根据Sukka大佬的教程写的。
[General]
# > ipv6 关闭
ipv6 = false
ipv6-vif = off
# > 日志级别
loglevel = notify
# > 允许WIFI访问
allow-wifi-access = true
# > 启用 Wi-Fi 助手
wifi-assist = true
# > 排除简单主机名
exclude-simple-hostnames = true
# > DNS 服务器
dns-server = system
# > DNS劫持
hijack-dns = 8.8.8.8:53, 8.8.4.4:53
# > 展示错误页面
show-error-page-for-reject = true
# > 从 /etc/hosts 读取 DNS 记录
read-etc-hosts = true
# > 代理测速
internet-test-url = http://www.feishu.cn
# > 直连测速
proxy-test-url = http://1.0.0.1/media/manifest.json
# > 测速时间
test-timeout = 2
# > 跳过代理
skip-proxy = 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 100.64.0.0/10, 162.14.0.0/16, 211.99.96.0/19, 162.159.192.0/24, 162.159.193.0/24, 162.159.195.0/24, fc00::/7, fe80::/10, localhost, *.local, captive.apple.com, passenger.t3go.cn, *.ccb.com, wxh.wo.cn, *.abcchina.com, *.abcchina.com.cn
# > GeoIP数据库
geoip-maxmind-url = https://github.com/Hackl0us/GeoIP2-CN/raw/release/Country.mmdb
# > 当节点不支持UDP时,默认fallback 到reject
udp-policy-not-supported-behaviour = REJECT
[Proxy]
[Proxy Group]
# > 代理
Proxy = select, no-alert=0, hidden=0, include-all-proxies=1
# > 流媒体
Streaming = select, no-alert=0, hidden=0, include-all-proxies=1
# > 电报
Telegram = select, no-alert=0, hidden=0, include-all-proxies=1
# > Sub-Store
Sub-Store = smart, policy-path=xxx, update-interval=0, no-alert=0, hidden=0, include-all-proxies=0, persistent=1
[Rule]
# ## > 域名分流规则
# > 广告拦截 / 隐私保护 / 病毒拦截 / 钓鱼和诈骗域名拦截
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/reject.conf,REJECT-TINYGIF,pre-matching,extended-matching
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/reject_extra.conf,REJECT-TINYGIF,pre-matching,extended-matching
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject.conf,REJECT,pre-matching,extended-matching
# > 其它域名拦截
RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-no-drop.conf,REJECT-NO-DROP,pre-matching,extended-matching
# RULE-SET,https://ruleset.skk.moe/List/non_ip/reject-drop.conf,REJECT-DROP,pre-matching,extended-matching
# > 测速网站及其测速点域名
DOMAIN-SET,https://ruleset.skk.moe/List/domainset/speedtest.conf,Proxy,extended-matching
# > 流媒体域名
RULE-SET,https://ruleset.skk.moe/List/non_ip/stream.conf,Streaming,extended-matching
# 包含 Telegram 及其旗下其他服务(Telegraph)的域名。
RULE-SET,https://ruleset.skk.moe/List/non_ip/telegram.conf,Telegram,extended-matching
# Apple & Microsoft 国内 CDN 域名
RULE-SET,https://ruleset.skk.moe/List/non_ip/apple_cdn.conf,DIRECT
RULE-SET,https://ruleset.skk.moe/List/non_ip/microsoft_cdn.conf,DIRECT
# > Apple CN 域名,云上贵州(icloud.com.cn)和苹果地图国内版等服务的域名,这部分域名需要国内直连访问。
RULE-SET,https://ruleset.skk.moe/List/non_ip/apple_cn.conf,DIRECT
# Google
RULE-SET,https://raw.githubusercontent.com/limxfx/HelloWorld/refs/heads/main/Surge/Ruleset/non_ip/google.list,Streaming,extended-matching
# > 常见海外域名
RULE-SET,https://ruleset.skk.moe/List/non_ip/global.conf,Proxy,extended-matching
# > 国内常见域名
RULE-SET,https://ruleset.skk.moe/List/non_ip/domestic.conf,DIRECT,extended-matching
# >> 常见直连规则列表
RULE-SET,https://ruleset.skk.moe/List/non_ip/direct.conf,DIRECT,extended-matching
# > 内网域名
RULE-SET,https://ruleset.skk.moe/List/non_ip/lan.conf,DIRECT
# ## > IP分流规则
# > 广告拦截 / 隐私保护 / 病毒拦截 / 钓鱼和诈骗域名拦截
RULE-SET,https://ruleset.skk.moe/List/ip/reject.conf,REJECT-DROP
# > 流媒体 IP
RULE-SET,https://ruleset.skk.moe/List/ip/stream.conf,Streaming
# > Telegram IP
RULE-SET,https://ruleset.skk.moe/List/ip/telegram.conf,Telegram
# PROCESS-NAME 本条适用于macOS
PROCESS-NAME,Telegram,REJECT-DROP
# Google
RULE-SET,https://raw.githubusercontent.com/limxfx/HelloWorld/refs/heads/main/Surge/Ruleset/ip/google.list,Streaming
# > 国内 IP 段
RULE-SET,https://ruleset.skk.moe/List/ip/domestic.conf,DIRECT
RULE-SET,https://ruleset.skk.moe/List/ip/china_ip.conf,DIRECT
# > 内网域名
RULE-SET,https://ruleset.skk.moe/List/ip/lan.conf,DIRECT
# >> Local Area Network & GeoIP China
# 以下规则将触发本地 DNS 解析。有上面国内部分规则可以不启用,如果不放心可以自己开启
OR,((RULE-SET,SYSTEM), (RULE-SET,LAN), (GEOIP,CN)),DIRECT
# RULE-SET,SYSTEM,Proxy
# #>> 以下规则将触发本地 DNS 解析。有上面国内部分规则可以不启用,如果不放心可以自己开启
# RULE-SET,LAN,DIRECT
# GEOIP,CN,DIRECT
# > FINAL
FINAL,Proxy,dns-failed
[MITM]