Last active
October 9, 2025 01:21
-
-
Save timercrack/bc758a0021e2ee62a80e0ba5541804dd to your computer and use it in GitHub Desktop.
Revisions
-
timercrack revised this gist
Feb 3, 2022 . 1 changed file with 237 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,237 @@ {//服务器使用的方案:VLESS+TLS+WS+NGINX+CDN,看情况替换成自己的 "log": { "access": "/dev/null", "error": "/var/log/xray_error.log", "loglevel": "warning" }, "inbounds": [ { "tag":"transparent", "port": 12345, "protocol": "dokodemo-door", "settings": { "network": "tcp,udp", "followRedirect": true }, "sniffing": { "enabled": true, "destOverride": [ "http", "tls" ] }, "streamSettings": { "sockopt": { "tproxy": "tproxy","mark":255 } } }, { "port": 1080, "protocol": "socks", "sniffing": { "enabled": true, "destOverride": ["http", "tls"] }, "settings": { "auth": "noauth" } } ], "outbounds": [ { "tag": "proxy", "protocol": "vless", "settings": { "vnext": [ { "address": "<填入代理服务器域名>", "port": 443, "users": [ { "id": "<填入实际ID>", "encryption": "none" } ] } ] }, "streamSettings": { "network": "ws", "security": "tls", "tlsSettings": { "allowInsecure": false }, "wsSettings": { "path": "<替换实际的路径>" }, "sockopt": {"mark": 255} }, "mux": { "enabled": false, "concurrency": -1 } }, { "tag": "direct", "protocol": "freedom", "settings": {"domainStrategy": "UseIP"}, "streamSettings":{"sockopt":{"mark": 255}} }, { "tag": "block", "protocol": "blackhole", "settings": { "response": { "type": "http" } } }, { "tag": "dns-out", "protocol": "dns", "streamSettings":{"sockopt":{"mark": 255}} } ], "dns": { "servers": [ { "address": "223.5.5.5", //中国大陆域名使用阿里的 DNS "port": 53, "domains": [ "geosite:cn", "ntp.org", // NTP 服务器 "<填入代理服务器域名>" // 此处改为你 VPS 的域名 ] }, { "address": "114.114.114.114", //中国大陆域名使用 114 的 DNS (备用) "port": 53, "domains": [ "geosite:cn", "ntp.org", // NTP 服务器 "<填入代理服务器域名>" // 此处改为你 VPS 的域名 ] }, { "address": "8.8.8.8", //非中国大陆域名使用 Google 的 DNS "port": 53, "domains": [ "geosite:geolocation-!cn" ] }, { "address": "1.1.1.1", //非中国大陆域名使用 Cloudflare 的 DNS "port": 53, "domains": [ "geosite:geolocation-!cn" ] } ] }, "routing": { "domainStrategy": "IPIfNonMatch", "domainMatcher": "mph", "rules": [ { // 劫持 53 端口 UDP 流量,使用 V2Ray 的 DNS "type": "field", "inboundTag": ["transparent"], "port": 53, "network": "udp", "outboundTag": "dns-out" }, { // 直连 123 端口 UDP 流量(NTP 协议) "type": "field", "inboundTag": ["transparent"], "port": 123, "network": "udp", "outboundTag": "direct" }, { "type": "field", "ip": [ // 设置 DNS 配置中的国内 DNS 服务器地址直连,以达到 DNS 分流目的 "223.5.5.5", "114.114.114.114" ], "outboundTag": "direct" }, { "type": "field", "ip": [ // 设置 DNS 配置中的国外 DNS 服务器地址走代理,以达到 DNS 分流目的 "8.8.8.8", "1.1.1.1" ], "outboundTag": "proxy" }, { "type": "field", "outboundTag": "block", "domain": [ "mousegesturesapi.com", "geosite:category-ads-all" ] }, { "type": "field", "inboundTag": [], "outboundTag": "proxy", "ip": ["geoip:telegram"] }, { "type": "field", "outboundTag": "proxy", "domain": [ "geosite:gfw", "geosite:greatfire", "geosite:google", "geosite:github", "v2fly.org" ] }, { // BT 流量直连 "type": "field", "protocol":["bittorrent"], "outboundTag": "direct" }, { "type": "field", "outboundTag": "direct", "domain": [ "bitwarden.com", "bitwarden.net", "baiyunju.cc", "letsencrypt.org", "adblockplus.org", "safesugar.net", "googleads.g.doubleclick.net", "adservice.google.com", "geosite:private", "geosite:cn", "geosite:adobe", "geosite:adobe-activation", "geosite:microsoft", "geosite:msn", "geosite:apple", "geosite:category-ads-all", "geosite:google-cn", "geosite:apple-cn" ] }, { // 直连中国大陆主流网站 ip 和 保留 ip "type": "field", "ip": [ "geoip:private", "geoip:cn" ], "outboundTag": "direct" }, { "type": "field", "network": "tcp,udp", "outboundTag": "direct" } ] } } -
