mixed-port: 7890
allow-lan: true
mode: rule
log-level: info

# --- DNS ---
dns:
    enable: true
    ipv6: false
    default-nameserver: [223.5.5.5, 119.29.29.29]
    enhanced-mode: fake-ip
    fake-ip-range: 198.18.0.1/16
    use-hosts: true
    nameserver: ['https://doh.pub/dns-query', 'https://dns.alidns.com/dns-query']
    fallback: ['https://doh.dns.sb/dns-query', 'https://dns.cloudflare.com/dns-query', 'https://dns.twnic.tw/dns-query', 'tls://8.8.4.4:853']
    fallback-filter: { geoip: true, ipcidr: [240.0.0.0/4, 0.0.0.0/32] }

# --- 出站节点 ---
proxies:
  - name: "hysteria-home"
    type: hysteria2
    server: blogv2.psychap.com
    port: 443
    ports: 443
    password: Yzt_1024
    up: "60 Mbps"
    down: "200 Mbps"

# --- 代理分组 ---
proxy-groups:
  - name: Proxy
    type: select
    proxies:
      - "hysteria-home"
      - DIRECT

# --- 规则集合 ---
rule-providers:
  anti-ad:
    type: http
    behavior: domain
    format: yaml
    url: "https://raw.githubusercontent.com/privacy-protection-tools/anti-AD/master/anti-ad-clash.yaml?"
    path: ./rule_provider/anti-ad.yaml
    interval: 86400
  anti-ad-white:
    type: http
    behavior: domain
    format: yaml
    url: "https://raw.githubusercontent.com/privacy-protection-tools/dead-horse/master/anti-ad-white-for-clash.yaml?"
    path: ./rule_provider/anti-ad-white.yaml
    interval: 86400

# --- 路由规则 ---
rules:
  # 广告拦截：在黑名单但不在白名单的域名拒绝访问:contentReference[oaicite:11]{index=11}
  - AND,((RULE-SET,anti-ad),(NOT,((RULE-SET,anti-ad-white)))),REJECT
  # 国内白名单：国内 IP 与域名直连:contentReference[oaicite:12]{index=12}
  - GEOIP,CN,DIRECT
  - GEOSITE,cn,DIRECT
  # 默认：其余流量走代理
  - MATCH,Proxy