机场常见审计规则
- 科普
- 2023-03-29
- 10热度
- 0评论
机场审计规则,基本机场都会上审计,比如 BT、迅雷:是因为版权,Spam 是避免滥发邮件,屏蔽轮子网站是因为轮系媒体是被重点关注的网站,屏蔽了避免客户被钓鱼抓拖累机场主。360 会上报机场 ip;
本人 Telegram 电报频道:科学上网观察与机场测速频道:最新机场推荐与机场评测,掌握最新机场优惠折扣通知,最新科学上网相关新闻与消息,各种想法等,欢迎关注。
机场常见审计规则说明
禁止 BT 禁用 BT 防止版权争议
BitTorrent protocol
禁止 BT2 禁用 BT 防止版权争议
(torrent|.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php\?passkey=)
屏蔽轮子网站
(.*.||)(dafahao|mingjinglive|chinaaid|botanwang|xinsheng|rfi|breakgfw|chengmingmag|jinpianwang|xizang-zhiye|qi-gong|voachinese|mhradio|rfa|edoors|renminbao|soundofhope|zhengjian|minghui|dongtaiwang|epochtimes|ntdtv|falundafa|wujieliulan|aboluowang|bannedbook|secretchina|dajiyuan|boxun|chinadigitaltimes|huaglad|dwnews|creaders|oneplusnews|talk.news.pts.org|zhuichaguoji|efcc.org|cyberpolice|tuidang|nytimes|falunaz|mingjingnews|inmediahk|falungong|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)
屏蔽 Spam 邮箱
(^.*@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)
屏蔽迅雷 禁用 BT 防止版权争议
(.?)(xunlei|sandai|Thunder|XLLiveUD)(.)
禁止百度高精度定位 ,防止 IP 与客户端地理位置被记录
(api|ps|sv|offnavi|newvector|ulog.imap|newloc)(.map|).(baidu|n.shifen).com
禁止 360 有毒服务 屏蔽 360
(.+.|^)(360|so).(cn|com)
禁止 邮件滥发 防止垃圾邮件滥用
(Subject|HELO|SMTP)
屏蔽金山毒霸 防止服务器检测
(.*.||)(rising|kingsoft|duba|xindubawukong|jinshanduba).(com|net|org)
HKTS
(.*.||)(netvigator|torproject).(com|cn|net|org) 数据包明文匹配
恶俗维基 会喝茶
.esu.wiki. 数据包明文匹配
国内政府网站
(.*.||)(gov|12377|12315|110.qq|12321|12388).(cn|com|net|gov.cn)
国内银行
(.*.||)(bank|icbc|ccb|abchina|boc|cmbchina|psbc|cib|cmbc|pingan|hxb|cgbchina|jsbchina|nbcb|njcb|cqrcb|srcb|cbhb|csbchina|gdrcb|bjrcb|xib|tccb|hrbb|cdrcb|szrcb|klb|sdb|bosc|tjrcb|qrcb|qlbchina|hkbchina|nhrcb|wzcb|czcb|msbc|fdb|bob|csccb|whccb|cnbhx|xsrcb|nyyb|cq3q|fsny).(cn|com|com.cn)
社交媒体
(.*.||)(weibo|douban|xiaohongshu|douyin).(cn|com|com.cn|net)
外汇交易
(.*.||)(metatrader4|metatrader5|mql5).(org|com|net)
点卡网站
(..||)(gash).(com|tw)
(..||)(mycard).(com|tw)
机场审计列表:
(.*\.||)(dafahao|mingjinglive|chinaaid|botanwang|xinsheng|rfi|breakgfw|chengmingmag|jinpianwang|xizang-zhiye|breakgfw|qi-gong|voachinese|mhradio|rfa|edoors|edoors|renminbao|soundofhope|zhengjian|dafahao|minghui|dongtaiwang|epochtimes|ntdtv|falundafa|wujieliulan|aboluowang|bannedbook|secretchina|dajiyuan|boxun|chinadigitaltimes|huaglad|dwnews|creaders|oneplusnews|rfa)\.(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)
(.*\.||)(gov|12377|12315|talk.news.pts.org|creaders|zhuichaguoji|efcc.org|cyberpolice|aboluowang|tuidang|epochtimes|nytimes|dafahao|falundafa|minghui|falunaz|zhengjian|110.qq|mingjingnews|inmediahk|xinsheng|bannedbook|ntdtv|falungong|12321|secretchina|epochweekly|cn.rfi)\.(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)
BitTorrent protocol
Private Tracker protocol
(.*.||)(gov|12377|12315|talk.news.pts.org|creaders|zhuichaguoji|efcc.org|cyberpolice|aboluowang|tuidang|epochtimes|nytimes|zhengjian|110.qq|mingjingnews|inmediahk|xinsheng|bannedbook|ntdtv|12321|secretchina|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk)
(torrent|\.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce\.php\?passkey=)
(.?)(xunlei|sandai|Thunder|XLLiveUD)(.)
