ClashX Rule Writing Guide: From Basics to Advanced

Rule Fundamentals

Rules are the core functionality of ClashX, determining which traffic should go through proxies and which should connect directly. Understanding and mastering rule writing makes your proxy configuration smarter and more efficient.

Rules are essentially a set of matching conditions. When a network request meets a rule, ClashX processes the request according to the policy specified in the rule.

💡

How Rules Work

When you visit a website, ClashX checks the rule list from top to bottom. Once it finds a matching rule, it applies it immediately and stops checking subsequent rules. Therefore, rule order is crucial.

Components of a Rule

Each rule consists of three parts:

Rule Type

Such as DOMAIN, IP-CIDR, etc.

Match Value

The specific content to match

Policy Name

DIRECT, REJECT, or proxy group

Rule Types Explained

DOMAIN - Exact Domain Match

The most precise matching method, only matches exactly identical domains.

DOMAIN Rule Examples

- DOMAIN,www.google.com,🚀 Proxy
- DOMAIN,api.github.com,🚀 Proxy
- DOMAIN,www.baidu.com,DIRECT

Note: Only matches when accessing www.google.com. Accessing mail.google.com or google.com will not match.

DOMAIN-SUFFIX - Domain Suffix Match

The most commonly used rule type, matches the specified domain and all its subdomains.

DOMAIN-SUFFIX Rule Examples

- DOMAIN-SUFFIX,google.com,🚀 Proxy
- DOMAIN-SUFFIX,youtube.com,🎬 Streaming
- DOMAIN-SUFFIX,cn,DIRECT

Note: google.com, www.google.com, and mail.google.com will all be matched.

DOMAIN-KEYWORD - Domain Keyword Match

Matches requests where the domain contains the specified keyword. Flexible but may cause false matches.

DOMAIN-KEYWORD Rule Examples

- DOMAIN-KEYWORD,google,🚀 Proxy
- DOMAIN-KEYWORD,youtube,🎬 Streaming
- DOMAIN-KEYWORD,ads,REJECT

Warning: Use with caution. "google" will match google.com, mygooglesite.com, and all domains containing this keyword.

IP-CIDR - IP Address Range Match

Matches based on IP address ranges, suitable for connections without domain names.

IP-CIDR Rule Examples

- IP-CIDR,192.168.0.0/16,DIRECT
- IP-CIDR,10.0.0.0/8,DIRECT
- IP-CIDR,91.108.56.0/22,🚀 Proxy,no-resolve

no-resolve parameter: Skips DNS resolution and matches IP directly, improving performance.

GEOIP - Geographic Location Match

Matches based on the geographic location of IP addresses.

GEOIP Rule Examples

- GEOIP,CN,DIRECT
- GEOIP,US,🇺🇸 US Node
- GEOIP,JP,🇯🇵 Japan Node

Rule Type	Precision	Performance	Recommended Use
DOMAIN	Highest	Fast	Specific domains
DOMAIN-SUFFIX	High	Fast	Whole site proxy
DOMAIN-KEYWORD	Medium	Medium	Batch matching
IP-CIDR	High	Slow (needs resolution)	IP-based matching
GEOIP	Medium	Fast	Regional routing

Rule Syntax Deep Dive

Basic Syntax Format

ClashX rules are written in YAML format and must strictly follow indentation rules.

Standard Rule Syntax

rules:
  - RULE-TYPE,MATCH-VALUE,POLICY-NAME
  - RULE-TYPE,MATCH-VALUE,POLICY-NAME,OPTIONS

Rule Parameter Options

Some rule types support additional parameters to optimize performance or behavior.

no-resolve: No DNS resolution, applicable to IP-CIDR rules
src-ip: Match based on source IP address
src-port: Match based on source port

Special Rule Types

Besides basic rules, ClashX also supports some advanced rule types:

Advanced Rule Examples

# PROCESS-NAME - Match by process name
- PROCESS-NAME,Telegram,🚀 Proxy

# RULE-SET - Reference a rule set
- RULE-SET,proxy-list,🚀 Proxy

# MATCH - Default policy (must be placed last)
- MATCH,🚀 Node Selection

⚠️

Important Notice

The MATCH rule must be placed at the end of the rule list. It will match all traffic not handled by previous rules.

Writing Best Practices

Rule Order Optimization

Correct rule order can significantly improve matching efficiency and accuracy:

First: REJECT rules (block ads and tracking)
Next: Special DOMAIN rules (high-priority websites)
Middle: DOMAIN-SUFFIX and DOMAIN-KEYWORD rules
Later: IP-CIDR and GEOIP rules
Last: MATCH default rule

Performance Optimization Tips

Key points for writing high-performance rules:

🚀

Performance Optimization Recommendations

1. Prefer DOMAIN-SUFFIX over DOMAIN-KEYWORD
2. Add no-resolve parameter to IP-CIDR rules
3. Use RULE-SET to manage large rule sets
4. Avoid excessive regex rules

Common Mistakes to Avoid

Pitfalls to watch out for when writing rules:

Indentation errors: YAML is strict about indentation, use 2 spaces
Rule conflicts: Ensure high-priority rules come first
Policy name errors: Ensure policy names match those defined in proxy-groups
Overusing KEYWORD: Can easily cause false matches

Rule Organization

Recommended to organize rules by function, using comments as separators:

Rule Organization Example

rules:
  # ======= Ad Blocking =======
  - DOMAIN-SUFFIX,ads.google.com,REJECT
  - DOMAIN-KEYWORD,analytics,REJECT

