block client domestic traffic on server side

2025-12-13 21:35:03 +03:00 · 2023-11-15 09:46:06 +03:00
parent af6fc7a970
commit 9cac053bd0
3 changed files with 40 additions and 7 deletions
--- a/template_config_server.jsonc
+++ b/template_config_server.jsonc
@@ -25,6 +25,40 @@
          "geoip:private"
        ],
        "outboundTag": "block"
+      },
+      {
+        "type": "field",
+        "protocol": [ "bittorrent" ],
+        "outboundTag": "block"
+      },
+      // block domestic client traffic if it's coming somehow (e.g. wrong client config)
+      {
+        "type": "field",
+        "domain": [
+            "geosite:cn",
+            "domain:cn",
+            "domain:xn--fiqs8s",
+            "domain:xn--fiqz9s",
+            "domain:xn--55qx5d",
+            "domain:xn--io0a7i",
+            "domain:ru",
+            "domain:xn--p1ai",
+            "domain:by",
+            "domain:xn--90ais",
+            "domain:ir",
+            "ext:customgeo.dat:coherence-extra"
+        ],
+        "outboundTag": "block"
+      },
+      {
+        "type": "field",
+        "ip": [
+            "geoip:cn",
+            "geoip:ru",
+            "geoip:by",
+            "geoip:ir"
+        ],
+        "outboundTag": "block"
      }
    ]
  },
@@ -150,10 +184,12 @@
  ],
  // server-side outbound configuration
  "outbounds": [
+    // direct connection
    {
      "protocol": "freedom",
      "tag": "direct"
    },
+    // for that should be blocked
    {
      "protocol": "blackhole",
      "tag": "block"