-
Notifications
You must be signed in to change notification settings - Fork 0
/
ruleset_simple.lua
80 lines (69 loc) · 2.9 KB
/
ruleset_simple.lua
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
-- [[ ruleset_simple.lua: simple rule table example ]] --
_G.libruleset = require("libruleset")
-- [[ configurations ]] --
-- 1. _G.redirect*: handle requests as a string
-- in {matcher, action, optional log tag}
-- matching stops after a match is found
-- _G.redirect_name: handle domain name requests in "host:port"
_G.redirect_name = {
-- access mDNS sites directly
{ match.domain(".local"), rule.direct() },
-- loopback
{ match.exact("server.lan:22"), rule.redirect("127.0.0.1:22"), "ssh" },
{ match.exact("server.lan:80"), rule.redirect("127.0.0.1:80"), "web" },
{ match.exact("server.lan:443"), rule.reject(), "web" },
-- self assignment
{ match.host("server.lan"), rule.redirect("127.0.0.1:"), "localhost" },
-- dynamically loaded big domains list
{ composite.maybe(_G, "biglist_name"), rule.proxy("socks4a://proxy.lan:1080"), "biglist" },
-- if in _G.hosts, go to _G.route/_G.route6
-- otherwise, go to _G.route_default
}
-- _G.redirect: handle IPv4 requests in "ip:port"
_G.redirect = {
-- redirect TCP DNS to local cache
{ match.exact("1.1.1.1:53"), rule.redirect("127.0.0.53:53") },
{ match.exact("1.0.0.1:53"), rule.redirect("127.0.0.53:53") },
-- go to _G.route
}
-- _G.redirect6: handle IPv6 requests in "[ipv6]:port"
_G.redirect6 = {
-- redirect TCP DNS to local cache
{ match.port(53), rule.redirect("127.0.0.53:53") },
-- go to _G.route6
}
-- 2. _G.hosts: map unmatched hosts
_G.hosts = {
["site1.lan"] = "192.168.1.100",
}
-- 3. _G.route*: Handle requests by IP address (to match subnet efficiently)
_G.route = {
-- reject loopback or link-local
{ inet.subnet("127.0.0.0/8"), rule.reject() },
{ inet.subnet("169.254.0.0/16"), rule.reject() },
-- access lan addresses directly
{ inet.subnet("192.168.0.0/16"), rule.direct(), "lan" },
-- dynamically loaded big IP ranges list
{ composite.maybe(_G, "biglist"), rule.direct(), "biglist" },
-- go to _G.route_default
}
_G.route6 = {
-- reject loopback or link-local
{ inet6.subnet("::1/128"), rule.reject() },
{ inet6.subnet("fe80::/10"), rule.reject() },
{ inet6.subnet("::ffff:127.0.0.0/104"), rule.reject() },
{ inet6.subnet("::ffff:169.254.0.0/112"), rule.reject() },
-- dynamically loaded big IP ranges list
{ composite.maybe(_G, "biglist6"), rule.direct(), "biglist" },
-- go to _G.route_default
}
-- 4. the global default applies to all unmatched requests
-- in {action, optional log tag}
_G.route_default = { rule.proxy("socks5://user:[email protected]:1080"), "wan" }
local function main(...)
pcall(collectgarbage, "generational")
neosocksd.setinterval(60.0)
return _G.libruleset
end
evlogf("ruleset loaded, interpreter: %s", _VERSION)
return main(...)