(.*\.||)(gash)\.(com|tw)
(.*\.||)(mycard)\.(com|tw)
(.+\.|^)(360|so)\.(cn|com)
(\.guanjia\.qq\.com|qqpcmgr|QQPCMGR)
(api|ps|sv|offnavi|newvector|ulog\.imap|newloc)(\.map|)\.(baidu|n\.shifen)\.com
(^.*@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)
(.*\.||)(gash)\.(com|tw)
(.*\.||)(mycard)\.(com|tw)
(.*\.||)(taobao)\.(com)
(.*\.||)(metatrader4|metatrader5|mql5)\.(org|com|net)
(.*\.||)(rising|kingsoft|duba|xindubawukong|jinshanduba)\.(com|net|org)
``v2board 对接 soga
regexp:(api|ps|sv|offnavi|newvector|ulog.imap|newloc)(.map|).(baidu|n.shifen).com
regexp:(.*.)(^360|0360|1360|3600|360safe|qhimg|qhmsg|^yunpan|qihoo|qhcdn|qhupdate|360totalsecurity|360shouji|qihucdn|360kan|secmp).(cn|com|net)
regexp:(Subject|HELO|SMTP)
regexp:(torrent|.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=)
regexp:(^.@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)
regexp:(.?)(xunlei|sandai|Thunder|XLLiveUD)(.)
regexp:(..||)(dafahao|mingjinglive|botanwang|minghui|dongtaiwang|falunaz|epochtimes|ntdtv|falundafa|falungong|wujieliulan|zhengjian).(org|com|net)
regexp:(ed2k|.torrent|peer_id=|announce|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=|magnet:|xunlei|sandai|Thunder|XLLiveUD|bt_key)
regexp:(.+.|^)(360|speedtest|fast).(cn|com|net)
regexp:(.*.||)(guanjia.qq.com|qqpcmgr|QQPCMGR)
regexp:(.*.||)(rising|kingsoft|duba|xindubawukong|jinshanduba).(com|net|org)
regexp:(.*.||)(netvigator|torproject).(com|cn|net|org)
regexp:(..||)(visa|mycard|mastercard|gash|beanfun).
