From d41b4d031a489bfff31af2a70c77b9e158440d87 Mon Sep 17 00:00:00 2001 From: SukkaW Date: Wed, 20 Dec 2023 12:06:11 +0800 Subject: [PATCH] Update `sukka_always_real_ip.sgmodule`, add `lan.conf` --- Modules/Game_Console_SNAT.sgmodule | 2 +- Modules/sukka_common_always_realip.sgmodule | 2 +- Modules/sukka_fix_network_alert.sgmodule | 2 +- Source/non_ip/lan.conf | 41 +++++++++ Source/non_ip/my_reject.conf | 94 +++++++++++++++++++++ 5 files changed, 138 insertions(+), 3 deletions(-) create mode 100644 Source/non_ip/lan.conf diff --git a/Modules/Game_Console_SNAT.sgmodule b/Modules/Game_Console_SNAT.sgmodule index 2fb24e3b..8e809b11 100644 --- a/Modules/Game_Console_SNAT.sgmodule +++ b/Modules/Game_Console_SNAT.sgmodule @@ -1,5 +1,5 @@ #!name=Game Console SNAT -#!desc=Let Surge handle SNAT conversation properly for PlayStation, Xbox, and Nintendo Switch. Only useful if Surge Mac acts the router for these devices. +#!desc=Deprecated, use https://ruleset.skk.moe/Modules/sukka_common_always_realip.sgmodule instead. #!system=mac [General] diff --git a/Modules/sukka_common_always_realip.sgmodule b/Modules/sukka_common_always_realip.sgmodule index 6f781845..1ace307e 100644 --- a/Modules/sukka_common_always_realip.sgmodule +++ b/Modules/sukka_common_always_realip.sgmodule @@ -2,4 +2,4 @@ #!system=mac [General] -always-real-ip = %APPEND% *.linksys.com, *.linksyssmartwifi.com, time.*.com, time.*.gov, time.*.edu.cn, time.*.apple.com, time1.*.com, time2.*.com, time3.*.com, time4.*.com, time5.*.com, time6.*.com, time7.*.com, time8.*.com, time9.*.com, ntp.*.com, ntp1.*.com, ntp2.*.com, ntp3.*.com, ntp4.*.com, ntp5.*.com, ntp6.*.com, ntp7.*.com, time1.*.com, time2.*.com, time3.*.com, time4.*.com, time5.*.com, time6.*.com, time7.*.com, time8.*.com, time9.*.com, *.time.edu.cn, *.ntp.org.cn, *.pool.ntp.org, time1.cloud.tencent.com, localhost.ptlogin2.qq.com, stun.*.*, stun.*.*.*, local.adguard.org, *.lan, *.localdomain, *.localhost, *.home.arpa +always-real-ip = %APPEND%, *.msftncsi.com, *.msftconnecttest.com, network-test.debian.org, detectportal.firefox.com, resolver1.opendns.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.linksys.com, *.linksyssmartwifi.com, time.*.com, time.*.gov, time.*.edu.cn, time.*.apple.com, time1.*.com, time2.*.com, time3.*.com, time4.*.com, time5.*.com, time6.*.com, time7.*.com, time8.*.com, time9.*.com, ntp.*.com, ntp1.*.com, ntp2.*.com, ntp3.*.com, ntp4.*.com, ntp5.*.com, ntp6.*.com, ntp7.*.com, time1.*.com, time2.*.com, time3.*.com, time4.*.com, time5.*.com, time6.*.com, time7.*.com, time8.*.com, time9.*.com, *.time.edu.cn, *.ntp.org.cn, *.pool.ntp.org, time1.cloud.tencent.com, localhost.ptlogin2.qq.com, localhost.sec.qq.com, localhost.work.weixin.qq.com, stun.