# —————————————————————————————————— local proxy ————————————————————————————————— port: 7890 socks-port: 7891 redir-port: 7892 tproxy-port: 7893 mixed-port: 7894 allow-lan: true bind-address: "*" # authentication of local SOCKS5/HTTP(S) server # authentication: # - "user1:pass1" # —————————————————————————————— external controller ————————————————————————————— external-controller: 127.0.0.1:9090 secret: '314159271828' external-ui: "/usr/share/openclash/ui" # ———————————————————————————————————— general ——————————————————————————————————— mode: rule ipv6: false unified-delay: true log-level: info disable-keep-alive: true # interface-name: en0 # Outbound interface name # ————————————————————————————————————— hosts ———————————————————————————————————— hosts: # ———————————————————————————————————— profile ——————————————————————————————————— profile: store-selected: true store-fake-ip: true # ———————————————————————————————————— sniffer ——————————————————————————————————— sniffer: enable: true parse-pure-ip: true override-destination: true sniff: QUIC: ports: - 443 TLS: ports: - 443 - 8443 HTTP: ports: - 80 - 8080-8880 override-destination: true force-domain: - "+.netflix.com" - "+.nflxvideo.net" - "+.amazonaws.com" - "+.media.dssott.com" skip-domain: - "+.apple.com" - Mijia Cloud - dlg.io.mi.com - "+.oray.com" - "+.sunlogin.net" - "+.push.apple.com" # —————————————————————————————————————— dns ————————————————————————————————————— dns: enable: true ipv6: false listen: 0.0.0.0:53 default-nameserver: - 114.114.114.114 - 8.8.8.8 enhanced-mode: fake-ip use-hosts: false fake-ip-range: 198.18.0.1/16 fake-ip-filter-mode: blacklist fake-ip-filter: # ———————————————————— self-hosted domains ——————————————————— - '*.lan' - '+.dts' - '+.webway.dts' - '+.netbird.selfhosted' - '+.shamanlanding.org' nameserver: - https://purpose.shamanlanding.org/dns-query/dts-pontifex - https://d.adguard-dns.com/dns-query/5ffb7de2 fallback: - https://dns.google/dns-query - https://cloudflare-dns.com/dns-query # If IP addresses resolved with servers in `nameservers` are in the specified # subnets below, they are considered invalid and results from `fallback` # servers are used instead. # # IP address resolved with servers in `nameserver` is used when # `fallback-filter.geoip` is true and when GEOIP of the IP address is `CN`. # # If `fallback-filter.geoip` is false, results from `nameserver` nameservers # are always used if not match `fallback-filter.ipcidr`. # # This is a countermeasure against DNS pollution attacks. # fallback-filter: # geoip: true # geoip-code: CN # ipcidr: # - 240.0.0.0/4 # domain: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' # Lookup domains via specific nameservers # nameserver-policy: # 'www.baidu.com': '114.114.114.114' # '+.internal.crop.com': '10.0.0.1' # —————————————————————————————————————— tun ————————————————————————————————————— # ————————————————————————————————————— macro ———————————————————————————————————— health-check-for-providers: &health_check_for_providers enable: true interval: 600 url: http://www.gstatic.com/generate_204 health-check-for-selectors: &health_check_for_selectors url: https://cp.cloudflare.com/generate_204 interval: 300 health-check-for-load-balancers: &health_check_for_load_balancers url: https://cp.cloudflare.com/generate_204 interval: 300 default-rule-provider-config: &default_rule_provider_config type: http behavior: classical interval: 86400 p-vpn-list_balancer: &p_vpn_list_balancer type: load-balance strategy: sticky-sessions use: - own p-vpn-list_selector: &p_vpn_list_selector type: select use: - own np-vpn-list_url_test: &np_vpn_list_url_test type: url-test tolerance: 50 use: - xfizz - arza-1 - Un1c4d3 np-vpn-list_balancer: &np_vpn_list_balancer type: load-balance strategy: sticky-sessions use: - xfizz - arza-1 - Un1c4d3 np-vpn-list_selector: &np_vpn_list_selector type: select use: - xfizz - arza-1 - Un1c4d3 default-private-proxies-lb-selector: &default_private_proxies_lb_selector type: select proxies: - ⚖️ Personal VPN # ————————————————————————————————— proxies list ————————————————————————————————— proxies: # ————————————————————— direct wan routes ———————————————————— - name: "WAN A [Мегафон]" type: direct udp: true ip-version: ipv4 interface-name: eth2 - name: "WAN B [РосТелеКом]" type: direct udp: true ip-version: ipv4 interface-name: eth2 #- name: "WAN C [Mobile]" # type: direct # udp: true # ip-version: ipv4 # interface-name: eth2 # ——————————————————— private vpn services ——————————————————— # ———————————————————————————————— proxy providers ——————————————————————————————— proxy-providers: # ——————————————————— private vpn services ——————————————————— #https://dexterity.shamanlanding.org/M4eh2gd/first own: type: http url: "https://dexterity.shamanlanding.org/M4eh2gd/first" interval: 3600 proxy: DIRECT path: "./proxy_provider/own-1.txt" exclude-filter: "(?i)xhttp" override: additional-prefix: "🔆 " additional-suffix: "" health-check: <<: *health_check_for_providers # ——————————————————— non-personal services —————————————————— #https://xfizz.cc/sublink/XzU0rRmBeOZtIPprW46f2ieNFcF8PJw9?name=1Y:2213 xfizz: type: http url: "https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/proxy-provider/fizz-vpn.txt" interval: 3600 proxy: 🔢 Personal VPN path: "./proxy_provider/fizz-vpn.txt" exclude-filter: "(?i)Наш TG|Истекает|@FizzVPN|UNAVAILABLE|EXPIRE|TELEGRAM|USERNAME:" override: additional-prefix: "" additional-suffix: "•𝓯" health-check: <<: *health_check_for_providers #https://arza.top/sub/dGZjNHVlLDE3MzIzMDQ2MTYowA-efEYOh arza-1: type: http url: "https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/proxy-provider/arza.txt" interval: 3600 proxy: 🔢 Personal VPN path: "./proxy_provider/arza.txt" exclude-filter: "(?i)Наш TG|Истекает|@FizzVPN|UNAVAILABLE|EXPIRE|TELEGRAM|USERNAME:" override: additional-prefix: "" additional-suffix: "•𝓪" health-check: <<: *health_check_for_providers #https://subs.un1c4d3.ru:52478/sub/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJQTF9WTFNTX0FMTDIxMCIsImFjY2VzcyI6InN1YnNjcmlwdGlvbiIsImlhdCI6MTczNzgwMDQwOH0.mPr4BSMMpo1mrlZPvB34IRGcn2mHOZetHXaZyebirT4 Un1c4d3: type: http url: "https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/proxy-provider/Un1c4d3.txt" interval: 3600 proxy: DIRECT path: "./proxy_provider/Un1c4d3.txt" exclude-filter: "(?i)Наш TG|Истекает|@FizzVPN|UNAVAILABLE|EXPIRE|TELEGRAM|USERNAME:" override: additional-prefix: "" additional-suffix: "•𝓾" health-check: <<: *health_check_for_providers # ————————————————————————————————— proxy groups ————————————————————————————————— proxy-groups: # ————————————————————————— fallback ————————————————————————— - name: "Automatic Fallback Route" type: fallback proxies: - DIRECT hidden: true url: 'https://cp.cloudflare.com/generate_204' interval: 300 # ————————————————————— direct wan routes ———————————————————— - name: ⚖️ AB type: load-balance disable-udp: false proxies: - WAN A [Мегафон] - WAN B [РосТелеКом] hidden: true # - name: ⚖️ ABC # type: load-balance # disable-udp: false # proxies: # - WAN A [Мегафон] # - WAN B [РосТелеКом] # - WAN C [Mobile] # hidden: true # ————————————————————— direct selectors ————————————————————— - name: 🖥️ LAN Clients type: select disable-udp: false proxies: - ⚖️ AB # - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] # - WAN C [Mobile] - name: 🛋️ IOT Clients type: select disable-udp: false proxies: - 🖥️ LAN Clients - ⚖️ AB # - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] # - WAN C [Mobile] - name: 👾 Unprivileged Webway type: select disable-udp: false proxies: - 🖥️ LAN Clients - ⚖️ AB # - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] # - WAN C [Mobile] - name: 🌟 Privileged Webway type: