clash: rule-based tunnel in Go


A rule-based tunnel in Go.


  • Local HTTP/HTTPS/SOCKS server with authentication support
  • VMess, Shadowsocks, Trojan, Snell protocol support for remote connections
  • Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP.
  • Rules-based off domains, GEOIP, IP CIDR, or ports to forward packets to different nodes
  • Remote groups allow users to implement powerful rules. Supports automatic fallback, load balancing, or auto select node based off latency
  • Remote providers, allowing users to get node lists remotely instead of hardcoding in config
  • Netfilter TCP redirecting. Deploy Clash on your Internet gateway with iptables.
  • Comprehensive HTTP RESTful API controller

Premium Features

  • TUN mode on macOS, Linux, and Windows. Doc
  • Match your tunnel by Script: Script enables users to programmatically select a policy for the packets with more flexibility.
  • Rule Provider: It enables users to load rules from external sources and overall cleaner configuration. This feature is currently Premium core only.

Download & Use

Copyright (C) 2021 Dreamacro 

Source: Penetration Testing

Leave a Reply