Skip to content

Instantly share code, notes, and snippets.

@janlay
Last active September 26, 2022 15:59
Show Gist options
  • Save janlay/76faec8e3b1a59549c1c993dd4c6799c to your computer and use it in GitHub Desktop.
Save janlay/76faec8e3b1a59549c1c993dd4c6799c to your computer and use it in GitHub Desktop.
Clash tun and Telegram

Clash tun and Telegram

This gist provides key guideline to make Clash tun handle Telegram's pure IP traffic.

You may want to change the corresponding items in the script

  • The IP list file telegram.list is located in /etc/asn/
  • 7892 is redir-port in Clash's config file
  • iptables module iptables-mod-extra is required for the --match-set usage

Usage

  1. Prepare your Clash service with:
  • Run setup_firewall after starting service
  • Run reset_firewall after stopping service
  1. Start Clash service with tun enabled
setup_firewall() {
local name=telegram
ipset create $name hash:net family inet hashsize 1024 maxelem 32
xargs -n1 ipset add $name < /etc/asn/telegram.list
iptables -t nat -A PREROUTING -p tcp -m set --match-set $name dst -j REDIRECT --to-ports 7892
}
reset_firewall() {
local name=telegram
iptables -t nat -D PREROUTING -p tcp -m set --match-set $name dst -j REDIRECT --to-ports 7892 &> /dev/null
ipset destroy $name
}
91.105.192.0/23
91.108.4.0/22
91.108.8.0/21
91.108.16.0/21
91.108.56.0/22
95.161.64.0/20
109.239.140.0/24
149.154.160.0/20
185.76.151.0/24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment