# Shadowrocket: 2026-05-11 23:49:31 [General] bypass-system = true skip-proxy = 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12, localhost, *.local, captive.apple.com tun-excluded-routes = 10.0.0.0/8, 100.64.0.0/10, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.0.0/24, 192.0.2.0/24, 192.88.99.0/24, 192.168.0.0/16, 198.51.100.0/24, 203.0.113.0/24, 224.0.0.0/4, 255.255.255.255/32, 239.255.255.250/32 dns-server = system fallback-dns-server = system # Enable full IPv6 support ipv6 = false prefer-ipv6 = false # If a domain uses the direct policy, after enabling this, Shadowrocket will use the system DNS to resolve it. dns-direct-system = false # If true, Shadowrocket will automatically reply to ICMP packets. icmp-auto-reply = true # If true, Shadowrocket always executes reject urlrewrite rules even though the global routing is not config. always-reject-url-rewrite = false # If false, the domain resolution returns a private IP and Shadowrocket assumes that the domain is hijacked and forces the use of a proxy. private-ip-answer = true # If a domain uses the direct policy, automatically switch to the proxy rule if direct DNS resolution fails. dns-direct-fallback-proxy = false # The fallback behavior when UDP traffic matches a policy that doesn't support the UDP relay. Possible values: DIRECT, REJECT. udp-policy-not-supported-behaviour = REJECT # By default, DNS lookup is always performed on the remote server with a proxy policy. # If true, Shadowrocket will use the mapped address for the proxy connection instead of the host if a local DNS mapping exists. use-local-host-item-for-proxy = false [Rule] # Block HTTP3/QUIC AND,((PROTOCOL,UDP),(DEST-PORT,443)),REJECT-NO-DROP # Yandex DOMAIN-SUFFIX,yandex.ru,DIRECT DOMAIN-SUFFIX,yandex.com,DIRECT DOMAIN-SUFFIX,yandex.by,DIRECT DOMAIN-SUFFIX,yandex.kz,DIRECT DOMAIN-SUFFIX,yandex.net,DIRECT DOMAIN-SUFFIX,ya.ru,DIRECT DOMAIN-SUFFIX,yastatic.net,DIRECT DOMAIN-SUFFIX,yandexcloud.net,DIRECT DOMAIN-SUFFIX,yandexcloud.ru,DIRECT DOMAIN-SUFFIX,ydstatic.net,DIRECT DOMAIN-SUFFIX,yandex-team.ru,DIRECT DOMAIN-SUFFIX,yandexadexchange.net,DIRECT DOMAIN-SUFFIX,yandexmaps.ru,DIRECT DOMAIN-SUFFIX,yandexdisk.net,DIRECT DOMAIN-SUFFIX,yandexvideo.net,DIRECT DOMAIN-SUFFIX,strm.yandex.ru,DIRECT DOMAIN-SUFFIX,kinopoisk.ru,DIRECT DOMAIN-SUFFIX,yango.com,DIRECT DOMAIN-SUFFIX,uber-cdn.com,DIRECT # Russian government auth / integrations DOMAIN-SUFFIX,esia.pro,DIRECT DOMAIN-SUFFIX,smev.ru,DIRECT # FNS / Nalog DOMAIN-SUFFIX,nalog.ru,DIRECT DOMAIN-SUFFIX,lkfl2.nalog.ru,DIRECT DOMAIN-SUFFIX,lkip2.nalog.ru,DIRECT DOMAIN-SUFFIX,lkul.nalog.ru,DIRECT DOMAIN-SUFFIX,service.nalog.ru,DIRECT DOMAIN-SUFFIX,ofd.nalog.ru,DIRECT DOMAIN-SUFFIX,npd.nalog.ru,DIRECT DOMAIN-SUFFIX,alog.ru,DIRECT # Gosuslugi DOMAIN-SUFFIX,gosuslugi.ru,DIRECT DOMAIN-SUFFIX,esia.gosuslugi.ru,DIRECT DOMAIN-SUFFIX,pos.gosuslugi.ru,DIRECT DOMAIN-SUFFIX,gosuslugiresurs.ru,DIRECT DOMAIN-SUFFIX,gosuslugi.tech,DIRECT DOMAIN-SUFFIX,gosuslugihelp.ru,DIRECT DOMAIN-SUFFIX,digital.gov.ru,DIRECT # Sber DOMAIN-SUFFIX,sberbank.ru,DIRECT DOMAIN-SUFFIX,sber.ru,DIRECT DOMAIN-SUFFIX,sberdevices.ru,DIRECT DOMAIN-SUFFIX,sberbank.com,DIRECT DOMAIN-SUFFIX,spasibosberbank.ru,DIRECT DOMAIN-SUFFIX,sbermegamarket.ru,DIRECT # T-Bank / Tinkoff DOMAIN-SUFFIX,tbank.ru,DIRECT DOMAIN-SUFFIX,tinkoff.ru,DIRECT DOMAIN-SUFFIX,tinkoff.com,DIRECT DOMAIN-SUFFIX,tinkoffinsurance.ru,DIRECT DOMAIN-SUFFIX,tinkoffjournal.ru,DIRECT DOMAIN-SUFFIX,tinkoffcreditsystems.ru,DIRECT # Ozon DOMAIN-SUFFIX,ozon.ru,DIRECT DOMAIN-SUFFIX,ozonusercontent.com,DIRECT DOMAIN-SUFFIX,ozon.by,DIRECT DOMAIN-SUFFIX,ozon.kz,DIRECT DOMAIN-KEYWORD,ozon,DIRECT # Wildberries DOMAIN-SUFFIX,wildberries.ru,DIRECT DOMAIN-SUFFIX,wildberries.by,DIRECT DOMAIN-SUFFIX,wildberries.kz,DIRECT DOMAIN-SUFFIX,wb.ru,DIRECT DOMAIN-SUFFIX,wbbasket.ru,DIRECT DOMAIN-SUFFIX,wbstatic.net,DIRECT # REBOOT fitness DOMAIN-SUFFIX,reboot.ru,DIRECT # МЭШ / MES DOMAIN-SUFFIX,mos.ru,DIRECT DOMAIN-SUFFIX,school.mos.ru,DIRECT DOMAIN-SUFFIX,dnevnik.mos.ru,DIRECT DOMAIN-SUFFIX,uchebnik.mos.ru,DIRECT DOMAIN-SUFFIX,meshclouds.ru,DIRECT DOMAIN-SUFFIX,mosapps.ru,DIRECT # LAN IP-CIDR,192.168.0.0/16,DIRECT IP-CIDR,10.0.0.0/8,DIRECT IP-CIDR,172.16.0.0/12,DIRECT IP-CIDR,127.0.0.0/8,DIRECT # --- Everything else --- FINAL,PROXY [Host] localhost = 127.0.0.1