feat: Refactor Mihomo setup script to improve interface handling and add new rule logic

config-clash/solar/solar.yaml

@@ -0,0 +1,408 @@
+anchors:
+  default-rule-provider-config: &default_rule_provider_config
+    type: http
+    behavior: classical
+    interval: 86400
+
+# # ———————————————————————————————— health checks ———————————————————————————————— #
+  proxy_provider_substore: &proxy_provider_substore
+    type: http
+    interval: 3600
+    proxy: DIRECT
+
+# # ———————————————————————————————— health checks ———————————————————————————————— #
+  health-check-providers: &health_check_providers
+    health-check:
+      enable: true
+      interval: 1200
+      expected-status: 204
+      timeout: 5000
+      url: https://www.gstatic.com/generate_204
+
+  health-check-groups: &health_check_groups
+    health-check:
+      enable: true
+      interval: 600
+      expected-status: 204
+      timeout: 5000
+      url: https://www.gstatic.com/generate_204
+
+# # ————————————————————————————————— proxy lists ————————————————————————————————— #
+  use-all: &use_all
+    use:
+      - 🐦 fallback package
+      - 🚪 local tunnels
+      - 🫂 neighborhood tunnels
+      - 📺 youtube tunnels
+      - 🕊️ clear tunnels
+      - 🪨 default package / 📺
+      - 🪨 default package / 👠
+      - 🪨 default package
+      - 💎 premium package / 📺
+      - 💎 premium package / 👠
+      - 💎 premium package
+      - 🌉 private relays
+      - ♨️ private vpns
+
+# # ————————————————————————————————— proxy types ————————————————————————————————— #
+  p-selector-udp: &p_selector_udp
+    type: select
+    disable-udp: false
+
+# ————————————————————————————————————————————————————— LOCAL PROXY —————————————————————————————————————————————————————vs
+port:         7890
+socks-port:   7891
+redir-port:   7892
+tproxy-port:  7893
+mixed-port:   7894
+
+allow-lan: true
+lan-allowed-ips:
+  - 0.0.0.0/0
+bind-address: "*"
+
+# ————————————————————————————————————————————————— EXTERNAL CONTROLLER —————————————————————————————————————————————————
+
+external-controller: 0.0.0.0:9090
+external-controller-tls: 0.0.0.0:9443
+secret: '314159271828'
+external-ui: ./ui
+external-ui-name: zashboard
+external-ui-url: "https://github.com/Zephyruso/zashboard/releases/latest/download/dist-cdn-fonts.zip"
+
+# ——————————————————————————————————————————————————————— GENERAL ———————————————————————————————————————————————————————
+mode: rule
+ipv6: false
+unified-delay: true
+log-level: info
+disable-keep-alive: false
+keep-alive-interval: 15
+keep-alive-idle: 600
+find-process-mode: "off"                  # Options: always, strict, off
+interface-name: eth0                      # Outbound interface name
+routing-mark: 1337
+# global-client-fingerprint: random       # Options: chrome, firefox, safari, iOS, android, edge, 360, qq, random
+# tcp-concurrent: true                    # Enable TCP concurrent connections, which will use all IP addresses resolved by DNS for connections, using the first successful connection.
+
+# ————————————————— GEO DATA CONFIGURATION ————————————————— https://github.com/runetfreedom/russia-v2ray-rules-dat —————
+geodata-mode: true
+geodata-loader: standard
+geo-auto-update: true
+geo-update-interval: 24
+geox-url:
+  geoip:    https://raw.githubusercontent.com/runetfreedom/russia-v2ray-rules-dat/release/geoip.dat
+  geosite:  https://raw.githubusercontent.com/runetfreedom/russia-v2ray-rules-dat/release/geosite.dat
+  mmdb:     https://testingcf.jsdelivr.net/gh/alecthw/mmdb_china_ip_list@release/Country.mmdb
+  asn:      https://testingcf.jsdelivr.net/gh/xishang0128/geoip@release/GeoLite2-ASN.mmdb
