- Transparent proxy based on TUN.
- Optional HTTP/Socks5 inbound for better speed.
- HTTP CONNECT (support auth).
- Socks5 TCP & UDP (support auth).
- Shadowsocks TCP & UDP.
- Trojan TCP & UDP (support websocket and skipping certificate verification).
- Wireguard TCP & UDP (single endpoint only).
- Outbound chaining
- Local interface binding
- DNS-over-TLS, DNS-over-HTTPS.
- Preconfigured DoT/DoH configuration (inherit from trust-dns).
- DOMAIN
- DOMAIN-SUFFIX
- DOMAIN-KEYWORD
- IP-CIDR
- SRC-PORT
- DST-PORT
- GEOIP
- ASN
- PROCESS-PATH
- PROCESS-KEYWORD
- PROC-PATH-KEYWORD (keyword matching for the path of process)
- PROC-CMD-REGEX (matching for the command, e.g. '/usr/bin/python3 /tmp/example.py')
- AND
- OR
- NOT
- ACTION-LOCAL-RESOLVE (resolve the domain name of connection with local DNS)
Almost the same as what in Clash. Example:
payload:
- DOMAIN-SUFFIX, google.com
- Rewrite URL
- Use 302/404 etc. to redirect/block specific URL
- Rewrite header part of HTTP request/response
- Record packets for further analysis
- Enable via
web-controller
field - CORS list configuration
- See RESTful.md.
- Dump connection logs & intercepted data to sqlite
- Configure url of latency test by
speedtest-url
field