API tools faq
paste
odcold

010-bypass_with_tg.sh

odcold
Aug 20th, 2025
60
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.36 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh
  2.  
  3. [ "$type" = "ip6tables" ] && exit
  4. [ "$table" != "mangle" ] && exit
  5.  
  6. ipset_lists="bypass bypass2"
  7.  
  8. for bypass_desc in $ipset_lists; do
  9.     mark_id=$(curl -kfsS http://localhost:79/rci/show/ip/policy | jq -r ".[] | select(.description == \"$bypass_desc\") | .mark")
  10.     [ -z "$mark_id" ] && continue
  11.  
  12. ipset create "$bypass_desc" hash:ip timeout 43200 --exist
  13.  
  14. chain="_CUST_BYPASS_${bypass_desc}_MANGLE"
  15. iptables -w -t mangle -N "$chain" 2>/dev/null || true
  16.  
  17. iptables -w -t mangle -C PREROUTING -m mark --mark 0x0 -j "$chain" >/dev/null 2>&1 || \
  18. iptables -w -t mangle -A PREROUTING -m mark --mark 0x0 -j "$chain"
  19.  
  20. iptables -w -t mangle -C "$chain" -m set --match-set "$bypass_desc" dst -j MARK --set-mark 0x$mark_id >/dev/null 2>&1 || \
  21. iptables -w -t mangle -A "$chain" -m set --match-set "$bypass_desc" dst -j MARK --set-mark 0x$mark_id
  22.  
  23. iptables -w -t mangle -C "$chain" -m set --match-set "$bypass_desc" dst -j CONNMARK --save-mark >/dev/null 2>&1 || \
  24. iptables -w -t mangle -A "$chain" -m set --match-set "$bypass_desc" dst -j CONNMARK --save-mark
  25.  
  26. iptables -w -t mangle -C "$chain" -m set --match-set "$bypass_desc" dst -j RETURN >/dev/null 2>&1 || \
  27. iptables -w -t mangle -A "$chain" -m set --match-set "$bypass_desc" dst -j RETURN
  28.  
  29. done
  30.  
  31. ipset create bypass_telegram hash:net --exist
  32.  
  33. telegram_cidrs=$(curl -kfsS https://core.telegram.org/resources/cidr.txt | grep -v ':' || true)
  34.  
  35. if [ -n "$telegram_cidrs" ]; then
  36.     ipset flush bypass_telegram
  37.     for cidr in $telegram_cidrs; do
  38.         ipset add bypass_telegram "$cidr"
  39.     done
  40. fi
  41.  
  42. mark_id_bypass=$(curl -kfsS http://localhost:79/rci/show/ip/policy | jq -r '.[] | select(.description == "bypass") | .mark')
  43. chain="_CUST_BYPASS_bypass_MANGLE"
  44.  
  45. iptables -w -t mangle -C "$chain" -m set --match-set bypass_telegram dst -j MARK --set-mark 0x$mark_id_bypass >/dev/null 2>&1 || \
  46. iptables -w -t mangle -A "$chain" -m set --match-set bypass_telegram dst -j MARK --set-mark 0x$mark_id_bypass
  47.  
  48. iptables -w -t mangle -C "$chain" -m set --match-set bypass_telegram dst -j CONNMARK --save-mark >/dev/null 2>&1 || \
  49. iptables -w -t mangle -A "$chain" -m set --match-set bypass_telegram dst -j CONNMARK --save-mark
  50.  
  51. iptables -w -t mangle -C "$chain" -m set --match-set bypass_telegram dst -j RETURN >/dev/null 2>&1 || \
  52. iptables -w -t mangle -A "$chain" -m set --match-set bypass_telegram dst -j RETURN
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!