# > 專案名稱:Aegis - Surge個人數字防火牆規則集 # > 當前版本:3.4.5 # > 維護日期:2026-01-09 # > 適配環境:Surge 5(iOS / macOS) # > 設定作者:ThoseYearsBrian # > 專案主頁:https://github.com/Thoseyearsbrian/Aegis # > GeoIP2-CN(中國區域 GeoIP 資料庫建構方案):https://github.com/Thoseyearsbrian/GeoIP2-CN # > GeoLite2-ASN(全球 ASN 資料庫建構方案):https://github.com/Thoseyearsbrian/GeoLite2-ASN # > GeoIP2-Country(全球國家 GeoIP 資料庫建構方案):https://github.com/Thoseyearsbrian/GeoIP2-Country [General] # > 日誌級別 loglevel = notify show-error-page-for-reject = true # > 允許 Wi-Fi 訪問(區域網代理共享,建議關閉) allow-wifi-access = false # > 允許個人熱點訪問(熱點代理共享,建議關閉) allow-hotspot-access = false # > All Hybrid 網路並發 all-hybrid = false # > 測試超時(秒) test-timeout = 3 # > Internet 測試 URL internet-test-url = http://cp.cloudflare.com/generate_204 # > 代理測速 URL proxy-test-url = http://cp.cloudflare.com/generate_204 # > GeoIP資料庫 # - 說明:Aegis 不提供任何 GeoIP 資料文件,使用者需使用自己的 MaxMind License Key 建構資料庫 # - 提示:下方 URL 僅為目錄結構示例,用於展示推薦的文件放置路徑。建構完成後請自行將生成的資料庫文件上傳至對應位置 # - 建構方法參考: # - GeoIP2-CN(中國區域資料庫建構腳本與設定方案): https://github.com/Thoseyearsbrian/GeoIP2-CN # - GeoLite2-ASN(全球 ASN 資料庫建構方案): https://github.com/Thoseyearsbrian/GeoLite2-ASN # - GeoIP2-Country(全球國家資料庫建構腳本與設定方案): https://github.com/Thoseyearsbrian/GeoIP2-Country geoip-maxmind-url = https://raw.githubusercontent.com/Thoseyearsbrian/GeoIP2-Country/main/data/GeoLite2-Country.mmdb # > 排除簡單主機名 (防止內網主機名洩露) exclude-simple-hostnames = true # > 遠程控制器(建議關閉) http-api-web-dashboard = false # > IPv6 支持(建議關閉) ipv6 = false # > IPv6 VIF(建議禁用) ipv6-vif = disabled # > DNS 的 SVCB/HTTPS 查詢(建議關閉) allow-dns-svcb = false # > 是否接管本地網路流量(建議開啟,若 AirDrop、Bonjour、Handoff 等功能異常可設為 false) include-local-networks = true # > Apple 推送服務不走代理(如需接管 iCloud / 通知相關行為,可設為 true) include-apns = true # > 是否將蜂窩運營商服務流量納入代理(如需規避運營商 DNS 劫持,可設為 true) include-cellular-services = true # > 從 /etc/hosts 讀取 DNS 記錄優(先靜態解析,防止 DNS 請求洩露) read-etc-hosts = true # > 加密 DNS 請求是否跟隨出站代理(建議關閉) encrypted-dns-follow-outbound-mode = false # > DNS 伺服器 encrypted-dns-server = https://dns.alidns.com/dns-query, tls://dns.alidns.com, tls://1.1.1.1 # > DNS 劫持接管(用於攔截系統發出的明文 DNS 請求,強制交由 Surge 內部處理) hijack-dns = *:53 # > UDP 優先發送(建議開啟) udp-priority = true # > UDP 優先模式(遊戲模式,建議開啟) include-all-networks = true # > 接管所有網路介面(如虛擬網卡、共享網路等) udp-policy-not-supported-behaviour = DIRECT # > UDP退回行為 skip-proxy = 127.0.0.1, localhost, *.local,10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 100.64.0.0/10, 169.254.0.0/16, 198.18.0.0/15, 17.0.0.0/8, 224.0.0.0/4, 255.255.255.255, ::1, ::/128, ::ffff:0:0/96, fe80::/10, fc00::/7, fd00::/8, ff00::/8 # > 當前連接的 Wi-Fi 不是 Surge 設定中指定的「主 Wi-Fi」,則使用預設策略 always-real-ip = *.local, *.lan, *.home, msftconnecttest.com, msftncsi.com, *.msftconnecttest.com, *.msftncsi.com, *.srv.nintendo.net, *.stun.playstation.net, xbox.