select disable-udp: false proxies: - 🖥️ LAN Clients - ⚖️ AB # - ⚖️ ABC - WAN A [Мегафон] - WAN B [РосТелеКом] # - WAN C [Mobile] # —————————————— load balancers for personal vpn ————————————— - name: ⚖️ Personal VPN disable-udp: false <<: [*p_vpn_list_balancer, *health_check_for_load_balancers] # —————————————— url tested for non-personal vpn ————————————— - name: ⌚ Europe 🌍 disable-udp: false filter: "(?i)NL|Finland|Estonia|France|Germany|Sweden|Ireland" <<: [*np_vpn_list_url_test, *health_check_for_load_balancers] # ———————————— load balancers for non-personal vpn ——————————— - name: ⚖️ Asia 🌍 disable-udp: false filter: "(?i)Hong Kong|China|Malaysia|Philippines|Japan|Singapore" <<: [*np_vpn_list_balancer, *health_check_for_load_balancers] hidden: true - name: ⚖️ Europe 🌍 disable-udp: false filter: "(?i)NL|Finland|Estonia|France|Germany|Sweden|Ireland" <<: [*np_vpn_list_balancer, *health_check_for_load_balancers] hidden: true - name: ⚖️ USA 🌍 disable-udp: false filter: "(?i)USA|Canada" <<: [*np_vpn_list_balancer, *health_check_for_load_balancers] hidden: true - name: ⚖️ High Bandwidth disable-udp: false filter: "(?i)10 Gbit" <<: [*np_vpn_list_balancer, *health_check_for_load_balancers] hidden: true - name: ⚖️ Russian 🌍 disable-udp: false filter: "(?i)Russia" <<: [*np_vpn_list_balancer, *health_check_for_load_balancers] hidden: true - name: ⚖️ Fast Servers disable-udp: false filter: "(?i)Low Ping" <<: [*np_vpn_list_balancer, *health_check_for_load_balancers] hidden: true # ————————————— global selectors for personal vpn ———————————— - name: 🔢 Personal VPN disable-udp: false <<: [*p_vpn_list_selector, *health_check_for_selectors] # ——————————— global selectors for non-personal vpn —————————— - name: 🔢 Asia 🌍 disable-udp: false filter: "(?i)Hong Kong|China|Malaysia|Philippines|Japan|Singapore" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 Europe 🌍 disable-udp: false filter: "(?i)NL|Finland|Estonia|France|Germany|Sweden|Ireland|Moldova" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 Kazakhstan 🌍 disable-udp: false filter: "(?i)Kazakhstan|KZ" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 Russian 🌍 disable-udp: false filter: "(?i)Russia" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 USA 🌍 disable-udp: false filter: "(?i)USA|Canada" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 All non-personal disable-udp: false filter: "" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 Fast Servers disable-udp: false filter: "(?i)10 Gbit|10Gbit" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 Gaming disable-udp: false filter: "(?i)game" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 Torrent Compliant disable-udp: false filter: "(?i)torrent" <<: [*np_vpn_list_selector, *health_check_for_selectors] - name: 🔢 TOR Compliant disable-udp: false filter: "(?i)TOR✅" <<: [*np_vpn_list_selector, *health_check_for_selectors] # ——————— selectors for local rules —————— - name: ✳️ YouTube type: select proxies: - 🔢 Russian 🌍 - 🔢 Personal VPN - 🔢 Europe 🌍 - ⌚ Europe 🌍 - ⚖️ Europe 🌍 - ⚖️ Russian 🌍 - ⚖️ Personal VPN <<: *health_check_for_selectors - name: ✳️ Discord type: select disable-udp: false proxies: - 🔢 Fast Servers - 🔢 Personal VPN - 🔢 Europe 🌍 - ⌚ Europe 🌍 - ⚖️ Fast Servers - ⚖️ Personal VPN - ⚖️ Europe 🌍 <<: *health_check_for_selectors - name: ✳️ USA Services type: select disable-udp: false proxies: - 🔢 USA 🌍 - 🔢 Personal VPN - ⚖️ USA 🌍 - ⚖️ Personal VPN <<: *health_check_for_selectors - name: ✳️ Adaptaion type: select proxies: - 🔢 Fast Servers - 🔢 Personal VPN - 🔢 Europe 🌍 - ⌚ Europe 🌍 - ⚖️ Fast Servers - ⚖️ Personal VPN - ⚖️ Europe 🌍 <<: *health_check_for_selectors - name: ✳️ Antifilter type: select proxies: - 🔢 Fast Servers - 🔢 Personal VPN - 🔢 Europe 🌍 - ⌚ Europe 🌍 - ⚖️ Fast Servers - ⚖️ Personal VPN - ⚖️ Europe 🌍 <<: *health_check_for_selectors - name: ✳️ Notion type: