[Bug] rules中自定义的 DOMAIN-SUFFIX 规则不生效

zhychen1173 commented 5 months ago

Verify steps

[X] 我已经阅读了文档，了解所有我编写的配置文件项的含义，而不是大量堆砌看似有用的选项或默认值。
[ ] 我未仔细看过文档并解决问题
[X] 我未在 Issue Tracker 中寻找过我要提出的问题
[X] 我已经使用最新的 Alpha 分支版本测试过，问题依旧存在
[X] 我提供了可以在本地重现该问题的服务器、客户端配置文件与流程，而不是一个脱敏的复杂客户端配置文件。
[X] 我提供了可用于重现我报告的错误的最简配置，而不是依赖远程服务器、TUN、图形界面客户端或者其他闭源软件。
[X] 我提供了完整的配置文件与日志，而不是出于对自身智力的自信而仅提供了部分认为有用的部分。

操作系统

OpenBSD/FreeBSD

系统版本

freebsd 13.2

Mihomo 版本

root@OPNsense:~ # /mnt/clash/bin/clash -v Mihomo Meta v1.18.5 freebsd amd64 with go1.22.3 Sun May 19 08:47:40 UTC 2024 Use tags: with_gvisor

配置文件

port: 7890
socks-port: 7891
allow-lan: true
mode: Rule
log-level: info
unified-delay: true
global-client-fingerprint: chrome
external-controller: '0.0.0.0:9090'
secret: 123456
external-ui: /mnt/clash/dashboard/public
dns:
  enable: true
  listen: 5353
  ipv6: true
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.1/16
  default-nameserver: 
    - 127.0.0.1
    - 222.246.129.80
    - 223.5.5.5
    - 8.8.8.8
  nameserver:
   - https://dns.alidns.com/dns-query
   - https://doh.pub/dns-query
  fallback:
   - https://1.0.0.1/dns-query
   - tls://dns.google
  fallback-filter:
    geoip: true
    geoip-code: CN
    ipcidr:
      - 240.0.0.0/4

proxies: 
  # 把你的自建节点填到这⾥!
  # 像下面这样

  - name: "xxxxxxx"
    server: xxxxxxx
    port: xxx
    type: trojan
    password: xxxxxxxx
    network: ws
    sni: xxxxxxx
    skip-cert-verify: false
    udp: false
    ws-opts:
       path: /xxxxxxxx
       headers:
         Host: xxxxxxx

  - name: "xxxxxxx"
    server: xxxxxxx
    port: xxx
    type: http
    username: xxxxxxxx
    password: "xxxxxxxx"
    tls: true # https
    skip-cert-verify: true

  - name: "xxxxxxxx"
    server: xxxxxxxx
    port: xxx
    type: trojan
    password: xxxxxxxx
    network: ws
    sni: xxxxxxxx
    skip-cert-verify: false
    udp: false
    ws-opts:
       path: /xxxxxxxx
       headers:
         Host: xxxxxxxx

  - name: "xxxxxxxx"
    server: xxxxxxxx
    port: xxx
    type: http
    username: xxxxxxxx
    password: "xxxxxxxx"
    tls: true # https
    skip-cert-verify: true

  - name: "xxxxxxxx"
    server: xxxxxxxx
    port: xxx
    type: trojan
    password: xxxxxxxx
    network: ws
    sni: xxxxxxxx
    skip-cert-verify: false
    udp: false
    ws-opts:
       path: /xxxxxxxx
       headers:
         Host: xxxxxxxx

  - name: "xxxxxxxx"
    server: xxxxxxxx
    port: xxx
    type: http
    username: xxxxxxxx
    password: "xxxxxxxx"
    tls: true # https
    skip-cert-verify: true

  - name: "xxxxxxxx"
    server: xxxxxxxxxxxxx
    type: vless
    port: xxxxxx
    uuid: xxxxxxxxxx
    network: tcp
    servername: cloudflare.com
    flow: xtls-rprx-vision
    udp: true
    tls: true
    reality-opts:
      public-key: xxxxxxxxxxx
      short-id: xxxxx # optional
    client-fingerprint: chrome

  - name: "xxxxxxxx"
    server: xxxxxxxxxxxx
    type: vless
    port: xxxxxxxx
    uuid: xxxxxxxxxxxxxx
    network: tcp
    servername: cloudflare.com
    flow: xtls-rprx-vision
    udp: true
    tls: true
    reality-opts:
      public-key: xxxxxxxxxxxxxxx
      short-id: xxxx # optional
    client-fingerprint: chrome

  - name: "xxxxxxxx"
    server: xxxxxxxxxxx
    type: vless
    port: xxxxxxxx
    uuid: xxxxxxxxxxxxxxx
    network: tcp
    servername: www.cloudflare.com
    flow: xtls-rprx-vision
    udp: true
    tls: true
    reality-opts:
      public-key: xxxxxxxx
      short-id: xxxx # optional
    client-fingerprint: chrome

  - name: "xxxxxxxx"
    type: hysteria2
    server: xxxxxxxx
    sni: bing.com
    port: xxxxxx
    ports: xxxxxxxx
    password: xxxxxxxx
    skip-cert-verify: true  
    up: 50
    down: 200  

  - name: "xxxxxxxx"
    type: hysteria2
    server: xxxxxxxxx
    sni: bing.com
    port: xxxxxx
    ports: xxxxxxx
    password: xxxxxxxx
    skip-cert-verify: true  
    up: 50
    down: 200

proxy-providers:

  Jichang:
    type: http
    url: xxxxxxxxxxxxxxxxxxxxxxxxxx
    path: ./Proxy/Jichang.yml
    interval: 3600
    health-check:
      enable: true
      interval: 300
      url: https://www.gstatic.com/generate_204

proxy-groups:

  - name: 🚀 节点选择
    type: select
    proxies:
      - ♻️ VPS
      - ♻️ hysteria2
      - ♻️ 机场 
      - DIRECT

  - name: ♻️ VPS
    type: fallback
    url: http://www.gstatic.com/generate_204 # 测试地址 非 select 类型分组必要
    interval: 300 # 自动测试间隔时间，单位秒 非 select 类型分组必要
    tolerance: 300 # 允许的偏差，节点之间延迟差小于该值不切换 非必要
    proxies:
      - xxxxxxxx
      - xxxxxxxx
      - xxxxxxxx
      - xxxxxxxx
      - xxxxxxxx
      - xxxxxxxx  

  - name: ♻️ hysteria2
    type: select
    url: http://www.gstatic.com/generate_204 # 测试地址 非 select 类型分组必要
    interval: 300 # 自动测试间隔时间，单位秒 非 select 类型分组必要
    tolerance: 300 # 允许的偏差，节点之间延迟差小于该值不切换 非必要
    proxies:
      - xxxxxxxx
      - xxxxxxxx

  - name: ♻️ 机场
    type: select
    url: http://www.gstatic.com/generate_204 # 测试地址 非 select 类型分组必要
    interval: 300 # 自动测试间隔时间，单位秒 非 select 类型分组必要
    tolerance: 200 # 允许的偏差，节点之间延迟差小于该值不切换 非必要
    use:
      - Jichang

  - name: 🎯 全球直连
    type: select
    proxies:
      - DIRECT
      - 🚀 节点选择

  - name: 🐟 漏网之鱼
    type: select
    proxies:
      - 🚀 节点选择
      - DIRECT

rule-providers:
  reject:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400

  icloud:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/icloud.txt"
    path: ./ruleset/icloud.yaml
    interval: 86400

  apple:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/apple.txt"
    path: ./ruleset/apple.yaml
    interval: 86400

  google:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/google.txt"
    path: ./ruleset/google.yaml
    interval: 86400

  proxy:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    path: ./ruleset/proxy.yaml
    interval: 86400

