Route Rule
Changes in sing-box 1.11.0
action
outbound
network_type
network_is_expensive
network_is_constrained
Changes in sing-box 1.10.0
client
rule_set_ipcidr_match_source
rule_set_ip_cidr_match_source
process_path_regex
Changes in sing-box 1.8.0
rule_set
rule_set_ipcidr_match_source
source_ip_is_private
ip_is_private
source_geoip
geoip
geosite
Structure
{
"route": {
"rules": [
{
"inbound": [
"mixed-in"
],
"ip_version": 6,
"network": [
"tcp"
],
"auth_user": [
"usera",
"userb"
],
"protocol": [
"tls",
"http",
"quic"
],
"client": [
"chromium",
"safari",
"firefox",
"quic-go"
],
"domain": [
"test.com"
],
"domain_suffix": [
".cn"
],
"domain_keyword": [
"test"
],
"domain_regex": [
"^stun\\..+"
],
"geosite": [
"cn"
],
"source_geoip": [
"private"
],
"geoip": [
"cn"
],
"source_ip_cidr": [
"10.0.0.0/24",
"192.168.0.1"
],
"source_ip_is_private": false,
"ip_cidr": [
"10.0.0.0/24",
"192.168.0.1"
],
"ip_is_private": false,
"source_port": [
12345
],
"source_port_range": [
"1000:2000",
":3000",
"4000:"
],
"port": [
80,
443
],
"port_range": [
"1000:2000",
":3000",
"4000:"
],
"process_name": [
"curl"
],
"process_path": [
"/usr/bin/curl"
],
"process_path_regex": [
"^/usr/bin/.+"
],
"package_name": [
"com.termux"
],
"user": [
"sekai"
],
"user_id": [
1000
],
"clash_mode": "direct",
"network_type": [
"wifi"
],
"network_is_expensive": false,
"network_is_constrained": false,
"wifi_ssid": [
"My WIFI"
],
"wifi_bssid": [
"00:00:00:00:00:00"
],
"rule_set": [
"geoip-cn",
"geosite-cn"
],
// deprecated
"rule_set_ipcidr_match_source": false,
"rule_set_ip_cidr_match_source": false,
"invert": false,
"action": "route",
"outbound": "direct"
},
{
"type": "logical",
"mode": "and",
"rules": [],
"invert": false,
"action": "route",
"outbound": "direct"
}
]
}
}
You can ignore the JSON Array [] tag when the content is only one item
Default Fields
The default rule uses the following matching logic:
(domain || domain_suffix || domain_keyword || domain_regex || geosite || geoip || ip_cidr || ip_is_private) &&
(port || port_range) &&
(source_geoip || source_ip_cidr || source_ip_is_private) &&
(source_port || source_port_range) &&
other fields
Additionally, included rule-sets can be considered merged rather than as a single rule sub-item.
inbound
Tags of Inbound.
ip_version
4 or 6.
Not limited if empty.
auth_user
Username, see each inbound for details.
protocol
Sniffed protocol, see Protocol Sniff for details.
client
Since sing-box 1.10.0
Sniffed client type, see Protocol Sniff for details.
network
tcp or udp.
domain
Match full domain.
domain_suffix
Match domain suffix.
domain_keyword
Match domain using keyword.
domain_regex
Match domain using regular expression.
geosite
Deprecated in sing-box 1.8.0
Geosite is deprecated and will be removed in sing-box 1.12.0, check Migration.
Match geosite.
source_geoip
Deprecated in sing-box 1.8.0
GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.
Match source geoip.
geoip
Deprecated in sing-box 1.8.0
GeoIP is deprecated and will be removed in sing-box 1.12.0, check Migration.
Match geoip.
source_ip_cidr
Match source IP CIDR.
ip_is_private
Since sing-box 1.8.0
Match non-public IP.
ip_cidr
Match IP CIDR.
source_ip_is_private
Since sing-box 1.8.0
Match non-public source IP.
source_port
Match source port.
source_port_range
Match source port range.
port
Match port.
port_range
Match port range.
process_name
Only supported on Linux, Windows, and macOS.
Match process name.
process_path
Only supported on Linux, Windows, and macOS.
Match process path.
process_path_regex
Since sing-box 1.10.0
Only supported on Linux, Windows, and macOS.
Match process path using regular expression.
package_name
Match android package name.
user
Only supported on Linux.
Match user name.
user_id
Only supported on Linux.
Match user id.
clash_mode
Match Clash mode.
network_type
Since sing-box 1.11.0
Only supported in graphical clients on Android and Apple platforms.
Match network type.
Available values: wifi, cellular, ethernet and other.
network_is_expensive
Since sing-box 1.11.0
Only supported in graphical clients on Android and Apple platforms.
Match if network is considered Metered (on Android) or considered expensive, such as Cellular or a Personal Hotspot (on Apple platforms).
network_is_constrained
Since sing-box 1.11.0
Only supported in graphical clients on Apple platforms.
Match if network is in Low Data Mode.
wifi_ssid
Only supported in graphical clients on Android and Apple platforms.
Match WiFi SSID.
wifi_bssid
Only supported in graphical clients on Android and Apple platforms.
Match WiFi BSSID.
rule_set
Since sing-box 1.8.0
Match rule-set.
rule_set_ipcidr_match_source
Since sing-box 1.8.0
Deprecated in sing-box 1.10.0
rule_set_ipcidr_match_source is renamed to rule_set_ip_cidr_match_source and will be remove in sing-box 1.11.0.
Make ip_cidr in rule-sets match the source IP.
rule_set_ip_cidr_match_source
Since sing-box 1.10.0
Make ip_cidr in rule-sets match the source IP.
invert
Invert match result.
action
Required
See Rule Actions for details.
outbound
Deprecated in sing-box 1.11.0
Moved to Rule Action.
Logical Fields
type
logical
mode
Required
and or or
rules
Required
Included rules.