DaTekShaman/clash-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Refactor Mihomo setup script to improve interface handling and add new rule logic

Browse Source
This commit is contained in:
DaTekShaman
2026-04-12 13:05:06 +03:00
parent 71b2b4e6e5
commit 1c8d49a636
2 changed files with 69 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
config-clash/solar/solar.yaml
View File

@@ -193,17 +193,17 @@ dns:
# - https://d.adguard-dns.com/dns-query/5ffb7de2 # - https://d.adguard-dns.com/dns-query/5ffb7de2
hosts: hosts:
'solar.shamanlanding.org': 192.168.25.8 # 'solar.shamanlanding.org': 192.168.25.8
#
'battlescribe.shamanlanding.org': 192.168.25.8 # 'battlescribe.shamanlanding.org': 192.168.25.8
'kavanah.shamanlanding.org': 192.168.25.8 # 'kavanah.shamanlanding.org': 192.168.25.8
'loremaster.shamanlanding.org': 192.168.25.8 # 'loremaster.shamanlanding.org': 192.168.25.8
'omnissiah.shamanlanding.org': 192.168.25.8 # 'omnissiah.shamanlanding.org': 192.168.25.8
'sanctum.shamanlanding.org': 192.168.25.8 # 'sanctum.shamanlanding.org': 192.168.25.8
'tesseract.shamanlanding.org': 192.168.25.8 # 'tesseract.shamanlanding.org': 192.168.25.8
'synaxis.shamanlanding.org': 192.168.25.8 # 'synaxis.shamanlanding.org': 192.168.25.8
#
'+.solar.shamanlanding.org': 192.168.25.8 # '+.solar.shamanlanding.org': 192.168.25.8
proxy-providers: proxy-providers:
🐦 fallback package: 🐦 fallback package:
@@ -311,6 +311,7 @@ proxy-groups:
exclude-filter: "" exclude-filter: ""
exclude-type: "" exclude-type: ""
proxies: proxies:
- PASS
- Заблокированные сайты - Заблокированные сайты
- Личный список - Личный список
<<: [*health_check_groups, *use_all, *p_selector_udp] <<: [*health_check_groups, *use_all, *p_selector_udp]
@@ -319,7 +320,7 @@ proxy-groups:
exclude-filter: "" exclude-filter: ""
exclude-type: "" exclude-type: ""
proxies: proxies:
- Testzone A - PASS
- Заблокированные сайты - Заблокированные сайты
- Личный список - Личный список
<<: [*health_check_groups, *use_all, *p_selector_udp] <<: [*health_check_groups, *use_all, *p_selector_udp]
@@ -352,18 +353,56 @@ rule-providers:
path: "./rule_provider/consolidated-lists-private/adaptation-scarus-ip-proxy.yaml" path: "./rule_provider/consolidated-lists-private/adaptation-scarus-ip-proxy.yaml"
<<: *default_rule_provider_config <<: *default_rule_provider_config
🛝 Testzone A:
url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-a.yaml
path: "./rule_provider/services/consolidated-lists-private/testzone-a.yaml"
<<: *default_rule_provider_config
🛝 Testzone B:
url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-b.yaml
path: "./rule_provider/services/consolidated-lists-private/testzone-b.yaml"
<<: *default_rule_provider_config
🛜 Webway Unprivileged:
url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/webway-unprivileged.yaml
path: "./rule_provider/services/consolidated-lists-private/webway-unprivileged.yaml"
<<: *default_rule_provider_config
🛜 VLAN10:
url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/vlan10.yaml
path: "./rule_provider/services/consolidated-lists-private/vlan10.yaml"
<<: *default_rule_provider_config
🛜 VLAN40:
url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/vlan40.yaml
path: "./rule_provider/services/consolidated-lists-private/vlan40.yaml"
<<: *default_rule_provider_config
👥 Current Antifilter/Refilter:
url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-public/current-public-set.yaml
path: "./rule_provider/consolidated-lists-public/current-public-set.yaml"
<<: *default_rule_provider_config
📦 RU Services Manual: 📦 RU Services Manual:
url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ru-services.yaml url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ru-services.yaml
path: "./rule_provider/consolidated-services/ru-services.yaml" path: "./rule_provider/consolidated-services/ru-services.yaml"
<<: *default_rule_provider_config <<: *default_rule_provider_config
rules: rules:
- OR,((RULE-SET,📦 RU Services Manual),(GEOIP,RU),(GEOSITE,category-ru)),RU-зона локально - SUB-RULE,(OR,((RULE-SET,📦 RU Services Manual),(GEOIP,RU),(GEOSITE,category-ru))),russian_internet
- RULE-SET,🛝 Testzone A,Testzone A
- RULE-SET,🛝 Testzone B,Testzone B
- RULE-SET,📃 Solar Proxy Domain List,Личный список - RULE-SET,📃 Solar Proxy Domain List,Личный список
- RULE-SET,📃 Solar Proxy IP List,Личный список,no-resolve - RULE-SET,📃 Solar Proxy IP List,Личный список,no-resolve
- RULE-SET,📃 Shared Proxy Domain List,Заблокированные сайты - RULE-SET,📃 Shared Proxy Domain List,Заблокированные сайты
- RULE-SET,📃 Shared Proxy IP List,Заблокированные сайты,no-resolve - RULE-SET,📃 Shared Proxy IP List,Заблокированные сайты,no-resolve
- RULE-SET,👥 Current Antifilter/Refilter,Заблокированные сайты
- MATCH,DIRECT - MATCH,DIRECT
sub-rules:
russian_internet:
- DOMAIN-SUFFIX,shamanlanding.org,DIRECT
- SRC-IP-CIDR,100.98.0.0/16,RU-зона через webway
- SRC-IP-CIDR,10.10.0.0/16,RU-зона локально
- SRC-IP-CIDR,10.40.0.0/16,RU-зона локально
- MATCH,REJECT