Feb 3, 2022 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,61 @@ #!/bin/sh #路由器地址:192.168.123.1 #创建一张IPV4路由表,表名:"100" 添加一条规则 ip rule add fwmark 1 table 100 ip route add local 0.0.0.0/0 dev lo table 100 # 创建一张IPV6路由表,表名:"106" 添加一条规则 删除:ip -6 ru del table 106 查看:ip -6 ru list #ip -6 rule add fwmark 1 table 106 #ip -6 route add local ::/0 dev lo table 106 ip route flush cache # 代理IPV4局域网设备 iptables -t mangle -N XRAY iptables -t mangle -A XRAY -d 127.0.0.1/32 -j RETURN iptables -t mangle -A XRAY -d 224.0.0.0/4 -j RETURN iptables -t mangle -A XRAY -d 255.255.255.255/32 -j RETURN iptables -t mangle -A XRAY -d 192.168.123.1/24 -p tcp -j RETURN iptables -t mangle -A XRAY -d 192.168.123.1/24 -p udp ! --dport 53 -j RETURN iptables -t mangle -A XRAY -j RETURN -m mark --mark 0xff iptables -t mangle -A XRAY -p tcp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 iptables -t mangle -A XRAY -p udp -j TPROXY --on-ip 127.0.0.1 --on-port 12345 --tproxy-mark 1 # 代理IPV4网关本机 iptables -t mangle -N XRAY_MASK iptables -t mangle -A XRAY_MASK -d 224.0.0.0/4 -j RETURN iptables -t mangle -A XRAY_MASK -d 255.255.255.255/32 -j RETURN iptables -t mangle -A XRAY_MASK -d 192.168.123.1/24 -p tcp -j RETURN iptables -t mangle -A XRAY_MASK -d 192.168.123.1/24 -p udp ! --dport 53 -j RETURN iptables -t mangle -A XRAY_MASK -m mark --mark 0xff -j RETURN iptables -t mangle -A XRAY_MASK -p tcp -j MARK --set-mark 1 iptables -t mangle -A XRAY_MASK -p udp -j MARK --set-mark 1 # 代理IPV6局域网设备 #ip6tables -t mangle -N XRAY6 #ip6tables -t mangle -A XRAY6 -d ::1/128 -j RETURN #ip6tables -t mangle -A XRAY6 -d fd07:22f2:2eb9::1/60 -p tcp -j RETURN #ip6tables -t mangle -A XRAY6 -d fd07:22f2:2eb9::1/60 -p udp ! --dport 53 -j RETURN #ip6tables -t mangle -A XRAY6 -j RETURN -m mark --mark 0xff #ip6tables -t mangle -A XRAY6 -p tcp -j TPROXY --on-ip ::1 --on-port 12345 --tproxy-mark 1 #ip6tables -t mangle -A XRAY6 -p udp -j TPROXY --on-ip ::1 --on-port 12345 --tproxy-mark 1 # 新建 DIVERT 规则,避免已有连接的包二次通过 TPROXY,理论上有一定的性能提升 iptables -t mangle -N DIVERT iptables -t mangle -A DIVERT -j MARK --set-mark 1 iptables -t mangle -A DIVERT -j ACCEPT # 代理IPV6网关本机 #ip6tables -t mangle -N XRAY6_MASK #ip6tables -t mangle -A XRAY6_MASK -d fd07:22f2:2eb9::1/60 -p tcp -j RETURN #ip6tables -t mangle -A XRAY6_MASK -d fd07:22f2:2eb9::1/60 -p udp ! --dport 53 -j RETURN #ip6tables -t mangle -A XRAY6_MASK -m mark --mark 0xff -j RETURN #ip6tables -t mangle -A XRAY6_MASK -p tcp -j MARK --set-mark 1 #ip6tables -t mangle -A XRAY6_MASK -p udp -j MARK --set-mark 1 # 新建 DIVERT6 规则,避免已有连接的包二次通过 TPROXY,理论上有一定的性能提升 #ip6tables -t mangle -N DIVERT6 #ip6tables -t mangle -A DIVERT6 -j MARK --set-mark 1 #ip6tables -t mangle -A DIVERT6 -j ACCEPT # 应用IPV4规则 iptables -t mangle -A PREROUTING -j XRAY iptables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT iptables -t mangle -A OUTPUT -j XRAY_MASK iptables -t mangle -I XRAY -m mark --mark 0xff -j RETURN # 应用IPV6规则 #ip6tables -t mangle -A PREROUTING -j XRAY6 #ip6tables -t mangle -I PREROUTING -p tcp -m socket -j DIVERT6 #ip6tables -t mangle -A OUTPUT -p tcp -j XRAY6_MASK #ip6tables -t mangle -I XRAY6 -m mark --mark 0xff -j RETURN