Skip to content

IP Route Rule

Structure

{
  "route": {
    "ip_rules": [
      {
        "inbound": [
          "mixed-in"
        ],
        "ip_version": 6,
        "network": [
          "tcp"
        ],
        "domain": [
          "test.com"
        ],
        "domain_suffix": [
          ".cn"
        ],
        "domain_keyword": [
          "test"
        ],
        "domain_regex": [
          "^stun\\..+"
        ],
        "geosite": [
          "cn"
        ],
        "source_geoip": [
          "private"
        ],
        "geoip": [
          "cn"
        ],
        "source_ip_cidr": [
          "10.0.0.0/24",
          "192.168.0.1"
        ],
        "ip_cidr": [
          "10.0.0.0/24",
          "192.168.0.1"
        ],
        "source_port": [
          12345
        ],
        "source_port_range": [
          "1000:2000",
          ":3000",
          "4000:"
        ],
        "port": [
          80,
          443
        ],
        "port_range": [
          "1000:2000",
          ":3000",
          "4000:"
        ],
        "invert": false,
        "action": "direct",
        "outbound": "wireguard"
      },
      {
        "type": "logical",
        "mode": "and",
        "rules": [],
        "invert": false,
        "action": "direct",
        "outbound": "wireguard"
      }
    ]
  }
}

You can ignore the JSON Array [] tag when the content is only one item

Default Fields

The default rule uses the following matching logic:
(domain || domain_suffix || domain_keyword || domain_regex || geosite || geoip || ip_cidr) &&
(port || port_range) &&
(source_geoip || source_ip_cidr) &&
(source_port || source_port_range) &&
other fields

inbound

Tags of Inbound.

ip_version

4 or 6.

Not limited if empty.

network

Match network protocol.

Available values:

  • tcp
  • udp
  • icmpv4
  • icmpv6

domain

Match full domain.

domain_suffix

Match domain suffix.

domain_keyword

Match domain using keyword.

domain_regex

Match domain using regular expression.

geosite

Match geosite.

source_geoip

Match source geoip.

geoip

Match geoip.

source_ip_cidr

Match source ip cidr.

ip_cidr

Match ip cidr.

source_port

Match source port.

source_port_range

Match source port range.

port

Match port.

port_range

Match port range.

invert

Invert match result.

action

Required

Action Description
return Stop IP routing and assemble the connection to the transport layer
block Block the connection
direct Directly forward the connection

outbound

Required if action is direct

Tag of the target outbound.

Only outbound which supports IP connection can be used, see Outbounds that support IP connection.

Logical Fields

type

logical

mode

Required

and or or

rules

Required

Included default rules.