flush ruleset
define RESERVED_IP = {
0.0.0.0/8,
10.0.0.0/8,
127.0.0.0/8,
169.254.0.0/16,
172.16.0.0/12,
192.0.0.0/24,
192.168.0.0/16,
224.0.0.0/4,
240.0.0.0/4
}
define LOCAL_NET = { 10.10.10.0/24 }
define REMOTE_DNS_IP = {
1.1.1.1,
1.0.0.1,
8.8.8.8,
8.8.4.4
}
table ip mihomo {
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip daddr $RESERVED_IP return
ip daddr $LOCAL_NET return
ip daddr $REMOTE_DNS_IP return
udp dport { 53, 123 } return
meta mark 1234 return
ip protocol tcp tproxy to :7895 meta mark set 1
ip protocol udp tproxy to :7895 meta mark set 1
}
chain output {
type route hook output priority mangle; policy accept;
ip daddr $RESERVED_IP return
ip daddr $LOCAL_NET return
ip daddr $REMOTE_DNS_IP return
udp dport { 53, 123 } return
meta mark 1234 return
ip protocol tcp meta mark set 1
ip protocol udp meta mark set 1
}
}
table ip6 mihomo {
set reserved_ip6 {
type ipv6_addr;
flags interval;
elements = {
::1/128,
::/128,
fe80::/10,
ff00::/8,
fc00::/7,
2001:db8::/32,
fec0::/10
}
}
set remote_dns_ip6 {
type ipv6_addr;
elements = {
2001:4860:4860::8888,
2001:4860:4860::8844,
2606:4700:4700::1111,
2606:4700:4700::1001
}
}
chain prerouting {
type filter hook prerouting priority mangle; policy accept;
ip6 daddr @reserved_ip6 return
ip6 daddr @remote_dns_ip6 return
udp dport { 53, 123 } return
meta mark 1234 return
ip6 nexthdr tcp tproxy to :7895 meta mark set 1
ip6 nexthdr udp tproxy to :7895 meta mark set 1
}
chain output {
type route hook output priority mangle; policy accept;
ip6 daddr @reserved_ip6 return
ip6 daddr @remote_dns_ip6 return
udp dport { 53, 123 } return
meta mark 1234 return
ip6 nexthdr tcp meta mark set 1
ip6 nexthdr udp meta mark set 1
}
}
