abdulbasetbasher · January 26, 2024 09:28
diff --git a/c.yml b/c.yml
 # port: 7890 # HTTP(S) 代理服务器端口
 # socks-port: 7891 # SOCKS5 代理端口
 mixed-port: 10801 # HTTP(S) 和 SOCKS 代理混合端口
 # redir-port: 7892 # 透明代理端口，用于 Linux 和 MacOS
 # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
 # tproxy-port: 7893
 allow-lan: true # 允许局域网连接
 bind-address: "*" # 绑定 IP 地址，仅作用于 allow-lan 为 true，'*'表示所有地址
 # find-process-mode has 3 values:always, strict, off
 # - always, 开启，强制匹配所有进程
 # - strict, 默认，由 clash 判断是否开启
 # - off, 不匹配进程，推荐在路由器上使用此模式
 find-process-mode: strict
 mode: rule
 #自定义 geodata url
 geox-url:
  geoip: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat"
  geosite: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat"
  mmdb: "https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb"
 log-level: debug # 日志等级 silent/error/warning/info/debug
 ipv6: true # 开启 IPv6 总开关，关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录
 external-controller: 0.0.0.0:9093 # RESTful API 监听地址
 secret: "123456" # RESTful API的密码 (可选)
 # tcp-concurrent: true # TCP 并发连接所有 IP, 将使用最快握手的 TCP
 #external-ui: /path/to/ui/folder # 配置 WEB UI 目录，使用 http://{{external-controller}}/ui 访问
 # interface-name: en0 # 设置出口网卡
 # 全局 TLS 指纹，优先低于 proxy 内的 client-fingerprint
 # 可选： "chrome","firefox","safari","ios","random","none" options.
 # Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
 global-client-fingerprint: chrome
 # routing-mark:6666 # 配置 fwmark 仅用于 Linux
 # 实验性选择
 # experimental:
 # 类似于 /etc/hosts, 仅支持配置单个 IP
 # hosts:
  # '*.clash.dev': 127.0.0.1
  # '.dev': 127.0.0.1
  # 'alpha.clash.dev': '::1'
  # test.com: [1.1.1.1, 2.2.2.2]
  # clash.lan: clash # clash 为特别字段，将加入本地所有网卡的地址
  # baidu.com: google.com # 只允许配置一个别名
 profile: # 存储 select 选择记录
  store-selected: true
  # 持久化 fake-ip
  store-fake-ip: true
 # 嗅探域名
 sniffer:
  enable: true
  sniffing:
    - tls
    - http
  # 强制对此域名进行嗅探
 dns:
  enable: true #开启Clash内置DNS服务器，默认为false
  prefer-h3: true # 开启 DoH 支持 HTTP/3，将并发尝试
  listen: 0.0.0.0:53 # 开启 DNS 服务器监听
  ipv6: true # false 将返回 AAAA 的空结果 
  # ipv6-timeout: 300 # 单位：ms，内部双栈并发时，向上游查询 AAAA 时，等待 AAAA 的时间，默认 100ms
  # 解析nameserver和fallback的DNS服务器
  # 填入纯IP的DNS服务器
  default-nameserver:
    - 114.114.114.114
    - 223.5.5.5
  enhanced-mode: fake-ip # 模式fake-ip
  fake-ip-range: 198.18.0.1/16 # fake-ip 池设置
  # use-hosts: true # 查询 hosts
  # 配置不使用fake-ip的域名
  fake-ip-filter:
    - "*.lan"
    - "*.localdomain"
    - "*.example"
    - "*.invalid"
    - "*.localhost"
    - "*.test"
    - "*.local"
    - "*.home.arpa"
    - time.*.com
    - time.*.gov
    - time.*.edu.cn
    - time.*.apple.com
    - time1.*.com
    - time2.*.com
    - time3.*.com
    - time4.*.com
    - time5.*.com
    - time6.*.com
    - time7.*.com
    - ntp.*.com
    - ntp1.*.com
    - ntp2.*.com
    - ntp3.*.com
    - ntp4.*.com
    - ntp5.*.com
    - ntp6.*.com
    - ntp7.*.com
    - "*.time.edu.cn"
    - "*.ntp.org.cn"
    - "+.pool.ntp.org"
    - music.163.com
    - "*.music.163.com"
    - "*.126.net"
    - musicapi.taihe.com
