机场常见审计规则

机场审计规则，基本机场都会上审计，比如 BT、迅雷：是因为版权，Spam是避免滥发邮件，屏蔽轮子网站是因为轮系媒体是被重点关注的网站，屏蔽了避免客户被钓鱼抓拖累机场主。360会上报机场ip；

本人Telegram电报频道：科学上网观察与机场测速频道：最新机场推荐与机场评测，掌握最新机场优惠折扣通知，最新科学上网相关新闻与消息，各种想法等，欢迎关注。

机场常见审计规则说明

禁止 BT 禁用 BT 防止版权争议
Bit­Tor­rent pro­to­col

禁止 BT2 禁用 BT 防止版权争议
(torrent|.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php\?passkey=)

屏蔽轮子网站
(.*.||)(dafahao|mingjinglive|chinaaid|botanwang|xinsheng|rfi|breakgfw|chengmingmag|jinpianwang|xizang-zhiye|qi-gong|voachinese|mhradio|rfa|edoors|renminbao|soundofhope|zhengjian|minghui|dongtaiwang|epochtimes|ntdtv|falundafa|wujieliulan|aboluowang|bannedbook|secretchina|dajiyuan|boxun|chinadigitaltimes|huaglad|dwnews|creaders|oneplusnews|talk.news.pts.org|zhuichaguoji|efcc.org|cyberpolice|tuidang|nytimes|falunaz|mingjingnews|inmediahk|falungong|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)

屏蔽 Spam 邮箱
(^.*@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)

屏蔽迅雷 禁用 BT 防止版权争议
(.?)(xun­lei|sandai|Thun­der|XL­LiveUD)(.)

禁止百度高精度定位 ，防止 IP 与客户端地理位置被记录
(api|ps|sv|off­navi|newvec­tor|ulog.imap|newloc)(.map|).(baidu|n.shifen).com

禁止 360 有毒服务 屏蔽 360
(.+.|^)(360|so).(cn|com)

禁止 邮件滥发 防止垃圾邮件滥用
(Sub­ject|HELO|SMTP)

屏蔽金山毒霸 防止服务器检测
(.*.||)(ris­ing|king­soft|duba|xin­dubawukong|jin­shan­duba).(com|net|org)

HKTS
(.*.||)(netvi­ga­tor|tor­pro­ject).(com|cn|net|org) 数据包明文匹配

恶俗维基 会喝茶
.esu.wiki. 数据包明文匹配

国内政府网站
(.*.||)(gov|12377|12315|110.qq|12321|12388).(cn|com|net|gov.cn)

国内银行
(.*.||)(bank|icbc|ccb|abchina|boc|cmbchina|psbc|cib|cmbc|pingan|hxb|cgbchina|jsbchina|nbcb|njcb|cqrcb|srcb|cbhb|csbchina|gdrcb|bjrcb|xib|tccb|hrbb|cdrcb|szrcb|klb|sdb|bosc|tjrcb|qrcb|qlbchina|hkbchina|nhrcb|wzcb|czcb|msbc|fdb|bob|csccb|whccb|cnbhx|xsrcb|nyyb|cq3q|fsny).(cn|com|com.cn)

社交媒体
(.*.||)(weibo|douban|xiaohongshu|douyin).(cn|com|com.cn|net)

外汇交易
(.*.||)(metatrader4|metatrader5|mql5).(org|com|net)

点卡网站
(..||)(gash).(com|tw)
(..||)(mycard).(com|tw)