+global-ua: clash.meta
+etag-support: true
+
+listeners:
+  - name: socks-inbound
+    type: socks
+    port: 7891
+    listen: 0.0.0.0
+    udp: true
+    users:
+      - username: testuser1
+        password: testuser1
+      - username: testuser2
+        password: testuser2
+      - username: testuser3
+        password: testuser3
+      - username: testuser4
+        password: testuser4
+
+sniffer:
+  enable: true
+  parse-pure-ip: true
+  override-destination: true
+  sniff:
+    HTTP:
+      ports: [80, 8080-8880]
+      override-destination: true
+    TLS:
+      ports: [443, 8443]
+    QUIC:
+      ports: [443, 8443]
+  skip-domain:
+    - '+.dts'
+    - '+.webway.dts'
+    - '+.netbird.selfhosted'
+    - '+.shamanlanding.org'
+    - '+.shamanlanding.com'
+
+    - "Mijia Cloud"        # Xiaomi Smart Home (Mijia). Uses non-standard TLS headers.
+    - "dlg.io.mi.com"      # Xiaomi IoT logging/telemetry.
+    - "+.push.apple.com"   # Apple Push Notification Service (APNS). Critical for iOS.
+    - "+.apple.com"        # (Optional) Broader Apple bypass. Safer for iCloud sync.
+
+dns:
+  enable: true
+  enhanced-mode: fake-ip
+  cache-algorithm: arc
+  ipv6: false
+  listen: 0.0.0.0:53
+  prefer-h3: false
+  respect-rules: true
+  use-hosts: true
+  use-system-hosts: false
+  
+  fake-ip-range: 198.18.0.1/16
+  fake-ip-filter-mode: blacklist
+  fake-ip-filter:
+    # ———————————————————— self-hosted domains ———————————————————
+    - '*.lan'
+    - '*.local'
+    - '+.dts'
+    - '+.webway.dts'
+    - '+.netbird.selfhosted'
+    - '+.shamanlanding.org'
+    # ————————————————————————— ru domains ———————————————————————
+    - '+.ru'
+    - '+.рф'
+    - '+.su'
+    - '+.ntp.org'
+    - '+.pool.ntp.org'
+    - 'time.apple.com'
+    - 'time.nist.gov'
+    - 'time.windows.com'
+    - 'time.google.com'
+    # ————————————————————— connectivity checks ——————————————————
+    - 'dns.msftncsi.com'
+    - 'www.msftncsi.com'
+    - 'www.msftconnecttest.com'
+    - 'connectivitycheck.gstatic.com'
+    - 'connectivitycheck.android.com'
+    - 'clients3.google.com'
+    - 'captive.apple.com'
+    - '+.hotspot.msn.com'
+  default-nameserver:           # Resolving the domain names of DNS servers.
+    - 1.1.1.1
+    - 1.0.0.1
+    - 8.8.8.8
+    - 8.8.4.4
+    - 9.9.9.9
+    - 208.67.222.222
+    - 208.67.220.220
+  nameserver:                   # Default domain name resolution server.
+    - 'tls://kavanah.shamanlanding.org'
+  # - https://d.adguard-dns.com/dns-query/5ffb7de2
+  proxy-server-nameserver:      # Resolving the domain names of proxy nodes.
+    - 'tls://kavanah.shamanlanding.org'
+  # - https://d.adguard-dns.com/dns-query/5ffb7de2
+
+hosts:
+#  'solar.shamanlanding.org':        192.168.25.8
+#  
+#  'battlescribe.shamanlanding.org': 192.168.25.8
+#  'kavanah.shamanlanding.org':      192.168.25.8
+#  'loremaster.shamanlanding.org':   192.168.25.8
+#  'omnissiah.shamanlanding.org':    192.168.25.8
+#  'sanctum.shamanlanding.org':      192.168.25.8
+#  'tesseract.shamanlanding.org':    192.168.25.8
+#  'synaxis.shamanlanding.org':      192.168.25.8
+#  
+#  '+.solar.shamanlanding.org':      192.168.25.8
+
+proxy-providers:
+  🐦 fallback package:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/fallback"
+    path: "./proxy_provider/fallback.txt"
+    <<: [*health_check_providers, *proxy_provider_substore]
+
+# ———————————————————————————————— tunnels ———————————————————————————————— #
+  🚪 local tunnels:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/own-package-solar"
+    path: "./proxy_provider/webway-local-tunnels.txt"
