Local and sub-rules

config/dts-pontifex.yaml

@@ -90,12 +90,12 @@ dns:
   fake-ip-range: 198.18.0.1/16
   fake-ip-filter-mode: blacklist
   fake-ip-filter:
-     # ———————————————————— self-hosted domains ———————————————————
+    # ———————————————————— self-hosted domains ———————————————————
-     - '*.lan'
+    - '*.lan'
-     - '+.dts'
+    - '+.dts'
-     - '+.webway.dts'
+    - '+.webway.dts'
-     - '+.netbird.selfhosted'
+    - '+.netbird.selfhosted'
-     - '+.shamanlanding.org'
+    - '+.shamanlanding.org'
   nameserver:
     - https://d.adguard-dns.com/dns-query/5ffb7de2
   fallback:
@@ -230,11 +230,96 @@ proxies:
     udp: true
     ip-version: ipv4
     interface-name: eth1
-  # - name: "WAN C [Mobile]"
+
-  #   type: direct
+# ————————————————————— private proxies ———————————————————— #
-  #   udp: true
+  - name: 🇨🇭⇨🇱🇺 Proton WG
-  #   ip-version: ipv4
+    type: wireguard
-  #   interface-name: eth2
+    server: 79.135.104.48
+    port: 51820
+    ip: 10.2.0.2
+    private-key: 8LW5XMdOWwUyVlihlii9dEvVYvatZ/uuC8Jft4fcn0k=
+    public-key: buYqE3X8Wf8X/v5NtHVXYgLk45+2og8MVEbgQAkEyBw=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 55
+      jmin: 373
+      jmax: 769
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4
+  - name: 🇮🇸⇨🇬🇧 Proton WG
+    type: wireguard
+    server: 185.159.158.215
+    port: 51820
+    ip: 10.2.0.2
+    private-key: yPnrinUviMCyTV4p1Yrd9H9u3zV6jXXFDWJa3zueb2Q=
+    public-key: zctOjv4DH2gzXtLQy86Tp0vnT+PNpMsxecd2vUX/i0U=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 55
+      jmin: 373
+      jmax: 769
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4
+  - name: 🇸🇾 Direct Proton WG
+    type: wireguard
+    server: 74.118.126.212
+    port: 51820
+    ip: 10.2.0.2
+    private-key: IKZ6eVISKzSoccxyhEQKqJpqQ9MXNXRECogtQ/Mb5Ho=
+    public-key: lA34jzJPyZIjR4FxgEy2KarVEEkFcGT3AmOO2k+X3Co=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 127
+      jmin: 798
+      jmax: 1246
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4
+  - name: 🇫🇷 Direct Proton WG
+    type: wireguard
+    server: 79.127.134.82
+    port: 51820
+    ip: 10.2.0.2
+    private-key: SLHvkTQwNnovnfKhmO1DwMFycvUPT7MK80VSQXpNeGc=
+    public-key: fEUJZ0KAOb0U8O4+wNYYlVBgtN6AOS2bbXyM07Dnvxk=
+    allowed-ips: ['0.0.0.0/0', '::/0']
+    udp: true
+    mtu: 1420
+    remote-dns-resolve: true
+    dns: [10.2.0.1]
+    amnezia-wg-option:
+      jc: 127
+      jmin: 798
+      jmax: 1246
+      s1: 0
+      s2: 0
+      h1: 1
+      h2: 2
+      h3: 3
+      h4: 4
 
 # ——————————————————————————————————————————————————— PROXY PROVIDERS ———————————————————————————————————————————————————
 proxy-providers:
@@ -313,6 +398,7 @@ proxy-groups:
 # ————————————————————————— fallback ———————————————————————— #
   - name: "Automatic Fallback Route"
     type: fallback
+    disable-udp: false
     proxies:
       - DIRECT
     hidden: true
@@ -326,58 +412,47 @@ proxy-groups:
       - WAN A [Мегафон]
       - WAN B [РосТелеКом]
     hidden: true
+    url: 'https://cp.cloudflare.com/generate_204'
+    interval: 300
 
