1053 counter accept comment "udp-1053"
        tcp dport 7890 counter accept comment "tcp-7890"
        udp dport 7890 counter accept comment "udp-7890"
        tcp dport 9090 counter accept comment "tcp-9090"
        udp dport 9090 counter accept comment "udp-9090"
    }

    # Stage 3: 兜底日志
    chain after-input {
        limit rate 3/minute burst 10 packets counter log prefix "[nft BLOCK INPUT] "
    }

    # 转发链（软路由核心）
    chain forward {
        type filter hook forward priority 0; policy drop;

        # MSS clamping (avoid fragmentation)
        tcp flags syn tcp option maxseg size set rt mtu

        # Allow Established/Related forwarded traffic
        ct state established,related counter accept

        # 放行局域网网桥向外转发（去往 WAN 口或 Meta 代理网卡）
        iifname "br0" counter accept comment "Allow LAN Forward"

        # 允许流量发送至公网网卡
        oifname "enp3s0" counter accept comment "Allow To WAN"
    }

    # Output Chain
    chain output {
        type filter hook output priority 0; policy accept;

        jump before-output
        jump main-output
    }

    chain before-output {

    }

    chain main-output {

    }
}

# IPv4 NAT Table (Source Address Masquerading)
table ip nat {
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;

        oifname "enp3s0" masquerade comment "Dynamic WAN Masquerade"
    }
}

# IPv6 NAT Table (Source Address Masquerading)
table ip6 nat {
    chain postrouting {
        type nat hook postrouting priority 100; policy accept;

        oifname "enp3s0" masquerade comment "Dynamic WAN Masquerade"
    }
}

测试验证

# 执行查看是否有异常，不加载仅校验，dry-run
sudo nft -c -f /etc/nftables.conf

# 重启服务
sudo systemctl restart nftables mihomo

# 列出所有table
sudo nft list tables

# 输出如下
# table inet filter
# table ip nat
# table ip6 nat
# table inet mihomo

# 列出所有完整规则集，包括handle
sudo nft -a list ruleset

# 设置开机启动
sudo systemctl enable --now nftables.service

配置WiFi

WiFi配置不通过netplan，使用hostapd

1 2	# 安装 sudo apt install hostapd

修改配置

1	sudo vi /etc/hostapd/hostapd.conf

内容如下

# 基础定义
interface=wlp5s0
bridge=br0
driver=nl80211
ssid=MySoftRouter_WiFi

# 频段与信道（选择 a 模式跑 5G，信道 0 自动选择，信道 149 中国最标准的 5G 纯净信道，任何国行手机都能搜到）
hw_mode=a
channel=149

# 国家码与自动信道必要参数
ieee80211d=1
country_code=CN

# 现代无线协议开关（暂时关闭未编译的 WiFi 7 项，确保顺利启动）
ieee80211n=1       # 开启 WiFi 4
ieee80211ac=1      # 开启 WiFi 5
ieee80211ax=1      # 开启 WiFi 6 (HE)

# 强制启用现代加密算法（消灭 disabling HT/VHT/HE 报错）
wpa_pairwise=CCMP
rsn_pairwise=CCMP

# 终极兼容安全配置：WPA2(PSK) + WPA3(SAE) 混合模式
# 这样不仅老手机能连，新手机也能用 WPA3 握手
wpa=2
wpa_key_mgmt=WPA-PSK SAE
ieee80211w=1       # 开启管理帧保护（1为可选，WPA2/WPA3混合模式必须设为1）
wpa_passphrase=YourStrongPassword123

# hostapd_cli依赖
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

重启/开机启动

1 2	sudo systemctl restart hostapd sudo systemctl enable hostapd

射频检查

# 查看网卡开关状态
rfkill list

# 如果国家设置错误或者是intel的5G，可能会被blocked
#
# 0: hci0: Bluetooth
#         Soft blocked: no
#         Hard blocked: no
# 1: phy0: Wireless LAN
#         Soft blocked: no
#         Hard blocked: no

网卡检查

# 查看网卡状态与模式
iw dev 

# phy#0
#         Interface wlp5s0
#                 ifindex 6
#                 wdev 0x1
#                 addr 44:0f:b4:f8:2a:db
#                 ssid MySoftRouter_WiFi
#                 type AP
#                 channel 149 (5745 MHz), width: 20 MHz, center1: 5745 MHz
#                 txpower 3.00 dBm
#                 multicast TXQ:
#                         qsz-byt qsz-pkt flows   drops   marks   overlmt hashcol tx-bytes        tx-packets
#                         0       0       103     0       0       0       0       21122           132

# 查看硬件参数
iw list

# 连接的客户端（在 hostapd_cli 故障时救急）
iw dev wlp5s0 station dump

# 扫描周围的 WiFi 信号（排查干扰）
# ap模式下不支持，需要关闭hostapd并改回普通模式
# sudo iw dev wlp5s0 set type managed
iw dev wlp5s0 scan

用户管理

# 查看所有当前连接的设备 MAC 列表
sudo hostapd_cli all_sta

# 查看热点运行的综合状态，包括可以设置的参数
sudo hostapd_cli status

# 将某个恶意连接的设备强制踢下线
sudo hostapd_cli deauthenticate <客户端的MAC地址>