机场审计列表：

(.*\.||)(dafahao|mingjinglive|chinaaid|botanwang|xinsheng|rfi|breakgfw|chengmingmag|jinpianwang|xizang-zhiye|breakgfw|qi-gong|voachinese|mhradio|rfa|edoors|edoors|renminbao|soundofhope|zhengjian|dafahao|minghui|dongtaiwang|epochtimes|ntdtv|falundafa|wujieliulan|aboluowang|bannedbook|secretchina|dajiyuan|boxun|chinadigitaltimes|huaglad|dwnews|creaders|oneplusnews|rfa)\.(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)
(.*\.||)(gov|12377|12315|talk.news.pts.org|creaders|zhuichaguoji|efcc.org|cyberpolice|aboluowang|tuidang|epochtimes|nytimes|dafahao|falundafa|minghui|falunaz|zhengjian|110.qq|mingjingnews|inmediahk|xinsheng|bannedbook|ntdtv|falungong|12321|secretchina|epochweekly|cn.rfi)\.(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)
BitTorrent protocol
Private Tracker protocol
(.*.||)(gov|12377|12315|talk.news.pts.org|cread­ers|zhuich­aguoji|efcc.org|cy­ber­po­lice|abolu­owang|tu­idang|epochtimes|ny­times|zhengjian|110.qq|mingjingnews|in­medi­ahk|xin­sheng|banned­book|nt­dtv|12321|se­cretchina|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk)
(torrent|\.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce\.php\?passkey=)
(.?)(xunlei|sandai|Thunder|XLLiveUD)(.)
(.*\.||)(gash)\.(com|tw)
(.*\.||)(mycard)\.(com|tw)
(.+\.|^)(360|so)\.(cn|com)
(\.guanjia\.qq\.com|qqpcmgr|QQPCMGR)
(api|ps|sv|offnavi|newvector|ulog\.imap|newloc)(\.map|)\.(baidu|n\.shifen)\.com
(^.*@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)
(.*\.||)(gash)\.(com|tw)
(.*\.||)(mycard)\.(com|tw)
(.*\.||)(taobao)\.(com)
(.*\.||)(metatrader4|metatrader5|mql5)\.(org|com|net)
(.*\.||)(rising|kingsoft|duba|xindubawukong|jinshanduba)\.(com|net|org)

``````



## v2board对接soga


