Home Explore Help
Register Sign In
Apq
/
sing-box
mirror of https://github.com/SagerNet/sing-box.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 9bca5a517f
Branches Tags
sing-box
/
docs
/
configuration
/
dns
/
rule.md

rule.md 3.8 KB
History Raw

Structure

{
  "dns": {
    "rules": [
      {
        "inbound": [
          "mixed-in"
        ],
        "ip_version": 6,
        "query_type": [
          "A",
          "HTTPS",
          32768
        ],
        "network": "tcp",
        "auth_user": [
          "usera",
          "userb"
        ],
        "protocol": [
          "tls",
          "http",
          "quic"
        ],
        "domain": [
          "test.com"
        ],
        "domain_suffix": [
          ".cn"
        ],
        "domain_keyword": [
          "test"
        ],
        "domain_regex": [
          "^stun\\..+"
        ],
        "geosite": [
          "cn"
        ],
        "source_geoip": [
          "private"
        ],
        "source_ip_cidr": [
          "10.0.0.0/24",
          "192.168.0.1"
        ],
        "source_port": [
          12345
        ],
        "source_port_range": [
          "1000:2000",
          ":3000",
          "4000:"
        ],
        "port": [
          80,
          443
        ],
        "port_range": [
          "1000:2000",
          ":3000",
          "4000:"
        ],
        "process_name": [
          "curl"
        ],
        "process_path": [
          "/usr/bin/curl"
        ],
        "package_name": [
          "com.termux"
        ],
        "user": [
          "sekai"
        ],
        "user_id": [
          1000
        ],
        "clash_mode": "direct",
        "invert": false,
        "outbound": [
          "direct"
        ],
        "server": "local",
        "disable_cache": false,
        "rewrite_ttl": 100
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [],
        "server": "local",
        "disable_cache": false,
        "rewrite_ttl": 100
      }
    ]
  }
}

!!! note ""

You can ignore the JSON Array [] tag when the content is only one item

Default Fields

!!! note ""

The default rule uses the following matching logic:  
(`domain` || `domain_suffix` || `domain_keyword` || `domain_regex` || `geosite`) &&  
(`port` || `port_range`) &&  
(`source_geoip` || `source_ip_cidr`) &&  
(`source_port` || `source_port_range`) &&  
`other fields`

inbound

Tags of Inbound.

ip_version

4 (A DNS query) or 6 (AAAA DNS query).

Not limited if empty.

query_type

DNS query type. Values can be integers or type name strings.

network

tcp or udp.

auth_user

Username, see each inbound for details.

protocol

Sniffed protocol, see Sniff for details.

domain

Match full domain.

domain_suffix

Match domain suffix.

domain_keyword

Match domain using keyword.

domain_regex

Match domain using regular expression.

geosite

Match geosite.

source_geoip

Match source geoip.

source_ip_cidr

Match source ip cidr.

source_port

Match source port.

source_port_range

Match source port range.

port

Match port.

port_range

Match port range.

process_name

!!! error ""

Only supported on Linux, Windows, and macOS.

Match process name.

process_path

!!! error ""

Only supported on Linux, Windows, and macOS.

Match process path.

package_name

Match android package name.

user

!!! error ""

Only supported on Linux.

Match user name.

user_id

!!! error ""

Only supported on Linux.

Match user id.

clash_mode

Match Clash mode.

invert

Invert match result.

outbound

Match outbound.

any can be used as a value to match any outbound.

server

==Required==

Tag of the target dns server.

disable_cache

Disable cache and save cache in this query.

rewrite_ttl

Rewrite TTL in DNS responses.

Logical Fields

type

logical

mode

and or or

rules

Included default rules.