6.4 KiB
icon |
---|
material/new-box |
!!! quote "Changes in sing-box 1.9.0"
:material-plus: [geoip](#geoip)
:material-plus: [ip_cidr](#ip_cidr)
:material-plus: [ip_is_private](#ip_is_private)
:material-plus: [client_subnet](#client_subnet)
!!! quote "Changes in sing-box 1.8.0"
:material-plus: [rule_set](#rule_set)
:material-plus: [source_ip_is_private](#source_ip_is_private)
:material-delete-clock: [geoip](#geoip)
:material-delete-clock: [geosite](#geosite)
Structure
{
"dns": {
"rules": [
{
"inbound": [
"mixed-in"
],
"ip_version": 6,
"query_type": [
"A",
"HTTPS",
32768
],
"network": "tcp",
"auth_user": [
"usera",
"userb"
],
"protocol": [
"tls",
"http",
"quic"
],
"domain": [
"test.com"
],
"domain_suffix": [
".cn"
],
"domain_keyword": [
"test"
],
"domain_regex": [
"^stun\\..+"
],
"geosite": [
"cn"
],
"source_geoip": [
"private"
],
"geoip": [
"cn"
],
"source_ip_cidr": [
"10.0.0.0/24",
"192.168.0.1"
],
"source_ip_is_private": false,
"ip_cidr": [
"10.0.0.0/24",
"192.168.0.1"
],
"ip_is_private": false,
"source_port": [
12345
],
"source_port_range": [
"1000:2000",
":3000",
"4000:"
],
"port": [
80,
443
],
"port_range": [
"1000:2000",
":3000",
"4000:"
],
"process_name": [
"curl"
],
"process_path": [
"/usr/bin/curl"
],
"package_name": [
"com.termux"
],
"user": [
"sekai"
],
"user_id": [
1000
],
"clash_mode": "direct",
"wifi_ssid": [
"My WIFI"
],
"wifi_bssid": [
"00:00:00:00:00:00"
],
"rule_set": [
"geoip-cn",
"geosite-cn"
],
"invert": false,
"outbound": [
"direct"
],
"server": "local",
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1"
},
{
"type": "logical",
"mode": "and",
"rules": [],
"server": "local",
"disable_cache": false,
"rewrite_ttl": 100,
"client_subnet": "127.0.0.1"
}
]
}
}
!!! note ""
You can ignore the JSON Array [] tag when the content is only one item
Default Fields
!!! note ""
The default rule uses the following matching logic:
(`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `geosite`) &&
(`port` || `port_range`) &&
(`source_geoip` || `source_ip_cidr` || `source_ip_is_private`) &&
(`source_port` || `source_port_range`) &&
`other fields`
Additionally, included rule sets can be considered merged rather than as a single rule sub-item.
inbound
Tags of Inbound.
ip_version
4 (A DNS query) or 6 (AAAA DNS query).
Not limited if empty.
query_type
DNS query type. Values can be integers or type name strings.
network
tcp
or udp
.
auth_user
Username, see each inbound for details.
protocol
Sniffed protocol, see Sniff for details.
domain
Match full domain.
domain_suffix
Match domain suffix.
domain_keyword
Match domain using keyword.
domain_regex
Match domain using regular expression.
geosite
!!! failure "Deprecated in sing-box 1.8.0"
Geosite is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geosite-to-rule-sets).
Match geosite.
source_geoip
!!! failure "Deprecated in sing-box 1.8.0"
GeoIP is deprecated and may be removed in the future, check [Migration](/migration/#migrate-geoip-to-rule-sets).
Match source geoip.
source_ip_cidr
Match source IP CIDR.
source_ip_is_private
!!! question "Since sing-box 1.8.0"
Match non-public source IP.
source_port
Match source port.
source_port_range
Match source port range.
port
Match port.
port_range
Match port range.
process_name
!!! quote ""
Only supported on Linux, Windows, and macOS.
Match process name.
process_path
!!! quote ""
Only supported on Linux, Windows, and macOS.
Match process path.
package_name
Match android package name.
user
!!! quote ""
Only supported on Linux.
Match user name.
user_id
!!! quote ""
Only supported on Linux.
Match user id.
clash_mode
Match Clash mode.
wifi_ssid
!!! quote ""
Only supported in graphical clients on Android and iOS.
Match WiFi SSID.
wifi_bssid
!!! quote ""
Only supported in graphical clients on Android and iOS.
Match WiFi BSSID.
rule_set
!!! question "Since sing-box 1.8.0"
Match Rule Set.
invert
Invert match result.
outbound
Match outbound.
any
can be used as a value to match any outbound.
server
==Required==
Tag of the target dns server.
disable_cache
Disable cache and save cache in this query.
rewrite_ttl
Rewrite TTL in DNS responses.
client_subnet
!!! question "Since sing-box 1.9.0"
Append a edns0-subnet
OPT extra record with the specified IP address to every query by default.
Will overrides dns.client_subnet
and servers.[].client_subnet
.
Address Filter Fields
Only takes effect for IP address requests. When the query results do not match the address filtering rule items, the current rule will be skipped.
!!! info ""
`ip_cidr` items in included rule sets also takes effect as an address filtering field.
!!! note ""
Enable `experimental.cache_file.store_rdrc` to cache results.
geoip
!!! question "Since sing-box 1.9.0"
Match GeoIP with query response.
ip_cidr
!!! question "Since sing-box 1.9.0"
Match IP CIDR with query response.
ip_is_private
!!! question "Since sing-box 1.9.0"
Match private IP with query response.
Logical Fields
type
logical
mode
and
or or
rules
Included rules.