Direct/Freedom outbound: Add ipsBlocked (supports IP, CIDR, "geoip:", "ext:") and apply a default safe policy (#5947)

https://github.com/XTLS/Xray-core/pull/5892#issuecomment-4254056911 --------- Co-authored-by: 风扇滑翔翼 <Fangliding.fshxy@outlook.com>
2026-05-08 14:13:22 +00:00 · 2026-04-16 07:41:11 +08:00
parent 3691741440
commit 310b764811
21 changed files with 432 additions and 135 deletions
--- a/infra/conf/freedom.go
+++ b/infra/conf/freedom.go
@@ -7,6 +7,7 @@ import (
 	"strings"

 	"github.com/xtls/xray-core/common/errors"
+	"github.com/xtls/xray-core/common/geodata"
 	v2net "github.com/xtls/xray-core/common/net"
 	"github.com/xtls/xray-core/common/protocol"
 	"github.com/xtls/xray-core/proxy/freedom"
@@ -15,14 +16,15 @@ import (
 )

 type FreedomConfig struct {
-	TargetStrategy string    `json:"targetStrategy"`
-	DomainStrategy string    `json:"domainStrategy"`
-	Redirect       string    `json:"redirect"`
-	UserLevel      uint32    `json:"userLevel"`
-	Fragment       *Fragment `json:"fragment"`
-	Noise          *Noise    `json:"noise"`
-	Noises         []*Noise  `json:"noises"`
-	ProxyProtocol  uint32    `json:"proxyProtocol"`
+	TargetStrategy string      `json:"targetStrategy"`
+	DomainStrategy string      `json:"domainStrategy"`
+	Redirect       string      `json:"redirect"`
+	UserLevel      uint32      `json:"userLevel"`
+	Fragment       *Fragment   `json:"fragment"`
+	Noise          *Noise      `json:"noise"`
+	Noises         []*Noise    `json:"noises"`
+	ProxyProtocol  uint32      `json:"proxyProtocol"`
+	IPsBlocked     *StringList `json:"ipsBlocked"`
 }

 type Fragment struct {
@@ -162,6 +164,13 @@ func (c *FreedomConfig) Build() (proto.Message, error) {
 	if c.ProxyProtocol > 0 && c.ProxyProtocol <= 2 {
 		config.ProxyProtocol = c.ProxyProtocol
 	}
+	if c.IPsBlocked != nil {
+		rules, err := geodata.ParseIPRules(*c.IPsBlocked)
+		if err != nil {
+			return nil, err
+		}
+		config.IpsBlocked = &freedom.IPRules{Rules: rules}
+	}
 	return config, nil
 }