2023-12-01 05:24:18 +00:00
|
|
|
|
---
|
2024-02-03 09:45:27 +00:00
|
|
|
|
icon: material/new-box
|
2023-12-01 05:24:18 +00:00
|
|
|
|
---
|
|
|
|
|
|
2024-02-03 09:45:27 +00:00
|
|
|
|
!!! quote "Changes in sing-box 1.9.0"
|
|
|
|
|
|
|
|
|
|
:material-plus: [geoip](#geoip)
|
|
|
|
|
:material-plus: [ip_cidr](#ip_cidr)
|
2024-02-09 10:37:25 +00:00
|
|
|
|
:material-plus: [ip_is_private](#ip_is_private)
|
|
|
|
|
:material-plus: [client_subnet](#client_subnet)
|
2024-02-21 06:27:55 +00:00
|
|
|
|
:material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source)
|
2024-02-03 09:45:27 +00:00
|
|
|
|
|
2023-12-01 05:24:18 +00:00
|
|
|
|
!!! quote "Changes in sing-box 1.8.0"
|
|
|
|
|
|
|
|
|
|
:material-plus: [rule_set](#rule_set)
|
|
|
|
|
:material-plus: [source_ip_is_private](#source_ip_is_private)
|
|
|
|
|
:material-delete-clock: [geoip](#geoip)
|
|
|
|
|
:material-delete-clock: [geosite](#geosite)
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
### Structure
|
|
|
|
|
|
|
|
|
|
```json
|
|
|
|
|
{
|
|
|
|
|
"dns": {
|
|
|
|
|
"rules": [
|
|
|
|
|
{
|
|
|
|
|
"inbound": [
|
|
|
|
|
"mixed-in"
|
|
|
|
|
],
|
2022-08-16 15:46:05 +00:00
|
|
|
|
"ip_version": 6,
|
2023-02-08 08:18:40 +00:00
|
|
|
|
"query_type": [
|
|
|
|
|
"A",
|
|
|
|
|
"HTTPS",
|
|
|
|
|
32768
|
|
|
|
|
],
|
2022-07-08 09:01:38 +00:00
|
|
|
|
"network": "tcp",
|
2022-07-27 04:03:07 +00:00
|
|
|
|
"auth_user": [
|
2022-07-17 07:11:26 +00:00
|
|
|
|
"usera",
|
|
|
|
|
"userb"
|
|
|
|
|
],
|
2022-07-08 09:01:38 +00:00
|
|
|
|
"protocol": [
|
|
|
|
|
"tls",
|
|
|
|
|
"http",
|
|
|
|
|
"quic"
|
|
|
|
|
],
|
|
|
|
|
"domain": [
|
|
|
|
|
"test.com"
|
|
|
|
|
],
|
|
|
|
|
"domain_suffix": [
|
|
|
|
|
".cn"
|
|
|
|
|
],
|
|
|
|
|
"domain_keyword": [
|
|
|
|
|
"test"
|
|
|
|
|
],
|
|
|
|
|
"domain_regex": [
|
|
|
|
|
"^stun\\..+"
|
|
|
|
|
],
|
|
|
|
|
"geosite": [
|
|
|
|
|
"cn"
|
|
|
|
|
],
|
|
|
|
|
"source_geoip": [
|
|
|
|
|
"private"
|
|
|
|
|
],
|
2024-02-03 09:45:27 +00:00
|
|
|
|
"geoip": [
|
|
|
|
|
"cn"
|
|
|
|
|
],
|
2022-07-08 09:01:38 +00:00
|
|
|
|
"source_ip_cidr": [
|
2022-08-25 14:22:20 +00:00
|
|
|
|
"10.0.0.0/24",
|
|
|
|
|
"192.168.0.1"
|
2022-07-08 09:01:38 +00:00
|
|
|
|
],
|
2023-12-01 05:24:18 +00:00
|
|
|
|
"source_ip_is_private": false,
|
2024-02-03 09:45:27 +00:00
|
|
|
|
"ip_cidr": [
|
|
|
|
|
"10.0.0.0/24",
|
|
|
|
|
"192.168.0.1"
|
|
|
|
|
],
|
|
|
|
|
"ip_is_private": false,
|
2022-07-08 09:01:38 +00:00
|
|
|
|
"source_port": [
|
|
|
|
|
12345
|
|
|
|
|
],
|
2022-07-27 04:03:07 +00:00
|
|
|
|
"source_port_range": [
|
|
|
|
|
"1000:2000",
|
|
|
|
|
":3000",
|
|
