Skip to main content

blog

blog
blog

  1. "#!/usr/sbin/nft -f

    flush ruleset

    table inet singbox {

    set china_dns_ipv4 {
    type ipv4_addr;
    elements = { 223.5.5.5, 223.6.6.6, 114.114.114.114, 114.114.115.115 };
    }

    set china_dns_ipv6 {
    type ipv6_addr;
    elements = { 2400:3200::1, 2400:3200:baba::1 };
    }

    set fake_ipv4 {
    type ipv4_addr;
    flags interval;
    elements = { 198.18.0.0/15 };
    }

    set fake_ipv6 {
    type ipv6_addr;
    flags interval;
    elements = { fc00::/18 };
    }

    set local_ipv4 {
    type ipv4_addr;
    flags interval;
    elements = { 0.0.0.0/8, 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4, 240.0.0.0/4 };
    }

    set local_ipv6 {
    type ipv6_addr;
    flags interval;
    elements = { ::ffff:0.0.0.0/96, 64:ff9b::/96, 100::/64, 2001:10::/28, 2001:20::/28, 2001:db8::/32, 2002::/16, fe80::/10 };
    }

    chain redirect-proxy {
    fib daddr type { unspec, local, anycast, multicast } return
    ip daddr @local_ipv4 return
    ip6 daddr @local_ipv6 return
    ip daddr @china_dns_ipv4 return
    ip6 daddr @china_dns_ipv6 return
    meta l4proto tcp redirect to :9777
    }

    chain redirect-prerouting {
    type nat hook prerouting priority dstnat; policy accept;
    meta l4proto != tcp return
    ct state new ct direction original goto redirect-proxy
    }

    chain redirect-output {
    type nat hook output priority dstnat; policy accept;
    meta l4proto != tcp return
    fib daddr type { unspec, local, anycast, multicast } return
    ip daddr @fake_ipv4 meta l4proto tcp redirect to :9777
    ip6 daddr @fake_ipv6 meta l4proto tcp redirect to :9777
    }

    chain tproxy-proxy {
    fib daddr type { unspec, local, anycast, multicast } return
    ip daddr @local_ipv4 return
    ip6 daddr @local_ipv6 return
    ip daddr @china_dns_ipv4 return
    ip6 daddr @china_dns_ipv6 return
    udp dport {123} return
    ip protocol udp meta mark set 1 ct mark set 1 tproxy ip to :9888 accept
    ip6 nexthdr udp meta mark set 1 ct mark set 1 tproxy ip6 to :9888 accept
    }

    chain tproxy-mark {
    fib daddr type { unspec, local, anycast, multicast } return
    ip daddr @local_ipv4 return
    ip6 daddr @local_ipv6 return
    ip daddr @china_dns_ipv4 return
    ip6 daddr @china_dns_ipv6 return
    udp dport {123} return
    meta mark set 1
    meta l4proto udp ct mark set 1 # nslookup google.com 1.1.1.1 不返回IP,请删除这一行
    }

    chain tproxy-prerouting {
    type filter hook prerouting priority mangle; policy accept;
    meta l4proto != udp return
    ct direction reply return
    ct direction original ct mark 1 meta mark set 1 return
    ct direction original goto tproxy-proxy
    }

    chain tproxy-output {
    type route hook output priority mangle; policy accept;
    meta l4proto != udp return
    meta skgid 0 return # nslookup google.com 1.1.1.1 不返回IP,请删除这一行
    ct direction reply return
    ct direction original ct mark 1 meta mark set 1 return
    ct direction original goto tproxy-mark
    }
    }
    "

  3. 片名: ※限定値下げ 初撮り♥️♥️アイドル級のGカップ至高女子●生現る♥️人生初めてのハメ撮りをいただいちゃいました♪
    番号: FC2-1462524
    标签: #收藏级 #美少女 #无码 #内射 #巨乳 #白虎
    日期: 2020-08-07 By @NiHaoAV
    磁力: magnet:?xt=urn:btih:605636716049e8568c1d39b591a4bdd72652ea9f
    Media is too big
    VIEW IN TELEGRAM
    Media is too big
    VIEW IN TELEGRAM
    Media is too big
    VIEW IN TELEGRAM 

  7. #路由规则
规则将按照从上到下的顺序匹配,匹配到规则不再往下匹配。
如请求为 udp,而代理节点没有 udp 支持 (例如`ss`节点没写`udp: true`),则会继续向下匹配
出站策略:
DIRECT、REJECT、策略组名字、节点名字、sub-rule
  rules:
  - DOMAIN-SUFFIX,google.com,Proxy  #匹配域名后缀(交由Proxy代理服务器组)
  - DOMAIN,google.com,REJECT  #匹配域名(拒绝)
  - DOMAIN-KEYWORD,google,Proxy  #匹配域名关键字(交由Proxy代理服务器组)
  - IP-CIDR,127.0.0.0/8,DIRECT  #匹配数据目标IP(直连)
  - SRC-IP-CIDR,192.168.1.201/32,direct-wan1  #匹配数据发起IP(走WAN1口直连)
  - DST-PORT,80,DIRECT  #匹配数据目标端口(直连)(114-514/810-1919,65530)
  - SRC-PORT,7777,DIRECT  #匹配数据源端口(直连)
  - NETWORK,udp,DIRECT  #网络协议匹配
  - DSCP,4,DIRECT  #DSCP标记匹配 (仅限 tproxy udp 入站)
  - AND,((DOMAIN,baidu.com),(NETWORK,UDP)),DIRECT  #同时满足要求匹配
  - OR,((NETWORK,UDP),(DOMAIN,baidu.com)),REJECT  #满足任意要求匹配
  - NOT,((DOMAIN,baidu.com)),PROXY  #不匹配 baidu.com 的域名(交由Proxy代理服务器组)
  - RULE-SET,youtube,proxy  #规则集匹配
  - GEOSITE,youtube,PROXY  #GEOSITE数据库匹配
  - GEOIP,CN,DIRECT  #GEOIP数据库匹配
  - IP-ASN,13335,DIRECT  #目标ASN匹配(ASN数据库)
  - IN-TYPE,SOCKS/HTTP,PROXY
  - PROCESS-NAME,chrome.exe,PROXY
  - SUB-RULE,(NETWORK,tcp),sub-rule  #子规则匹配
  - MATCH,auto