-  # - name: ABC
-  #  type: load-balance
-  #  disable-udp: false
-  #  proxies:
-  #    - WAN A [Мегафон]
-  #    - WAN B [РосТелеКом]
-  #    - WAN C [Mobile]
-  #  hidden: true
 # ————————————————————— direct selectors ———————————————————— #
-  - name: LAN Clients
+  
+  - name: Local Devices
     type: select
     disable-udp: false
     proxies:
+      - DIRECT
+      - AB
+      - WAN A [Мегафон]
+      - WAN B [РосТелеКом]
+  
+  - name: Infrastructure
+    type: select
+    disable-udp: false
+    proxies:
+      - DIRECT
       - AB
-  #   - ABC
       - WAN A [Мегафон]
       - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]
 
   - name: IOT Clients
     type: select
     disable-udp: false
     proxies:
-      - LAN Clients
+      - DIRECT
       - AB
-  #   - ABC
       - WAN A [Мегафон]
       - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]
   
-  - name: Unprivileged Webway
+  - name: Webway
     type: select
     disable-udp: false
     proxies:
-      - LAN Clients
+      - DIRECT
       - AB
-  #   - ABC
       - WAN A [Мегафон]
       - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]
   
-  - name: Privileged Webway
-    type: select
-    disable-udp: false
-    proxies:
-      - LAN Clients
-      - AB
-  #   - ABC
-      - WAN A [Мегафон]
-      - WAN B [РосТелеКом]
-  #   - WAN C [Mobile]
 # —————————————— smart groups for personal vpn —————————————— #
   - name: ▣ Personal
     disable-udp: false
@@ -850,6 +925,23 @@ rule-providers:
     path: "./rule_provider/services/consolidated-lists-private/testzone-b.yaml"
     <<: *default_rule_provider_config
 
+  Local Devices:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-devices.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-devices.yaml"
+    <<: *default_rule_provider_config
+  Infrastructure:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-infrastructure.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-infrastructure.yaml"
+    <<: *default_rule_provider_config
+  IOT Clients:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-iot.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-iot.yaml"
+    <<: *default_rule_provider_config
+  Webway:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/local-webway.yaml
+    path: "./rule_provider/services/consolidated-lists-private/local-webway.yaml"
+    <<: *default_rule_provider_config
+
 # —————————————————————————— consolidated-lists-public —————————————————————————— #
   # /clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/
   🚫 Adblock List RU:
@@ -1003,4 +1095,8 @@ rules:
 - GEOIP,CN,CN Services
 
 # ——————————————————————— final match ——————————————————————— #
-- MATCH,LAN Clients
+- RULE-SET,Local Devices,Local Devices
+- RULE-SET,Infrastructure,Infrastructure
+- RULE-SET,IOT Clients,IOT Clients
+- RULE-SET,Webway,Webway
+- MATCH,DIRECT

rule-provider/consolidated-lists-private/local-devices.yaml

@@ -1,6 +1,42 @@
 payload:
-  - IP-CIDR,192.168.10.1/24
+  - SRC-IP-CIDR,192.168.10.1/24
 
-  - IP-CIDR,192.168.21.1/24
+  - SRC-IP-CIDR,192.168.11.1/24
-  - IP-CIDR,192.168.22.1/24
+  - SRC-IP-CIDR,192.168.12.1/24
-  - IP-CIDR,192.168.23.1/24
+  - SRC-IP-CIDR,192.168.13.1/24
+
+  - SRC-IP-CIDR,192.168.21.1/24
+  - SRC-IP-CIDR,192.168.22.1/24
+  - SRC-IP-CIDR,192.168.23.1/24
+  
+  - SRC-IP-CIDR,192.168.31.1/24
+  - SRC-IP-CIDR,192.168.32.1/24
+  - SRC-IP-CIDR,192.168.33.1/24
+  
+  - SRC-IP-CIDR,192.168.41.1/24
+  - SRC-IP-CIDR,192.168.42.1/24
+  - SRC-IP-CIDR,192.168.43.1/24
+  
+  - SRC-IP-CIDR,192.168.51.1/24
+  - SRC-IP-CIDR,192.168.52.1/24
+  - SRC-IP-CIDR,192.168.53.1/24
+  
+  - SRC-IP-CIDR,192.168.61.1/24
+  - SRC-IP-CIDR,192.168.62.1/24
+  - SRC-IP-CIDR,192.168.63.1/24
+  
+  - SRC-IP-CIDR,192.168.71.1/24
+  - SRC-IP-CIDR,192.168.72.1/24
+  - SRC-IP-CIDR,192.168.73.1/24
+  
+  - SRC-IP-CIDR,192.168.71.1/24
+  - SRC-IP-CIDR,192.168.72.1/24
+  - SRC-IP-CIDR,192.168.73.1/24
+  
+  - SRC-IP-CIDR,192.168.81.1/24
+  - SRC-IP-CIDR,192.168.82.1/24
+  - SRC-IP-CIDR,192.168.83.1/24
+
+  - SRC-IP-CIDR,192.168.91.1/24
+  - SRC-IP-CIDR,192.168.92.1/24
+  - SRC-IP-CIDR,192.168.93.1/24

