Untitled

# client -> router.53(dnsmasq) # 禁止在这一步劫持DNS请求
# router.53(dnsmasq) - > remote_dns.53
dport(53) && !pname(dnsmasq) -> must_direct
dip(8.8.8.8) -> proxy

pname(NetworkManager, systemd-resolved, frpc) -> must_direct
ipversion(6) -> direct
dip(224.0.0.0/3, 'ff00::/8') -> direct
dip(geoip:private) -> direct
dip(geoip:cn) -> direct
domain(geosite:cn) -> direct
domain(geosite:category-ads-all) -> block
# 目标非常用端口都走直连，避免BT流量走代理
!dport(21,22,23,53,80,123,143,194,443,465,587,853,993,995,998) -> direct

fallback: proxy