*.*, stun.*.*.*, local.adguard.org, injections.adguard.org, *.cmpassport.com, *.id6.me, open.e.189.cn, mdn.open.wo.cn, opencloud.wostore.cn, auth.wosms.cn, *.turn.twilio.com, *.stun.twilio.com, *.lan, *.localdomain, *.localhost, *.home.arpa diff --git a/Modules/sukka_fix_network_alert.sgmodule b/Modules/sukka_fix_network_alert.sgmodule index a555cc51..b1243917 100644 --- a/Modules/sukka_fix_network_alert.sgmodule +++ b/Modules/sukka_fix_network_alert.sgmodule @@ -1,5 +1,5 @@ #!name=[Sukka] Fix No Network Alert Plus -#!desc=Windows / Firefox / Some linux system depends on the DNS resolution result to determine the network availability. Use Surge as the gateway will break the behavior. Turn on this module to fix it. +#!desc=Deprecated, use https://ruleset.skk.moe/Modules/sukka_common_always_realip.sgmodule instead. #!system=mac [General] diff --git a/Source/non_ip/lan.conf b/Source/non_ip/lan.conf new file mode 100644 index 00000000..a7dba75b --- /dev/null +++ b/Source/non_ip/lan.conf @@ -0,0 +1,41 @@ +# $ meta_title Sukka's Ruleset - LAN +# $ meta_description Includes rules for LAN IP addresses and .local suffix. + +# Add DOMAIN-SUFFIX here anyway, since they always require DNS lookup. +DOMAIN-SUFFIX,local + +# AS112 +# List from https://blog.cloudflare.com/the-as112-project/ +DOMAIN-SUFFIX,home.arpa +DOMAIN-SUFFIX,10.in-addr.arpa +DOMAIN-SUFFIX,16.172.in-addr.arpa +DOMAIN-SUFFIX,17.172.in-addr.arpa +DOMAIN-SUFFIX,18.172.in-addr.arpa +DOMAIN-SUFFIX,19.172.in-addr.arpa +DOMAIN-SUFFIX,20.172.in-addr.arpa +DOMAIN-SUFFIX,21.172.in-addr.arpa +DOMAIN-SUFFIX,22.172.in-addr.arpa +DOMAIN-SUFFIX,23.172.in-addr.arpa +DOMAIN-SUFFIX,24.172.in-addr.arpa +DOMAIN-SUFFIX,25.172.in-addr.arpa +DOMAIN-SUFFIX,26.172.in-addr.arpa +DOMAIN-SUFFIX,27.172.in-addr.arpa +DOMAIN-SUFFIX,28.172.in-addr.arpa +DOMAIN-SUFFIX,29.172.in-addr.arpa +DOMAIN-SUFFIX,30.172.in-addr.arpa +DOMAIN-SUFFIX,31.172.in-addr.arpa +DOMAIN-SUFFIX,168.192.in-addr.arpa +DOMAIN-SUFFIX,254.169.in-addr.arpa + +# Reserved IP addresses +IP-CIDR,0.0.0.0/8 +IP-CIDR,10.0.0.0/8 +IP-CIDR,100.64.0.0/10 +IP-CIDR,127.0.0.0/8 +IP-CIDR,172.16.0.0/12 +IP-CIDR,169.254.0.0/16 +IP-CIDR,192.168.0.0/16 +IP-CIDR,224.0.0.0/4 +IP-CIDR6,::1/128 +IP-CIDR6,fc00::/7 +IP-CIDR6,fe80::/10 diff --git a/Source/non_ip/my_reject.conf b/Source/non_ip/my_reject.conf index 242df6de..a7275e62 100644 --- a/Source/non_ip/my_reject.conf +++ b/Source/non_ip/my_reject.conf @@ -28,3 +28,97 @@ PROCESS-NAME,LemonService # >> Windows Update Delivery Optimization (WUDO) use 7680 port DEST-PORT,7680 + +# >> HTTPDNS + +# Aliyun +DOMAIN,httpdns-api.aliyuncs.com +DOMAIN,httpdns-sc.aliyuncs.com +# refer: http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/pdf/httpdns-api-reference-cn-zh-2016-05-12.pdf +# refer: http://docs-aliyun.cn-hangzhou.oss.aliyun-inc.com/pdf/httpdns-product-introduction-cn-zh-2017-05-24.pdf +# refer: https://help.aliyun.com/document_detail/435282.html +# refer: https://alidocs.dingtalk.com/i/p/Y7kmbokZp3pgGLq2/docs/lo1YvX0prG98kvEewqNyJPw7xzbmLdEZ +IP-CIDR,203.107.1.0/24,no-resolve + +# Baidu +DOMAIN,httpsdns.baidu.com +DOMAIN,httpdns.baidu.com +# refer: https://bce-cdn.bj.bcebos.com/p3m/pdf/bce-doc/online/HTTPDNS/HTTPDNS.pdf +DOMAIN,httpdns.baidubce.com +IP-CIDR,186.76.76.200/32,no-resolve + +# Bilibili +DOMAIN,httpdns.bilivideo.com + +# Huawei +DOMAIN,httpdns.c.cdnhwc2.com + +# JD +DOMAIN,dns.jd.com +IP-CIDR,101.124.19.122/32,no-resolve +IP-CIDR6,2402:db40:5100:1011::5/128,no-resolve + +# JD Cloud +# refer: https://docs.jdcloud.com/cn/jd-cloud-dns/HTTPDNS +# refer: https://docs.jdcloud.com/cn/httpdns/interface-specification +IP-CIDR,103.224.222.208/32,no-resolve + +# Meituan +DOMAIN,httpdns.meituan.com +DOMAIN,httpdnsvip.meituan.com + +# NetEase +# refer: https://lbs.netease.im/lbs/conf.jsp +DOMAIN,httpdns.n.netease.com +DOMAIN,httpdns.music.163.com +DOMAIN,music.httpdns.c.163.com +DOMAIN,lofter.httpdns.c.163.com +IP-CIDR,59.111.239.61/32,no-resolve +IP-CIDR,59.111.239.62/32,no-resolve +IP-CIDR,115.236.121.51/32,no-resolve +IP-CIDR,115.236.121.195/32,no-resolve + +# Oppo +DOMAIN,httpdns.push.oppomobile.com + +# Sina +# refer: https://github.com/CNSRE/HTTPDNSLib + +# Tencent Cloud +# refer:https://cloud.tencent.com/document/product/379/95497 +DOMAIN-SUFFIX,httpdns.pro +IP-CIDR,119.29.29.98/32,no-resolve +IP-CIDR,119.29.29.99/32,no-resolve + +# Volcengine +# refer: https://www.volcengine.com/docs/6758/174756 +DOMAIN,httpdns.volcengineapi.com + +# Weibo +DOMAIN,dns.weibo.cn +IP-CIDR,39.97.128.148/32,no-resolve +IP-CIDR,39.97.130.51/32,no-resolve + +# Weixin +# refer: http://dns.weixin.qq.com/cgi-bin/micromsg-bin/newgetdns +# refer: https://developers.weixin.qq.com/doc/oplatform/Third-party_Platforms/Mini_Programs/HTTPDNS.html +DOMAIN,dns.weixin.qq.com +DOMAIN,dns.weixin.qq.com.cn +IP-CIDR,42.81.232.18/32,no-resolve +IP-CIDR,42.187.182.106/32,no-resolve +IP-CIDR,42.187.182.123/32,no-resolve +IP-CIDR,42.187.184.154/32,no-resolve +IP-CIDR,123.151.54.50/32,no-resolve +IP-CIDR6,2402:4e00:1900:1700:0:9554:1ad9:c3a/128,no-resolve +IP-CIDR6,240e:928:1400:10::25/128,no-resolve + +# Wework +# refer: https://res.mail.qq.com/zh_CN/wework_ip/latest.html +IP-CIDR,182.254.116.117/32,no-resolve +IP-CIDR,182.254.118.119/32,no-resolve + +# Zhihu +# refer: https://github.com/lwd-temp/anti-ip-attribution/issues/24 +IP-CIDR,118.89.204.198/23,no-resolve +IP-CIDR6,2402:4e00:1200:ed00:0:9089:6dac:96b6/128,no-resolve +