  8. 墙内机器或者IPv6 only机器,安装 np 或者安装面板,可能会遇到连接 github 或者 ghrc.io 不通的情况,可以使用以下在 worker 上部署的反代项目

    项目: https://github.com/fscarmen2/Cloudflare-Accel

    demo: https://accel.forvps.gq/
    GitHub
    GitHub - fscarmen2/Cloudflare-Accel: 基于 Cloudflare Workers 的 GitHub 和 Docker 加速服务,自动生成加速链接与命令。
    GitHub - fscarmen2/Cloudflare-Accel: 基于 Cloudflare Workers 的 GitHub 和 Docker 加速服务,自动生成加速链接与命令。
    基于 Cloudflare Workers 的 GitHub 和 Docker 加速服务,自动生成加速链接与命令。 - fscarmen2/Cloudflare-Accel

  9. #!/usr/sbin/nft -f

flush ruleset

define RESERVED_IP = {
    0.0.0.0/8,
    10.0.0.0/8,
    127.0.0.0/8,
    169.254.0.0/16,
    172.16.0.0/12,
    192.0.0.0/24,
    192.168.0.0/16,
    224.0.0.0/4,
    240.0.0.0/4
}

define LOCAL_NET = { 10.10.10.0/24 }

define REMOTE_DNS_IP = {
    1.1.1.1,
    1.0.0.1,
    8.8.8.8,
    8.8.4.4
}

table ip mihomo {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        ip daddr $REMOTE_DNS_IP return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip protocol tcp tproxy to :7895 meta mark set 1
        ip protocol udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        ip daddr $REMOTE_DNS_IP return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip protocol tcp meta mark set 1
        ip protocol udp meta mark set 1
    }
}

# ============ IPv6 改为 set 而不是 define ============
table ip6 mihomo {

    set reserved_ip6 {
        type ipv6_addr;
        flags interval;
        elements = {
            ::1/128,
            ::/128,
            fe80::/10,
            ff00::/8,
            fc00::/7,
            2001:db8::/32,
            fec0::/10
        }
    }

    set remote_dns_ip6 {
        type ipv6_addr;
        elements = {
            2001:4860:4860::8888,
            2001:4860:4860::8844,
            2606:4700:4700::1111,
            2606:4700:4700::1001
        }
    }



    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip6 daddr @reserved_ip6 return
        ip6 daddr @remote_dns_ip6 return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip6 nexthdr tcp tproxy to :7895 meta mark set 1
        ip6 nexthdr udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip6 daddr @reserved_ip6 return
        ip6 daddr @remote_dns_ip6 return
        udp dport { 53, 123 } return
        meta mark 1234 return
        ip6 nexthdr tcp meta mark set 1
        ip6 nexthdr udp meta mark set 1
    }
}

  10. #!/usr/sbin/nft -f

flush ruleset

define RESERVED_IP = {
    100.64.0.0/10,
    127.0.0.0/8,
    169.254.0.0/16,
    172.16.0.0/12,
    192.0.0.0/24,
    224.0.0.0/4,
    240.0.0.0/4,
    255.255.255.255/32
}

define RESERVED_IP6 = {
    ::1/128,
    ::/128,
    fe80::/10,
    ff00::/8,
    fc00::/7,
    2001:db8::/32,
    fec0::/10
}

define LOCAL_NET = { 10.10.10.0/24 }
define LOCAL_NET6 = { fddd:dddd::/64 }

table ip mihomo {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        udp dport { 123 } return
        meta mark 1234 return
        ip protocol tcp tproxy to :7895 meta mark set 1
        ip protocol udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip daddr $RESERVED_IP return
        ip daddr $LOCAL_NET return
        udp dport { 123 } return
        meta mark 1234 return
        ip protocol tcp meta mark set 1
        ip protocol udp meta mark set 1
    }
}

table ip6 mihomo {
    chain prerouting {
        type filter hook prerouting priority mangle; policy accept;
        ip6 daddr $RESERVED_IP6 return
        ip6 daddr $LOCAL_NET6 return
        meta mark 1234 return
        ip6 nexthdr tcp tproxy to :7895 meta mark set 1
        ip6 nexthdr udp tproxy to :7895 meta mark set 1
    }

    chain output {
        type route hook output priority mangle; policy accept;
        ip6 daddr $RESERVED_IP6 return
        ip6 daddr $LOCAL_NET6 return
        meta mark 1234 return
        ip6 nexthdr tcp meta mark set 1
        ip6 nexthdr udp meta mark set 1
    }

    chain forward {
        type filter hook forward priority mangle; policy accept;
        #IPv6 TCP MSS 修正规则(适配 MTU=1280,MSS=1220)
        tcp flags syn tcp option maxseg size set 1280
    }
}