add ip-set, ip-rules, ip-alias pages

2023-10-31 22:21:02 +08:00
parent ef1040c378
commit 4d69057696
10 changed files with 275 additions and 5 deletions
--- a/en/docs/config/ip-alias.md
+++ b/en/docs/config/ip-alias.md
@@ -0,0 +1,100 @@
+---
+hide:
+  - toc
+---
+
+# IP Alias
+
+SmartDNS provides IP address alias mapping, which can map the IP or IP range in the query result to a specific IP address.  
+This feature can be used for CDN network acceleration with anycast IP, such as Cloudflare's CDN acceleration.
+
+## IP Alias Mapping
+
+Map the specified IP address to the target address, such as mapping the C class address of 1.2.3.4 to 192.168.1.1.
+
+```
+ip-alias 1.2.3.4/24 192.168.1.1
+```
+
+## Ignore IP Alias for Specific Domains
+
+In some cases, it may be necessary to exclude specific domains from IP alias mapping. This can be achieved by using domain rules to ignore IP alias mapping for those domains.
+
+```
+domain-rules /example.com/ -no-ip-alias
+```
+
+
+## Cloudflare CDN Acceleration
+
+Cloudflare CDN's IP addresses are all anycast IP addresses, and users can access websites hosted on Cloudflare through any Cloudflare IP address.  
+With this feature, we can find the fastest IP address for accessing Cloudflare CDN on our own network and set up IP aliases to speed up all websites hosted on Cloudflare.
+
+Here are the steps:
+
+### Get the IP address range of Cloudflare and save it as an IP list file
+
+Cloudflare has publicly disclosed the IP address range of its CDN, which can be found here: https://www.cloudflare.com/ips/
+
+IPv4: https://www.cloudflare.com/ips-v4/#  
+IPv6: https://www.cloudflare.com/ips-v6/#  
+
+Save the above list as a text file, such as: `cloudflare-ipv4.txt`, `cloudflare-ipv6.txt`
+
+* cloudflare-ipv4.txt
+```
+173.245.48.0/20
+103.21.244.0/22
+103.22.200.0/22
+103.31.4.0/22
+141.101.64.0/18
+108.162.192.0/18
+190.93.240.0/20
+188.114.96.0/20
+197.234.240.0/22
+198.41.128.0/17
+162.158.0.0/15
+104.16.0.0/13
+104.24.0.0/14
+172.64.0.0/13
+131.0.72.0/22
+```
+
+* cloudflare-ipv6.txt
+```
+2400:cb00::/32
+2606:4700::/32
+2803:f800::/32
+2405:b500::/32
+2405:8100::/32
+2a06:98c0::/29
+2c0f:f248::/32
+```
+
+### Find the Fastest IP Address to Access Cloudflare on Your Network
+
+The community provides a tool to find the fastest Cloudflare IP address: [CloudflareSpeedTest](https://github.com/XIU2/CloudflareSpeedTest). We can use this tool to find the fastest IP address.
+
+The corresponding command is as follows:
+
+```
+./CloudflareSpeedTest -url https://down.heleguo.top/download/100MB.zip
+```
+
+After successful execution, you will get the fastest IP address.  
+Since the tool randomly uses some IP addresses for testing, you can execute the above command multiple times to ensure that you get the fastest IP address.
+
+### Configure SmartDNS acceleration
+
+The principle is to use the ip-alias command to map the entire anycast IP of Cloudflare to the fastest IP address obtained from CloudflareSpeedTest.  
+Configure SmartDNS as follows:
+
+```
+# Set up Cloudflare IPV4 alias mapping
+ip-set -name cloudflare-ipv4 -file /path/to/cloudflare-ipv4.txt
+ip-rules ip-set:cloudflare-ipv4 -ip-alias 162.159.58.17,162.159.58.124
+
+# Set up Cloudflare IPV6 alias mapping
+ip-set -name cloudflare-ipv6 -file /path/to/cloudflare-ipv6.txt
+ip-rules ip-set:cloudflare-ipv6 -ip-alias 2606:4700:17:d8e7:5e98:7d62:6674:c5a7
+```
--- a/en/docs/config/ip-rule.md
+++ b/en/docs/config/ip-rule.md
@@ -13,6 +13,7 @@ smartdns provides IP address whitelist, blacklist and ignore rules for filtering
 | blacklist-ip | Blacklist IP address | Accept IP addresses outside a specified range |
 | ignore-ip | Ignore IP address | Do not use a specific IP address, or range of IP addresses |
 | bogus-nxdomain | Spoof IP address filtering | Return SOA when the requested result contains a specified IP address |
+| ip-alias |IP Alias|IP Address Mapping，Can be used for CDN acceleration with Anycast IP, such as Cloudflare's CDN. refer to [IP Alias](../config/ip-alias.md)。

