How to use v2ray to set up a whitelist firewall to only allow certain websites to get accessed and redirect other domain to a local website
{
"dns": {
"hosts": {
"domain:googleapis.cn": "googleapis.com",
"domain:weloveparty.domain.local": "10.0.2.2",
"domain:alternatives.domain.local": "192.168.49.195",
"domain:user_alternatives.domain.local": "192.168.49.195"
},
"servers": [
"8.8.8.8",
"1.1.1.1",
{
"address": "223.5.5.5",
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
],
"port": 53
}
]
},
"inbounds": [
{
"listen": "127.0.0.1",
"port": 10807,
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 8
},
"tag": "socks"
},
{
"listen": "127.0.0.1",
"port": 10808,
"protocol": "socks",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"auth": "noauth",
"udp": true,
"userLevel": 8
},
"tag": "tun2socks"
},
{
"listen": "127.0.0.1",
"port": 10809,
"protocol": "http",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"tag": "http"
},
{
"listen": "127.0.0.1",
"port": 22244,
"protocol": "vmess",
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
},
"settings": {
"clients": [
{
"id": "fe186f9d-2e99-37a2-b30f-252d11337dc2",
"alterId": 0,
"security": "none"
}
]
},
"streamSettings": {
"network": "ws"
},
"mux": {
"enabled": true
}
},
{
"listen": "127.0.0.1",
"port": 22245,
"protocol": "dokodemo-door",
"settings": {
"network": "tcp,udp",
"followRedirect": true
},
"sniffing": {
"enabled": true,
"destOverride": [
"http",
"tls"
]
}
}
],
"log": {
"loglevel": "warning"
},
"outbounds": [
{
"mux": {
"concurrency": 8,
"enabled": false
},
"protocol": "vmess",
"settings": {
"vnext": [
{
"address": "ct1-h.001.buzz",
"port": 17111,
"users": [
{
"alterId": 0,
"encryption": "",
"flow": "",
"id": "c4299-e1-47fc-8f6b-04777ead6fae",
"level": 8,
"security": "auto"
}
]
}
]
},
"streamSettings": {
"network": "tcp",
"security": "",
"tcpSettings": {
"header": {
"type": "none"
}
}
},
"tag": "proxy"
},
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP"
},
"tag": "direct"
},
{
"protocol": "blackhole",
"settings": {
"response": {
"type": "http"
}
},
"tag": "block"
},
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP",
"redirect": "192.168.49.1:8080"
},
"tag": "fuck"
}
],
"routing": {
"domainMatcher": "mph",
"domainStrategy": "IPIfNonMatch",
"rules": [
{
"type": "field",
"outboundTag": "direct",
"protocol": [
"bittorrent"
]
},
{
"ip": [
"8.8.8.8"
],
"outboundTag": "proxy",
"port": "53",
"type": "field"
},
{
"ip": [
"1.1.1.1"
],
"outboundTag": "proxy",
"port": "53",
"type": "field"
},
{
"ip": [
"223.5.5.5"
],
"outboundTag": "direct",
"port": "53",
"type": "field"
},
{
"ip": [
"geoip:private"
],
"outboundTag": "direct",
"type": "field"
},
{
"domain": [
"geosite:cn",
],
"outboundTag": "fuck",
"type": "field"
},
{
"domain": [
"geosite:google",
],
"outboundTag": "proxy",
"type": "field"
}
]
}
}
The above code will:
- drop all chinese https connection
- redirect all chinese http connection to
192.168.49.1:8080
- let all google service go through proxy.
Important part:
{
"protocol": "freedom",
"settings": {
"domainStrategy": "UseIP",
"redirect": "192.168.49.1:8080"
},
"tag": "fuck"
}
and
{
"domain": [
"geosite:cn",
],
"outboundTag": "fuck",
"type": "field"
},
{
"domain": [
"geosite:google",
],
"outboundTag": "proxy",
"type": "field"
}
global dns settings:
"dns": {
"hosts": {
"domain:googleapis.cn": "googleapis.com",
"domain:weloveparty.domain.local": "10.0.2.2",
"domain:alternatives.domain.local": "192.168.49.195",
"domain:user_alternatives.domain.local": "192.168.49.195"
},
"servers": [
"8.8.8.8",
"1.1.1.1",
{
"address": "223.5.5.5",
"domains": [
"geosite:cn"
],
"expectIPs": [
"geoip:cn"
],
"port": 53
}
]
},
More information:
- More preset v2ray domain list:
https://github.com/Loyalsoldier/v2ray-rules-dat - How to open wifi login page:
https://openwrt.org/docs/guide-user/services/captive-portal/opennds#summary_of_operation
https://www.rfc-editor.org/rfc/rfc8910.pdf