16
scripts/warpgates/iptables-mihomo-setup-alpine-mark2.sh
View File

@@ -11,6 +11,7 @@ FW_MARK="0x1"
ROUTE_TABLE="100" ROUTE_TABLE="100"
EXCLUDE_IFACES=("tun0") EXCLUDE_IFACES=("tun0")
INCLUDE_IFACES=("wt0" "eth1" "eth2")
# ---------------------------- # ----------------------------
# Helpers # Helpers
@@ -86,7 +87,15 @@ ipt -t nat -A OUTPUT -m owner --uid-owner "${MIHOMO_UID}" -m comment --comment "
ipt -t nat -A OUTPUT -p tcp -m comment --comment "MIHOMO-JUMP" -j MIHOMO_REDIR ipt -t nat -A OUTPUT -p tcp -m comment --comment "MIHOMO-JUMP" -j MIHOMO_REDIR
# Apply to PREROUTING (wt0 Ingress) - Force Redir for NetBird (skips exclusions by design) # Apply to PREROUTING (wt0 Ingress) - Force Redir for NetBird (skips exclusions by design)
ipt -t nat -A PREROUTING -i wt0 -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}" for IFACE in "${INCLUDE_IFACES[@]}"; do
if [ "$IFACE" = "wt0" ]; then
# wt0 (Netbird) пропускает исключения локальных подсетей по твоему дизайну
ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"
else
# LAN-трафик (eth1, eth2) должен прыгать в цепочку MIHOMO_REDIR для проверки исключений (192.168.x.x и т.д.)
ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_REDIR
fi
done
# ---------------------------- # ----------------------------
# MANGLE (TPROXY) - UDP # MANGLE (TPROXY) - UDP
@@ -116,6 +125,9 @@ ipt -t mangle -A OUTPUT -p udp -m comment --comment "MIHOMO-MARK" -j MARK --set-
for IFACE in "${EXCLUDE_IFACES[@]}"; do for IFACE in "${EXCLUDE_IFACES[@]}"; do
ipt -t mangle -A PREROUTING -i "${IFACE}" -m comment --comment "MIHOMO-EXCLUDE" -j RETURN ipt -t mangle -A PREROUTING -i "${IFACE}" -m comment --comment "MIHOMO-EXCLUDE" -j RETURN
done done
ipt -t mangle -A PREROUTING -i wt0 -m comment --comment "MIHOMO-JUMP" -j MIHOMO_TPROXY
for IFACE in "${INCLUDE_IFACES[@]}"; do
ipt -t mangle -A PREROUTING -i "$IFACE" -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_TPROXY
done
echo "Done. Suboptimal hypervisor constraints bypassed successfully." echo "Done. Suboptimal hypervisor constraints bypassed successfully."