From f6f0e4f814dd0a447c0e66b31a84ce56228a5c92 Mon Sep 17 00:00:00 2001 From: DaTekShaman Date: Thu, 7 Aug 2025 09:18:58 +0300 Subject: [PATCH 1/3] local --- rule-provider/consolidated-lists-private/local-devices.yaml | 6 ++++++ .../consolidated-lists-private/local-infrasctructure.yaml | 5 +++++ rule-provider/consolidated-lists-private/local-iot.yaml | 5 +++++ rule-provider/consolidated-lists-private/local-webway.yaml | 5 +++++ 4 files changed, 21 insertions(+) create mode 100644 rule-provider/consolidated-lists-private/local-devices.yaml create mode 100644 rule-provider/consolidated-lists-private/local-infrasctructure.yaml create mode 100644 rule-provider/consolidated-lists-private/local-iot.yaml create mode 100644 rule-provider/consolidated-lists-private/local-webway.yaml diff --git a/rule-provider/consolidated-lists-private/local-devices.yaml b/rule-provider/consolidated-lists-private/local-devices.yaml new file mode 100644 index 0000000..6ee4aed --- /dev/null +++ b/rule-provider/consolidated-lists-private/local-devices.yaml @@ -0,0 +1,6 @@ +payload: + - IP-CIDR,192.168.10.1/24 + + - IP-CIDR,192.168.21.1/24 + - IP-CIDR,192.168.22.1/24 + - IP-CIDR,192.168.23.1/24 \ No newline at end of file diff --git a/rule-provider/consolidated-lists-private/local-infrasctructure.yaml b/rule-provider/consolidated-lists-private/local-infrasctructure.yaml new file mode 100644 index 0000000..9393844 --- /dev/null +++ b/rule-provider/consolidated-lists-private/local-infrasctructure.yaml @@ -0,0 +1,5 @@ +payload: + - IP-CIDR,192.168.20.1/24 + - IP-CIDR,192.168.24.1/24 + - IP-CIDR,192.168.25.1/24 + - IP-CIDR,192.168.26.1/24 \ No newline at end of file diff --git a/rule-provider/consolidated-lists-private/local-iot.yaml b/rule-provider/consolidated-lists-private/local-iot.yaml new file mode 100644 index 0000000..9393844 --- /dev/null +++ b/rule-provider/consolidated-lists-private/local-iot.yaml @@ -0,0 +1,5 @@ +payload: + - IP-CIDR,192.168.20.1/24 + - IP-CIDR,192.168.24.1/24 + - IP-CIDR,192.168.25.1/24 + - IP-CIDR,192.168.26.1/24 \ No newline at end of file diff --git a/rule-provider/consolidated-lists-private/local-webway.yaml b/rule-provider/consolidated-lists-private/local-webway.yaml new file mode 100644 index 0000000..9393844 --- /dev/null +++ b/rule-provider/consolidated-lists-private/local-webway.yaml @@ -0,0 +1,5 @@ +payload: + - IP-CIDR,192.168.20.1/24 + - IP-CIDR,192.168.24.1/24 + - IP-CIDR,192.168.25.1/24 + - IP-CIDR,192.168.26.1/24 \ No newline at end of file From 2ccae6d046429c79f5d69936e2cc2976186df423 Mon Sep 17 00:00:00 2001 From: DaTekShaman Date: Thu, 7 Aug 2025 10:47:42 +0300 Subject: [PATCH 2/3] Local and sub-rules --- config/dts-pontifex-subrules.yaml | 1104 +++++++++++++++++ config/dts-pontifex.yaml | 180 ++- .../local-devices.yaml | 44 +- .../local-infrasctructure.yaml | 48 +- .../consolidated-lists-private/local-iot.yaml | 21 +- .../local-webway.yaml | 5 +- 6 files changed, 1344 insertions(+), 58 deletions(-) create mode 100644 config/dts-pontifex-subrules.yaml diff --git a/config/dts-pontifex-subrules.yaml b/config/dts-pontifex-subrules.yaml new file mode 100644 index 0000000..a16c02c --- /dev/null +++ b/config/dts-pontifex-subrules.yaml @@ -0,0 +1,1104 @@ +# ————————————————————————————————————————————————————— LOCAL PROXY ————————————————————————————————————————————————————— +port: 7890 +socks-port: 7891 +redir-port: 7892 +tproxy-port: 7893 +mixed-port: 7894 +allow-lan: true +bind-address: "*" +# authentication of local SOCKS5/HTTP(S) server +# authentication: +# - "user1:pass1" + +# ————————————————————————————————————————————————— EXTERNAL CONTROLLER ————————————————————————————————————————————————— +external-controller: 127.0.0.1:9090 +secret: '314159271828' +external-ui: "/usr/share/openclash/ui" + +# ——————————————————————————————————————————————————————— GENERAL ——————————————————————————————————————————————————————— +mode: rule +ipv6: false +unified-delay: true +log-level: info +disable-keep-alive: true +# interface-name: en0 # Outbound interface name + +# ————————————————————————————————————————————————————— SMART GROUPS ———————————————————————————————————————————————————— +lgbm-auto-update: true # enable model auto update, the default is false +lgbm-update-interval: 72 # model auto update interval, the default is 72 (hours) +lgbm-url: "https://github.com/vernesong/mihomo/releases/download/LightGBM-Model/Model.bin" # model update url + +# ———————————————————————————————————————————————————————— HOSTS ———————————————————————————————————————————————————————— +hosts: + 'ponitifex.shamanlanding.org': 192.168.10.1 + + 'gatekeeper.shamanlanding.org': 192.168.10.4 + 'gitea.shamanlanding.org': 192.168.10.4 + 'ruler.shamanlanding.org': 192.168.10.4 + 'webway.shamanlanding.org': 192.168.10.4 + + '+.scarus.shamanlanding.org': 192.168.10.4 + '+.retreat.shamanlanding.org': 192.168.10.4 + +# ——————————————————————————————————————————————————————— PROFILE ——————————————————————————————————————————————————————— +profile: + store-selected: true + store-fake-ip: true + smart-collector-size: 100 # data collection file size, the default is 100 (MB) + +# ——————————————————————————————————————————————————————— SNIFFER ——————————————————————————————————————————————————————— +sniffer: + enable: true + parse-pure-ip: true + override-destination: true + sniff: + QUIC: + ports: + - 443 + TLS: + ports: + - 443 + - 8443 + HTTP: + ports: + - 80 + - 8080-8880 + override-destination: true + force-domain: + - "+.netflix.com" + - "+.nflxvideo.net" + - "+.amazonaws.com" + - "+.media.dssott.com" + skip-domain: + - "+.apple.com" + - Mijia Cloud + - dlg.io.mi.com + - "+.oray.com" + - "+.sunlogin.net" + - "+.push.apple.com" + +# ————————————————————————————————————————————————————————— DNS ————————————————————————————————————————————————————————— +dns: + enable: true + ipv6: false + listen: 0.0.0.0:53 + default-nameserver: + - 114.114.114.114 + - 8.8.8.8 + enhanced-mode: fake-ip + use-hosts: true + fake-ip-range: 198.18.0.1/16 + fake-ip-filter-mode: blacklist + fake-ip-filter: + # ———————————————————— self-hosted domains ——————————————————— + - '*.lan' + - '+.dts' + - '+.webway.dts' + - '+.netbird.selfhosted' + - '+.shamanlanding.org' + nameserver: + - https://d.adguard-dns.com/dns-query/5ffb7de2 + fallback: + - https://dns.google/dns-query + - https://cloudflare-dns.com/dns-query + - 208.67.222.222 + - 208.67.220.220 + - 9.9.9.9 + - 149.112.112.112 + - 8.26.56.26 + - 8.20.247.20 + - 185.228.168.9 + - 185.228.169.9 + # If IP addresses resolved with servers in `nameservers` are in the specified + # subnets below, they are considered invalid and results from `fallback` + # servers are used instead. + # + # IP