  direct:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    path: ./ruleset/direct.yaml
    interval: 86400

  private:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/private.txt"
    path: ./ruleset/private.yaml
    interval: 86400

  gfw:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/gfw.txt"
    path: ./ruleset/gfw.yaml
    interval: 86400

  tld-not-cn:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/tld-not-cn.txt"
    path: ./ruleset/tld-not-cn.yaml
    interval: 86400

  telegramcidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/telegramcidr.txt"
    path: ./ruleset/telegramcidr.yaml
    interval: 86400

  cncidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/cncidr.txt"
    path: ./ruleset/cncidr.yaml
    interval: 86400

  lancidr:
    type: http
    behavior: ipcidr
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/lancidr.txt"
    path: ./ruleset/lancidr.yaml
    interval: 86400

  applications:
    type: http
    behavior: classical
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/applications.txt"
    path: ./ruleset/applications.yaml
    interval: 86400

rules:
 - DOMAIN,time.windows.com,🎯 全球直连
 - DOMAIN,time.nist.gov,🎯 全球直连
 - DOMAIN-SUFFIX,ghcr.io,🚀 节点选择
 - DOMAIN-SUFFIX,actyve.io,🚀 节点选择
 - DOMAIN-SUFFIX,mirror.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,mirror1.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,mirror2.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,mirror4.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,mirror3.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,mirror5.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,test.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,secure.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,www.internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,registeridm.com,REJECT
 - DOMAIN-SUFFIX,secure.registeridm.com,REJECT
 - DOMAIN-SUFFIX,www.registeridm.com,REJECT
 - DOMAIN-SUFFIX,tonec.com,REJECT
 - DOMAIN-SUFFIX,www.tonec.com,REJECT
 - DOMAIN-SUFFIX,internetdownloadmanager.com,REJECT
 - DOMAIN-SUFFIX,ic.adobe.io,REJECT
 - DOMAIN-SUFFIX,adobe.io,REJECT
 - DOMAIN-SUFFIX,1hzopx6nz7.adobe.io,REJECT
 - DOMAIN-SUFFIX,1b9khekel6.adobe.io,REJECT
 - DOMAIN-SUFFIX,7g2gzgk9g1.adobe.io,REJECT
 - DOMAIN-SUFFIX,p13n.adobe.io,REJECT
 - DOMAIN-SUFFIX,dyzt55ur18.adobe.io,REJECT
 - DOMAIN-SUFFIX,gw8gfjbs05.adobe.io,REJECT
 - DOMAIN-SUFFIX,2ftem87osk.adobe.io,REJECT
 - DOMAIN-SUFFIX,ic.adobe.io,REJECT
 - DOMAIN-SUFFIX,7sj9n87sls.adobe.io,REJECT
 - DOMAIN-SUFFIX,ij0gdyrfka.adobe.io,REJECT
 - DOMAIN-SUFFIX,lm.licenses.adobe.com,REJECT
 - DOMAIN-SUFFIX,na2m-pr.licenses.adobe.com,REJECT
 - DOMAIN-SUFFIX,practivate.adobe.com,REJECT
 - DOMAIN-SUFFIX,activate.adobe.com,REJECT
 - DOMAIN-SUFFIX,ereg.adobe.com,REJECT
 - DOMAIN-SUFFIX,wip.adobe.com,REJECT
 - DOMAIN-SUFFIX,lmlicenses.wip4.adobe.com,REJECT
