Rule Type

By writing rules, you can specify the outbound method of different connections, such as forwarding through a certain proxy, or interception. You can match based on the connection's IP, domain name, process name, or a combination of multiple conditions.

For each connection, rules are always matched from top to bottom.

Rules can be classified into two types, among which IP type may trigger DNS resolution:

Based on domain name
Based on IP
Other composite types

💡

Want to write rules for URLs? Please read the HTTP Rewrite section.

💡

You can add the no-track parameter at the end of the rule to hide the connection that matches this rule, such as SCRIPT,quic,REJECT,no-track. This is very effective in avoiding a large number of REJECT records flooding the page.

DOMAIN

Fully match the domain name, for example, DOMAIN,google.com matches google.com but does not match www.google.com.

DOMAIN-SUFFIX

Match the domain name suffix, for example, DOMAIN-SUFFIX,google.com matches google.com and www.google.com.

DOMAIN-KEYWORD

Keyword matches the domain name, for example, DOMAIN-KEYWORD,google matches google.com and google.jp.

GEOIP

Match the country code through MaxMind GeoIP, such as GEOIP,CN, you can add no-resolve to avoid triggering DNS resolution.

💡

Stash allows users to replace the database in MaxMind GeoIP format, users can choose the MaxMind GeoIP database that is more suitable for their own scenarios according to their needs.

IP-ASN

Through the IP autonomous system number, such as IP-ASN,714, you can add no-resolve to avoid triggering DNS resolution.

IP-CIDR / IP-CIDR6

IP CIDR range, you can add no-resolve to avoid triggering DNS resolution.

DST-PORT

Destination port.

RULE-SET

Please use rule set when referencing a large number of rules.

GEOSITE

domain-list-community (opens in a new tab) is a domain name list maintained by the v2fly community.

For example, GEOSITE,twitter matches the domain names related to Twitter (opens in a new tab) company:

ads-twitter.com
cms-twdigitalassets.com
periscope.tv
pscp.tv
t.co
tellapart.com
tweetdeck.com
twimg.com
twitpic.com
twitter.biz
twitter.com
twitter.jp
twittercommunity.com
twitterflightschool.com
twitterinc.com
twitteroauth.com
twitterstat.us
twtrdns.net
twttr.com
twttr.net
twvid.com
vine.co
x.com

⚠️

The domain-list-community data does not come with Stash distribution, Stash will load the domain name data on demand from github.com when it is used for the first time. Please ensure the connectivity of the current configuration to github.com when using it for the first time.

PROCESS-NAME

Process name, for example, PROCESS-NAME,Telegram, only effective for local processes.

⚠️

Due to the restrictions of Network Extension, Stash iOS/tvOS (including the iOS version running on Apple silicon devices) does not support PROCESS-NAME rules, and the process-related rules in the configuration will be ignored.

PROCESS-PATH

Process path, for example, PROCESS-PATH,/Applications/Telegram.app/Contents/MacOS/Telegram, only effective for local processes.

⚠️

Due to the restrictions of Network Extension, Stash iOS/tvOS (including the iOS version running on Apple silicon devices) does not support PROCESS-PATH rules, and the process-related rules in the configuration will be ignored.

SCRIPT

Match the request through Python expression, the expression must return a Boolean value, and the expression with execution errors will be skipped.

The expression can read the following variables:

{
  "network": "string", // one of tcp / udp
  "host": "string", // may be empty
  "dst_ip": "string", // may be empty
  "dst_port": "number",
  "src_ip": "string", // only works with gateway mode
  "src_port": "number" // only works with gateway mode
}

The expression can call the following functions:

def resolve_ip(host: str) -> str:
    pass
 
def in_cidr(ip: str, cidr: str) -> bool:
    pass
 
def geoip(ip: str) -> str:
    pass
 
def ipasn(ip: str) -> int:
    pass
 
def match_provider(name: str) -> bool:
    pass
 
def match_geosite(name: str) -> bool:
    pass

For example, if you need to intercept QUIC protocol requests, you can write it like this:

rules:
  - SCRIPT,quic,REJECT
  - SCRIPT,udp-cn,ProxyToCN
 
script:
  shortcuts: # can be referenced in rule
    quic: network == 'udp' and dst_port == 443 # match QUIC protocol
    udp-cn: network == 'udp' and geoip(dst_ip if dst_ip != '' else resolve_ip(host)) == 'CN' # match UDP going to CN
    instagram-quic: network == 'udp' and dst_port == 443 and match_geosite('instagram') # match Instagram's QUIC

Get Started Rule Set