address resolved with servers in `nameserver` is used when + # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. + # + # If `fallback-filter.geoip` is false, results from `nameserver` nameservers + # are always used if not match `fallback-filter.ipcidr`. + # + # This is a countermeasure against DNS pollution attacks. + # fallback-filter: + # geoip: true + # geoip-code: CN + # ipcidr: + # - 240.0.0.0/4 + # domain: + # - '+.google.com' + # - '+.facebook.com' + # - '+.youtube.com' + # Lookup domains via specific nameservers + # nameserver-policy: + # 'www.baidu.com': '114.114.114.114' + # '+.internal.crop.com': '10.0.0.1' + +# ————————————————————————————————————————————————————————— TUN ————————————————————————————————————————————————————————— + +# ———————————————————————————————————————————————————————— MACRO ———————————————————————————————————————————————————————— + health-check-for-providers: &health_check_for_providers + enable: true + interval: 600 + url: https://www.gstatic.com/generate_204 + + health-check-for-selectors: &health_check_for_selectors + interval: 300 + url: https://www.gstatic.com/generate_204 + + health-check-for-load-balancers: &health_check_for_load_balancers + interval: 300 + url: https://www.gstatic.com/generate_204 + + default-rule-provider-config: &default_rule_provider_config + type: http + behavior: classical + interval: 86400 + + p-vpn-list_balancer: &p_vpn_list_balancer + type: load-balance + strategy: sticky-sessions + use: + - 💫 own + + p-vpn-list_smart_gr: &p_vpn_list_smart_gr + type: smart + # policy-priority: "" + uselightgbm: true + collectdata: true + strategy: 'sticky-sessions' + sample-rate: 1 + hidden: true + use: + - 💫 own + + p-vpn-list_selector: &p_vpn_list_selector + type: select + use: + - 💫 own + + np-vpn-list_url_test: &np_vpn_list_url_test + type: url-test + tolerance: 50 + use: + - 🎭 xfizz + - 🎭 arza + - 🎭 unicade + - 🎭 vezdehod + + np-vpn-list_smart_gr: &np_vpn_list_smart_gr + type: smart + policy-priority: "" + uselightgbm: true + collectdata: true + strategy: 'sticky-sessions' + sample-rate: 1 + hidden: true + use: + - 🎭 xfizz + - 🎭 arza + - 🎭 unicade + - 🎭 vezdehod + + np-vpn-list_balancer: &np_vpn_list_balancer + type: load-balance + strategy: sticky-sessions + use: + - 🎭 xfizz + - 🎭 arza + - 🎭 unicade + - 🎭 vezdehod + + np-vpn-list_selector: &np_vpn_list_selector + type: select + use: + - 🎭 xfizz + - 🎭 arza + - 🎭 unicade + - 🎭 vezdehod + +# ————————————————————————————————————————————————————— PROXIES LIST ———————————————————————————————————————————————————— +proxies: +# ———————————————————— direct wan routes ———————————————————— # + - name: "WAN A [Мегафон]" + type: direct + udp: true + ip-version: ipv4 + interface-name: eth2 + - name: "WAN B [РосТелеКом]" + type: direct + udp: true + ip-version: ipv4 + interface-name: eth1 + +# ————————————————————— private proxies ———————————————————— # + - name: 🇨🇭⇨🇱🇺 Proton WG + type: wireguard + server: 79.135.104.48 + port: 51820 + ip: 10.2.0.2 + private-key: 8LW5XMdOWwUyVlihlii9dEvVYvatZ/uuC8Jft4fcn0k= + public-key: buYqE3X8Wf8X/v5NtHVXYgLk45+2og8MVEbgQAkEyBw= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 55 + jmin: 373 + jmax: 769 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 + - name: 🇮🇸⇨🇬🇧 Proton WG + type: wireguard + server: 185.159.158.215 + port: 51820 + ip: 10.2.0.2 + private-key: yPnrinUviMCyTV4p1Yrd9H9u3zV6jXXFDWJa3zueb2Q= + public-key: zctOjv4DH2gzXtLQy86Tp0vnT+PNpMsxecd2vUX/i0U= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 55 + jmin: 373 + jmax: 769 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 + - name: 🇸🇾 Direct Proton WG + type: wireguard + server: 74.118.126.212 + port: 51820 + ip: 10.2.0.2 + private-key: IKZ6eVISKzSoccxyhEQKqJpqQ9MXNXRECogtQ/Mb5Ho= + public-key: lA34jzJPyZIjR4FxgEy2KarVEEkFcGT3AmOO2k+X3Co= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 127 + jmin: 798 + jmax: 1246 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 + - name: 🇫🇷 Direct Proton WG + type: wireguard + server: 79.127.134.82 + port: 51820 + ip: 10.2.0.2 + private-key: SLHvkTQwNnovnfKhmO1DwMFycvUPT7MK80VSQXpNeGc= + public-key: fEUJZ0KAOb0U8O4+wNYYlVBgtN6AOS2bbXyM07Dnvxk= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 127 + jmin: 798 + jmax: 1246 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 + +# ——————————————————————————————————————————————————— PROXY PROVIDERS ——————————————————————————————————————————————————— +proxy-providers: + +# ——————————————————— private vpn services —————————————————— # + #https://dexterity.shamanlanding.org/M4eh2gd/first + 💫 own: + type: http + url: "https://dexterity.shamanlanding.org/M4eh2gd/first" + interval: 3600 + proxy: DIRECT + path: "./proxy_provider/own-1.txt" + exclude-filter: "" + override: + additional-prefix: "💫 " + additional-suffix: "" + health-check: + <<: *health_check_for_providers + +# —————————————————— non-personal services —————————————————— # + #https://sub-001.dns-on-fire.net/api/sub/Jfo_eg3X0NchfJ3_ + 🎭 vezdehod: + type: http + url: "https://sub-001.dns-on-fire.net/api/sub/Jfo_eg3X0NchfJ3_" + interval: 3600 + proxy: ▣ Personal + path: "./proxy_provider/vezdehod.txt" + exclude-filter: "(?i)Наш TG|Истекает|@FizzVPN|UNAVAILABLE|EXPIRE|TELEGRAM|USERNAME:|Купить|🔜" + override: + additional-prefix: "" + additional-suffix: "•𝓿" + health-check: + <<: *health_check_for_providers + + 🎭 xfizz: + type: http + url: "https://xfizz.cc/sublink/XzU0rRmBeOZtIPprW46f2ieNFcF8PJw9?name=1Y:2213" + interval: 3600 + proxy: ▣ Personal + path: "./proxy_provider/fizz-vpn.txt" + exclude-filter: "(?i)Наш TG|Истекает|@FizzVPN|UNAVAILABLE|EXPIRE|TELEGRAM|USERNAME:|Купить|🔜" + override: + additional-prefix: "" + additional-suffix: "•𝓯" + health-check: + <<: *health_check_for_providers + + 🎭 arza: + type: http + url: "https://arza.top/sub/dGZjNHVlLDE3MzIzMDQ2MTYowA-efEYOh" + interval: 3600 + proxy: ▣ Personal + path: "./proxy_provider/arza.txt" + exclude-filter: "(?i)Наш TG|Истекает|@FizzVPN|UNAVAILABLE|EXPIRE|TELEGRAM|USERNAME:|Купить|🔜" + override: + additional-prefix: "" + additional-suffix: "•𝓪" + health-check: + <<: *health_check_for_providers + + 🎭 unicade: + type: http + url: "https://subs.un1c4d3.ru:52478/sub/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJQTF9WTFNTX0FMTDIxMCIsImFjY2VzcyI6InN1YnNjcmlwdGlvbiIsImlhdCI6MTczNzgwMDQwOH0.mPr4BSMMpo1mrlZPvB34IRGcn2mHOZetHXaZyebirT4" + interval: 3600 + proxy: DIRECT + path: "./proxy_provider/unicade.txt" + exclude-filter: "(?i)Наш TG|Истекает|@FizzVPN|UNAVAILABLE|EXPIRE|TELEGRAM|USERNAME:" + override: + additional-prefix: "" + additional-suffix: "•𝓾" + health-check: + <<: *health_check_for_providers + +# ————————————————————————————————————————————————————— PROXY