 - DOMAIN-SUFFIX,na1r.services.adobe.com,REJECT
 - DOMAIN-SUFFIX,hlrcv.stage.adobe.com,REJECT
 - DOMAIN-SUFFIX,genuine.adobe.com,REJECT
 - DOMAIN-SUFFIX,prod.adobegenuine.com,REJECT
 - DOMAIN-SUFFIX,cc-api-data.adobe.io,REJECT
 - DOMAIN-SUFFIX,ims-prod06.adobelogin.com,REJECT
 - DOMAIN-SUFFIX,p13n.adobe.io,REJECT
 - DOMAIN-SUFFIX,crs.cr.adobe.com,REJECT
 - DOMAIN-SUFFIX,lcs-cops.adobe.io,REJECT
 - DOMAIN-SUFFIX,hbrt.adobe.com,REJECT
 - DOMAIN-SUFFIX,23ynjitwt5.adobe.io,REJECT
 - DOMAIN-SUFFIX,butler.adobe.com,REJECT
 - DOMAIN-SUFFIX,acp-ss-va6c2.adobe.io,REJECT
 - DOMAIN-SUFFIX,cctypekit.adobe.io,REJECT
 - DOMAIN-SUFFIX,8ncdzpmmrg.adobe.io,REJECT
 - DOMAIN-SUFFIX,cc-api-data.adobe.io,REJECT
 - DOMAIN-SUFFIX,dyzt55url8.adobe.io,REJECT
 - DOMAIN-SUFFIX,b5kbg2ggog.adobe.io,REJECT
 - DOMAIN-SUFFIX,5zgzzv92gn.adobe.io,REJECT
 - DOMAIN-SUFFIX,0mo5a70cqa.adobe.io,REJECT
 - DOMAIN-SUFFIX,pojvrj7ho5.adobe.io,REJECT
 - DOMAIN-SUFFIX,i7pq6fgbsl.adobe.io,REJECT
 - DOMAIN-SUFFIX,ph0f2h2csf.adobe.io,REJECT
 - DOMAIN-SUFFIX,r3zj0yju1q.adobe.io,REJECT
 - DOMAIN-SUFFIX,9ngulmtgqi.adobe.io,REJECT
 - DOMAIN-SUFFIX,guzg78logz.adobe.io,REJECT
 - DOMAIN-SUFFIX,2ftem87osk.adobe.io,REJECT
 - DOMAIN-SUFFIX,1b9khekel6.adobe.io,REJECT
 - DOMAIN-SUFFIX,3d3wqt96ht.adobe.io,REJECT
 - DOMAIN-SUFFIX,23ynjitwt5.adobe.io,REJECT
 - DOMAIN-SUFFIX,4vzokhpsbs.adobe.io,REJECT
 - DOMAIN-SUFFIX,3ca52znvmj.adobe.io,REJECT
 - DOMAIN-SUFFIX,r5hacgq5w6.adobe.io,REJECT
 - DOMAIN-SUFFIX,gw8gfjbs05.adobe.io,REJECT
 - DOMAIN-SUFFIX,lre1kgz2u4.adobe.io,REJECT
 - DOMAIN-SUFFIX,ij0gdyrfka.adobe.io,REJECT
 - DOMAIN-SUFFIX,8ncdzpmmrg.adobe.io,REJECT
 - DOMAIN-SUFFIX,7sj9n87sls.adobe.io,REJECT
 - DOMAIN-SUFFIX,7m31guub0q.adobe.io,REJECT
 - DOMAIN-SUFFIX,7g2gzgk9g1.adobe.io,REJECT
 - DOMAIN-SUFFIX,cd536oo20y.adobe.io,REJECT
 - DOMAIN-SUFFIX,dxyeyf6ecy.adobe.io,REJECT
 - DOMAIN-SUFFIX,jc95y2v12r.adobe.io,REJECT
 - DOMAIN-SUFFIX,1hzopx6nz7.adobe.io,REJECT
 - DOMAIN-SUFFIX,m59b4msyph.adobe.io,REJECT
 - DOMAIN-SUFFIX,69tu0xswvq.adobe.io,REJECT
 - DOMAIN-SUFFIX,vajcbj9qgq.adobe.io,REJECT
 - DOMAIN-SUFFIX,p7uxzbht8h.adobe.io,REJECT
 - DOMAIN-SUFFIX,vcorzsld2a.adobe.io,REJECT
 - DOMAIN-SUFFIX,p0bjuoe16a.adobe.io,REJECT
 - DOMAIN-SUFFIX,fqaq3pq1o9.adobe.io,REJECT
 - DOMAIN-SUFFIX,aoorovjtha.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv256ds6c99.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2l4573ukh.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv24v41zibm.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2nn9r0j2r.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2yt8sqmh0.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv218qmzox6.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv218qmzox6.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2b0yc07ls.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2nn9r0j2r.