select proxies: - 🔢 Personal VPN - 🔢 Europe 🌍 - ⌚ Europe 🌍 - ⚖️ Personal VPN - ⚖️ Europe 🌍 <<: *health_check_for_selectors - name: ✳️ AI Stuff (Western) type: select proxies: - 🔢 Personal VPN - 🔢 Europe 🌍 - ⌚ Europe 🌍 - ⚖️ Personal VPN - ⚖️ Europe 🌍 <<: *health_check_for_selectors - name: ✳️ Testzone A type: select proxies: - 🔢 All non-personal - 🔢 Russian 🌍 - 🔢 Europe 🌍 - 🔢 USA 🌍 - 🔢 Asia 🌍 - 🔢 Kazakhstan 🌍 - 🔢 Personal VPN - ⌚ Europe 🌍 - ⚖️ Russian 🌍 - ⚖️ Europe 🌍 - ⚖️ USA 🌍 - ⚖️ Asia 🌍 - ⚖️ Fast Servers - ⚖️ Personal VPN <<: *health_check_for_selectors # ———————————————————————————————— rule providers ———————————————————————————————— rule-providers: # ———————————————————————— gitea lists ——————————————————————— AI Stuff (Western): url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/ai-stuff-western.yaml # AI Stuff path: "./rule_provider/ai-stuff-western.yaml" <<: *default_rule_provider_config Discord: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/discord.yaml # AI Stuff path: "./rule_provider/discord.yaml" <<: *default_rule_provider_config Notion: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/notion.yaml # Notion path: "./rule_provider/notion.yaml" <<: *default_rule_provider_config Youtube: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/youtube.yaml # Youtube path: "./rule_provider/youtube.yaml" <<: *default_rule_provider_config Testzone A: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/testzone-a.yaml path: "./rule_provider/testzone-a.yaml" <<: *default_rule_provider_config USA Services: url: https://gitea.shamanlanding.org/DaTekShaman/clash-rules/raw/branch/main/rule-provider/usa-services.yaml path: "./rule_provider/usa-services.yaml" <<: *default_rule_provider_config # —————————————————————— adaptaion lists ————————————————————— General Direct Domain List: url: http://purpose.shamanlanding.org:9999/direct-domain.yaml path: "./rule_provider/direct-domain.yaml" <<: *default_rule_provider_config General Direct IP List: url: http://purpose.shamanlanding.org:9999/direct-ip.yaml path: "./rule_provider/direct-ip.yaml" <<: *default_rule_provider_config General Proxy Domain List: url: http://purpose.shamanlanding.org:9999/proxy-domain.yaml path: "./rule_provider/adaptation-domain-proxy.yaml" <<: *default_rule_provider_config General Proxy IP List: url: http://purpose.shamanlanding.org:9999/proxy-ip.yaml path: "./rule_provider/adaptation-ip-proxy.yaml" <<: *default_rule_provider_config # ————————————————— antifilter community list ———————————————— Antifilter IP List: url: http://purpose.shamanlanding.org:9999/antifilter-ip.yaml path: "./rule_provider/antifilter-ip-proxy.yaml" <<: *default_rule_provider_config Antifilter Community IP List: url: http://purpose.shamanlanding.org:9999/antifilter-community-ip.yaml path: "./rule_provider/antifilter-community-ip-proxy.yaml" <<: *default_rule_provider_config Antifilter Community Domain List: url: http://purpose.shamanlanding.org:9999/antifilter-community-domain.yaml path: "./rule_provider/antifilter-domain-proxy.yaml" <<: *default_rule_provider_config # ————————————————————————————————————— rules ———————————————————————————————————— rules: # —————————————————————— by application —————————————————————— - RULE-SET,Youtube,✳️ YouTube - RULE-SET,Notion,✳️ Notion - RULE-SET,Testzone A,✳️ Testzone A - RULE-SET,AI Stuff (Western),✳️ Testzone A - RULE-SET,Discord,✳️ Discord - RULE-SET,USA Services,✳️ USA Services # —————————————————————— adaptaion lists ————————————————————— - RULE-SET,General Direct Domain List,DIRECT - RULE-SET,General Direct IP List,DIRECT - RULE-SET,General Proxy Domain List,✳️ Adaptaion - RULE-SET,General Proxy IP List,✳️ Adaptaion - RULE-SET,Antifilter IP List,✳️ Antifilter - RULE-SET,Antifilter Community IP List,✳️ Antifilter - RULE-SET,Antifilter Community Domain List,✳️ Antifilter - MATCH,🖥️ LAN Clients