|
|
|
"4000:"
|
|
|
|
|
],
|
2022-07-08 09:01:38 +00:00
|
|
|
|
"port": [
|
|
|
|
|
80,
|
|
|
|
|
443
|
|
|
|
|
],
|
2022-07-27 04:03:07 +00:00
|
|
|
|
"port_range": [
|
|
|
|
|
"1000:2000",
|
|
|
|
|
":3000",
|
|
|
|
|
"4000:"
|
|
|
|
|
],
|
|
|
|
|
"process_name": [
|
|
|
|
|
"curl"
|
|
|
|
|
],
|
2022-08-31 06:33:52 +00:00
|
|
|
|
"process_path": [
|
|
|
|
|
"/usr/bin/curl"
|
|
|
|
|
],
|
2022-07-27 04:03:07 +00:00
|
|
|
|
"package_name": [
|
|
|
|
|
"com.termux"
|
|
|
|
|
],
|
|
|
|
|
"user": [
|
|
|
|
|
"sekai"
|
|
|
|
|
],
|
|
|
|
|
"user_id": [
|
|
|
|
|
1000
|
|
|
|
|
],
|
2022-09-10 14:42:20 +00:00
|
|
|
|
"clash_mode": "direct",
|
2023-11-09 09:04:08 +00:00
|
|
|
|
"wifi_ssid": [
|
|
|
|
|
"My WIFI"
|
|
|
|
|
],
|
|
|
|
|
"wifi_bssid": [
|
|
|
|
|
"00:00:00:00:00:00"
|
|
|
|
|
],
|
2023-12-01 05:24:18 +00:00
|
|
|
|
"rule_set": [
|
|
|
|
|
"geoip-cn",
|
|
|
|
|
"geosite-cn"
|
|
|
|
|
],
|
2024-02-21 06:27:55 +00:00
|
|
|
|
"rule_set_ipcidr_match_source": false,
|
2022-07-27 04:03:07 +00:00
|
|
|
|
"invert": false,
|
2022-07-08 09:01:38 +00:00
|
|
|
|
"outbound": [
|
|
|
|
|
"direct"
|
|
|
|
|
],
|
2022-07-27 04:03:07 +00:00
|
|
|
|
"server": "local",
|
2023-03-25 04:03:23 +00:00
|
|
|
|
"disable_cache": false,
|
2024-02-09 10:37:25 +00:00
|
|
|
|
"rewrite_ttl": 100,
|
2024-05-12 07:06:21 +00:00
|
|
|
|
"client_subnet": "127.0.0.1/24"
|
2022-07-08 09:01:38 +00:00
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"type": "logical",
|
|
|
|
|
"mode": "and",
|
|
|
|
|
"rules": [],
|
2022-07-27 04:03:07 +00:00
|
|
|
|
"server": "local",
|
2023-03-25 04:03:23 +00:00
|
|
|
|
"disable_cache": false,
|
2024-02-09 10:37:25 +00:00
|
|
|
|
"rewrite_ttl": 100,
|
2024-05-12 07:06:21 +00:00
|
|
|
|
"client_subnet": "127.0.0.1/24"
|
2022-07-08 09:01:38 +00:00
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
!!! note ""
|
|
|
|
|
|
|
|
|
|
You can ignore the JSON Array [] tag when the content is only one item
|
|
|
|
|
|
|
|
|
|
### Default Fields
|
|
|
|
|
|
|
|
|
|
!!! note ""
|
|
|
|
|
|
|
|
|
|
The default rule uses the following matching logic:
|
|
|
|
|
(`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `geosite`) &&
|
2022-09-14 14:03:26 +00:00
|
|
|
|
(`port` || `port_range`) &&
|
2023-12-01 05:24:18 +00:00
|
|
|
|
(`source_geoip` || `source_ip_cidr` || `source_ip_is_private`) &&
|
2022-09-14 14:03:26 +00:00
|
|
|
|
(`source_port` || `source_port_range`) &&
|
|
|
|
|
`other fields`
|
2022-07-08 09:01:38 +00:00
|
|
|
|
|
2023-12-01 05:24:18 +00:00
|
|
|
|
Additionally, included rule sets can be considered merged rather than as a single rule sub-item.