  # ======= Local Direct =======
  - DOMAIN-SUFFIX,localhost,DIRECT
  - IP-CIDR,127.0.0.0/8,DIRECT

  # ======= Streaming Services =======
  - DOMAIN-SUFFIX,netflix.com,🎬 Streaming
  - DOMAIN-SUFFIX,youtube.com,🎬 Streaming

  # ======= CN websites =======
  - GEOIP,CN,DIRECT

  # ======= Default Policy =======
  - MATCH,🚀 Node Selection

Practical Case Studies

Case 1: Complete Routing Rules

A complete rule configuration suitable for daily use:

Daily Use Rule Set

rules:
  # Ad Blocking
  - DOMAIN-KEYWORD,adservice,REJECT
  - DOMAIN-SUFFIX,doubleclick.net,REJECT

  # Apple Services
  - DOMAIN-SUFFIX,apple.com,DIRECT
  - DOMAIN-SUFFIX,icloud.com,DIRECT
  - DOMAIN-SUFFIX,apple-dns.net,DIRECT

  # Streaming Platforms
  - DOMAIN-SUFFIX,netflix.com,🎬 Streaming
  - DOMAIN-SUFFIX,youtube.com,🎬 Streaming
  - DOMAIN-SUFFIX,spotify.com,🎬 Streaming

  # Social Media
  - DOMAIN-SUFFIX,twitter.com,🚀 Proxy
  - DOMAIN-SUFFIX,facebook.com,🚀 Proxy
  - DOMAIN-SUFFIX,instagram.com,🚀 Proxy

  # Development Tools
  - DOMAIN-SUFFIX,github.com,🚀 Proxy
  - DOMAIN-SUFFIX,stackoverflow.com,🚀 Proxy

  # Mainland China Websites
  - GEOIP,CN,DIRECT

  # Local NetworkDirect
  - IP-CIDR,192.168.0.0/16,DIRECT,no-resolve
  - IP-CIDR,10.0.0.0/8,DIRECT,no-resolve

  # Default policy
  - MATCH,🚀 Node Selection

Case 2: Gaming Acceleration Rules

Rule configuration optimized for gaming:

Gaming Acceleration Rules

rules:
  # Steam
  - DOMAIN-SUFFIX,steampowered.com,🎮 Gaming
  - DOMAIN-SUFFIX,steamcommunity.com,🎮 Gaming

  # Epic Games
  - DOMAIN-SUFFIX,epicgames.com,🎮 Gaming

  # PlayStation
  - DOMAIN-SUFFIX,playstation.com,🎮 Gaming
  - DOMAIN-SUFFIX,playstation.net,🎮 Gaming

  # Xbox
  - DOMAIN-SUFFIX,xbox.com,🎮 Gaming
  - DOMAIN-SUFFIX,xboxlive.com,🎮 Gaming

  # Gaming IP ranges (example)
  - IP-CIDR,185.25.182.0/24,🎮 Gaming,no-resolve

  - MATCH,DIRECT

Case 3: Privacy Protection Rules

Rule configuration for enhanced privacy protection:

Privacy Protection Rules

rules:
  # Block ad tracking
  - DOMAIN-KEYWORD,analytics,REJECT
  - DOMAIN-KEYWORD,tracking,REJECT
  - DOMAIN-KEYWORD,telemetry,REJECT

  # Block common ad domains
  - DOMAIN-SUFFIX,googlesyndication.com,REJECT
  - DOMAIN-SUFFIX,googleadservices.com,REJECT
  - DOMAIN-SUFFIX,facebook.net,REJECT

  # Block data collection
  - DOMAIN-KEYWORD,crashlytics,REJECT
  - DOMAIN-KEYWORD,bugly,REJECT

  # Normal traffic
  - MATCH,🚀 Node Selection

Advanced Rule Techniques

Using Rule Providers

Rule providers allow you to load rules from external files or URLs, making management and updates easier:

Rule Provider Configuration Example

rule-providers:
  reject:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/reject.txt"
    path: ./ruleset/reject.yaml
    interval: 86400

  proxy:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/proxy.txt"
    path: ./ruleset/proxy.yaml
    interval: 86400

  direct:
    type: http
    behavior: domain
    url: "https://cdn.jsdelivr.net/gh/Loyalsoldier/clash-rules@release/direct.txt"
    path: ./ruleset/direct.yaml
    interval: 86400

rules:
  - RULE-SET,reject,REJECT
  - RULE-SET,proxy,🚀 Proxy
  - RULE-SET,direct,DIRECT
  - MATCH,🚀 Node Selection

Script Rules

Use JavaScript to write custom matching logic:

💻

Script Rule Capabilities

Script rules provide maximum flexibility, enabling complex matching logic such as time-based routing, dynamic node selection, and other advanced features.

Debugging and Testing Rules

How to verify if rules are working correctly:

View Logs

Monitor rule matching in real-time

Use Dashboard

Visualize connections and rules

Test Connections

Visit websites to verify routing

Rule Maintenance Recommendations

Methods to keep rules efficient and up-to-date:

Regular review: Check rules monthly, remove unused ones
Use version control: Manage config files with Git
Subscribe to community rule sets: Leverage community-maintained rule sets
Keep backups: Save working configuration versions

Rule Writing Summary

Mastering rule writing is a key skill for using ClashX. Start with simple DOMAIN-SUFFIX rules and gradually learn more complex rule types. Remember, the best rule configuration is simple, efficient, and meets your actual needs. Don't blindly pursue complexity - practicality is king.

Was this article helpful?

✓ ✓ Thank you for your feedback!

Tags: ClashX Rules Tutorial Configuration Advanced