regexp:(.*.||)(gov|12377|12315|talk.news.pts.org|creaders|zhuichaguoji|efcc.org|cyberpolice|aboluowang|tuidang|epochtimes|110.qq|mingjingnews|newhighlandvision|inmediahk|xinsheng|breakgfw|chengmingmag|jinpianwang|qi-gong|mhradio|edoors|renminbao|soundofhope|xizang-zhiye|bannedbook|ntdtv|12321|secretchina|dajiyuan|boxun|dwnews|huaglad|oneplusnews|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)
regexp:(.*.||)(miaozhen|cnzz|talkingdata|umeng).(cn|com)
regexp:(.*.||)(mycard).(com|tw)
regexp:(.*.||)(gash).(com|tw)
regexp:(.*.||)(pincong).(rocks)
regexp:(.*.||)(taobao).(com)
regexp:(.*.)(tcbox|wappass|tieba|nsclick|sofire|gips0|afd|als|hmma|info|bgg|mbd|afdconf|).(tuisong|baidu|bdstatic).(cn|com|net)
regexp:(.+.|^)(zhuanzhuan|pinduoduo|kskwai|kwaizt|gifshow|kuaishouzt|kwimgs|yximgs|ksapisrv|kuaishou|autonavi|xfinfr).(cn|com|net)
regexp:(.+.|^)(zhihu).(com)
regexp:(.*.)(xiaohongshu|xhscdn).(cn|com|net)
regexp:(.*.)(weibo|sinaimg).(cn|com|net)
regexp:(.+.|^)(amemv|ecombdapi|toutiao|baike|zijieapi|douyinpic|bytedance|pstatp|bdurlsnssdk|awemueughun|oceanengine|douyinstatic).(cn|com|net)
regexp:(eth|asia|eth-eu|eth-us|cn|eth-backup|eth-na|stratum-etheth-eu1|eth-eu2).(antpool|sparkpool|f2pool|nanopool).(org|com)
regexp:(.*.)(gash).(com|tw)
regexp:.*gov.cn
regexp:.*go.kr.*
regexp:(.*.)(cyberpolice|12377|110|12389|jubao|8221110|cctv|81|12388|isc|12339|js12377).(org|com|net|cn|gov)
regexp:(.*.)(ipaddress|whatismyipaddress|iplocation|ip138).(org|com|net|my|to|co)
regexp:(.*.)(metatrader4|metatrader5|mql5).(org|com|net)
regexp:(.+.|^)(whatismyip|whatismyipaddress|ipip|iplocation|myip|whatismybrowser).(cn|com|net|com|network)
regexp:(.*.)(adsafe).(com)
regexp:(.*.)(64tianwang|beijingspring|boxun|broadpressinc|chengmingmag|chenpokong|chinaaffairs|chinesepen|dalailamaworld|dalianmeng|erabaru|fgmtv|hrichina|huanghuagang|hxwq|jiangweiping|lagranepoca|lantosfoundation|minzhuzhongguo|ned|ninecommentaries|ogate|rfa|shenyun|shenyunperformingarts|shenzhoufilm|tiantibooks|tibetpost|truthmoviegroup.wixsite|uhrp|uyghuramerican|voachinese|vot|weijingsheng|xizang-zhiye).(org|com|net)
regexp:(.*.)(speed).(io)
regexp:(.*.)(weixin|qq|weixin110|weibo|zhihu|toutiao|bytedance|zijieapi|xiaohongshu|xhscdn|umengcloud|fengkongcloud|cpatrk|ctobsnssdk|shuzilm|soulapp|immomo|momocdn|douyinvod|douyin).(cn|com|net)
regexp:(.*.)(antpool|foundrydigital|f2pool|viabtc|mining-dutch|solopool|hiveon|minergate|comining|give-me-coins|arsmine|baikalmine|litecoinpoo|clona|btc|slushpool|pandaminer|beepool|maxhash|coinminerz|bwpool|poolin|uupool|miningcore|multipools|minexmr|sbicrypto|marathondh|emcd|luxor|sigmapool|okkong|hpt|minerium|ckpool|mmpool|hashcity|uutest|huobipool|sparkpool|qkl123|webkaka|2miners|51szzc|666pool|91pool|atticpool|anomp|aapool|antpool|ash-shanghai.globalpool|asia.zcoin.miningpoolhub|blackpool|blockmasters|btchd|bitminter|bitcoin|bhdpool|bginpoolbaimin|bi-chi|bohemianpool|bixin|bwpool|btcguild|batpool|bw|btcc|btc|bitfury|bitclubnetwork|beepool|coinhive|chainpool|connectbtc|cybtc|canoepool|cryptograben|cryptonotepool|coinotron|dashcoinpool|dxpool|dwarfpool|dpool|dmpools|everstake|epool|ethpool|ethfans|easy2mine|ethermine|extremepool|firepool|fir|fkpool|flypool|f3pool|gridcash|gath3r|grin-pool|grinmint|gbminers|get.bi-chi|globalpool|give-me-ltc|honeyminer|honestmining|hashquark|hashrabbit|hummerpool|hdpool|h-pool|hashvault|hpool|huobipool|haopool|pool.btc).(com|cn|net|org|io|im|cc|pro|top|one|co|info)
