diff --git a/lazy.conf b/lazy.conf index bb65437..7ed4f4b 100644 --- a/lazy.conf +++ b/lazy.conf @@ -7,8 +7,10 @@ bypass-system = true skip-proxy = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, localhost, *.local, captive.apple.com,*.ccb.com,*.abchina.com.cn,*.psbc.com # TUN旁路路由:Shadowrocket TUN接口只能处理TCP协议。使用此选项可以绕过指定的IP范围,让其他协议通过。 tun-excluded-routes = 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24, 192.0.2.0/24, 192.88.99.0/24, 192.168.0.0/16, 198.51.100.0/24, 203.0.113.0/24, 224.0.0.0/4, 255.255.255.255/32, 239.255.255.250/32 -# DNS覆写。使用此选项覆盖默认的DNS服务器。 +# DNS覆写。使用此选项覆盖默认的DNS服务器。有些dns over https支持http3,所以尝试查询,如果支持就切换到http3。可在doh链接后面加上#no-h3关闭。 dns-server = https://doh.pub/dns-query,https://dns.alidns.com/dns-query,223.5.5.5,119.29.29.29 +# 备用DNS。当覆写的DNS解析失败后回退使用指定DNS,如需指定多个DNS,可用逗号分隔。system表示回退到系统DNS。 +fallback-dns-server = system # 启用IPv6支持。false表示不启用,true表示启用。 ipv6 = false # 首选IPv6。优先向IPv6的DNS服务器查询AAAA记录。false表示不启用。 @@ -23,8 +25,6 @@ always-reject-url-rewrite = false private-ip-answer = false # 直连的域名解析失败后使用代理。 dns-direct-fallback-proxy = true -# 备用DNS。当覆写的DNS解析失败后回退使用指定DNS,如需指定多个DNS,可用逗号分隔。system表示回退到系统DNS。 -fallback-dns-server = system # 当UDP流量匹配到规则里不支持UDP转发的节点策略时重新选择回退行为,可选行为包括DIRECT、REJECT。DIRECT表示直连转发UDP流量,REJECT表示屏蔽UDP流量。 udp-policy-not-supported-behaviour = REJECT @@ -53,20 +53,24 @@ udp-policy-not-supported-behaviour = REJECT # url,指定要测试的URL。 [Rule] -# 国外常用app单独分流:YouTube,Netflix,Disney+,HBO,Spotify,Telegram,PayPal,Twitter,Facebook,Google,WhatsApp,TikTok,GitHub。 -# 国内常用app单独分流:苹果服务,微软服务,哔哩哔哩,网易云音乐,游戏平台,亚马逊,百度,豆瓣,微信,抖音,快手,微博,知乎,小红书。 -# ---------- -# 关于屏蔽 443端口的UDP流量的解释内容:HTTP3/QUIC 协议开始流行,但是国内 ISP 和国际出口的 UDP 优先级都很低,表现很差,屏蔽掉以强制回退 HTTP2/HTTP1.1。(如需启用该逻辑规则,请删除AND前面的注释符号#) +# 关于屏蔽443端口的UDP流量的解释内容:HTTP3/QUIC协议开始流行,但是国内ISP和国际出口的UDP优先级都很低,表现很差,屏蔽掉以强制回退HTTP2/HTTP1.1。(如需启用该逻辑规则,请删除AND前面的注释符号#) # AND,((PROTOCOL,UDP),(DEST-PORT,443)),REJECT-NO-DROP # ---------- # 这两个AND的逻辑规则是防止出现因Spotify或YouTube相关请求走了UDP时可能导致模块脚本失效的问题。 AND,((PROTOCOL,UDP),(DEST-PORT,443),(DOMAIN,spclient.wg.spotify.com)),REJECT-NO-DROP AND,((PROTOCOL,UDP),(DEST-PORT,443),(DOMAIN-SUFFIX,googlevideo.com)),REJECT-NO-DROP # ---------- +# 国外常用app单独分流:YouTube,Netflix,Disney+,HBO,Spotify,Telegram,PayPal,Twitter,Facebook,Google,WhatsApp,TikTok,GitHub。 +# 国内常用app单独分流:苹果服务,微软服务,哔哩哔哩,网易云音乐,游戏平台,亚马逊,百度,豆瓣,微信,抖音,快手,微博,知乎,小红书。 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Apple/Apple.list,DIRECT RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Microsoft/Microsoft.list,DIRECT RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/BiliBili/BiliBili.list,DIRECT RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/NetEaseMusic/NetEaseMusic.list,DIRECT +RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Sony/Sony.list,DIRECT +RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Nintendo/Nintendo.list,DIRECT +RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Epic/Epic.list,DIRECT +RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/SteamCN/SteamCN.list,DIRECT +RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Steam/Steam.list,DIRECT RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Game/Game.list,DIRECT RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Amazon/Amazon.list,DIRECT RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Baidu/Baidu.list,DIRECT @@ -92,8 +96,11 @@ RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/r RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/TikTok/TikTok.list,PROXY RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/GitHub/GitHub.list,PROXY RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/QuantumultX/Global/Global.list,PROXY +# 本地局域网地址的规则集。 RULE-SET,https://raw.githubusercontent.com/blackmatrix7/ios_rule_script/master/rule/Shadowrocket/Lan/Lan.list,DIRECT +# 表示CN地区的IP分流走直连,GEOIP数据库用来判断IP是否属于CN地区。 GEOIP,CN,DIRECT +# 表示当上面所有规则都匹配不到时才使用FINAL规则的策略。 FINAL,PROXY [Host] @@ -101,8 +108,8 @@ FINAL,PROXY # example.com=1.2.3.4 # 域名指定DNS服务器: # example.com=server:1.2.3.4 -# 指定某个wifi网络交给某个DNS处理,如需指定多个DNS,可用逗号分隔: -# ssid:某个wifi = server:某个DNS +# wifi名称指定DNS服务器,如需指定多个DNS,可用逗号分隔: +# ssid:wifi名称=server:1.2.3.4 localhost = 127.0.0.1 [URL Rewrite] @@ -114,7 +121,7 @@ localhost = 127.0.0.1 Rewrite: BoxJs = type=http-request,pattern=https?:\/\/boxjs\.(com|net),script-path=https://raw.githubusercontent.com/chavyleung/scripts/master/box/chavy.boxjs.js, requires-body=true, timeout=120 [MITM] -# Shadowrocket打开解密方法: +# Shadowrocket打开HTTPS解密方法: # 1.点击配置文件后面ⓘ - HTTPS解密 - 证书 - 生成新的CA证书 - 安装证书。 # 2.手机设置 - 已下载描述文件 - 安装。 # 3.手机设置 - 通用 - 关于本机 - 证书信任设置 - 开启对应Shadowrocket证书信任。