*.microsoft.com, *.xboxlive.com, *.battlenet.com.cn, *.battlenet.com, *.blzstatic.cn, *.battle.net # > 跳過代理的本地地址和關鍵服務 compatibility-mode = false # > 允許GEOIP 自動更新 disable-geoip-db-auto-update = false [Proxy Group] # > 策略組(下面的節點信息需與外部節點對應,若刪除了外部節點裡的節點,那麼在策略組裡也要刪除。) Proxy = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", "✈️ 我的節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Surge.png Google 服務 = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Google.png 智慧助理 = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/ChatGPT.png GitHub = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/GitHub.png 電報資訊 = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Telegram.png Crypto = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Crypto.png 國外媒體 = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點",icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/ForeignMedia.png 國內媒體 = select, DIRECT, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/iQIYI.png 微軟服務 = select, 🇺🇲 美國節點, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Microsoft.png 蘋果服務 = select, DIRECT, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Apple.png 遊戲平台 = select, DIRECT, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Game.png WeChat = select, DIRECT, "🇭🇰 香港節點", "🇺🇲 美國節點", "🇸🇬 新加坡節點", "🇯🇵 日本節點", "🇨🇳 台灣節點", icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/WeChat.png 🇭🇰 香港節點 = smart, include-other-group=✈️ 我的節點, update-interval=0, no-alert=true, hidden=1, include-all-proxies=true, policy-regex-filter=(🇭🇰)|(香港)|(Hong)|(HK), icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Flags/hk.png 🇺🇲 美國節點 = smart, include-other-group=✈️ 我的節點, update-interval=0, no-alert=true, hidden=1, include-all-proxies=true, policy-regex-filter=(🇺🇸)|(美國)|(States)|(US), icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Flags/us.png 🇯🇵 日本節點 = smart, include-other-group=✈️ 我的節點, update-interval=0, no-alert=true, hidden=1, include-all-proxies=true, policy-regex-filter=(🇯🇵)|(日本)|(Japan)|(JP), icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Flags/jp.png 🇨🇳 台灣節點 = smart, include-other-group=✈️ 我的節點, update-interval=0, no-alert=true, hidden=1, include-all-proxies=true, policy-regex-filter=(🇨🇳)|(台灣)|(Tai)|(TW), icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Flags/cn.png 🇸🇬 新加坡節點 = smart, include-other-group=✈️ 我的節點, update-interval=0, no-alert=true, hidden=1, include-all-proxies=true, policy-regex-filter=(🇸🇬)|(新加坡)|(Singapore)|(SG), icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Flags/sg.png ✈️ 我的節點 = select, DIRECT, policy-path=你的節點, update-interval=86400, no-alert=true, hidden=false, include-all-proxies=true, icon-url=https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/Icons/Services/Final.png [Rule] # > ① 不受信任的證書機構 CA_Block.list - 高級模組 (預設註解,使用者手動啟用) # RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/CA_Block.list,REJECT,no-resolve # > ② 廣告識別 - 識別模組 (預設註解,使用者自行設定) # RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/AdDomain.list,REJECT,no-resolve # > ③ 成人識別 - 識別模組 (預設註解,使用者自行設定) # RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/AdultDomain.list,REJECT,no-resolve # > ④ PCDN 內容分發網路識別 - 識別模組 (預設註解,使用者自行設定) # RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/PCDNDomain.list,REJECT,no-resolve # > ⑤ 監聽節點識別 - 識別模組 (預設註解,使用者自行設定) # RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/InspectionDomain.list,REJECT,no-resolve # > ⑥ 行為分析與遙測節點識別 - 識別模組 (預設註解,使用者自行設定) # RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/BehaviorDomain.list,REJECT,no-resolve # > ⑦ 背景回連與靜默通信節點攔截 - 攔截模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Background_Block.list,REJECT,no-resolve # > ⑧ 