    - music.taihe.com
    - songsearch.kugou.com
    - trackercdn.kugou.com
    - "*.kuwo.cn"
    - api-jooxtt.sanook.com
    - api.joox.com
    - joox.com
    - y.qq.com
    - "*.y.qq.com"
    - streamoc.music.tc.qq.com
    - mobileoc.music.tc.qq.com
    - isure.stream.qqmusic.qq.com
    - dl.stream.qqmusic.qq.com
    - aqqmusic.tc.qq.com
    - amobile.music.tc.qq.com
    - "*.xiami.com"
    - "*.music.migu.cn"
    - music.migu.cn
    - "*.msftconnecttest.com"
    - "*.msftncsi.com"
    - msftconnecttest.com
    - msftncsi.com
    - localhost.ptlogin2.qq.com
    - localhost.sec.qq.com
    - "+.srv.nintendo.net"
    - "+.stun.playstation.net"
    - xbox.*.microsoft.com
    - xnotify.xboxlive.com
    - "+.battlenet.com.cn"
    - "+.wotgame.cn"
    - "+.wggames.cn"
    - "+.wowsgame.cn"
    - "+.jd.com"
    - "+.wargaming.net"
    - proxy.golang.org
    - stun.*.*
    - stun.*.*.*
    - "+.stun.*.*"
    - "+.stun.*.*.*"
    - "+.stun.*.*.*.*"
    - heartbeat.belkin.com
    - "*.linksys.com"
    - "*.linksyssmartwifi.com"
    - "*.router.asus.com"
    - mesu.apple.com
    - swscan.apple.com
    - swquery.apple.com
    - swdownload.apple.com
    - swcdn.apple.com
    - swdist.apple.com
    - lens.l.google.com
    - stun.l.google.com
    - "+.nflxvideo.net"
    - "*.square-enix.com"
    - "*.finalfantasyxiv.com"
    - "*.ffxiv.com"
    - '*.mcdn.bilivideo.cn' 
  # DNS主要域名配置
  # 支持 UDP，TCP，DoT，DoH，DoQ
  # 这部分为主要 DNS 配置，影响所有直连，确保使用对大陆解析精准的 DNS
  nameserver:
    - 114.114.114.114 # default value
    - 223.5.5.5
    - 119.29.29.29
    - https://doh.360.cn/dns-query
    - https://doh.pub/dns-query # DNS over HTTPS
    - https://dns.alidns.com/dns-query # 强制 HTTP/3，与 perfer-h3 无关，强制开启 DoH 的 HTTP/3 支持，若不支持将无法使用
  # 当配置 fallback 时，会查询 nameserver 中返回的 IP 是否为 CN，非必要配置
  # 当不是 CN，则使用 fallback 中的 DNS 查询结果
  # 确保配置 fallback 时能够正常查询
  fallback:
    - 219.141.136.10
    - 8.8.8.8
    - 1.1.1.1
    - https://cloudflare-dns.com/dns-query
    - https://dns.google/dns-query
  # 配置 fallback 使用条件
  fallback-filter:
    geoip: false # 配置是否使用 geoip
    geoip-code: CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时，不使用 fallback 中的 DNS 查询结果
  # 如果不匹配 ipcidr 则使用 nameservers 中的结果
    ipcidr:
      - 240.0.0.0/4
    domain:
      - "+.google.com"
      - "+.facebook.com"
      - "+.youtube.com"
      - "+.githubusercontent.com"
      - "+.googlevideo.com"
 proxies: 
 - name: ShadowTLS v3
  type: ss
  server: 84.247.164.78 #VPS IP地址
  port: 443 #监听端口
  cipher: 2022-blake3-chacha20-poly1305 #shadowsocks节点的加密方式
  password: "NZew3ZrmZjxullszmAKtfu+pZh0F1dxnIPcwlaStjyI=" #shadowsocks节点的密码
  plugin: shadow-tls
  client-fingerprint: chrome
  plugin-opts:
    host: "www.apple.com" #握手服务器地址
    password: "EWqVfMoYK8GiIk0e9+gOcoHGuZBTKXmFNEqbHE/vt4E="   #ShadowTLS密码
    version: 3 # support 1/2/3
 proxy-groups: 
 - name: PROXY
  type: select
  proxies:
    - ShadowTLS v3
 rule-providers:
  reject:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400
  icloud:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
