search

yichya / luci-app-xray

(Almost) full feature Xray client for OpenWrt
Mozilla Public License 2.0
619 stars 554 forks source link

怎么设置成白名单模式? #312

Closed alfadb closed 11 months ago

alfadb commented 1 year ago

请问怎么设置成白名单模式? 也就是说只有指定域名和IP走代理,其它全部直连。

yichya commented 1 year ago

默认情况下就是这样的。。

alfadb commented 1 year ago

我开了日志看,默认是走代理,一天跑掉20G流量…… 自动生成的/var/etc/xray/config.json里的routing最后几个是这样的:

    {
        "type": "field",
        "inboundTag": [
          "tproxy_tcp_inbound",
          "tproxy_udp_inbound",
          "dns_conf_inbound",
          "socks_inbound",
          "https_inbound",
          "http_inbound"
        ],
        "outboundTag": "direct",
        "ip": ["geoip:private"]
      },
      {
        "type": "field",
        "inboundTag": [
          "tproxy_tcp_inbound",
          "tproxy_udp_inbound",
          "dns_conf_inbound"
        ],
        "outboundTag": "direct",
        "ip": ["geoip:cn"]
      },
      {
        "type": "field",
        "inboundTag": [
          "tproxy_tcp_inbound",
          "dns_conf_inbound",
          "socks_inbound",
          "https_inbound",
          "http_inbound"
        ],
        "outboundTag": "tcp_outbound"
      },
      {
        "type": "field",
        "inboundTag": ["tproxy_udp_inbound"],
        "outboundTag": "udp_outbound"
      },
      {
        "type": "field",
        "inboundTag": [
          "dns_server_inbound_5300",
          "dns_server_inbound_5301",
          "dns_server_inbound_5302",
          "dns_server_inbound_5303"
        ],
        "outboundTag": "dns_server_outbound"
      },
      { "type": "field", "inboundTag": ["api"], "outboundTag": "api" }
hqvv commented 1 year ago

把你的 域名和 ip填在 Forwarded domain rules 和 Forwarded IP 就好了吧 他们分别在 dns setting 和 透明代理 页面

alfadb commented 1 year ago

看这个生成的routing,如果没有匹配到域名或者IP,就会走tcp_outbound,这个指向的是代理 如果默认不走代理,那应该是direct才对

yichya commented 1 year ago

看这个生成的routing,如果没有匹配到域名或者IP,就会走tcp_outbound,这个指向的是代理 如果默认不走代理,那应该是direct才对

呃。你说的这种一般都被称为黑名单。。。这种模式很容易翻车,现在一般没啥人用了,所以没做支持。需要的话可以在 Bypassed 里面写个 0.0.0.0/0 然后把需要转发的 IP 段放到 Forwarded 里面

alfadb commented 1 year ago

看这个生成的routing,如果没有匹配到域名或者IP,就会走tcp_outbound,这个指向的是代理 如果默认不走代理,那应该是direct才对

呃。你说的这种一般都被称为黑名单。。。这种模式很容易翻车,现在一般没啥人用了,所以没做支持。需要的话可以在 Bypassed 里面写个 0.0.0.0/0 然后把需要转发的 IP 段放到 Forwarded 里面

那域名咋搞?比如我只允许google的域名走代理,其它全部直连

yichya commented 1 year ago

那域名咋搞?比如我只允许google的域名走代理,其它全部直连

域名可以试一下开 sniffing 然后 Forwarded 正常写,在 Bypassed 里面写一个 . 看看,不确定行

alfadb commented 1 year ago

那域名咋搞?比如我只允许google的域名走代理,其它全部直连

域名可以试一下开 sniffing 然后 Forwarded 正常写,在 Bypassed 里面写一个 . 看看,不确定行

不行,bypass的rule在forward之前,bypass通配了就到不了forward的rule

yichya commented 1 year ago

可以搭配新版的 FakeDNS 使用这个功能了。