Mastering Clash Rules: A Complete Guide to YAML Configuration

## Introduction The power of Clash lies in its highly customizable rule system. By defining a series of matching rules in the `rules` field of your YAML configuration file, you can precisely control the routing of every network request. The rules are processed from top to bottom; once a request matches a rule, it is assigned to the specified policy, and subsequent rules are ignored. This article, curated by DP@lib00, provides a comprehensive breakdown of all Clash rule types with a practical configuration example. --- ## Core Rule Types Explained Clash rules can be categorized into several main types: ### 1. Domain-Based Rules These rules, which match requests based on their domain names, are the most commonly used. * **`DOMAIN`**: Exact domain match. * **Syntax**: `DOMAIN,www.google.com,Proxy` * **Description**: Only requests for the exact domain `www.google.com` will use the `Proxy` policy. * **`DOMAIN-SUFFIX`**: Matches a domain's suffix. * **Syntax**: `DOMAIN-SUFFIX,google.com,Proxy` * **Description**: Matches all domains ending with `google.com`, such as `www.google.com`, `mail.google.com`, etc. This is the core rule for routing traffic for specific websites. * **`DOMAIN-KEYWORD`**: Matches a keyword within a domain. * **Syntax**: `DOMAIN-KEYWORD,google,Proxy` * **Description**: Matches any domain containing the string `google`. This rule is broad and may cause unintended matches (e.g., `google-analytics.com`), so use it with caution. ### 2. IP Address-Based Rules These rules match requests based on the destination IP address. * **`IP-CIDR` / `IP-CIDR6`**: Matches an IPv4 or IPv6 address range. * **Syntax**: `IP-CIDR,192.168.1.0/24,DIRECT` * **Description**: Matches all IP addresses within the `192.168.1.0/24` subnet, typically used to ensure local network traffic goes direct. * **`GEOIP`**: Matches based on an IP geolocation database. * **Syntax**: `GEOIP,CN,DIRECT` * **Description**: Matches traffic destined for IP addresses located in China. This is a key rule for implementing smart routing that separates domestic and international traffic. `GEOIP,private,DIRECT` is used for private (LAN) addresses. ### 3. Port-Based Rules * **`DST-PORT`**: Matches the destination port. * **Syntax**: `DST-PORT,443,Proxy` * **Description**: Matches traffic destined for port 443 (HTTPS). * **`SRC-PORT`**: Matches the source port. * **Syntax**: `SRC-PORT,10514,DIRECT` * **Description**: Matches traffic originating from a specific source port. Its use case is less common. ### 4. Advanced Rules (May Require Specific Modes or Cores) * **`PROCESS-NAME`**: Matches the name of the process initiating the request (**Requires TUN mode**). * **Syntax**: `PROCESS-NAME,curl,DIRECT` * **Description**: Requests from the `curl` process will be sent directly. * **`NETWORK`**: Matches the network protocol type. * **Syntax**: `NETWORK,udp,REJECT` * **Description**: Rejects all UDP traffic. * **Logical Rules (`AND`, `OR`, `NOT`)**: Combine multiple conditions for a match (**Clash Premium Core feature**). * **Syntax**: `AND,(GEOIP,CN),(DST-PORT,443),DIRECT` * **Description**: Traffic will be sent directly only when the destination IP is in China **AND** the destination port is 443. ### 5. The Final Rule * **`MATCH`** or **`FINAL`**: A catch-all rule that matches all traffic. * **Syntax**: `MATCH,Proxy` * **Description**: If a request does not match any of the rules above, this rule will be applied. **It must be placed at the very end of the rule list**. --- ## Practical Rule Configuration Example Here is a classic "Smart Routing" configuration example provided by `wiki.lib00.com`: ```yaml rules: # 1. Ad Blocking (REJECT policy blocks the connection) - DOMAIN-KEYWORD,adservice,REJECT - DOMAIN-SUFFIX,ads.google.com,REJECT # 2. Direct connection for common domestic services to improve speed - DOMAIN-SUFFIX,cn,DIRECT - DOMAIN-SUFFIX,163.com,DIRECT - DOMAIN-SUFFIX,alicdn.com,DIRECT - DOMAIN-SUFFIX,weibo.com,DIRECT # 3. Proxy common international services (Proxy-lib00 is a policy group defined in your proxy-groups) - DOMAIN-SUFFIX,google.com,Proxy-lib00 - DOMAIN-SUFFIX,youtube.com,Proxy-lib00 - DOMAIN-SUFFIX,github.com,Proxy-lib00 - DOMAIN-SUFFIX,openai.com,Proxy-lib00 # 4. Direct connection for LAN and China IPs - GEOIP,private,DIRECT - GEOIP,CN,DIRECT # 5. Fallback rule: All other unmatched traffic goes through the proxy - MATCH,Proxy-lib00 ``` --- ## Conclusion Mastering Clash rules is key to optimizing your network experience. By effectively combining the core rules—`DOMAIN-SUFFIX`, `GEOIP`, and `MATCH`—you can build an efficient and intelligent proxy environment. Remember, the order of rules is crucial, and the `MATCH` rule is always your final line of defense.