make more strict rules to block torrents

2024-11-21 16:25:23 +03:00 · 2024-01-02 14:20:29 +03:00 · 2024-01-02 14:20:29 +03:00 · 52c35cee6d
commit 52c35cee6d
parent 66d3463f6b
2 changed files with 43 additions and 7 deletions
--- a/template_config_client.jsonc
+++ b/template_config_client.jsonc
@ -87,6 +87,7 @@
  ],
  // client-side outbound configuration
  "outbounds": [
+    // fallback, see `routing` section
    {
      "tag": "proxy",
      "protocol": "vless",
@ -134,6 +135,11 @@
      "tag": "direct",
      "protocol": "freedom",
      "settings": {}
+    },
+    // for that should be blocked
+    {
+      "protocol": "blackhole",
+      "tag": "block"
    }
  ],
  // Forward each inbound connections to corresponding `outboundTag`. If no rules match,
@ -148,6 +154,25 @@
        ],
        "outboundTag": "api"
      },
+      {
+        "type": "field",
+        "protocol": [ "bittorrent" ],
+        "outboundTag": "block"
+      },
+      // block traffic to popular ports of torrent trackers
+      // and to popular ports of torrent clients
+      {
+        "type": "field",
+        "port": "6969,6881-6889",
+        "outboundTag": "block"
+      },
+      // block traffic from popular ports of torrent clients
+      {
+        "type": "field",
+        "sourcePort": "6881-6889",
+        "outboundTag": "block"
+      },
+      // guide domestic sites traffic to `direct` outbound
      {
        "type": "field",
        "domain": [
@ -179,11 +204,6 @@
            "geoip:ir"
        ],
        "outboundTag": "direct"
-      },
-      {
-        "type": "field",
-        "protocol": [ "bittorrent" ],
-        "outboundTag": "block"
      }
    ]
  }
--- a/template_config_server.jsonc
+++ b/template_config_server.jsonc
@ -44,7 +44,6 @@
      },
      {
        "type": "field",
-        "port": "80",
        "network": "udp",
        "outboundTag": "block"
      },
@ -61,21 +60,38 @@
        "protocol": [ "bittorrent" ],
        "outboundTag": "block"
      },
+      // block traffic to popular ports of torrent trackers
+      // and to popular ports of torrent clients
+      {
+        "type": "field",
+        "port": "6969,6881-6889",
+        "outboundTag": "block"
+      },
+      // block traffic from popular ports of torrent clients
+      {
+        "type": "field",
+        "sourcePort": "6881-6889",
+        "outboundTag": "block"
+      },
      // block domestic client traffic if it's coming somehow (e.g. wrong client config)
      {
        "type": "field",
        "domain": [
            "geosite:cn",
            "domain:cn",
+            // punycode for national Chinese top-level domains .中国, .中國, .公司, .网络
            "domain:xn--fiqs8s",
            "domain:xn--fiqz9s",
            "domain:xn--55qx5d",
            "domain:xn--io0a7i",
            "domain:ru",
+            // punycode for cyrillic Russian top-level domain .рф
            "domain:xn--p1ai",
            "domain:by",
+            // punycode for national Belorussian top-level domain .бел
            "domain:xn--90ais",
            "domain:ir",
+            // extra domains that are used by domestic sites, see https://github.com/EvgenyNerush/coherence-grabber/tree/main
            "ext:customgeo.dat:coherence-extra"
        ],
        "outboundTag": "block"
@ -224,7 +240,7 @@
  ],
  // server-side outbound configuration
  "outbounds": [
-    // direct connection
+    // direct connection; fallback, see `routing` section
    {
      "protocol": "freedom",
      "tag": "direct"