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
#### inbound
|
|
|
|
|
|
2023-12-14 14:23:52 +00:00
|
|
|
|
Tags of [Inbound](/configuration/inbound/).
|
2022-07-08 09:01:38 +00:00
|
|
|
|
|
2022-08-16 15:46:05 +00:00
|
|
|
|
#### ip_version
|
|
|
|
|
|
2022-08-24 08:23:21 +00:00
|
|
|
|
4 (A DNS query) or 6 (AAAA DNS query).
|
2022-08-16 15:46:05 +00:00
|
|
|
|
|
|
|
|
|
Not limited if empty.
|
|
|
|
|
|
2023-02-08 08:18:40 +00:00
|
|
|
|
#### query_type
|
|
|
|
|
|
|
|
|
|
DNS query type. Values can be integers or type name strings.
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
#### network
|
|
|
|
|
|
|
|
|
|
`tcp` or `udp`.
|
|
|
|
|
|
2022-08-24 08:23:21 +00:00
|
|
|
|
#### auth_user
|
2022-07-17 07:11:26 +00:00
|
|
|
|
|
|
|
|
|
Username, see each inbound for details.
|
|
|
|
|
|
|
|
|
|
#### protocol
|
|
|
|
|
|
|
|
|
|
Sniffed protocol, see [Sniff](/configuration/route/sniff/) for details.
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
#### domain
|
|
|
|
|
|
|
|
|
|
Match full domain.
|
|
|
|
|
|
|
|
|
|
#### domain_suffix
|
|
|
|
|
|
|
|
|
|
Match domain suffix.
|
|
|
|
|
|
|
|
|
|
#### domain_keyword
|
|
|
|
|
|
|
|
|
|
Match domain using keyword.
|
|
|
|
|
|
|
|
|
|
#### domain_regex
|
|
|
|
|
|
|
|
|
|
Match domain using regular expression.
|
|
|
|
|
|
|
|
|
|
#### geosite
|
|
|
|
|
|
2023-12-01 05:24:18 +00:00
|
|
|
|
!!! failure "Deprecated in sing-box 1.8.0"
|
|
|
|
|
|
|
|
|
|
Geosite is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geosite-to-rule-sets).
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
Match geosite.
|
|
|
|
|
|
|
|
|
|
#### source_geoip
|
|
|
|
|
|
2023-12-01 05:24:18 +00:00
|
|
|
|
!!! failure "Deprecated in sing-box 1.8.0"
|
|
|
|
|
|
|
|
|
|
GeoIP is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geoip-to-rule-sets).
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
Match source geoip.
|
|
|
|
|
|
|
|
|
|
#### source_ip_cidr
|
|
|
|
|
|
2023-12-01 05:24:18 +00:00
|
|
|
|
Match source IP CIDR.
|
|
|
|
|
|
|
|
|
|
#### source_ip_is_private
|
|
|
|
|
|
|
|
|
|
!!! question "Since sing-box 1.8.0"
|
|
|
|
|
|
|
|
|
|
Match non-public source IP.
|
2022-07-08 09:01:38 +00:00
|
|
|
|
|
|
|
|
|
#### source_port
|
|
|
|
|
|
|
|
|
|
Match source port.
|
|
|
|
|
|
2022-07-27 04:03:07 +00:00
|
|
|
|
#### source_port_range
|
|
|
|
|
|
|
|
|
|
Match source port range.