後門控制與植入通信節點攔截 - 攔截模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Backdoor_Block.list,REJECT,no-resolve # > ⑨ 殭屍網路與控制節點攔截 - 攔截模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Botnet_Block.list,REJECT,no-resolve # > ⑩ APT 攻擊源攔截 - 攔截模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/APT_Block.list,REJECT,no-resolve # > ⑪ Pegasus 間諜軟體通信節點攔截 - 攔截模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Pegasus_Block.list,REJECT,no-resolve # > ⑫ 網路釣魚攔截 - 攔截模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Phishing_Block.list,REJECT,no-resolve # > ⑬ 網路詐騙攔截 - 攔截模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Scam_Block.list,REJECT,no-resolve # > ⑭ 風險通信觀察列表 - 觀察模組 (預設啟用) RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Quarantine_Block.list,REJECT,no-resolve # > 智慧助理 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/OpenAI.list,智慧助理 # > 蘋果服務 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Apple.list,蘋果服務 # > Github RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/GitHub.list,GitHub # > Crypto RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Crypto.list,Crypto # > 微軟服務 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Microsoft.list,微軟服務 # > Google 服務 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Google.list,Google 服務 # > 社交平台 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Telegram.list,電報資訊 # > 遊戲平台 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/GamePlatforms.list,遊戲平台 # > WeChat RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/WeChat.list,WeChat # > 流媒體 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/ChinaMedia.list,國內媒體 RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/GlobalMedia.list,國外媒體 # > Proxy RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/Proxy.list,Proxy # > China RULE-SET,https://raw.githubusercontent.com/Thoseyearsbrian/Aegis/main/rules/China.list,DIRECT # > 區域網地址 RULE-SET,LAN,DIRECT # > 可選區域分流功能(預設關閉) # - 用途:為普通使用者提供簡化的國際分流能力,減少訪問受阻情況 # - 預設:關閉,保持 Aegis 防火牆強安全策略(FINAL,REJECT) # - 啟用:刪除規則行首 “# ” 號即可啟用對應區域分流條目 # - 資料庫提示:如需啟用本模組,請將 GeoIP 資料庫切換為使用者自行建構的 GeoIP2-Country # - 建構方法參考: # - GeoIP2-Country(全球國家資料庫建構腳本與設定方案): https://github.com/Thoseyearsbrian/GeoIP2-Country # GEOIP,US,Proxy # 美國區域流量走代理(啟用後可訪問美國站點) # GEOIP,GB,Proxy # 英國區域流量走代理(啟用後可訪問英國站點) # GEOIP,FR,Proxy # 法國區域流量走代理(啟用後可訪問法國站點) # GEOIP,DE,Proxy # 德國區域流量走代理(啟用後可訪問德國站點) # GEOIP,RU,Proxy # 俄羅斯區域流量走代理(啟用後可訪問俄羅斯站點) # GEOIP,EU,Proxy # 歐盟區域流量走代理(啟用後可訪問多數歐洲站點) # GEOIP,AU,Proxy # 澳大利亞區域流量走代理(啟用後可訪問澳大利亞站點) # GEOIP,JP,Proxy # 日本區域流量走代理(啟用後可訪問日本站點) # GEOIP,KR,Proxy # 韓國區域流量走代理(啟用後可訪問韓國站點) # GEOIP,SG,Proxy # 新加坡區域流量走代理(啟用後可訪問新加坡站點) # > GEOIP 匹配中國大陸 GEOIP,CN,DIRECT # > Final 規則 FINAL,REJECT # - 說明:FINAL,REJECT 為 Aegis 預設拒絕策略,用於確保未顯式放行的流量全部被阻斷 # - 安全性:保持為 REJECT 可維持最高防護等級,防止未知域名、可疑請求或潛在攻擊流量繞過規則 # - 調整:如將 REJECT 改為 Proxy,可改善訪問兼容性,但會降低整體安全性 # - 場景:在需要以訪問優先為主的情況下,可將 Final 規則切換為 Proxy 或 直接採用全局代理模式 / 直連模式 [Host] # > 本地回環 IPv6 映射 ip6-localhost = ::1 # > 本地路由器登入與熱點識別(無須指定 DNS,保留交由系統解析) routerlogin.net = system router.asus.com = system amplifi.lan = system *.lan = system _hotspot_.m2m = system hotspot.cslwifi.com = system dns.alidns.com = 223.5.5.5 # 主 IPv4 dns.alidns.com = 223.6.6.6 # 備 IPv4 dns.alidns.com = 2400:3200::1 # IPv6