    path: ./ruleset/icloud.yaml
    interval: 86400
  apple:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    path: ./ruleset/apple.yaml
    interval: 86400
  proxy:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    path: ./ruleset/proxy.yaml
    interval: 86400
  direct:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    path: ./ruleset/direct.yaml
    interval: 86400
  private:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    path: ./ruleset/private.yaml
    interval: 86400
  gfw:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
    path: ./ruleset/gfw.yaml
    interval: 86400
  greatfire:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt"
    path: ./ruleset/greatfire.yaml
    interval: 86400
  tld-not-cn:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
    path: ./ruleset/tld-not-cn.yaml
    interval: 86400
  telegramcidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
    path: ./ruleset/telegramcidr.yaml
    interval: 86400
  cncidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
    path: ./ruleset/cncidr.yaml
    interval: 86400
  lancidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
    path: ./ruleset/lancidr.yaml
    interval: 86400
  applications:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
    path: ./ruleset/applications.yaml
    interval: 86400
 rules:
  - RULE-SET,applications,DIRECT
  - DOMAIN,clash.razord.top,DIRECT
  - DOMAIN,yacd.haishan.me,DIRECT
  - DOMAIN-SUFFIX,services.googleapis.cn,DIRECT
  - DOMAIN-SUFFIX,xn--ngstr-lra8j.com,DIRECT
  - RULE-SET,private,DIRECT
  - RULE-SET,reject,REJECT
  - RULE-SET,icloud,DIRECT
  - RULE-SET,apple,DIRECT
  - RULE-SET,proxy,PROXY
  - RULE-SET,direct,DIRECT
  - RULE-SET,lancidr,DIRECT
  - RULE-SET,cncidr,DIRECT
  - RULE-SET,telegramcidr,PROXY
  - GEOIP,LAN,DIRECT
  - GEOIP,CN,DIRECT
  - MATCH,PROXY
	# port: 7890 # HTTP(S) 代理服务器端口
	# socks-port: 7891 # SOCKS5 代理端口
	mixed-port: 10801 # HTTP(S) 和 SOCKS 代理混合端口
	# redir-port: 7892 # 透明代理端口，用于 Linux 和 MacOS
	# Transparent proxy server port for Linux (TProxy TCP and TProxy UDP)
	# tproxy-port: 7893
	allow-lan: true # 允许局域网连接
	bind-address: "" # 绑定 IP 地址，仅作用于 allow-lan 为 true，''表示所有地址
	# find-process-mode has 3 values:always, strict, off
	# - always, 开启，强制匹配所有进程
	# - strict, 默认，由 clash 判断是否开启
	# - off, 不匹配进程，推荐在路由器上使用此模式
	find-process-mode: strict
	mode: rule
	#自定义 geodata url
	geox-url:
	geoip: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geoip.dat"
	geosite: "https://cdn.jsdelivr.net/gh/Loyalsoldier/v2ray-rules-dat@release/geosite.dat"
	mmdb: "https://cdn.jsdelivr.net/gh/Loyalsoldier/geoip@release/Country.mmdb"
	log-level: debug # 日志等级 silent/error/warning/info/debug
	ipv6: true # 开启 IPv6 总开关，关闭阻断所有 IPv6 链接和屏蔽 DNS 请求 AAAA 记录
	external-controller: 0.0.0.0:9093 # RESTful API 监听地址
	secret: "123456" # RESTful API的密码 (可选)
	# tcp-concurrent: true # TCP 并发连接所有 IP, 将使用最快握手的 TCP
	#external-ui: /path/to/ui/folder # 配置 WEB UI 目录，使用 http://{{external-controller}}/ui 访问