```````
regexp:(api|ps|sv|offnavi|newvector|ulog.imap|newloc)(.map|).(baidu|n.shifen).com
regexp:(.*.)(^360|0360|1360|3600|360safe|qhimg|qhmsg|^yun­pan|qi­hoo|qhcdn|qhup­date|360­to­talse­cu­rity|360shouji|qi­hucdn|360kan|secmp).(cn|com|net)
regexp:(Subject|HELO|SMTP)
regexp:(torrent|.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=)
regexp:(^.@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)
regexp:(.?)(xunlei|sandai|Thunder|XLLiveUD)(.)
regexp:(..||)(dafahao|mingjinglive|botanwang|minghui|dongtaiwang|falunaz|epochtimes|ntdtv|falundafa|falungong|wujieliulan|zhengjian).(org|com|net)
regexp:(ed2k|.torrent|peer_id=|announce|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=|magnet:|xunlei|sandai|Thunder|XLLiveUD|bt_key)
regexp:(.+.|^)(360|speedtest|fast).(cn|com|net)
regexp:(.*.||)(guanjia.qq.com|qqpcmgr|QQPCMGR)
regexp:(.*.||)(rising|kingsoft|duba|xindubawukong|jinshanduba).(com|net|org)
regexp:(.*.||)(netvigator|torproject).(com|cn|net|org)
regexp:(..||)(visa|mycard|mastercard|gash|beanfun).
regexp:(.*.||)(gov|12377|12315|talk.news.pts.org|creaders|zhuichaguoji|efcc.org|cyberpolice|aboluowang|tuidang|epochtimes|110.qq|mingjingnews|newhighlandvision|inmediahk|xinsheng|breakgfw|chengmingmag|jinpianwang|qi-gong|mhradio|edoors|renminbao|soundofhope|xizang-zhiye|bannedbook|ntdtv|12321|secretchina|dajiyuan|boxun|dwnews|huaglad|oneplusnews|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)
regexp:(.*.||)(miaozhen|cnzz|talkingdata|umeng).(cn|com)
regexp:(.*.||)(mycard).(com|tw)
regexp:(.*.||)(gash).(com|tw)
regexp:(.*.||)(pincong).(rocks)
regexp:(.*.||)(taobao).(com)
regexp:(.*.)(tcbox|wappass|tieba|nsclick|sofire|gips0|afd|als|hmma|info|bgg|mbd|afdconf|).(tuisong|baidu|bdstatic).(cn|com|net)
regexp:(.+.|^)(zhuanzhuan|pinduoduo|kskwai|kwaizt|gifshow|kuaishouzt|kwimgs|yximgs|ksapisrv|kuaishou|autonavi|xfinfr).(cn|com|net)
regexp:(.+.|^)(zhihu).(com)
regexp:(.*.)(xiaohongshu|xhscdn).(cn|com|net)
regexp:(.*.)(weibo|sinaimg).(cn|com|net)
regexp:(.+.|^)(amemv|ecombdapi|toutiao|baike|zijieapi|douyinpic|bytedance|pstatp|bdurlsnssdk|awemueughun|oceanengine|douyinstatic).(cn|com|net)
regexp:(eth|asia|eth-eu|eth-us|cn|eth-backup|eth-na|stratum-etheth-eu1|eth-eu2).(antpool|sparkpool|f2pool|nanopool).(org|com)
regexp:(.*.)(gash).(com|tw)
regexp:.*gov.cn
regexp:.*go.kr.*
regexp:(.*.)(cyberpolice|12377|110|12389|jubao|8221110|cctv|81|12388|isc|12339|js12377).(org|com|net|cn|gov)
regexp:(.*.)(ipaddress|whatismyipaddress|iplocation|ip138).(org|com|net|my|to|co)
regexp:(.*.)(metatrader4|metatrader5|mql5).(org|com|net)
regexp:(.+.|^)(whatismyip|whatismyipaddress|ipip|iplocation|myip|whatismybrowser).(cn|com|net|com|network)
regexp:(.*.)(adsafe).(com)
regexp:(.*.)(64tianwang|beijingspring|boxun|broadpressinc|chengmingmag|chenpokong|chinaaffairs|chinesepen|dalailamaworld|dalianmeng|erabaru|fgmtv|hrichina|huanghuagang|hxwq|jiangweiping|lagranepoca|lantosfoundation|minzhuzhongguo|ned|ninecommentaries|ogate|rfa|shenyun|shenyunperformingarts|shenzhoufilm|tiantibooks|tibetpost|truthmoviegroup.wixsite|uhrp|uyghuramerican|voachinese|vot|weijingsheng|xizang-zhiye).(org|com|net)
regexp:(.*.)(speed).(io)
regexp:(.*.)(weixin|qq|weixin110|weibo|zhihu|toutiao|bytedance|zijieapi|xiaohongshu|xhscdn|umengcloud|fengkongcloud|cpatrk|ctobsnssdk|shuzilm|soulapp|immomo|momocdn|douyinvod|douyin).(cn|com|net)
