|
官方文档 sing-box example{ "log": { "disabled": false, "level": "info", "output": "/var/log/box.log", "timestamp": true }, "dns": { "servers": [ { "tag": "alidns", "address": "https://223.5.5.5/dns-query", "address_strategy": "prefer_ipv4", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "cf", "address": "https://1.1.1.1/dns-query", "strategy": "ipv4_only", "detour": "direct" }, { "tag": "block", "address": "rcode://success" } ], "rules": [ { "geosite": [ "cn" ], "domain_suffix": [ ".cn" ], "server": "alidns", "disable_cache": false }, { "geosite": [ "category-ads-all" ], "server": "block", "disable_cache": true } ], "final": "cf", "strategy": "", "disable_cache": false, "disable_expire": false }, "inbounds": [ // 注意:二选一 { "type": "tproxy", "tag": "tproxy-in", "listen": "::", "listen_port": 12345, "tcp_fast_open": true, "udp_fragment": true, "sniff": true }, { "tag": "tun-in", "type": "tun", "inet4_address": "172.19.0.1/30", "auto_route": true, "strict_route": true, "stack": "system", "mtu": 9000, "sniff": true } ], "outbounds": [ // 下面配置你的代理节点,以下为vless-ws { "type": "vless", "tag": "proxy", "server": "你的域名或者IP", "server_port": 443, "uuid": "你的UUID", "flow": "", // 加上该拨号标记字段,过滤自身流量 "routing_mark": 1234, "tls": { "enabled": true, "server_name": "你的域名", "utls": { "enabled": true, "fingerprint": "chrome" } }, "packet_encoding": "", "transport": { "type": "ws", "path": "/video", "headers": {}, "max_early_data": 0, "early_data_header_name": "" } }, { "type": "direct", "tag": "direct" }, { "type": "block", "tag": "block" }, { "type": "dns", "tag": "dns-out" } ], "route": { "geoip": { "path": "geoip.db", "download_url": "https://github.com/SagerNet/sing-geoip/releases/latest/download/geoip.db", "download_detour": "direct" }, "geosite": { "path": "geosite.db", "download_url": "https://github.com/SagerNet/sing-geosite/releases/latest/download/geosite.db", "download_detour": "direct" }, "rules": [ { "protocol": "dns", "outbound": "dns-out" }, { "geosite": [ "cn", "private" ], "geoip": [ "cn", "private" ], "domain_suffix": [ ".cn" ], "outbound": "direct" }, { "geosite": [ "category-ads-all" ], "outbound": "block" } ], "auto_detect_interface": true, "final": "proxy" }, "experimental": {} }iptables example###################### 路由表设置 ip route add local default dev lo table 100 ip rule add fwmark 1 table 100 ###################### 局域网流量设置 iptables -t mangle -N SING_BOX iptables -t mangle -A SING_BOX -d 100.64.0.0/10 -j RETURN iptables -t mangle -A SING_BOX -d 127.0.0.0/8 -j RETURN iptables -t mangle -A SING_BOX -d 169.254.0.0/16 -j RETURN iptables -t mangle -A SING_BOX -d 172.16.0.0/12 -j RETURN iptables -t mangle -A SING_BOX -d 192.0.0.0/24 -j RETURN iptables -t mangle -A SING_BOX -d 224.0.0.0/4 -j RETURN iptables -t mangle -A SING_BOX -d 240.0.0.0/4 -j RETURN iptables -t mangle -A SING_BOX -d 255.255.255.255/32 -j RETURN # 修改为你的内网网段 iptables -t mangle -A SING_BOX -d 10.10.10.0/24 -p tcp ! --dport 53 -j RETURN iptables -t mangle -A SING_BOX -d 10.10.10.0/24 -p udp ! --dport 53 -j RETURN # 修改为你的透明代理程序的端口 iptables -t mangle -A SING_BOX -p tcp -j TPROXY --on-port 12345 --tproxy-mark 1 iptables -t mangle -A SING_BOX -p udp -j TPROXY --on-port 12345 --tproxy-mark 1 iptables -t mangle -A PREROUTING -j SING_BOX ###################### 本机流量设置 iptables -t mangle -N SING_BOX_SELF iptables -t mangle -A SING_BOX_SELF -d 100.64.0.0/10 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 127.0.0.0/8 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 169.254.0.0/16 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 172.16.0.0/12 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 192.0.0.0/24 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 224.0.0.0/4 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 240.0.0.0/4 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 255.255.255.255/32 -j RETURN iptables -t mangle -A SING_BOX_SELF -j RETURN -m mark --mark 1234 # 修改为你的内网网段 iptables -t mangle -A SING_BOX_SELF -d 10.10.10.0/24 -p tcp ! --dport 53 -j RETURN iptables -t mangle -A SING_BOX_SELF -d 10.10.10.0/24 -p udp ! --dport 53 -j RETURN iptables -t mangle -A SING_BOX_SELF -p tcp -j MARK --set-mark 1 iptables -t mangle -A SING_BOX_SELF -p udp -j MARK --set-mark 1 iptables -t mangle -A OUTPUT -j SING_BOX_SELFnftables example配置文件路径: /etc/nftables.conf刷新配置:nft -f /etc/nftables.conf#!/usr/sbin/nft -f flush ruleset define RESERVED_IP = { 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24, 224.0.0.0/4, 240.0.0.0/4, 255.255.255.255/32 } table ip sing-box { chain prerouting { type filter hook prerouting priority mangle; policy accept; ip daddr $RESERVED_IP return # 修改为你的内网网段 ip daddr 10.10.10.0/24 tcp dport != 53 return ip daddr 10.10.10.0/24 udp dport != 53 return # 修改为你的透明代理程序的端口 ip protocol tcp tproxy to :12345 meta mark set 1 ip protocol udp tproxy to :12345 meta mark set 1 } chain output { type route hook output priority mangle; policy accept; ip daddr $RESERVED_IP return # 修改为你的内网网段 ip daddr 10.10.10.0/24 tcp dport != 53 return ip daddr 10.10.10.0/24 udp dport != 53 return meta mark set 1234 return ip protocol tcp meta mark set 1 ip protocol udp meta mark set 1 } }Tun模式设置Tun模式需要开启ip转发echo 1 > /proc/sys/net/ipv4/ip_forwardsing-box配置系统服务 /etc/systemd/system/sing-box@.service [Unit] Description=sing-box service Documentation=https://sing-box.sagernet.org After=network.target nss-lookup.target [Service] CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_SYS_PTRACE CAP_DAC_READ_SEARCH ExecStart=/usr/bin/sing-box -D /var/lib/sing-box-%i -c /etc/sing-box/%i.json run ExecReload=/bin/kill -HUP $MAINPID Restart=on-failure RestartSec=10s LimitNOFILE=infinity [Install] WantedBy=multi-user.target (责任编辑:) |