--- icon: material/new-box --- !!! quote "Changes in sing-box 1.10.0" :material-delete-clock: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) :material-plus: [rule_set_ip_cidr_match_source](#rule_set_ip_cidr_match_source) :material-plus: [rule_set_ip_cidr_accept_empty](#rule_set_ip_cidr_accept_empty) :material-plus: [process_path_regex](#process_path_regex) !!! quote "Changes in sing-box 1.9.0" :material-plus: [geoip](#geoip) :material-plus: [ip_cidr](#ip_cidr) :material-plus: [ip_is_private](#ip_is_private) :material-plus: [client_subnet](#client_subnet) :material-plus: [rule_set_ipcidr_match_source](#rule_set_ipcidr_match_source) !!! quote "Changes in sing-box 1.8.0" :material-plus: [rule_set](#rule_set) :material-plus: [source_ip_is_private](#source_ip_is_private) :material-delete-clock: [geoip](#geoip) :material-delete-clock: [geosite](#geosite) ### Structure ```json { "dns": { "rules": [ { "inbound": [ "mixed-in" ], "ip_version": 6, "query_type": [ "A", "HTTPS", 32768 ], "network": "tcp", "auth_user": [ "usera", "userb" ], "protocol": [ "tls", "http", "quic" ], "domain": [ "test.com" ], "domain_suffix": [ ".cn" ], "domain_keyword": [ "test" ], "domain_regex": [ "^stun\\..+" ], "geosite": [ "cn" ], "source_geoip": [ "private" ], "geoip": [ "cn" ], "source_ip_cidr": [ "10.0.0.0/24", "192.168.0.1" ], "source_ip_is_private": false, "ip_cidr": [ "10.0.0.0/24", "192.168.0.1" ], "ip_is_private": false, "source_port": [ 12345 ], "source_port_range": [ "1000:2000", ":3000", "4000:" ], "port": [ 80, 443 ], "port_range": [ "1000:2000", ":3000", "4000:" ], "process_name": [ "curl" ], "process_path": [ "/usr/bin/curl" ], "process_path_regex": [ "^/usr/bin/.+" ], "package_name": [ "com.termux" ], "user": [ "sekai" ], "user_id": [ 1000 ], "clash_mode": "direct", "wifi_ssid": [ "My WIFI" ], "wifi_bssid": [ "00:00:00:00:00:00" ], "rule_set": [ "geoip-cn", "geosite-cn" ], // deprecated "rule_set_ipcidr_match_source": false, "rule_set_ip_cidr_match_source": false, "rule_set_ip_cidr_accept_empty": false, "invert": false, "outbound": [ "direct" ], "server": "local", "disable_cache": false, "rewrite_ttl": 100, "client_subnet": "127.0.0.1/24" }, { "type": "logical", "mode": "and", "rules": [], "server": "local", "disable_cache": false, "rewrite_ttl": 100, "client_subnet": "127.0.0.1/24" } ] } } ``` !!! note "" You can ignore the JSON Array [] tag when the content is only one item ### Default Fields !!! note "" The default rule uses the following matching logic: (`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `geosite`) && (`port` || `port_range`) && (`source_geoip` || `source_ip_cidr` || `source_ip_is_private`) && (`source_port` || `source_port_range`) && `other fields` Additionally, included rule-sets can be considered merged rather than as a single rule sub-item. #### inbound Tags of [Inbound](/configuration/inbound/). #### ip_version 4 (A DNS query) or 6 (AAAA DNS query). Not limited if empty. #### query_type DNS query type. Values can be integers or type name strings. #### network `tcp` or `udp`. #### auth_user Username, see each inbound for details. #### protocol Sniffed protocol, see [Sniff](/configuration/route/sniff/) for details. #### domain Match full domain. #### domain_suffix Match domain suffix. #### domain_keyword Match domain using keyword. #### domain_regex Match domain using regular expression. #### geosite !!! failure "Deprecated in sing-box 1.8.0" Geosite is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geosite-to-rule-sets). Match geosite. #### source_geoip !!! failure "Deprecated in sing-box 1.8.0" GeoIP is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geoip-to-rule-sets). Match source geoip. #### source_ip_cidr Match source IP CIDR. #### source_ip_is_private !!! question "Since sing-box 1.8.0" Match non-public source IP. #### source_port Match source port. #### source_port_range Match source port range. #### port Match port. #### port_range Match port range. #### process_name !!! quote "" Only supported on Linux, Windows, and macOS. Match process name. #### process_path !!! quote "" Only supported on Linux, Windows, and macOS. Match process path. #### process_path_regex !!! question "Since sing-box 1.10.0" !!! quote "" Only supported on Linux, Windows, and macOS. Match process path using regular expression. #### package_name Match android package name. #### user !!! quote "" Only supported on Linux. Match user name. #### user_id !!! quote "" Only supported on Linux. Match user id. #### clash_mode Match Clash mode. #### wifi_ssid !!! quote "" Only supported in graphical clients on Android and Apple platforms. Match WiFi SSID. #### wifi_bssid !!! quote "" Only supported in graphical clients on Android and Apple platforms. Match WiFi BSSID. #### rule_set !!! question "Since sing-box 1.8.0" Match [rule-set](/configuration/route/#rule_set). #### rule_set_ipcidr_match_source !!! question "Since sing-box 1.9.0" !!! failure "Deprecated in sing-box 1.10.0" `rule_set_ipcidr_match_source` is renamed to `rule_set_ip_cidr_match_source` and will be remove in sing-box 1.11.0. Make `ip_cidr` rule items in rule-sets match the source IP. #### rule_set_ip_cidr_match_source !!! question "Since sing-box 1.10.0" Make `ip_cidr` rule items in rule-sets match the source IP. #### invert Invert match result. #### outbound Match outbound. `any` can be used as a value to match any outbound. #### server ==Required== Tag of the target dns server. #### disable_cache Disable cache and save cache in this query. #### rewrite_ttl Rewrite TTL in DNS responses. #### client_subnet !!! question "Since sing-box 1.9.0" Append a `edns0-subnet` OPT extra record with the specified IP prefix to every query by default. If value is an IP address instead of prefix, `/32` or `/128` will be appended automatically. Will overrides `dns.client_subnet` and `servers.[].client_subnet`. ### Address Filter Fields Only takes effect for address requests (A/AAAA/HTTPS). When the query results do not match the address filtering rule items, the current rule will be skipped. !!! info "" `ip_cidr` items in included rule-sets also takes effect as an address filtering field. !!! note "" Enable `experimental.cache_file.store_rdrc` to cache results. #### geoip !!! question "Since sing-box 1.9.0" Match GeoIP with query response. #### ip_cidr !!! question "Since sing-box 1.9.0" Match IP CIDR with query response. #### ip_is_private !!! question "Since sing-box 1.9.0" Match private IP with query response. #### rule_set_ip_cidr_accept_empty !!! question "Since sing-box 1.10.0" Make `ip_cidr` rules in rule-sets accept empty query response. ### Logical Fields #### type `logical` #### mode `and` or `or` #### rules Included rules.