	# interface-name: en0 # 设置出口网卡
	# 全局 TLS 指纹，优先低于 proxy 内的 client-fingerprint
	# 可选： "chrome","firefox","safari","ios","random","none" options.
	# Utls is currently support TLS transport in TCP/grpc/WS/HTTP for VLESS/Vmess and trojan.
	global-client-fingerprint: chrome
	# routing-mark:6666 # 配置 fwmark 仅用于 Linux
	# 实验性选择
	# experimental:
	# 类似于 /etc/hosts, 仅支持配置单个 IP
	# hosts:
	# '*.clash.dev': 127.0.0.1
	# '.dev': 127.0.0.1
	# 'alpha.clash.dev': '::1'
	# test.com: [1.1.1.1, 2.2.2.2]
	# clash.lan: clash # clash 为特别字段，将加入本地所有网卡的地址
	# baidu.com: google.com # 只允许配置一个别名
	profile: # 存储 select 选择记录
	store-selected: true
	# 持久化 fake-ip
	store-fake-ip: true
	# 嗅探域名
	sniffer:
	enable: true
	sniffing:
	- tls
	- http
	# 强制对此域名进行嗅探
	dns:
	enable: true #开启Clash内置DNS服务器，默认为false
	prefer-h3: true # 开启 DoH 支持 HTTP/3，将并发尝试
	listen: 0.0.0.0:53 # 开启 DNS 服务器监听
	ipv6: true # false 将返回 AAAA 的空结果
	# ipv6-timeout: 300 # 单位：ms，内部双栈并发时，向上游查询 AAAA 时，等待 AAAA 的时间，默认 100ms
	# 解析nameserver和fallback的DNS服务器
	# 填入纯IP的DNS服务器
	default-nameserver:
	- 114.114.114.114
	- 223.5.5.5
	enhanced-mode: fake-ip # 模式fake-ip
	fake-ip-range: 198.18.0.1/16 # fake-ip 池设置
	# use-hosts: true # 查询 hosts
	# 配置不使用fake-ip的域名
	fake-ip-filter:
	- "*.lan"
	- "*.localdomain"
	- "*.example"
	- "*.invalid"
	- "*.localhost"
	- "*.test"
	- "*.local"
	- "*.home.arpa"
	- time.*.com
	- time.*.gov
	- time.*.edu.cn
	- time.*.apple.com
	- time1.*.com
	- time2.*.com
	- time3.*.com
	- time4.*.com
	- time5.*.com
	- time6.*.com
	- time7.*.com
	- ntp.*.com
	- ntp1.*.com
	- ntp2.*.com
	- ntp3.*.com
	- ntp4.*.com
	- ntp5.*.com
	- ntp6.*.com
	- ntp7.*.com
	- "*.time.edu.cn"
	- "*.ntp.org.cn"
	- "+.pool.ntp.org"
	- music.163.com
	- "*.music.163.com"
	- "*.126.net"
	- musicapi.taihe.com
	- music.taihe.com
	- songsearch.kugou.com
	- trackercdn.kugou.com
	- "*.kuwo.cn"
	- api-jooxtt.sanook.com
	- api.joox.com
	- joox.com
	- y.qq.com
	- "*.y.qq.com"
	- streamoc.music.tc.qq.com
	- mobileoc.music.tc.qq.com
	- isure.stream.qqmusic.qq.com
	- dl.stream.qqmusic.qq.com
	- aqqmusic.tc.qq.com
	- amobile.music.tc.qq.com
	- "*.xiami.com"
	- "*.music.migu.cn"
	- music.migu.cn
	- "*.msftconnecttest.com"
	- "*.msftncsi.com"
	- msftconnecttest.com
	- msftncsi.com
	- localhost.ptlogin2.qq.com
	- localhost.sec.qq.com
	- "+.srv.nintendo.net"
	- "+.stun.playstation.net"
	- xbox.*.microsoft.com
	- xnotify.xboxlive.com
	- "+.battlenet.com.cn"
	- "+.wotgame.cn"
	- "+.wggames.cn"
	- "+.wowsgame.cn"
	- "+.jd.com"
	- "+.wargaming.net"
	- proxy.golang.org
	- stun..
	- stun...*
	- "+.stun.."
	- "+.stun...*"
	- "+.stun...."