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2yt8sqmh0.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv256ds6c99.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2zp87w2eo.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2ys4tjt9x.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2ska86hnt.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv24b15c1z0.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv256ds6c99.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2ska86hnt.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2b0yc07ls.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2l4573ukh.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv24v41zibm.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2ska86hnt.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2l4573ukh.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv24v41zibm.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2zp87w2eo.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2ys4tjt9x.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2ys4tjt9x.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2fcqvzl1r.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2fcqvzl1r.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv24b15c1z0.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv24b15c1z0.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2bqhsp36w.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2b0yc07ls.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv218qmzox6.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2yt8sqmh0.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2fcqvzl1r.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2bqhsp36w.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,pv2nn9r0j2r.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,cv2zp87w2eo.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,iv2bqhsp36w.prod.cloud.adobe.io,REJECT
 - DOMAIN-SUFFIX,yj8yx3y8zo.adobestats.io,REJECT
 - DOMAIN-SUFFIX,mpsige2va9.adobestats.io,REJECT
 - DOMAIN-SUFFIX,ujqx8lhpz4.adobestats.io,REJECT
 - DOMAIN-SUFFIX,y2r8jzsv4p.adobestats.io,REJECT
 - DOMAIN-SUFFIX,eq7dbze88m.adobestats.io,REJECT
 - DOMAIN-SUFFIX,q9hjwppxeq.adobestats.io,REJECT
 - DOMAIN-SUFFIX,skg7pqn0al.adobestats.io,REJECT
 - DOMAIN-SUFFIX,9iay914wzy.adobestats.io,REJECT
 - DOMAIN-SUFFIX,yuzuoqo0il.adobestats.io,REJECT
 - DOMAIN-SUFFIX,2o3c6rbyfr.adobestats.io,REJECT
 - DOMAIN-SUFFIX,vicsj37lhf.adobestats.io,REJECT
 - DOMAIN-SUFFIX,nhc73ypmli.adobestats.io,REJECT
 - DOMAIN-SUFFIX,oxiz2n3i4v.adobestats.io,REJECT
 - DOMAIN-SUFFIX,2qjz50z5lf.adobestats.io,REJECT
 - DOMAIN-SUFFIX,i2x2ius9o5.adobestats.io,REJECT
 - DOMAIN-SUFFIX,lnwbupw1s7.adobestats.io,REJECT
 - DOMAIN-SUFFIX,n746qg9j4i.adobestats.io,REJECT
 - DOMAIN-SUFFIX,2621x1nzeq.adobestats.io,REJECT
 - DOMAIN-SUFFIX,r9r6oomgms.adobestats.io,REJECT
 - DOMAIN-SUFFIX,99pfl4vazm.adobestats.io,REJECT