regexp:(.*.)(antpool|foundrydigital|f2pool|viabtc|mining-dutch|solopool|hiveon|minergate|comining|give-me-coins|arsmine|baikalmine|litecoinpoo|clona|btc|slushpool|pandaminer|beepool|maxhash|coinminerz|bwpool|poolin|uupool|miningcore|multipools|minexmr|sbicrypto|marathondh|emcd|luxor|sigmapool|okkong|hpt|minerium|ckpool|mmpool|hashcity|uutest|huobipool|sparkpool|qkl123|webkaka|2miners|51szzc|666pool|91pool|atticpool|anomp|aapool|antpool|ash-shanghai.globalpool|asia.zcoin.miningpoolhub|blackpool|blockmasters|btchd|bitminter|bitcoin|bhdpool|bginpoolbaimin|bi-chi|bohemianpool|bixin|bwpool|btcguild|batpool|bw|btcc|btc|bitfury|bitclubnetwork|beepool|coinhive|chainpool|connectbtc|cybtc|canoepool|cryptograben|cryptonotepool|coinotron|dashcoinpool|dxpool|dwarfpool|dpool|dmpools|everstake|epool|ethpool|ethfans|easy2mine|ethermine|extremepool|firepool|fir|fkpool|flypool|f3pool|gridcash|gath3r|grin-pool|grinmint|gbminers|get.bi-chi|globalpool|give-me-ltc|honeyminer|honestmining|hashquark|hashrabbit|hummerpool|hdpool|h-pool|hashvault|hpool|huobipool|haopool|pool.btc).(com|cn|net|org|io|im|cc|pro|top|one|co|info)
regexp:(.*\.)(onedrive)\.(cn|com|org|net|club|net|fr|tw|hk|eu|info|me|io)
regexp:(.*.)(netvi­ga­tor|tor­pro­ject).(cn|com|net|org)

`````



## XrayR审计规则说明

默认屏蔽这些端口22,23,24,25,107,194,445,465,587,992,3389,6665-6669,6679,6697,6881-6999,7000,10000-65535

route.json

{
“domainStrategy”: “IPOnDemand”,
“rules”: [
{
“type”: “field”,
“outboundTag”: “block”,
“ip”: [
“geoip:private”
]
},
{
“type”: “field”,
“outboundTag”: “block”,
“domain”: [
“regexp:(api|ps|sv|offnavi|newvector|ulog.imap|newloc)(.map|).(baidu|n.shifen).com”,
“regexp:(.+.|^)(360|so).(cn|com)”,
“regexp:(Subject|HELO|SMTP)”,
“regexp:(torrent|.torrent|peer_id=|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=)”,
“regexp:(^.@)(guerrillamail|guerrillamailblock|sharklasers|grr|pokemail|spam4|bccto|chacuo|027168).(info|biz|com|de|net|org|me|la)”,
“regexp:(.?)(xunlei|sandai|Thunder|XLLiveUD)(.)”,
“regexp:(..||)(dafahao|mingjinglive|botanwang|minghui|dongtaiwang|falunaz|epochtimes|ntdtv|falundafa|falungong|wujieliulan|zhengjian).(org|com|net)”,
“regexp:(ed2k|.torrent|peer_id=|announce|info_hash|get_peers|find_node|BitTorrent|announce_peer|announce.php?passkey=|magnet:|xunlei|sandai|Thunder|XLLiveUD|bt_key)”,
“regexp:(.+.|^)(360|speedtest|fast|so).(cn|com|net)”,
“regexp:(..||)(guanjia.qq.com|qqpcmgr|QQPCMGR)”,
“regexp:(..||)(rising|kingsoft|duba|xindubawukong|jinshanduba).(com|net|org)”,
“regexp:(..||)(netvigator|torproject).(com|cn|net|org)”,
“regexp:(..||)(visa|mycard|mastercard|gov|gash|beanfun|bank).”,
“regexp:(..||)(gov|12377|12315|talk.news.pts.org|creaders|zhuichaguoji|efcc.org|cyberpolice|aboluowang|tuidang|epochtimes|nytimes|zhengjian|110.qq|mingjingnews|inmediahk|xinsheng|breakgfw|chengmingmag|jinpianwang|qi-gong|mhradio|edoors|renminbao|soundofhope|xizang-zhiye|bannedbook|ntdtv|12321|secretchina|dajiyuan|boxun|chinadigitaltimes|dwnews|huaglad|oneplusnews|epochweekly|cn.rfi).(cn|com|org|net|club|net|fr|tw|hk|eu|info|me)”,
“regexp:(..||)(miaozhen|cnzz|talkingdata|umeng).(cn|com)”,
“regexp:(..||)(mycard).(com|tw)”,
“regexp:(..||)(gash).(com|tw)”,
“regexp:(.bank.)”,
“regexp:(..||)(pincong).(rocks)”,
“regexp:(.*.||)(taobao).(com)”
]
},
{
“type”: “field”,
“outboundTag”: “block”,
“ip”: [
“127.0.0.1/32”,
“10.0.0.0/8”,
“fc00::/7”,
“fe80::/10”,
“172.16.0.0/12”
]
},
{
“type”: “field”,
“outboundTag”: “block”,
“protocol”: [“bittorrent”]
},
{
“type”: “field”,
“outboundTag”: “block”,
“port”: “22,23,24,25,107,194,445,465,587,992,3389,6665-6669,6679,6697,6881-6999,7000,10000-65535”
}
]
}

custom_outbound.json

[
{
“tag”: “IPv4_out”,
“protocol”: “freedom”,
“settings”: {}
},
{
“tag”: “IPv6_out”,
“protocol”: “freedom”,
“settings”: {
“domainStrategy”: “UseIPv6”
}
},
{
“protocol”: “blackhole”,
“tag”: “block”
}
]

config.yml

RouteConfigPath和OutboundConfigPath 后面的#号去除

其它规则

https://github.com/Rakau/blockList

Soga用法

以Root权限运行之后重启你的Soga

wget https://raw.githubusercontent.com/Rakau/blockList/main/blockList -O /etc/soga/blockList

XrayR用法

以Root权限运行之后，编辑/etc/XrayR/config.yml找到RuleListPath这一项，去掉#和无用语句后保存重启XrayR

wget https://raw.githubusercontent.com/Rakau/blockList/main/blockList -O /etc/XrayR/rulelis