GROUPS ———————————————————————————————————————————————————— +proxy-groups: +# ————————————————————————— fallback ———————————————————————— # + - name: "Automatic Fallback Route" + type: fallback + disable-udp: false + proxies: + - DIRECT + hidden: true + url: 'https://cp.cloudflare.com/generate_204' + interval: 300 +# ———————————————————— direct wan routes ———————————————————— # + - name: AB + type: load-balance + disable-udp: false + proxies: + - WAN A [Мегафон] + - WAN B [РосТелеКом] + hidden: true + url: 'https://cp.cloudflare.com/generate_204' + interval: 300 + +# ————————————————————— direct selectors ———————————————————— # + + - name: Local Devices + type: select + disable-udp: false + proxies: + - DIRECT + - AB + - WAN A [Мегафон] + - WAN B [РосТелеКом] + + - name: Infrastructure + type: select + disable-udp: false + proxies: + - DIRECT + - AB + - WAN A [Мегафон] + - WAN B [РосТелеКом] + + - name: IOT Clients + type: select + disable-udp: false + proxies: + - DIRECT + - AB + - WAN A [Мегафон] + - WAN B [РосТелеКом] + + - name: Webway + type: select + disable-udp: false + proxies: + - DIRECT + - AB + - WAN A [Мегафон] + - WAN B [РосТелеКом] + +# —————————————— smart groups for personal vpn —————————————— # + - name: ▣ Personal + disable-udp: false + <<: [*p_vpn_list_smart_gr, *health_check_for_load_balancers] +# ———————————— smart groups for non-personal vpn ———————————— # + - name: Europe 🇪🇺 + disable-udp: false + filter: "(?i)NL|Finland|Estonia|France|Germany|Sweden|Ireland|Spain|UK|Switzerland|Italy|Norway|Belgium|Netherl|Poland|GREAT BRIATAIN|GREAT BRITAIN|Austria|Denmark|Lithuania|Latvia|MOLDOVA" + <<: [*np_vpn_list_smart_gr, *health_check_for_load_balancers] + - name: Russia 🇷🇺 + disable-udp: false + filter: "(?i)Russia" + <<: [*np_vpn_list_smart_gr, *health_check_for_load_balancers] + - name: Kazakhstan 🇰🇿 + disable-udp: false + filter: "(?i)Kazakhstan|KZ" + <<: [*np_vpn_list_smart_gr, *health_check_for_load_balancers] + - name: Turkey 🇹🇷 + disable-udp: false + filter: "(?i)TURKEY" + <<: [*np_vpn_list_smart_gr, *health_check_for_load_balancers] + - name: ▣ Non-personal + disable-udp: false + filter: "" + <<: [*np_vpn_list_smart_gr, *health_check_for_load_balancers] + - name: Asia & ME 🇳🇵 + disable-udp: false + filter: "(?i)Hong Kong|China|Malaysia|Philippines|Japan|Singapore|Egypt|Taiwan|UAE|India" + <<: [*np_vpn_list_smart_gr, *health_check_for_load_balancers] + - name: USA 🇺🇸 + disable-udp: false + filter: "(?i)USA|Canada" + <<: [*np_vpn_list_smart_gr, *health_check_for_load_balancers] +# ———————————— global selectors for personal vpn ———————————— # + - name: Personal 1️⃣ + disable-udp: false + <<: [*p_vpn_list_selector, *health_check_for_selectors] + + - name: Personal 2️⃣ + disable-udp: false + <<: [*p_vpn_list_selector, *health_check_for_selectors] +# —————————— global selectors for non-personal vpn —————————— # + - name: Asia & ME 🇳🇵 🄪 + disable-udp: false + filter: "(?i)Hong Kong|China|Malaysia|Philippines|Japan|Singapore|Egypt|Taiwan|UAE|India" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Europe 🇪🇺 🄪 + disable-udp: false + filter: "(?i)NL|Finland|Estonia|France|Germany|Sweden|Ireland|Spain|UK|Switzerland|Italy|Norway|Belgium|Moldova" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Kazakhstan 🇰🇿 🄪 + disable-udp: false + filter: "(?i)Kazakhstan|KZ" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Turkey 🇹🇷 🄪 + disable-udp: false + filter: "(?i)TURKEY" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Russia 🇷🇺 🄪 + disable-udp: false + filter: "(?i)Russia" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: USA 🇺🇸 🄪 + disable-udp: false + filter: "(?i)USA|Canada" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Non-personal 1️⃣ + disable-udp: false + filter: "" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Non-personal 2️⃣ + disable-udp: false + filter: "" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Non-personal 3️⃣ + disable-udp: false + filter: "" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + + - name: Non-personal 4️⃣ + disable-udp: false + filter: "" + <<: [*np_vpn_list_selector, *health_check_for_selectors] + +# ———————————————— selectors for local rules ———————————————— # +# ——————————————————————— PUBLIC LISTS —————————————————————— # + - name: Adblock 🇷🇺 + type: select + proxies: + - DIRECT + - REJECT-DROP + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + <<: *health_check_for_selectors + - name: Adblock 🗺️ + type: select + proxies: + - DIRECT + - REJECT-DROP + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + <<: *health_check_for_selectors + - name: Antifilter + type: select + proxies: + - DIRECT + - REJECT + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 + - Europe 🇪🇺 🄪 + <<: *health_check_for_selectors + - name: Antifilter Extended + type: select + proxies: + - DIRECT + - REJECT + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 + - Europe 🇪🇺 🄪 + <<: *health_check_for_selectors +# —————————————————————— PRIVATE LISTS —————————————————————— # + - name: Adaptation + type: select + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 + - Europe 🇪🇺 🄪 + <<: *health_check_for_selectors + - name: Persistent Proxy + type: select + proxies: + - Personal 1️⃣ + - Personal 2️⃣ + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: Testzone 🅰 + type: select + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + <<: *health_check_for_selectors + - name: Testzone 🅱 + type: select + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + <<: *health_check_for_selectors +# —————————————————— CONSOLIDATED SERVICES —————————————————— # + - name: AI Stuff + type: select + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 + - Turkey 🇹🇷 + - Asia & ME 🇳🇵 + - USA 🇺🇸 + - Europe 🇪🇺 🄪 + - Turkey 🇹🇷 🄪 + - Asia & ME 🇳🇵 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: RU Intracountry VPN + type: select + disable-udp: false + proxies: + - DIRECT + - Russia 🇷🇺 + - Russia 🇷🇺 🄪 + <<: *health_check_for_selectors + - name: US Services + type: select + disable-udp: false + proxies: + - DIRECT + - Personal 2️⃣ + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - USA 🇺🇸 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: RU Services + type: select + disable-udp: false + proxies: + - DIRECT + - Personal 1️⃣ + - Personal 2️⃣ + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Russia 🇷🇺 + - Russia 🇷🇺 🄪 + <<: *health_check_for_selectors + - name: CN Services + type: select + disable-udp: false + proxies: + - DIRECT + - Personal 1️⃣ + - Personal 2️⃣ + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Asia & ME 🇳🇵 + - Asia & ME 🇳🇵 🄪 + <<: *health_check_for_selectors + - name: EU Services + type: select + disable-udp: false + proxies: + - DIRECT + - Personal 1️⃣ + - Personal 2️⃣ + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 + - Europe 🇪🇺 🄪 + <<: *health_check_for_selectors +# ————————————————————————— SERVICES ———————————————————————— # + - name: Discord + type: select + disable-udp: false + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Russia 🇷🇺 + - Europe 🇪🇺 + - USA 🇺🇸 + - Russia 🇷🇺 🄪 + - Europe 🇪🇺 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: Electronic Arts + type: select + proxies: + - DIRECT + - REJECT + - Kazakhstan 🇰🇿 + - Kazakhstan 🇰🇿 🄪 + - Turkey 🇹🇷 + - Turkey 🇹🇷 🄪 + - USA 🇺🇸 + - USA 🇺🇸 🄪 + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + <<: *health_check_for_selectors + - name: Notion + type: select + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Europe 🇪🇺 + - Europe 🇪🇺 🄪 + <<: *health_check_for_selectors + - name: Proton + type: select + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Europe 🇪🇺 + - Europe 🇪🇺 🄪 + <<: *health_check_for_selectors + - name: Steam + type: select + proxies: + - DIRECT + - REJECT + - Kazakhstan 🇰🇿 + - Kazakhstan 🇰🇿 🄪 + - Turkey 🇹🇷 + - Turkey 🇹🇷 🄪 + - USA 🇺🇸 + - USA 🇺🇸 🄪 + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + <<: *health_check_for_selectors + - name: Telegram + type: select + proxies: + - DIRECT + - REJECT + - ▣ Personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Russia 🇷🇺 + - Europe 🇪🇺 + - USA 🇺🇸 + - Russia 🇷🇺 🄪 + - Europe 🇪🇺 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: WeChat + type: select + proxies: + - DIRECT + - REJECT + - ▣ Personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Asia & ME 🇳🇵 + - Europe 🇪🇺 + - Russia 🇷🇺 + - USA 🇺🇸 + - Asia & ME 🇳🇵 🄪 + - Europe 🇪🇺 🄪 + - Russia 🇷🇺 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: WhatsApp + type: select + proxies: + - DIRECT + - REJECT + - ▣ Personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 + - Russia 🇷🇺 + - USA 🇺🇸 + - Europe 🇪🇺 🄪 + - Russia 🇷🇺 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: XBox + type: select + proxies: + - DIRECT + - REJECT + - Kazakhstan 🇰🇿 + - Kazakhstan 🇰🇿 🄪 + - Turkey 🇹🇷 + - Turkey 🇹🇷 🄪 + - USA 🇺🇸 + - USA 🇺🇸 🄪 + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + <<: *health_check_for_selectors + - name: YouTube + type: select + proxies: + - DIRECT + - REJECT + - ▣ Personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Russia 🇷🇺 + - Europe 🇪🇺 + - USA 🇺🇸 + - Russia 🇷🇺 🄪 + - Europe 🇪🇺 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + +# ———————————————————————————————————————————————————— RULE PROVIDERS ——————————————————————————————————————————————————— +rule-providers: + +# —————————————————————————— consolidated-lists-private ————————————————————————— # + # http://purpose.shamanlanding.org:9999/ + General Direct Domain List: + url: http://purpose.shamanlanding.org:9999/direct-domain.yaml + path: "./rule_provider/consolidated-lists-private/direct-domain.yaml" + <<: *default_rule_provider_config + General Direct IP List: + url: http://purpose.shamanlanding.org:9999/direct-ip.yaml + path: "./rule_provider/consolidated-lists-private/direct-ip.yaml" + <<: *default_rule_provider_config + General Proxy Domain List: + url: http://purpose.shamanlanding.org:9999/proxy-domain.yaml + path: "./rule_provider/consolidated-lists-private/adaptation-domain-proxy.yaml" + <<: *default_rule_provider_config + General Proxy IP List: + url: http://purpose.shamanlanding.org:9999/proxy-ip.yaml + path: "./rule_provider/consolidated-lists-private/adaptation-ip-proxy.yaml" + <<: *default_rule_provider_config + + # /clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/ + Testzone A: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-a.yaml + path: "./rule_provider/services/consolidated-lists-private/testzone-a.yaml" + <<: *default_rule_provider_config + Testzone B: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-b.yaml + path: "./rule_provider/services/consolidated-lists-private/testzone-b.yaml" + <<: *default_rule_provider_config + + Local Devices: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-devices.yaml + path: "./rule_provider/services/consolidated-lists-private/local-devices.yaml" + <<: *default_rule_provider_config + Infrastructure: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-infrastructure.yaml + path: "./rule_provider/services/consolidated-lists-private/local-infrastructure.yaml" + <<: *default_rule_provider_config + IOT Clients: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-iot.yaml + path: "./rule_provider/services/consolidated-lists-private/local-iot.yaml" + <<: *default_rule_provider_config + Webway: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-webway.yaml + path: "./rule_provider/services/consolidated-lists-private/local-webway.yaml" + <<: *default_rule_provider_config + +# —————————————————————————— consolidated-lists-public —————————————————————————— # + # /clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/ + 🚫 Adblock List RU: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-public/adblock-ru.yaml + path: "./rule_provider/consolidated-lists-public/adblock-ru.yaml" + <<: *default_rule_provider_config + + 🚫 Adblock List GL: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-public/adblock-gl.yaml + path: "./rule_provider/consolidated-lists-public/adblock-gl.yaml" + <<: *default_rule_provider_config + + # http://purpose.shamanlanding.org:9999/ + Antifilter Community IP List: + url: http://purpose.shamanlanding.org:9999/antifilter-community-ip.yaml + path: "./rule_provider/consolidated-lists-public/antifilter-community-ip-proxy.yaml" + <<: *default_rule_provider_config + Antifilter Community Domain List: + url: http://purpose.shamanlanding.org:9999/antifilter-community-domain.yaml + path: "./rule_provider/consolidated-lists-public/antifilter-domain-proxy.yaml" + <<: *default_rule_provider_config + Antifilter IP List: + url: http://purpose.shamanlanding.org:9999/antifilter-ip.yaml + path: "./rule_provider/consolidated-lists-public/antifilter-ip-proxy.yaml" + <<: *default_rule_provider_config + +# ———————————————————————————— consolidated-services ———————————————————————————— # + # /clash-rules/raw/branch/main/rule-provider/consolidated-services/ + AI Stuff: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ai-stuff-western.yaml + path: "./rule_provider/consolidated-services/ai-stuff-western.yaml" + <<: *default_rule_provider_config + RU Intracountry VPN: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ru-intra.yaml + path: "./rule_provider/consolidated-services/ru-intra.yaml" + <<: *default_rule_provider_config + US Services Manual: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/us-services.yaml + path: "./rule_provider/consolidated-services/us-services.yaml" + <<: *default_rule_provider_config + RU Services Manual: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ru-services.yaml + path: "./rule_provider/consolidated-services/ru-services.yaml" + <<: *default_rule_provider_config + EU Services Manual: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/eu-services.yaml + path: "./rule_provider/consolidated-services/eu-services.yaml" + <<: *default_rule_provider_config + CN Services Manual: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/cn-services.yaml + path: "./rule_provider/consolidated-services/cn-services.yaml" + <<: *default_rule_provider_config + Persistent Proxy: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/persistent.yaml + path: "./rule_provider/consolidated-services/persistent.yaml" + <<: *default_rule_provider_config + +# ——————————————————————————————————— services —————————————————————————————————— # + # /clash-rules/raw/branch/main/rule-provider/services/ + Discord: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/discord.yaml + path: "./rule_provider/services/discord.yaml" + <<: *default_rule_provider_config + Electronic Arts: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/ea.yaml + path: "./rule_provider/services/ea.yaml" + <<: *default_rule_provider_config + Notion: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/notion.yaml + path: "./rule_provider/services/notion.yaml" + <<: *default_rule_provider_config + Proton: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/proton.yaml + path: "./rule_provider/services/proton.yaml" + <<: *default_rule_provider_config + Steam: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/steam.yaml + path: "./rule_provider/services/steam.yaml" + <<: *default_rule_provider_config + Telegram: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/telegram.yaml + path: "./rule_provider/services/telegram.yaml" + <<: *default_rule_provider_config + WeChat: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/wechat.yaml + path: "./rule_provider/services/wechat.yaml" + <<: *default_rule_provider_config + WhatsApp: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/whatsapp.yaml + path: "./rule_provider/services/whatsapp.yaml" + <<: *default_rule_provider_config + XBox: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/xbox.yaml + path: "./rule_provider/services/xbox.yaml" + <<: *default_rule_provider_config + Youtube: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/youtube.yaml + path: "./rule_provider/services/youtube.yaml" + <<: *default_rule_provider_config + +# ———————————————————————————————————————————————————————— RULES ———————————————————————————————————————————————————————— +sub-rules: + General Behavior: + # ——————————————————————— direct first —————————————————————— # + - RULE-SET,General Direct Domain List,DIRECT + - RULE-SET,General Direct IP List,DIRECT + + # ———————————————————————— by service ——————————————————————— # + - RULE-SET,Discord,Discord + - RULE-SET,Electronic Arts,Electronic Arts + - RULE-SET,Notion,Notion + - RULE-SET,Proton,Proton + - RULE-SET,Steam,Steam + - RULE-SET,Telegram,Telegram + - RULE-SET,WeChat,WeChat + - RULE-SET,WhatsApp,WhatsApp + - RULE-SET,XBox,XBox + - RULE-SET,Youtube,YouTube + + # ————————————————————— by private lists ———————————————————— # + - RULE-SET,Testzone A,Testzone 🅰 + - RULE-SET,Testzone B,Testzone 🅱 + - RULE-SET,Persistent Proxy,Persistent Proxy + - RULE-SET,General Proxy Domain List,Adaptation + - RULE-SET,General Proxy IP List,Adaptation + + # ———————————————————————— adblocker ———————————————————————— # + - RULE-SET,🚫 Adblock List RU,Adblock 🇷🇺 + - RULE-SET,🚫 Adblock List GL,Adblock 🗺️ + + # ————————————————————— by service group ———————————————————— # + - RULE-SET,AI Stuff,AI Stuff + - RULE-SET,RU Intracountry VPN,RU Intracountry VPN + + # ———————————— by service group (manual country) ———————————— # + - RULE-SET,US Services Manual,US Services + - RULE-SET,EU Services Manual,EU Services + - RULE-SET,CN Services Manual,CN Services + + # —————————————— force russian geoip to russia —————————————— # + - GEOIP,RU,RU Services + + # ————————————————————— community lists ————————————————————— # + - RULE-SET,Antifilter Community IP List,Antifilter + - RULE-SET,Antifilter Community Domain List,Antifilter + - RULE-SET,Antifilter IP List,Antifilter Extended + + # ———————————————————— force other geoip ———————————————————— # + - GEOIP,US,US Services + - GEOIP,EU,EU Services + - GEOIP,CN,CN Services + +rules: + # ——————————————————————— final match ——————————————————————— # + - SUB-RULE,Local Devices,General Behavior + - SUB-RULE,Infrastructure,General Behavior + - SUB-RULE,IOT Clients,General Behavior + - SUB-RULE,Webway,General Behavior + - MATCH,DIRECT + diff --git a/config/dts-pontifex.yaml b/config/dts-pontifex.yaml index 7a5622c..88ab550 100644 --- a/config/dts-pontifex.yaml +++ b/config/dts-pontifex.yaml @@ -90,12 +90,12 @@ dns: fake-ip-range: 198.18.0.1/16 fake-ip-filter-mode: blacklist fake-ip-filter: - # ———————————————————— self-hosted domains ——————————————————— - - '*.lan' - - '+.dts' - - '+.webway.dts' - - '+.netbird.selfhosted' - - '+.shamanlanding.org' + # ———————————————————— self-hosted domains ——————————————————— + - '*.lan' + - '+.dts' + - '+.webway.dts' + - '+.netbird.selfhosted' + - '+.shamanlanding.org' nameserver: - https://d.adguard-dns.com/dns-query/5ffb7de2 fallback: @@ -230,11 +230,96 @@ proxies: udp: true ip-version: ipv4 interface-name: eth1 - # - name: "WAN C [Mobile]" - # type: direct - # udp: true - # ip-version: ipv4 - # interface-name: eth2 + +# ————————————————————— private proxies ———————————————————— # + - name: 🇨🇭⇨🇱🇺 Proton WG + type: wireguard + server: 79.135.104.48 + port: 51820 + ip: 10.2.0.2 + private-key: 8LW5XMdOWwUyVlihlii9dEvVYvatZ/uuC8Jft4fcn0k= + public-key: buYqE3X8Wf8X/v5NtHVXYgLk45+2og8MVEbgQAkEyBw= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 55 + jmin: 373 + jmax: 769 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 + - name: 🇮🇸⇨🇬🇧 Proton WG + type: wireguard + server: 185.159.158.215 + port: 51820 + ip: 10.2.0.2 + private-key: yPnrinUviMCyTV4p1Yrd9H9u3zV6jXXFDWJa3zueb2Q= + public-key: zctOjv4DH2gzXtLQy86Tp0vnT+PNpMsxecd2vUX/i0U= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 55 + jmin: 373 + jmax: 769 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 + - name: 🇸🇾 Direct Proton WG + type: wireguard + server: 74.118.126.212 + port: 51820 + ip: 10.2.0.2 + private-key: IKZ6eVISKzSoccxyhEQKqJpqQ9MXNXRECogtQ/Mb5Ho= + public-key: lA34jzJPyZIjR4FxgEy2KarVEEkFcGT3AmOO2k+X3Co= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 127 + jmin: 798 + jmax: 1246 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 + - name: 🇫🇷 Direct Proton WG + type: wireguard + server: 79.127.134.82 + port: 51820 + ip: 10.2.0.2 + private-key: SLHvkTQwNnovnfKhmO1DwMFycvUPT7MK80VSQXpNeGc= + public-key: fEUJZ0KAOb0U8O4+wNYYlVBgtN6AOS2bbXyM07Dnvxk= + allowed-ips: ['0.0.0.0/0', '::/0'] + udp: true + mtu: 1420 + remote-dns-resolve: true + dns: [10.2.0.1] + amnezia-wg-option: + jc: 127 + jmin: 798 + jmax: 1246 + s1: 0 + s2: 0 + h1: 1 + h2: 2 + h3: 3 + h4: 4 # ——————————————————————————————————————————————————— PROXY PROVIDERS ——————————————————————————————————————————————————— proxy-providers: @@ -313,6 +398,7 @@ proxy-groups: # ————————————————————————— fallback ———————————————————————— # - name: "Automatic Fallback Route" type: fallback + disable-udp: false proxies: - DIRECT hidden: true @@ -326,58 +412,47 @@ proxy-groups: - WAN A [Мегафон] - WAN B [РосТелеКом] hidden: true + url: 'https://cp.cloudflare.com/generate_204' + interval: 300 - # - name: ABC - # type: load-balance - # disable-udp: false - # proxies: - # - WAN A [Мегафон] - # - WAN B [РосТелеКом] - # - WAN C [Mobile] - # hidden: true # ————————————————————— direct selectors ———————————————————— # - - name: LAN Clients + + - name: Local Devices type: select disable-udp: false proxies: + - DIRECT + - AB + - WAN A [Мегафон] + - WAN B [РосТелеКом] + + - name: Infrastructure + type: select + disable-udp: false + proxies: + - DIRECT - AB - # - ABC - WAN A [Мегафон] - WAN B [РосТелеКом] - # - WAN C [Mobile] - name: IOT Clients type: select disable-udp: false proxies: - - LAN Clients + - DIRECT - AB - # - ABC - WAN A [Мегафон] - WAN B [РосТелеКом] - # - WAN C [Mobile] - - - name: Unprivileged Webway + + - name: Webway type: select disable-udp: false proxies: - - LAN Clients + - DIRECT - AB - # - ABC - WAN A [Мегафон] - WAN B [РосТелеКом] - # - WAN C [Mobile] - - - name: Privileged Webway - type: select - disable-udp: false - proxies: - - LAN Clients - - AB - # - ABC - - WAN A [Мегафон] - - WAN B [РосТелеКом] - # - WAN C [Mobile] + # —————————————— smart groups for personal vpn —————————————— # - name: ▣ Personal disable-udp: false @@ -850,6 +925,23 @@ rule-providers: path: "./rule_provider/services/consolidated-lists-private/testzone-b.yaml" <<: *default_rule_provider_config + Local Devices: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-devices.yaml + path: "./rule_provider/services/consolidated-lists-private/local-devices.yaml" + <<: *default_rule_provider_config + Infrastructure: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-infrastructure.yaml + path: "./rule_provider/services/consolidated-lists-private/local-infrastructure.yaml" + <<: *default_rule_provider_config + IOT Clients: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-iot.yaml + path: "./rule_provider/services/consolidated-lists-private/local-iot.yaml" + <<: *default_rule_provider_config + Webway: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-webway.yaml + path: "./rule_provider/services/consolidated-lists-private/local-webway.yaml" + <<: *default_rule_provider_config + # —————————————————————————— consolidated-lists-public —————————————————————————— # # /clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/ 🚫 Adblock List RU: @@ -1003,4 +1095,8 @@ rules: - GEOIP,CN,CN Services # ——————————————————————— final match ——————————————————————— # -- MATCH,LAN Clients \ No newline at end of file +- RULE-SET,Local Devices,Local Devices +- RULE-SET,Infrastructure,Infrastructure +- RULE-SET,IOT Clients,IOT Clients +- RULE-SET,Webway,Webway +- MATCH,DIRECT \ No newline at end of file diff --git a/rule-provider/consolidated-lists-private/local-devices.yaml b/rule-provider/consolidated-lists-private/local-devices.yaml index 6ee4aed..0e91486 100644 --- a/rule-provider/consolidated-lists-private/local-devices.yaml +++ b/rule-provider/consolidated-lists-private/local-devices.yaml @@ -1,6 +1,42 @@ payload: - - IP-CIDR,192.168.10.1/24 + - SRC-IP-CIDR,192.168.10.1/24 - - IP-CIDR,192.168.21.1/24 - - IP-CIDR,192.168.22.1/24 - - IP-CIDR,192.168.23.1/24 \ No newline at end of file + - SRC-IP-CIDR,192.168.11.1/24 + - SRC-IP-CIDR,192.168.12.1/24 + - SRC-IP-CIDR,192.168.13.1/24 + + - SRC-IP-CIDR,192.168.21.1/24 + - SRC-IP-CIDR,192.168.22.1/24 + - SRC-IP-CIDR,192.168.23.1/24 + + - SRC-IP-CIDR,192.168.31.1/24 + - SRC-IP-CIDR,192.168.32.1/24 + - SRC-IP-CIDR,192.168.33.1/24 + + - SRC-IP-CIDR,192.168.41.1/24 + - SRC-IP-CIDR,192.168.42.1/24 + - SRC-IP-CIDR,192.168.43.1/24 + + - SRC-IP-CIDR,192.168.51.1/24 + - SRC-IP-CIDR,192.168.52.1/24 + - SRC-IP-CIDR,192.168.53.1/24 + + - SRC-IP-CIDR,192.168.61.1/24 + - SRC-IP-CIDR,192.168.62.1/24 + - SRC-IP-CIDR,192.168.63.1/24 + + - SRC-IP-CIDR,192.168.71.1/24 + - SRC-IP-CIDR,192.168.72.1/24 + - SRC-IP-CIDR,192.168.73.1/24 + + - SRC-IP-CIDR,192.168.71.1/24 + - SRC-IP-CIDR,192.168.72.1/24 + - SRC-IP-CIDR,192.168.73.1/24 + + - SRC-IP-CIDR,192.168.81.1/24 + - SRC-IP-CIDR,192.168.82.1/24 + - SRC-IP-CIDR,192.168.83.1/24 + + - SRC-IP-CIDR,192.168.91.1/24 + - SRC-IP-CIDR,192.168.92.1/24 + - SRC-IP-CIDR,192.168.93.1/24 diff --git a/rule-provider/consolidated-lists-private/local-infrasctructure.yaml b/rule-provider/consolidated-lists-private/local-infrasctructure.yaml index 9393844..a0260fb 100644 --- a/rule-provider/consolidated-lists-private/local-infrasctructure.yaml +++ b/rule-provider/consolidated-lists-private/local-infrasctructure.yaml @@ -1,5 +1,45 @@ payload: - - IP-CIDR,192.168.20.1/24 - - IP-CIDR,192.168.24.1/24 - - IP-CIDR,192.168.25.1/24 - - IP-CIDR,192.168.26.1/24 \ No newline at end of file + # SRC-IP-CIDR,192.168.10.1/24 + - SRC-IP-CIDR,192.168.14.1/24 + - SRC-IP-CIDR,192.168.15.1/24 + - SRC-IP-CIDR,192.168.16.1/24 + + - SRC-IP-CIDR,192.168.20.1/24 + - SRC-IP-CIDR,192.168.24.1/24 + - SRC-IP-CIDR,192.168.25.1/24 + - SRC-IP-CIDR,192.168.26.1/24 + + - SRC-IP-CIDR,192.168.30.1/24 + - SRC-IP-CIDR,192.168.34.1/24 + - SRC-IP-CIDR,192.168.35.1/24 + - SRC-IP-CIDR,192.168.36.1/24 + + - SRC-IP-CIDR,192.168.40.1/24 + - SRC-IP-CIDR,192.168.44.1/24 + - SRC-IP-CIDR,192.168.45.1/24 + - SRC-IP-CIDR,192.168.46./24 + + - SRC-IP-CIDR,192.168.50.1/24 + - SRC-IP-CIDR,192.168.54.1/24 + - SRC-IP-CIDR,192.168.55.1/24 + - SRC-IP-CIDR,192.168.56.1/24 + + - SRC-IP-CIDR,192.168.60.1/24 + - SRC-IP-CIDR,192.168.64.1/24 + - SRC-IP-CIDR,192.168.65.1/24 + - SRC-IP-CIDR,192.168.66.1/24 + + - SRC-IP-CIDR,192.168.70.1/24 + - SRC-IP-CIDR,192.168.74.1/24 + - SRC-IP-CIDR,192.168.75.1/24 + - SRC-IP-CIDR,192.168.76.1/24 + + - SRC-IP-CIDR,192.168.80.1/24 + - SRC-IP-CIDR,192.168.84.1/24 + - SRC-IP-CIDR,192.168.85.1/24 + - SRC-IP-CIDR,192.168.86.1/24 + + - SRC-IP-CIDR,192.168.90.1/24 + - SRC-IP-CIDR,192.168.94.1/24 + - SRC-IP-CIDR,192.168.95.1/24 + - SRC-IP-CIDR,192.168.96.1/24 \ No newline