 - DOMAIN-SUFFIX,zekdqanici.adobestats.io,REJECT
 - DOMAIN-SUFFIX,g9cli80sqp.adobestats.io,REJECT
 - DOMAIN-SUFFIX,dyv9axahup.adobestats.io,REJECT
 - DOMAIN-SUFFIX,17ov1u3gio.adobestats.io,REJECT
 - DOMAIN-SUFFIX,7l4xxjhvkt.adobestats.io,REJECT
 - DOMAIN-SUFFIX,wcxqmuxd4z.adobestats.io,REJECT
 - DOMAIN-SUFFIX,l558s6jwzy.adobestats.io,REJECT
 - DOMAIN-SUFFIX,85n85uoa1h.adobestats.io,REJECT
 - DOMAIN-SUFFIX,zrao5tdh1t.adobestats.io,REJECT
 - DOMAIN-SUFFIX,eftcpaiu36.adobestats.io,REJECT
 - DOMAIN-SUFFIX,2qj10f8rdg.adobestats.io,REJECT
 - DOMAIN-SUFFIX,ffs3xik41x.adobestats.io,REJECT
 - DOMAIN-SUFFIX,g3y09mbaam.adobestats.io,REJECT
 - DOMAIN-SUFFIX,x880ulw3h0.adobestats.io,REJECT
 - DOMAIN-SUFFIX,jaircqa037.adobestats.io,REJECT
 - DOMAIN-SUFFIX,ppn4fq68w7.adobestats.io,REJECT
 - DOMAIN-SUFFIX,1ei1f4k9yk.adobestats.io,REJECT
 - DOMAIN-SUFFIX,6j0onv1tde.adobestats.io,REJECT
 - DOMAIN-SUFFIX,pljm140ld1.adobestats.io,REJECT
 - DOMAIN-SUFFIX,50sxgwgngu.adobestats.io,REJECT
 - DOMAIN-SUFFIX,u31z50xvp9.adobestats.io,REJECT
 - DOMAIN-SUFFIX,2dhh9vsp39.adobestats.io,REJECT
 - DOMAIN-SUFFIX,rb0u8l34kr.adobestats.io,REJECT
 - DOMAIN-SUFFIX,3odrrlydxt.adobestats.io,REJECT
 - DOMAIN-SUFFIX,3u6k9as4bj.adobestats.io,REJECT
 - DOMAIN-SUFFIX,curbpindd3.adobestats.io,REJECT
 - DOMAIN-SUFFIX,4dviy9tb3o.adobestats.io,REJECT
 - DOMAIN-SUFFIX,yb6j6g0r1n.adobestats.io,REJECT
 - DOMAIN-SUFFIX,0bj2epfqn1.adobestats.io,REJECT
 - DOMAIN-SUFFIX,ura7zj55r9.adobestats.io,REJECT
 - DOMAIN-SUFFIX,xesnl0ss94.adobestats.io,REJECT
 - DOMAIN-SUFFIX,xbd20b9wqa.adobestats.io,REJECT
 - DOMAIN-SUFFIX,cr2fouxnpm.adobestats.io,REJECT
 - DOMAIN-SUFFIX,zmg3v61bbr.adobestats.io,REJECT
 - DOMAIN-SUFFIX,bk7y1gneyk.adobestats.io,REJECT
 - DOMAIN-SUFFIX,dx0nvmv4hz.adobestats.io,REJECT
 - DOMAIN-SUFFIX,eyiu19jd5w.adobestats.io,REJECT
 - DOMAIN-SUFFIX,561r5c3bz1.adobestats.io,REJECT
 - DOMAIN-SUFFIX,54cu4v5twu.adobestats.io,REJECT
 - DOMAIN-SUFFIX,6eidhihhci.adobestats.io,REJECT
 - DOMAIN-SUFFIX,31q40256l4.adobestats.io,REJECT
 - DOMAIN-SUFFIX,bs2yhuojzm.adobestats.io,REJECT
 - DOMAIN-SUFFIX,p50zgina3e.adobestats.io,REJECT
 - DOMAIN-SUFFIX,yri0bsu0ak.adobestats.io,REJECT
 - DOMAIN-SUFFIX,zu8yy3jkaz.adobestats.io,REJECT
 - DOMAIN-SUFFIX,m59cps6x3n.adobestats.io,REJECT
 - DOMAIN-SUFFIX,senseimds.adobe.io,REJECT
 - DOMAIN-SUFFIX,aityp.com.adobe.io,REJECT 
 - RULE-SET,applications,DIRECT
 - DOMAIN,clash.razord.top,DIRECT
 - DOMAIN,yacd.haishan.me,DIRECT
 - RULE-SET,private,DIRECT
 - RULE-SET,reject,REJECT
 - RULE-SET,icloud,DIRECT
 - RULE-SET,apple,DIRECT
 - PROCESS-NAME,baidunetdisk.exe,DIRECT
 - PROCESS-NAME,baidunetdiskhost.exe,DIRECT    # 百度云盘
 - RULE-SET,google,🚀 节点选择
 - RULE-SET,proxy,🚀 节点选择
 - RULE-SET,direct,DIRECT
 - RULE-SET,lancidr,DIRECT
 - RULE-SET,cncidr,DIRECT
 - RULE-SET,telegramcidr,🚀 节点选择
 - GEOIP,LAN,DIRECT
 - GEOIP,CN,DIRECT
 - MATCH,🐟 漏网之鱼
 ###