rule-provider/consolidated-lists-private/local-infrasctructure.yaml

@@ -1,5 +1,45 @@
 payload:
-  - IP-CIDR,192.168.20.1/24
+  # SRC-IP-CIDR,192.168.10.1/24
-  - IP-CIDR,192.168.24.1/24
+  - SRC-IP-CIDR,192.168.14.1/24
-  - IP-CIDR,192.168.25.1/24
+  - SRC-IP-CIDR,192.168.15.1/24
-  - IP-CIDR,192.168.26.1/24
+  - SRC-IP-CIDR,192.168.16.1/24
+
+  - SRC-IP-CIDR,192.168.20.1/24
+  - SRC-IP-CIDR,192.168.24.1/24
+  - SRC-IP-CIDR,192.168.25.1/24
+  - SRC-IP-CIDR,192.168.26.1/24
+  
+  - SRC-IP-CIDR,192.168.30.1/24
+  - SRC-IP-CIDR,192.168.34.1/24
+  - SRC-IP-CIDR,192.168.35.1/24
+  - SRC-IP-CIDR,192.168.36.1/24
+  
+  - SRC-IP-CIDR,192.168.40.1/24
+  - SRC-IP-CIDR,192.168.44.1/24
+  - SRC-IP-CIDR,192.168.45.1/24
+  - SRC-IP-CIDR,192.168.46./24
+  
+  - SRC-IP-CIDR,192.168.50.1/24
+  - SRC-IP-CIDR,192.168.54.1/24
+  - SRC-IP-CIDR,192.168.55.1/24
+  - SRC-IP-CIDR,192.168.56.1/24
+  
+  - SRC-IP-CIDR,192.168.60.1/24
+  - SRC-IP-CIDR,192.168.64.1/24
+  - SRC-IP-CIDR,192.168.65.1/24
+  - SRC-IP-CIDR,192.168.66.1/24
+  
+  - SRC-IP-CIDR,192.168.70.1/24
+  - SRC-IP-CIDR,192.168.74.1/24
+  - SRC-IP-CIDR,192.168.75.1/24
+  - SRC-IP-CIDR,192.168.76.1/24
+  
+  - SRC-IP-CIDR,192.168.80.1/24
+  - SRC-IP-CIDR,192.168.84.1/24
+  - SRC-IP-CIDR,192.168.85.1/24
+  - SRC-IP-CIDR,192.168.86.1/24
+  
+  - SRC-IP-CIDR,192.168.90.1/24
+  - SRC-IP-CIDR,192.168.94.1/24
+  - SRC-IP-CIDR,192.168.95.1/24
+  - SRC-IP-CIDR,192.168.96.1/24

rule-provider/consolidated-lists-private/local-iot.yaml

@@ -1,5 +1,18 @@
 payload:
-  - IP-CIDR,192.168.20.1/24
+  - SRC-IP-CIDR,192.168.19.1/24
-  - IP-CIDR,192.168.24.1/24
+  
-  - IP-CIDR,192.168.25.1/24
+  - SRC-IP-CIDR,192.168.29.1/24
-  - IP-CIDR,192.168.26.1/24
+  
+  - SRC-IP-CIDR,192.168.39.1/24
+  
+  - SRC-IP-CIDR,192.168.49.1/24
+
+  - SRC-IP-CIDR,192.168.59.1/24
+  
+  - SRC-IP-CIDR,192.168.69.1/24
+
+  - SRC-IP-CIDR,192.168.79.1/24
+  
+  - SRC-IP-CIDR,192.168.89.1/24
+
+  - SRC-IP-CIDR,192.168.99.1/24

rule-provider/consolidated-lists-private/local-webway.yaml

@@ -1,5 +1,2 @@
 payload:
-  - IP-CIDR,192.168.20.1/24
+  - SRC-IP-CIDR,100.98.0.0/16
-  - IP-CIDR,192.168.24.1/24
-  - IP-CIDR,192.168.25.1/24
-  - IP-CIDR,192.168.26.1/24