+    filter: "🚪"
+    exclude-filter: "✨"
+    <<: [*health_check_providers, *proxy_provider_substore]
+  
+  🫂 neighborhood tunnels:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/own-package-solar"
+    path: "./proxy_provider/webway-neighborhood-tunnels.txt"
+    filter: "🫂"
+    exclude-filter: "✨"
+    <<: [*health_check_providers, *proxy_provider_substore]
+  
+  📺 youtube tunnels:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/own-package-solar"
+    path: "./proxy_provider/webway-tunnels-youtube.txt"
+    filter: "📺"
+    exclude-filter: "✨"
+    <<: [*health_check_providers, *proxy_provider_substore]
+  
+  🕊️ clear tunnels:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/own-package-solar"
+    path: "./proxy_provider/webway-tunnels-clear.txt"
+    filter: "🕊️"
+    exclude-filter: "✨"
+    <<: [*health_check_providers, *proxy_provider_substore]
+
+  # ———————————————————————————————— левые впнки ———————————————————————————————— #
+  🪨 default package:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/ext-package-solar"
+    path: "./proxy_provider/webway-class-b.txt"
+    exclude-filter: "📺|👠"
+    <<: [*health_check_providers, *proxy_provider_substore]  
+
+  🪨 default package / 📺:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/ext-package-solar"
+    path: "./proxy_provider/webway-class-b-youtube.txt"
+    filter: "📺"
+    <<: [*health_check_providers, *proxy_provider_substore]  
+
+  🪨 default package / 👠:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/ext-package-solar"
+    path: "./proxy_provider/webway-class-b-capri.txt"
+    filter: "👠"
+    <<: [*health_check_providers, *proxy_provider_substore]  
+
+  💎 premium package:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/prm-package-solar"
+    path: "./proxy_provider/webway-class-a.txt"
+    exclude-filter: "📺|👠"
+    <<: [*health_check_providers, *proxy_provider_substore]  
+  
+  💎 premium package / 📺:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/prm-package-solar"
+    path: "./proxy_provider/webway-class-a-youtube.txt"
+    filter: "📺"
+    <<: [*health_check_providers, *proxy_provider_substore]  
+  
+  💎 premium package / 👠:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/prm-package-solar"
+    path: "./proxy_provider/webway-class-a-capri.txt"
+    filter: "👠"
+    <<: [*health_check_providers, *proxy_provider_substore]  
+  
+  # ———————————————————————————————— хорошие впнки ———————————————————————————————— #
+  ♨️ private vpns:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/own-package-solar"
+    path: "./proxy_provider/webway-private-vpns.txt"
+    filter: "♨️"
+    <<: [*health_check_providers, *proxy_provider_substore]
+
+  🌉 private relays:
+    url: "https://synaxis.shamanlanding.org/webway-subscription-provider/download/collection/own-package-solar"
+    path: "./proxy_provider/webway-private-relays.txt"
+    filter: "🌉"
+    <<: [*health_check_providers, *proxy_provider_substore]
+
+proxy-groups:  
+  - name: RU-зона локально
+    proxies:
+      - DIRECT
+      - PASS
+      - REJECT
+      - REJECT-DROP
+    <<: [*p_selector_udp]
+  - name: RU-зона через webway
+    proxies:
+      - REJECT
+      - REJECT-DROP
+      - DIRECT
+      - PASS
+    <<: [*p_selector_udp]
+  
+  - name: Testzone A
+    filter: ""
+    exclude-filter: ""
+    exclude-type: ""
+    proxies:
+      - PASS
+      - Заблокированные сайты
+      - Личный список
+    <<: [*health_check_groups, *use_all, *p_selector_udp]
+  - name: Testzone B
+    filter: ""
+    exclude-filter: ""
+    exclude-type: ""
+    proxies:
+      - PASS
+      - Заблокированные сайты