	- heartbeat.belkin.com
	- "*.linksys.com"
	- "*.linksyssmartwifi.com"
	- "*.router.asus.com"
	- mesu.apple.com
	- swscan.apple.com
	- swquery.apple.com
	- swdownload.apple.com
	- swcdn.apple.com
	- swdist.apple.com
	- lens.l.google.com
	- stun.l.google.com
	- "+.nflxvideo.net"
	- "*.square-enix.com"
	- "*.finalfantasyxiv.com"
	- "*.ffxiv.com"
	- '*.mcdn.bilivideo.cn'
	# DNS主要域名配置
	# 支持 UDP，TCP，DoT，DoH，DoQ
	# 这部分为主要 DNS 配置，影响所有直连，确保使用对大陆解析精准的 DNS
	nameserver:
	- 114.114.114.114 # default value
	- 223.5.5.5
	- 119.29.29.29
	- https://doh.360.cn/dns-query
	- https://doh.pub/dns-query # DNS over HTTPS
	- https://dns.alidns.com/dns-query # 强制 HTTP/3，与 perfer-h3 无关，强制开启 DoH 的 HTTP/3 支持，若不支持将无法使用
	# 当配置 fallback 时，会查询 nameserver 中返回的 IP 是否为 CN，非必要配置
	# 当不是 CN，则使用 fallback 中的 DNS 查询结果
	# 确保配置 fallback 时能够正常查询
	fallback:
	- 219.141.136.10
	- 8.8.8.8
	- 1.1.1.1
	- https://cloudflare-dns.com/dns-query
	- https://dns.google/dns-query
	# 配置 fallback 使用条件
	fallback-filter:
	geoip: false # 配置是否使用 geoip
	geoip-code: CN # 当 nameserver 域名的 IP 查询 geoip 库为 CN 时，不使用 fallback 中的 DNS 查询结果
	# 如果不匹配 ipcidr 则使用 nameservers 中的结果
	ipcidr:
	- 240.0.0.0/4
	domain:
	- "+.google.com"
	- "+.facebook.com"
	- "+.youtube.com"
	- "+.githubusercontent.com"
	- "+.googlevideo.com"
	proxies:
	- name: ShadowTLS v3
	type: ss
	server: 84.247.164.78 #VPS IP地址
	port: 443 #监听端口
	cipher: 2022-blake3-chacha20-poly1305 #shadowsocks节点的加密方式
	password: "NZew3ZrmZjxullszmAKtfu+pZh0F1dxnIPcwlaStjyI=" #shadowsocks节点的密码
	plugin: shadow-tls
	client-fingerprint: chrome
	plugin-opts:
	host: "www.apple.com" #握手服务器地址
	password: "EWqVfMoYK8GiIk0e9+gOcoHGuZBTKXmFNEqbHE/vt4E=" #ShadowTLS密码
	version: 3 # support 1/2/3
	proxy-groups:
	- name: PROXY
	type: select
	proxies:
	- ShadowTLS v3
	rule-providers:
	reject:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
	path: ./ruleset/reject.yaml
	interval: 86400
	icloud:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
	path: ./ruleset/icloud.yaml
	interval: 86400
	apple:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
	path: ./ruleset/apple.yaml
	interval: 86400
	proxy:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
	path: ./ruleset/proxy.yaml
	interval: 86400
	direct:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
	path: ./ruleset/direct.yaml
	interval: 86400
	private:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
	path: ./ruleset/private.yaml
	interval: 86400
	gfw:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
	path: ./ruleset/gfw.yaml
	interval: 86400
	greatfire:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/greatfire.txt"
	path: ./ruleset/greatfire.yaml
	interval: 86400
	tld-not-cn:
	type: http
	behavior: domain
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
	path: ./ruleset/tld-not-cn.yaml
	interval: 86400
	telegramcidr:
	type: http
	behavior: ipcidr
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
	path: ./ruleset/telegramcidr.yaml
	interval: 86400
	cncidr:
	type: http
	behavior: ipcidr
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
	path: ./ruleset/cncidr.yaml
	interval: 86400
	lancidr:
	type: http
	behavior: ipcidr
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
	path: ./ruleset/lancidr.yaml
	interval: 86400
	applications:
	type: http
	behavior: classical
	url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
	path: ./ruleset/applications.yaml
	interval: 86400
	rules:
	- RULE-SET,applications,DIRECT
	- DOMAIN,clash.razord.top,DIRECT
	- DOMAIN,yacd.haishan.me,DIRECT
	- DOMAIN-SUFFIX,services.googleapis.cn,DIRECT
	- DOMAIN-SUFFIX,xn--ngstr-lra8j.com,DIRECT
	- RULE-SET,private,DIRECT
	- RULE-SET,reject,REJECT
	- RULE-SET,icloud,DIRECT
	- RULE-SET,apple,DIRECT
	- RULE-SET,proxy,PROXY
	- RULE-SET,direct,DIRECT
	- RULE-SET,lancidr,DIRECT
	- RULE-SET,cncidr,DIRECT
	- RULE-SET,telegramcidr,PROXY
	- GEOIP,LAN,DIRECT
	- GEOIP,CN,DIRECT
	- MATCH,PROXY