描述

我用mihomo 1.18.5 在软路由OPNsense中做透明代理。为了实现某些自定义的域名走代理或屏蔽，在rules下面，rule-set前面自定义了一些DOMAIN-SUFFIX 规则，定义了某些域名走代理，某些域名屏蔽。但是在实际运行中，这些定义的域名并未按照配置文件中的规则走代理（域名对应的IP为国内阿里云IP），该屏蔽的域名也未屏蔽。

重现方式

局域网内电脑访问自定义的应走代理的域名，仍然是通过直连，未通过代理ip访问。配置文件中定义了屏蔽adobe相关域名，但运行Photoshop仍然会发起连接验证激活请。同样的配置文件，在电脑上直接运行clash for windows ，自定义的DOMAIN-SUFFIX 规则生效。

日志

No response

zhychen1173 commented 5 months ago

我用mihomo做OPNsense的透明代理是配合tun2socks实现的，tun2sock将流量转发到mihomo的socks端口。是不是由于在这样的流程下，mihomo收到的请求都已经是ip了，不是域名了，所以DOMAIN-SUFFIX规则就失效了。如果是这样的话，还有办法让DOMAIN-SUFFIX规则有效吗？

zhychen1173 commented 5 months ago

我之前在OPNsense上装了AdGuardHome做dns，我把AdGuardHome的端口从53改成了其他端口，再把mihomo config.yaml里的dns的端口改成了53，重启OPNsense后，上不了网了。看来想通过mihomo劫持dns的方法解决DOMAIN-SUFFIX规则失效的问题好像行不通？ dns: enable: true listen: 53 ipv6: true enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 default-nameserver:

222.246.129.80
223.5.5.5
8.8.8.8 nameserver:
- https://dns.alidns.com/dns-query
- https://doh.pub/dns-query fallback:
- https://1.0.0.1/dns-query
- tls://dns.google fallback-filter: geoip: true geoip-code: CN ipcidr:
  - 240.0.0.0/4

xishang0128 commented 5 months ago

查看日志/连接,以确保内核收到的是域名

zhychen1173 commented 5 months ago

我之前在OPNsense上装了AdGuardHome做dns，我把AdGuardHome的端口从53改成了其他端口，再把mihomo config.yaml里的dns的端口改成了53，重启OPNsense后，上不了网了。看来想通过mihomo劫持dns的方法解决DOMAIN-SUFFIX规则失效的问题好像行不通？ dns: enable: true listen: 53 ipv6: true enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 default-nameserver: - 222.246.129.80 - 223.5.5.5 - 8.8.8.8 nameserver:

https://dns.alidns.com/dns-query

https://doh.pub/dns-query fallback:

https://1.0.0.1/dns-query

tls://dns.google fallback-filter: geoip: true geoip-code: CN ipcidr:

240.0.0.0/4

我把dns下的listen 的端口号前加了 0.0.0.0: ，端口号改成了非53的端口号。然后把adguardhome的端口号重新设为53，再把adguardhome的上游dns指向了mihomo，如： 127.0..0.1：5353

改完之后，mihomo收到的请求是域名了，不像之前全部是ip，而且 DOMAIN-SUFFIX规则也生效了。

MetaCubeX / mihomo