Iptables -t nat -A clash -p tcp -dport 22 -d 10.10.10.0% [Connecting tĬannot initiate the connection to :443 (2001::9df0:a29). Iptables -t nat -A clash -d 240.0.0.0/4 -j ACCEPT Iptables -t nat -A clash -d 224.0.0.0/4 -j ACCEPT Iptables -t nat -A clash -d 127.0.0.0/8 -j ACCEPT Iptables -t nat -A clash -d 10.0.0.0/8 -j ACCEPT Iptables -t nat -A clash -d 1.0.0.0/8 -j ACCEPT Iptables -t nat -A PREROUTING -p tcp -j clash Iptables -t nat -A PREROUTING -p udp -dport 53 -d 198.18.0.0/24 -j clash_dns Iptables -t nat -A PREROUTING -p tcp -dport 53 -d 198.18.0.0/24 -j clash_dns # you also can use `FINAL,Proxy` or `FINAL,Proxy` now # optional param "no-resolve" for IP rules (GEOIP IP-CIDR) # rename SOURCE-IP-CIDR and would remove after prerelease # you can use RESTful API to switch proxy, is recommended for use in GUI.
# select is used for selecting proxy or proxy group # load-balance: The request of the same eTLD will be dial on the same proxy. The availability is tested by accessing an URL, just like an auto url-test group. # fallback select an available policy by priority. # url-test select which proxy will be used by benchmarking speed to a URL. # Traffic: clash http vmess ss1 ss2 Internet # cipher support auto/aes-128-gcm/chacha20-poly1305/none # old obfs configuration format remove after prerelease
# The supported ciphers(encrypt methods): # input is a relative path to the configuration directory or an absolute pathĮnhanced-mode: fake-ip #DNS模式,这里推荐使用fake-ip,因为后续的iptables规则是根据fake-ip做的įake-ip-range: 198.18.0.1/16 # if you don't know what it is, don't change it # you can put the static web resource (such as clash-dashboard) to a directory, and clash would serve in `$/ui` # info / warning / error / debug / silent # set log level to stdout (default is info) # Rule / Global / Direct (default is Rule)
0 kommentar(er)