at end of file diff --git a/rule-provider/consolidated-lists-private/local-iot.yaml b/rule-provider/consolidated-lists-private/local-iot.yaml index 9393844..d832757 100644 --- a/rule-provider/consolidated-lists-private/local-iot.yaml +++ b/rule-provider/consolidated-lists-private/local-iot.yaml @@ -1,5 +1,18 @@ payload: - - IP-CIDR,192.168.20.1/24 - - IP-CIDR,192.168.24.1/24 - - IP-CIDR,192.168.25.1/24 - - IP-CIDR,192.168.26.1/24 \ No newline at end of file + - SRC-IP-CIDR,192.168.19.1/24 + + - SRC-IP-CIDR,192.168.29.1/24 + + - SRC-IP-CIDR,192.168.39.1/24 + + - SRC-IP-CIDR,192.168.49.1/24 + + - SRC-IP-CIDR,192.168.59.1/24 + + - SRC-IP-CIDR,192.168.69.1/24 + + - SRC-IP-CIDR,192.168.79.1/24 + + - SRC-IP-CIDR,192.168.89.1/24 + + - SRC-IP-CIDR,192.168.99.1/24 diff --git a/rule-provider/consolidated-lists-private/local-webway.yaml b/rule-provider/consolidated-lists-private/local-webway.yaml index 9393844..1323de8 100644 --- a/rule-provider/consolidated-lists-private/local-webway.yaml +++ b/rule-provider/consolidated-lists-private/local-webway.yaml @@ -1,5 +1,2 @@ payload: - - IP-CIDR,192.168.20.1/24 - - IP-CIDR,192.168.24.1/24 - - IP-CIDR,192.168.25.1/24 - - IP-CIDR,192.168.26.1/24 \ No newline at end of file + - SRC-IP-CIDR,100.98.0.0/16 \ No newline at end of file From 90eb53d528b7b5c16e279746f4f2f554479ec851 Mon Sep 17 00:00:00 2001 From: DaTekShaman Date: Thu, 7 Aug 2025 17:27:23 +0300 Subject: [PATCH 3/3] Updates --- config/dts-pontifex-subrules.yaml | 88 +++++------ config/dts-pontifex.yaml | 145 +++++++++++++----- ...ructure.yaml => local-infrastructure.yaml} | 0 3 files changed, 150 insertions(+), 83 deletions(-) rename rule-provider/consolidated-lists-private/{local-infrasctructure.yaml => local-infrastructure.yaml} (100%) diff --git a/config/dts-pontifex-subrules.yaml b/config/dts-pontifex-subrules.yaml index a16c02c..088aba1 100644 --- a/config/dts-pontifex-subrules.yaml +++ b/config/dts-pontifex-subrules.yaml @@ -1045,60 +1045,60 @@ rule-providers: # ———————————————————————————————————————————————————————— RULES ———————————————————————————————————————————————————————— sub-rules: General Behavior: - # ——————————————————————— direct first —————————————————————— # - - RULE-SET,General Direct Domain List,DIRECT - - RULE-SET,General Direct IP List,DIRECT + # ——————————————————————— direct first —————————————————————— # + - RULE-SET,General Direct Domain List,DIRECT + - RULE-SET,General Direct IP List,DIRECT - # ———————————————————————— by service ——————————————————————— # - - RULE-SET,Discord,Discord - - RULE-SET,Electronic Arts,Electronic Arts - - RULE-SET,Notion,Notion - - RULE-SET,Proton,Proton - - RULE-SET,Steam,Steam - - RULE-SET,Telegram,Telegram - - RULE-SET,WeChat,WeChat - - RULE-SET,WhatsApp,WhatsApp - - RULE-SET,XBox,XBox - - RULE-SET,Youtube,YouTube + # ———————————————————————— by service ——————————————————————— # + - RULE-SET,Discord,Discord + - RULE-SET,Electronic Arts,Electronic Arts + - RULE-SET,Notion,Notion + - RULE-SET,Proton,Proton + - RULE-SET,Steam,Steam + - RULE-SET,Telegram,Telegram + - RULE-SET,WeChat,WeChat + - RULE-SET,WhatsApp,WhatsApp + - RULE-SET,XBox,XBox + - RULE-SET,Youtube,YouTube - # ————————————————————— by private lists ———————————————————— # - - RULE-SET,Testzone A,Testzone 🅰 - - RULE-SET,Testzone B,Testzone 🅱 - - RULE-SET,Persistent Proxy,Persistent Proxy - - RULE-SET,General Proxy Domain List,Adaptation - - RULE-SET,General Proxy IP List,Adaptation + # ————————————————————— by private lists ———————————————————— # + - RULE-SET,Testzone A,Testzone 🅰 + - RULE-SET,Testzone B,Testzone 🅱 + - RULE-SET,Persistent Proxy,Persistent Proxy + - RULE-SET,General Proxy Domain List,Adaptation + - RULE-SET,General Proxy IP List,Adaptation - # ———————————————————————— adblocker ———————————————————————— # - - RULE-SET,🚫 Adblock List RU,Adblock 🇷🇺 - - RULE-SET,🚫 Adblock List GL,Adblock 🗺️ + # ———————————————————————— adblocker ———————————————————————— # + - RULE-SET,🚫 Adblock List RU,Adblock 🇷🇺 + - RULE-SET,🚫 Adblock List GL,Adblock 🗺️ - # ————————————————————— by service group ———————————————————— # - - RULE-SET,AI Stuff,AI Stuff - - RULE-SET,RU Intracountry VPN,RU Intracountry VPN + # ————————————————————— by service group ———————————————————— # + - RULE-SET,AI Stuff,AI Stuff + - RULE-SET,RU Intracountry VPN,RU Intracountry VPN - # ———————————— by service group (manual country) ———————————— # - - RULE-SET,US Services Manual,US Services - - RULE-SET,EU Services Manual,EU Services - - RULE-SET,CN Services Manual,CN Services + # ———————————— by service group (manual country) ———————————— # + - RULE-SET,US Services Manual,US Services + - RULE-SET,EU Services Manual,EU Services + - RULE-SET,CN Services Manual,CN Services - # —————————————— force russian geoip to russia —————————————— # - - GEOIP,RU,RU Services + # —————————————— force russian geoip to russia —————————————— # + - GEOIP,RU,RU Services - # ————————————————————— community lists ————————————————————— # - - RULE-SET,Antifilter Community IP List,Antifilter - - RULE-SET,Antifilter Community Domain List,Antifilter - - RULE-SET,Antifilter IP List,Antifilter Extended + # ————————————————————— community lists ————————————————————— # + - RULE-SET,Antifilter Community IP List,Antifilter + - RULE-SET,Antifilter Community Domain List,Antifilter + - RULE-SET,Antifilter IP List,Antifilter Extended - # ———————————————————— force other geoip ———————————————————— # - - GEOIP,US,US Services - - GEOIP,EU,EU Services - - GEOIP,CN,CN Services + # ———————————————————— force other geoip ———————————————————— # + - GEOIP,US,US Services + - GEOIP,EU,EU Services + - GEOIP,CN,CN Services rules: # ——————————————————————— final match ——————————————————————— # - - SUB-RULE,Local Devices,General Behavior - - SUB-RULE,Infrastructure,General Behavior - - SUB-RULE,IOT Clients,General Behavior - - SUB-RULE,Webway,General Behavior + - SUB-RULE,(RULE-SET,Local Devices),General Behavior + - SUB-RULE,(RULE-SET,Infrastructure),General Behavior + - SUB-RULE,(RULE-SET,IOT Clients),General Behavior + - SUB-RULE,(RULE-SET,Webway),General Behavior - MATCH,DIRECT diff --git a/config/dts-pontifex.yaml b/config/dts-pontifex.yaml index 88ab550..a07f284 100644 --- a/config/dts-pontifex.yaml +++ b/config/dts-pontifex.yaml @@ -651,31 +651,17 @@ proxy-groups: - Non-personal 4️⃣ <<: *health_check_for_selectors # —————————————————— CONSOLIDATED SERVICES —————————————————— # - - name: AI Stuff - type: select - proxies: - - ▣ Personal - - Personal 1️⃣ - - Personal 2️⃣ - - ▣ Non-personal - - Non-personal 1️⃣ - - Non-personal 2️⃣ - - Non-personal 3️⃣ - - Non-personal 4️⃣ - - Europe 🇪🇺 - - Turkey 🇹🇷 - - Asia & ME 🇳🇵 - - USA 🇺🇸 - - Europe 🇪🇺 🄪 - - Turkey 🇹🇷 🄪 - - Asia & ME 🇳🇵 🄪 - - USA 🇺🇸 🄪 - <<: *health_check_for_selectors - - name: RU Intracountry VPN + - name: RU Services type: select disable-udp: false proxies: - DIRECT + - Personal 1️⃣ + - Personal 2️⃣ + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ - Russia 🇷🇺 - Russia 🇷🇺 🄪 <<: *health_check_for_selectors @@ -692,20 +678,6 @@ proxy-groups: - USA 🇺🇸 - USA 🇺🇸 🄪 <<: *health_check_for_selectors - - name: RU Services - type: select - disable-udp: false - proxies: - - DIRECT - - Personal 1️⃣ - - Personal 2️⃣ - - Non-personal 1️⃣ - - Non-personal 2️⃣ - - Non-personal 3️⃣ - - Non-personal 4️⃣ - - Russia 🇷🇺 - - Russia 🇷🇺 🄪 - <<: *health_check_for_selectors - name: CN Services type: select disable-udp: false @@ -734,6 +706,35 @@ proxy-groups: - Europe 🇪🇺 - Europe 🇪🇺 🄪 <<: *health_check_for_selectors +- name: AI Stuff + type: select + proxies: + - ▣ Personal + - Personal 1️⃣ + - Personal 2️⃣ + - ▣ Non-personal + - Non-personal 1️⃣ + - Non-personal 2️⃣ + - Non-personal 3️⃣ + - Non-personal 4️⃣ + - Europe 🇪🇺 + - Turkey 🇹🇷 + - Asia & ME 🇳🇵 + - USA 🇺🇸 + - Europe 🇪🇺 🄪 + - Turkey 🇹🇷 🄪 + - Asia & ME 🇳🇵 🄪 + - USA 🇺🇸 🄪 + <<: *health_check_for_selectors + - name: RU Intracountry VPN + type: select + disable-udp: false + proxies: + - DIRECT + - Russia 🇷🇺 + - Russia 🇷🇺 🄪 + <<: *health_check_for_selectors + # ————————————————————————— SERVICES ———————————————————————— # - name: Discord type: select @@ -970,10 +971,6 @@ rule-providers: # ———————————————————————————— consolidated-services ———————————————————————————— # # /clash-rules/raw/branch/main/rule-provider/consolidated-services/ - AI Stuff: - url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ai-stuff-western.yaml - path: "./rule_provider/consolidated-services/ai-stuff-western.yaml" - <<: *default_rule_provider_config RU Intracountry VPN: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ru-intra.yaml path: "./rule_provider/consolidated-services/ru-intra.yaml" @@ -998,9 +995,45 @@ rule-providers: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/persistent.yaml path: "./rule_provider/consolidated-services/persistent.yaml" <<: *default_rule_provider_config + AI Stuff: + url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ai-stuff-western.yaml + path: "./rule_provider/consolidated-services/ai-stuff-western.yaml" + <<: *default_rule_provider_config + # Hentai: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/hentai.yaml + # path: "./rule_provider/services/hentai.yaml" + # <<: *default_rule_provider_config + # News: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/news.yaml + # path: "./rule_provider/services/news.yaml" + # <<: *default_rule_provider_config + # Libraries: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/libraries.yaml + # path: "./rule_provider/services/libraries.yaml" + # <<: *default_rule_provider_config + # Porn: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/porn.yaml + # path: "./rule_provider/services/porn.yaml" + # <<: *default_rule_provider_config + # Torrent Trackers: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/torrent-trackers.yaml + # path: "./rule_provider/services/torrent-trackers.yaml" + # <<: *default_rule_provider_config # ——————————————————————————————————— services —————————————————————————————————— # # /clash-rules/raw/branch/main/rule-provider/services/ + # Apple: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/apple.yaml + # path: "./rule_provider/services/apple.yaml" + # <<: *default_rule_provider_config + # Apple Music: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/apple-music.yaml + # path: "./rule_provider/services/apple-music.yaml" + # <<: *default_rule_provider_config + # Copilot: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/copilot.yaml + # path: "./rule_provider/services/copilot.yaml" + # <<: *default_rule_provider_config Discord: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/discord.yaml path: "./rule_provider/services/discord.yaml" @@ -1009,6 +1042,26 @@ rule-providers: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/ea.yaml path: "./rule_provider/services/ea.yaml" <<: *default_rule_provider_config + # Instagram: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/instagram.yaml + # path: "./rule_provider/services/instagram.yaml" + # <<: *default_rule_provider_config + # Facebook: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/facebook.yaml + # path: "./rule_provider/services/facebook.yaml" + # <<: *default_rule_provider_config + # Microsoft: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/microsoft.yaml + # path: "./rule_provider/services/microsoft.yaml" + # <<: *default_rule_provider_config + # Netflix: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/netflix.yaml + # path: "./rule_provider/services/netflix.yaml" + # <<: *default_rule_provider_config + # Nintendo: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/nintendo.yaml + # path: "./rule_provider/services/nintendo.yaml" + # <<: *default_rule_provider_config Notion: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/notion.yaml path: "./rule_provider/services/notion.yaml" @@ -1017,6 +1070,14 @@ rule-providers: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/proton.yaml path: "./rule_provider/services/proton.yaml" <<: *default_rule_provider_config + # Signal: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/signal.yaml + # path: "./rule_provider/services/signal.yaml" + # <<: *default_rule_provider_config + # Spotify: + # url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/spotify.yaml + # path: "./rule_provider/services/spotify.yaml" + # <<: *default_rule_provider_config Steam: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/services/steam.yaml path: "./rule_provider/services/steam.yaml" @@ -1042,6 +1103,12 @@ rule-providers: path: "./rule_provider/services/youtube.yaml" <<: *default_rule_provider_config + + +# +трекеры, +порно, +хентай и фанфики, +новости, +copilot, openai, +microsoft, psn, battle.net и активижн добавить в xbox, +nintendo, +signal, adobe, figma, visual studio, cursor, gemini +# +нетфликс, soundcloud, +apple и +apple music, +spotify, библиотеки, ubiquity, +instagram, +facebook, tik-tok, google, dropbox, twitter, github, perplexity +# cloudflare, amazon, aliexpress + # ———————————————————————————————————————————————————————— RULES ———————————————————————————————————————————————————————— rules: diff --git a/rule-provider/consolidated-lists-private/local-infrasctructure.yaml b/rule-provider/consolidated-lists-private/local-infrastructure.yaml similarity index 100% rename from rule-provider/consolidated-lists-private/local-infrasctructure.yaml rename to rule-provider/consolidated-lists-private/local-infrastructure.yaml