 ## Whitelist IP addresses

--- a/en/docs/config/ip-set.md
+++ b/en/docs/config/ip-set.md
@@ -0,0 +1,29 @@
+---
+hide:
+  - toc
+---
+
+# Using IP Address Sets
+
+To facilitate the configuration of IP addresses according to sets, for configurations that use `ip/subnet`, IP address sets can be specified for easy maintenance. The specific method is as follows:
+
+1. Use ip-set to configure the set file, such as
+
+    ```shell
+    ip-set -name cloudflare -file /etc/smartdns/cloudflare-list.conf
+    ```
+
+    The format of cloudflare-list.conf is one IP address per line, such as:
+
+    ```shell
+    1.2.3.4
+    192.168.1.1/24
+    ```
+
+1. Use IP address sets for options with `ip/subnet` configurations, simply configure `ip/subnet` as `ip-set:[set name]`, such as:
+
+    ```shell
+    ignore-ip ip-set:cloudflare
+    ip-rules ip-set:cloudflare -whitelist-ip
+    ip-alias ip-set:cloudflare 192.168.1.1
+    ```
--- a/en/docs/configuration.md
+++ b/en/docs/configuration.md
@@ -60,12 +60,15 @@ hide:
 |nftset-timeout|nftset timeout enable|no|[yes\|no]|nftset-timeout yes
 |nftset-no-speed|When speed check fails, set the ip address of the domain name to the nftset | None | nftset-no-speed [#4\|#6]:[family#nftable#nftset][,#[4\|6]:[family#nftable#nftset]]] <br />the valid families are inet and ip for ipv4 addresses while the valid ones are inet and ip6 for ipv6 addresses <br />due to the limitation of nftable <br />two types of addresses have to be stored in two sets| nftset-no-speed #4:inet#tab#set4|
 |nftset-debug|nftset debug enable|no|[yes\|no]|nftset-debug yes
-|domain-rules|set domain rules|None|domain-rules /domain/ [-rules...]<br />[-c\|-speed-check-mode]: set speed check mode, same as parameter `speed-check-mode`<br />[-a\|-address]: same as  parameter `address` <br />[-n\|-nameserver]: same as parameter `nameserver`<br />[-p\|-ipset]: same as parameter `nftset`<br />[-t\|-nftset]: same as parameter `nftset`<br />[-d\|-dualstack-ip-selection]: same as parameter `dualstack-ip-selection`<br />  [-no-serve-expired]: disable serve expired<br />[-rr-ttl\|-rr-ttl-min\|-rr-ttl-max]: same as parameter: `rr-ttl`, `rr-ttl-min`, `rr-ttl-max`<br />[-no-cache]：not cache this domain.<br />[-r\|-response-mode]：response mode, same as `response-mod`e<br />[-delete]: delete rule|domain-rules /www.example.com/ -speed-check-mode none
+|domain-rules|set domain rules|None|domain-rules /domain/ [-rules...]<br />[-c\|-speed-check-mode]: set speed check mode, same as parameter `speed-check-mode`<br />[-a\|-address]: same as  parameter `address` <br />[-n\|-nameserver]: same as parameter `nameserver`<br />[-p\|-ipset]: same as parameter `nftset`<br />[-t\|-nftset]: same as parameter `nftset`<br />[-d\|-dualstack-ip-selection]: same as parameter `dualstack-ip-selection`<br />  [-no-serve-expired]: disable serve expired<br />[-rr-ttl\|-rr-ttl-min\|-rr-ttl-max]: same as parameter: `rr-ttl`, `rr-ttl-min`, `rr-ttl-max`<br />[-no-cache]：not cache this domain.<br />[-r\|-response-mode]：response mode, same as `response-mod`e<br />[-delete]: delete rule <br /> [no-ip-alias]: ignore ip-alias rule|domain-rules /www.example.com/ -speed-check-mode none
 | domain-set | collection of domains|None| domain-set [options...]<br />[-n\|-name]: name of set <br />[-t\|-type] [list]: set type, only support list, one domain per line <br />[-f\|-file]: file path of domain set<br /> used with address, nameserver, ipset, nftset, example: /domain-set:[name]/ | domain-set -name set -type list -file /path/to/list <br /> address /domain-set:set/1.2.4.8 |
 |bogus-nxdomain|bogus IP address|None|[IP/subnet], Repeatable| bogus-nxdomain 1.2.3.4/16
 |ignore-ip|ignore ip address|None|[ip/subnet], Repeatable| ignore-ip 1.2.3.4/16
 |whitelist-ip|ip whitelist|None|[ip/subnet], Repeatable, When the filtering server responds IPs in the IP whitelist, only result in whitelist will be accepted| whitelist-ip 1.2.3.4/16
 |blacklist-ip|ip blacklist|None|[ip/subnet], Repeatable, When the filtering server responds IPs in the IP blacklist, The result will be discarded directly| blacklist-ip 1.2.3.4/16
+| ip-alias | IP alias| None | [ip/subnet] ip1[,[ip2]...]，Repeatable | ip-alias 1.2.3.4/16 4.5.6.7|
+| ip-rules | IP rules | None | [ip/subnet] [-rules...]<br /> [-blacklist-ip]: same as parameter `blacklist-ip` <br /> [-whitelist-ip]: same as parameter `whitelist-ip` <br /> [-bogus-nxdomain]: same as parameter `bogus-nxdomain` <br /> [-ignore-ip]: same as parameter `ignore-ip` <br /> [-ip-alias]: same as parameter `ip-alias` <br /> | ip-rules 1.2.3.4/16 -whitelist-ip|
+| ip-set | collection of IPs | None | ip-set [options...]<br />[-n\|-name]：name of ip set <br />[-t\|-type]：set type, only support list, one domain per line <br />[-f\|-file]：file path of ip set。<br /> used with ip-rules, ip-alias, example: ip-set:[name] | ip-set -name set -type list -file /path/to/list <br /> ip-rules ip-set:set -whitelist-ip|
 |force-AAAA-SOA|force AAAA query return SOA|no|[yes\|no]|force-AAAA-SOA yes
 |force-qtype-SOA|force specific qtype return SOA|qtype id|[qtypeid \| idstart-id-end \| ...]|force-qtype-SOA 65 28 128-256
 |prefetch-domain|domain prefetch feature|no|[yes\|no]|prefetch-domain yes