block client domestic traffic on server side

2025-02-16 07:19:54 +03:00 · 2023-11-15 09:46:06 +03:00 · 2023-11-15 09:46:06 +03:00 · 9cac053bd0
commit 9cac053bd0
parent af6fc7a970
3 changed files with 40 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -57,5 +57,5 @@ Template configs contain comments and links and are good start to find another i
 [XRay config reference](https://xtls.github.io/en/config/) is brilliant and helped me much.

 Configs for [gRPC](https://github.com/XTLS/Xray-examples/tree/main/VLESS-gRPC-REALITY)
-[XTLS](https://github.com/XTLS/Xray-examples/tree/main/VLESS-TCP-XTLS-Vision-REALITY) on which the template configs are based.
+and [XTLS](https://github.com/XTLS/Xray-examples/tree/main/VLESS-TCP-XTLS-Vision-REALITY) on that the template configs are based.

--- a/template_config_client.jsonc
+++ b/template_config_client.jsonc
@ -122,7 +122,7 @@
            // punycode for national Belorussian top-level domain .бел
            "domain:xn--90ais",
            "domain:ir",
-            // extra domains that are used by domestic sites
+            // extra domains that are used by domestic sites, see https://github.com/EvgenyNerush/coherence-grabber/tree/main
            "ext:customgeo.dat:coherence-extra"
        ],
        "outboundTag": "direct"
@ -139,11 +139,8 @@
      },
      {
        "type": "field",
-        "inboundTag": [
-          "api"
-        ],
-        "outboundTag": "api",
-        "enabled": true
+        "protocol": [ "bittorrent" ],
+        "outboundTag": "block"
      }
    ]
  }
--- a/template_config_server.jsonc
+++ b/template_config_server.jsonc
@ -25,6 +25,40 @@
          "geoip:private"
        ],
        "outboundTag": "block"
+      },
+      {
+        "type": "field",
+        "protocol": [ "bittorrent" ],
+        "outboundTag": "block"
+      },
+      // block domestic client traffic if it's coming somehow (e.g. wrong client config)
+      {
+        "type": "field",
+        "domain": [
+            "geosite:cn",
+            "domain:cn",
+            "domain:xn--fiqs8s",
+            "domain:xn--fiqz9s",
+            "domain:xn--55qx5d",
+            "domain:xn--io0a7i",
+            "domain:ru",
+            "domain:xn--p1ai",
+            "domain:by",
+            "domain:xn--90ais",
+            "domain:ir",
+            "ext:customgeo.dat:coherence-extra"
+        ],
+        "outboundTag": "block"
+      },
+      {
+        "type": "field",
+        "ip": [
+            "geoip:cn",
+            "geoip:ru",
+            "geoip:by",
+            "geoip:ir"
+        ],
+        "outboundTag": "block"
      }
    ]
  },
@ -150,10 +184,12 @@
  ],
  // server-side outbound configuration
  "outbounds": [
+    // direct connection
    {
      "protocol": "freedom",
      "tag": "direct"
    },
+    // for that should be blocked
    {
      "protocol": "blackhole",
      "tag": "block"