regexp:(.*\.)(onedrive)\.(cn|com|org|net|club|net|fr|tw|hk|eu|info|me|io)
regexp:(.*.)(netvigator|torproject).(cn|com|net|org)XrayR 审计规则说明
默认屏蔽这些端口 22,23,24,25,107,194,445,465,587,992,3389,6665-6669,6679,6697,6881-6999,7000,10000-65535
route.json
{
"domainStrategy": "IPOnDemand",
"rules": [
{
"type": "field",
"outboundTag": "block",
"ip": [
"geoip:private"
]
},
{
"type": "field",
"outboundTag": "block",
"domain": [
"regexp:(api|ps|sv|offnavi|newvector|ulog.imap|newloc)(.map|).(baidu|n.shifen).com",
"regexp:(.+.|^)(360|so).(cn|com)",
"regexp:(Subject|HELO|SMTP)",
"regexp:(torrent|.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=)",
"regexp:(^.@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)",
"regexp:(.?)(xunlei|sandai|Thunder|XLLiveUD)(.)",
"regexp:(..||)(dafahao|mingjinglive|botanwang|minghui|dongtaiwang|falunaz|epochtimes|ntdtv|falundafa|falungong|wujieliulan|zhengjian).(org|com|net)",
"regexp:(ed2k|.torrent|peer_id=|announce|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=|magnet:|xunlei|sandai|Thunder|XLLiveUD|bt_key)",
"regexp:(.+.|^)(360|speedtest|fast|so).(cn|com|net)",
"regexp:(.*.||)(guanjia.qq.com|qqpcmgr|QQPCMGR)",
"regexp:(.*.||)(rising|kingsoft|duba|xindubawukong|jinshanduba).(com|net|org)",
"regexp:(.*.||)(netvigator|torproject).(com|cn|net|org)",
"regexp:(..||)(visa|mycard|mastercard|gov|gash|beanfun|bank).",
"regexp:(.*.||)(gov|12377|12315|talk.news.pts.org|creaders|zhuichaguoji|efcc.org|cyberpolice|aboluowang|tuidang|epochtimes|nytimes|zhengjian|110.qq|mingjingnews|inmediahk|xinsheng|breakgfw|chengmingmag|jinpianwang|qi-gong|mhradio|edoors|renminbao|soundofhope|xizang-zhiye|bannedbook|ntdtv|12321|secretchina|dajiyuan|boxun|chinadigitaltimes|dwnews|huaglad|oneplusnews|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)",
"regexp:(.*.||)(miaozhen|cnzz|talkingdata|umeng).(cn|com)",
"regexp:(.*.||)(mycard).(com|tw)",
"regexp:(.*.||)(gash).(com|tw)",
"regexp:(.bank.)",
"regexp:(.*.||)(pincong).(rocks)",
"regexp:(.*.||)(taobao).(com)"
]
},
{
"type": "field",
"outboundTag": "block",
"ip": [
"127.0.0.1/32",
"10.0.0.0/8",
"fc00::/7",
"fe80::/10",
"172.16.0.0/12"
]
},
{
"type": "field",
"outboundTag": "block",
"protocol": ["bittorrent"]
},
{
"type": "field",
"outboundTag": "block",
"port": "22,23,24,25,107,194,445,465,587,992,3389,6665-6669,6679,6697,6881-6999,7000,10000-65535"
}
]
}custom_outbound.json
[
{
"tag": "IPv4_out",
"protocol": "freedom",
"settings": {}
},
{
"tag": "IPv6_out",
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIPv6"
}
},
{
"protocol": "blackhole",
"tag": "block"
}
]config.yml
RouteConfigPath 和 OutboundConfigPath 后面的 #号去除
其它规则
https://github.com/Rakau/blockList
Soga 用法
以 Root 权限运行之后重启你的 Soga
wget https://raw.githubusercontent.com/Rakau/blockList/main/blockList -O /etc/soga/blockListXrayR 用法
以 Root 权限运行之后,编辑 / etc/XrayR/config.yml 找到 RuleListPath 这一项,去掉 #和无用语句后保存重启 XrayR
wget https://raw.githubusercontent.com/Rakau/blockList/main/blockList -O /etc/XrayR/rulelis