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
#### port
|
|
|
|
|
|
|
|
|
|
Match port.
|
|
|
|
|
|
2022-07-27 04:03:07 +00:00
|
|
|
|
#### port_range
|
|
|
|
|
|
|
|
|
|
Match port range.
|
|
|
|
|
|
|
|
|
|
#### process_name
|
|
|
|
|
|
2023-11-09 09:04:08 +00:00
|
|
|
|
!!! quote ""
|
2022-07-27 04:03:07 +00:00
|
|
|
|
|
|
|
|
|
Only supported on Linux, Windows, and macOS.
|
|
|
|
|
|
|
|
|
|
Match process name.
|
|
|
|
|
|
2022-08-31 06:33:52 +00:00
|
|
|
|
#### process_path
|
|
|
|
|
|
2023-11-09 09:04:08 +00:00
|
|
|
|
!!! quote ""
|
2022-08-31 06:33:52 +00:00
|
|
|
|
|
|
|
|
|
Only supported on Linux, Windows, and macOS.
|
|
|
|
|
|
|
|
|
|
Match process path.
|
|
|
|
|
|
2022-07-27 04:03:07 +00:00
|
|
|
|
#### package_name
|
|
|
|
|
|
|
|
|
|
Match android package name.
|
|
|
|
|
|
|
|
|
|
#### user
|
|
|
|
|
|
2023-11-09 09:04:08 +00:00
|
|
|
|
!!! quote ""
|
2022-07-27 04:03:07 +00:00
|
|
|
|
|
2022-08-09 08:36:17 +00:00
|
|
|
|
Only supported on Linux.
|
2022-07-27 04:03:07 +00:00
|
|
|
|
|
|
|
|
|
Match user name.
|
|
|
|
|
|
|
|
|
|
#### user_id
|
|
|
|
|
|
2023-11-09 09:04:08 +00:00
|
|
|
|
!!! quote ""
|
2022-07-27 04:03:07 +00:00
|
|
|
|
|
|
|
|
|
Only supported on Linux.
|
|
|
|
|
|
|
|
|
|
Match user id.
|
|
|
|
|
|
2022-09-10 14:42:20 +00:00
|
|
|
|
#### clash_mode
|
|
|
|
|
|
|
|
|
|
Match Clash mode.
|
|
|
|
|
|
2023-11-09 09:04:08 +00:00
|
|
|
|
#### wifi_ssid
|
|
|
|
|
|
|
|
|
|
!!! quote ""
|
|
|
|
|
|
2024-02-18 16:19:33 +00:00
|
|
|
|
Only supported in graphical clients on Android and Apple platforms.
|
2023-11-09 09:04:08 +00:00
|
|
|
|
|
|
|
|
|
Match WiFi SSID.
|
|
|
|
|
|
|
|
|
|
#### wifi_bssid
|
|
|
|
|
|
|
|
|
|
!!! quote ""
|
|
|
|
|
|
2024-02-18 16:19:33 +00:00
|
|
|
|
Only supported in graphical clients on Android and Apple platforms.
|
2023-11-09 09:04:08 +00:00
|
|
|
|
|
|
|
|
|
Match WiFi BSSID.
|
|
|
|
|
|
2023-12-01 05:24:18 +00:00
|
|
|
|
#### rule_set
|
|
|
|
|
|
|
|
|
|
!!! question "Since sing-box 1.8.0"
|
|
|
|
|
|
|
|
|
|
Match [Rule Set](/configuration/route/#rule_set).
|
|
|
|
|
|
2024-02-21 06:27:55 +00:00
|
|
|
|
#### rule_set_ipcidr_match_source
|
|
|
|
|
|
|
|
|
|
!!! question "Since sing-box 1.9.0"
|
|
|
|
|
|
|
|
|
|
Make `ipcidr` in rule sets match the source IP.
|
|
|
|
|
|
2022-07-27 04:03:07 +00:00
|
|
|
|
#### invert
|
|
|
|
|
|
|
|
|
|
Invert match result.
