mirror of
https://github.com/SagerNet/sing-box.git
synced 2025-01-11 10:29:41 +00:00
140 lines
2.4 KiB
Markdown
140 lines
2.4 KiB
Markdown
|
---
|
||
|
icon: material/new-box
|
||
|
---
|
||
|
|
||
|
# Rule Action
|
||
|
|
||
|
!!! question "Since sing-box 1.11.0"
|
||
|
|
||
|
## Final actions
|
||
|
|
||
|
### route
|
||
|
|
||
|
```json
|
||
|
{
|
||
|
"action": "route", // default
|
||
|
"outbound": ""
|
||
|
}
|
||
|
```
|
||
|
|
||
|
`route` inherits the classic rule behavior of routing connection to the specified outbound.
|
||
|
|
||
|
#### outbound
|
||
|
|
||
|
==Required==
|
||
|
|
||
|
Tag of target outbound.
|
||
|
|
||
|
### route-options
|
||
|
|
||
|
```json
|
||
|
{
|
||
|
"action": "route-options",
|
||
|
"udp_disable_domain_unmapping": false,
|
||
|
"udp_connect": false
|
||
|
}
|
||
|
```
|
||
|
|
||
|
`route-options` set options for routing.
|
||
|
|
||
|
#### udp_disable_domain_unmapping
|
||
|
|
||
|
If enabled, for UDP proxy requests addressed to a domain,
|
||
|
the original packet address will be sent in the response instead of the mapped domain.
|
||
|
|
||
|
This option is used for compatibility with clients that
|
||
|
do not support receiving UDP packets with domain addresses, such as Surge.
|
||
|
|
||
|
#### udp_connect
|
||
|
|
||
|
If enabled, attempts to connect UDP connection to the destination instead of listen.
|
||
|
|
||
|
### reject
|
||
|
|
||
|
```json
|
||
|
{
|
||
|
"action": "reject",
|
||
|
"method": "default", // default
|
||
|
"no_drop": false
|
||
|
}
|
||
|
```
|
||
|
|
||
|
`reject` reject connections
|
||
|
|
||
|
The specified method is used for reject tun connections if `sniff` action has not been performed yet.
|
||
|
|
||
|
For non-tun connections and already established connections, will just be closed.
|
||
|
|
||
|
#### method
|
||
|
|
||
|
- `default`: Reply with TCP RST for TCP connections, and ICMP port unreachable for UDP packets.
|
||
|
- `drop`: Drop packets.
|
||
|
|
||
|
#### no_drop
|
||
|
|
||
|
If not enabled, `method` will be temporarily overwritten to `drop` after 50 triggers in 30s.
|
||
|
|
||
|
Not available when `method` is set to drop.
|
||
|
|
||
|
### hijack-dns
|
||
|
|
||
|
```json
|
||
|
{
|
||
|
"action": "hijack-dns"
|
||
|
}
|
||
|
```
|
||
|
|
||
|
`hijack-dns` hijack DNS requests to the sing-box DNS module.
|
||
|
|
||
|
## Non-final actions
|
||
|
|
||
|
### sniff
|
||
|
|
||
|
```json
|
||
|
{
|
||
|
"action": "sniff",
|
||
|
"sniffer": [],
|
||
|
"timeout": ""
|
||
|
}
|
||
|
```
|
||
|
|
||
|
`sniff` performs protocol sniffing on connections.
|
||
|
|
||
|
For deprecated `inbound.sniff` options, it is considered to `sniff()` performed before routing.
|
||
|
|
||
|
#### sniffer
|
||
|
|
||
|
Enabled sniffers.
|
||
|
|
||
|
All sniffers enabled by default.
|
||
|
|
||
|
Available protocol values an be found on in [Protocol Sniff](../sniff/)
|
||
|
|
||
|
#### timeout
|
||
|
|
||
|
Timeout for sniffing.
|
||
|
|
||
|
`300ms` is used by default.
|
||
|
|
||
|
### resolve
|
||
|
|
||
|
```json
|
||
|
{
|
||
|
"action": "resolve",
|
||
|
"strategy": "",
|
||
|
"server": ""
|
||
|
}
|
||
|
```
|
||
|
|
||
|
`resolve` resolve request destination from domain to IP addresses.
|
||
|
|
||
|
#### strategy
|
||
|
|
||
|
DNS resolution strategy, available values are: `prefer_ipv4`, `prefer_ipv6`, `ipv4_only`, `ipv6_only`.
|
||
|
|
||
|
`dns.strategy` will be used by default.
|
||
|
|
||
|
#### server
|
||
|
|
||
|
Specifies DNS server tag to use instead of selecting through DNS routing.
|