+      - Личный список
+    <<: [*health_check_groups, *use_all, *p_selector_udp]
+  - name: Заблокированные сайты
+    filter: ""
+    exclude-filter: ""
+    exclude-type: ""
+    <<: [*health_check_groups, *use_all, *p_selector_udp]
+  - name: Личный список
+    filter: ""
+    exclude-filter: ""
+    exclude-type: ""
+    <<: [*health_check_groups, *use_all, *p_selector_udp]
+
+rule-providers:
+  📃 Solar Proxy Domain List:
+    url: https://antifilter.solar.shamanlanding.org/proxy-domain.yaml
+    path: "./rule_provider/consolidated-lists-private/adaptation-solar-domain-proxy.yaml"
+    <<: *default_rule_provider_config
+  📃 Solar Proxy IP List:
+    url: https://antifilter.solar.shamanlanding.org/proxy-ip.yaml
+    path: "./rule_provider/consolidated-lists-private/adaptation-solar-ip-proxy.yaml"
+    <<: *default_rule_provider_config
+  📃 Shared Proxy Domain List:
+    url: https://antifilter.scarus.shamanlanding.org/proxy-domain.yaml
+    path: "./rule_provider/consolidated-lists-private/adaptation-scarus-domain-proxy.yaml"
+    <<: *default_rule_provider_config
+  📃 Shared Proxy IP List:
+    url: https://antifilter.scarus.shamanlanding.org/proxy-ip.yaml
+    path: "./rule_provider/consolidated-lists-private/adaptation-scarus-ip-proxy.yaml"
+    <<: *default_rule_provider_config
+  
+  🛝 Testzone A:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-a.yaml
+    path: "./rule_provider/services/consolidated-lists-private/testzone-a.yaml"
+    <<: *default_rule_provider_config
+  🛝 Testzone B:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/testzone-b.yaml
+    path: "./rule_provider/services/consolidated-lists-private/testzone-b.yaml"
+    <<: *default_rule_provider_config
+  🛜 Webway Unprivileged:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/webway-unprivileged.yaml
+    path: "./rule_provider/services/consolidated-lists-private/webway-unprivileged.yaml"
+    <<: *default_rule_provider_config
+  🛜 VLAN10:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/vlan10.yaml
+    path: "./rule_provider/services/consolidated-lists-private/vlan10.yaml"
+    <<: *default_rule_provider_config
+  🛜 VLAN40:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-private/vlan40.yaml
+    path: "./rule_provider/services/consolidated-lists-private/vlan40.yaml"
+    <<: *default_rule_provider_config
+
+  👥 Current Antifilter/Refilter:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-lists-public/current-public-set.yaml
+    path: "./rule_provider/consolidated-lists-public/current-public-set.yaml"
+    <<: *default_rule_provider_config
+
+  📦 RU Services Manual:
+    url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/consolidated-services/ru-services.yaml
+    path: "./rule_provider/consolidated-services/ru-services.yaml"
+    <<: *default_rule_provider_config
+
+rules:
+  - SUB-RULE,(OR,((RULE-SET,📦 RU Services Manual),(GEOIP,RU),(GEOSITE,category-ru))),russian_internet
+  
+  - RULE-SET,🛝 Testzone A,Testzone A
+  - RULE-SET,🛝 Testzone B,Testzone B
+  
+  - RULE-SET,📃 Solar Proxy Domain List,Личный список
+  - RULE-SET,📃 Solar Proxy IP List,Личный список,no-resolve
+  
+  - RULE-SET,📃 Shared Proxy Domain List,Заблокированные сайты
+  - RULE-SET,📃 Shared Proxy IP List,Заблокированные сайты,no-resolve
+  - RULE-SET,👥 Current Antifilter/Refilter,Заблокированные сайты
+  
+  - MATCH,DIRECT
+
+sub-rules:
+  russian_internet:
+    - DOMAIN-SUFFIX,shamanlanding.org,DIRECT
+    - SRC-IP-CIDR,100.98.0.0/16,RU-зона через webway
+    - SRC-IP-CIDR,10.10.0.0/16,RU-зона локально
+    - SRC-IP-CIDR,10.40.0.0/16,RU-зона локально
+    - MATCH,REJECT