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
#### outbound
|
|
|
|
|
|
|
|
|
|
Match outbound.
|
|
|
|
|
|
2023-03-29 02:30:31 +00:00
|
|
|
|
`any` can be used as a value to match any outbound.
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
#### server
|
|
|
|
|
|
2022-07-27 04:03:07 +00:00
|
|
|
|
==Required==
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
Tag of the target dns server.
|
|
|
|
|
|
2022-07-27 04:03:07 +00:00
|
|
|
|
#### disable_cache
|
|
|
|
|
|
|
|
|
|
Disable cache and save cache in this query.
|
|
|
|
|
|
2023-03-25 04:03:23 +00:00
|
|
|
|
#### rewrite_ttl
|
|
|
|
|
|
|
|
|
|
Rewrite TTL in DNS responses.
|
|
|
|
|
|
2024-02-09 10:37:25 +00:00
|
|
|
|
#### client_subnet
|
|
|
|
|
|
|
|
|
|
!!! question "Since sing-box 1.9.0"
|
|
|
|
|
|
2024-05-12 07:06:21 +00:00
|
|
|
|
Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default.
|
|
|
|
|
|
|
|
|
|
If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically.
|
2024-02-09 10:37:25 +00:00
|
|
|
|
|
|
|
|
|
Will overrides `dns.client_subnet` and `servers.[].client_subnet`.
|
|
|
|
|
|
2024-02-03 09:45:27 +00:00
|
|
|
|
### Address Filter Fields
|
|
|
|
|
|
|
|
|
|
Only takes effect for IP address requests. When the query results do not match the address filtering rule items, the current rule will be skipped.
|
|
|
|
|
|
2024-02-14 12:42:58 +00:00
|
|
|
|
!!! info ""
|
2024-02-03 09:45:27 +00:00
|
|
|
|
|
|
|
|
|
`ip_cidr` items in included rule sets also takes effect as an address filtering field.
|
|
|
|
|
|
2024-02-14 12:42:58 +00:00
|
|
|
|
!!! note ""
|
|
|
|
|
|
|
|
|
|
Enable `experimental.cache_file.store_rdrc` to cache results.
|
|
|
|
|
|
2024-02-03 09:45:27 +00:00
|
|
|
|
#### geoip
|
|
|
|
|
|
|
|
|
|
!!! question "Since sing-box 1.9.0"
|
|
|
|
|
|
|
|
|
|
Match GeoIP with query response.
|
|
|
|
|
|
|
|
|
|
#### ip_cidr
|
|
|
|
|
|
|
|
|
|
!!! question "Since sing-box 1.9.0"
|
|
|
|
|
|
|
|
|
|
Match IP CIDR with query response.
|
|
|
|
|
|
|
|
|
|
#### ip_is_private
|
|
|
|
|
|
|
|
|
|
!!! question "Since sing-box 1.9.0"
|
|
|
|
|
|
|
|
|
|
Match private IP with query response.
|
|
|
|
|
|
2022-07-08 09:01:38 +00:00
|
|
|
|
### Logical Fields
|
|
|
|
|
|
|
|
|
|
#### type
|
|
|
|
|
|
|
|
|
|
`logical`
|
|
|
|
|
|
|
|
|
|
#### mode
|
|
|
|
|
|
|
|
|
|
`and` or `or`
|
|
|
|
|
|
|
|
|
|
#### rules
|
|
|
|
|
|
2023-12-01 05:24:18 +00:00
|
|
|
|
Included rules.
|