scripts/warpgates/config-warpgate-alpine.sh

@@ -29,12 +29,12 @@ NETBIRD_SETUP_KEY="7369BE4D-C485-4339-A7CA-C245FD95E857"
 NETBIRD_MANAGEMENT_URL="https://webway.shamanlanding.org:443"
 
 # Mihomo Version (Alpha)
-MIHOMO_URL="https://github.com/vernesong/mihomo/releases/download/Prerelease-Alpha/mihomo-linux-amd64-alpha-smart-ec7f445.gz"
+MIHOMO_URL="https://github.com/vernesong/mihomo/releases/download/Prerelease-Alpha/mihomo-linux-amd64-alpha-smart-26a9e08.gz"
 
 # Remote Resources
 REPO_BASE="https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main"
-URL_CONFIG_MIHOMO="${REPO_BASE}/config-clash/cadian/cadian.current.yaml"
+URL_CONFIG_MIHOMO="${REPO_BASE}/config-clash/solar/solar.yaml"
-URL_SCRIPT_IPTABLES="${REPO_BASE}/scripts/iptables-mihomo-setup.sh"
+URL_SCRIPT_IPTABLES="${REPO_BASE}/scripts/warpgates/iptables-mihomo-setup-alpine-mark2.sh"
 URL_INIT_MIHOMO="${REPO_BASE}/init-scripts/openrc/mihomo"
 URL_INIT_IPTABLES="${REPO_BASE}/init-scripts/openrc/mihomo-iptables"
 

scripts/warpgates/iptables-mihomo-setup-alpine-mark2.sh

@@ -11,6 +11,7 @@ FW_MARK="0x1"
 ROUTE_TABLE="100"
 
 EXCLUDE_IFACES=("tun0")  
+INCLUDE_IFACES=("wt0" "eth1" "eth2")
 
 # ----------------------------
 # Helpers
@@ -86,7 +87,15 @@ ipt -t nat -A OUTPUT -m owner --uid-owner "${MIHOMO_UID}" -m comment --comment "
 ipt -t nat -A OUTPUT -p tcp -m comment --comment "MIHOMO-JUMP" -j MIHOMO_REDIR
 
 # Apply to PREROUTING (wt0 Ingress) - Force Redir for NetBird (skips exclusions by design)
-ipt -t nat -A PREROUTING -i wt0 -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"
+for IFACE in "${INCLUDE_IFACES[@]}"; do
+  if [ "$IFACE" = "wt0" ]; then
+    # wt0 (Netbird) пропускает исключения локальных подсетей по твоему дизайну
+    ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-REDIRECT" -j REDIRECT --to-port "${REDIR_PORT}"
+  else
+    # LAN-трафик (eth1, eth2) должен прыгать в цепочку MIHOMO_REDIR для проверки исключений (192.168.x.x и т.д.)
+    ipt -t nat -A PREROUTING -i "$IFACE" -p tcp -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_REDIR
+  fi
+done
 
 # ----------------------------
 # MANGLE (TPROXY) - UDP
@@ -116,6 +125,9 @@ ipt -t mangle -A OUTPUT -p udp -m comment --comment "MIHOMO-MARK" -j MARK --set-
 for IFACE in "${EXCLUDE_IFACES[@]}"; do
   ipt -t mangle -A PREROUTING -i "${IFACE}" -m comment --comment "MIHOMO-EXCLUDE" -j RETURN
 done
-ipt -t mangle -A PREROUTING -i wt0 -m comment --comment "MIHOMO-JUMP" -j MIHOMO_TPROXY
+
+for IFACE in "${INCLUDE_IFACES[@]}"; do
+  ipt -t mangle -A PREROUTING -i "$IFACE" -m comment --comment "MIHOMO-JUMP-$IFACE" -j MIHOMO_TPROXY
+done
 
 echo "Done. Suboptimal hypervisor constraints bypassed successfully."