diff --git a/nixos/modules/services/clash.nix b/nixos/modules/services/clash.nix
index a9662eb..0024157 100644
--- a/nixos/modules/services/clash.nix
+++ b/nixos/modules/services/clash.nix
@@ -95,8 +95,8 @@ in {
           UMask = "0077";
         }
         // lib.optionalAttrs cfg.tunMode {
-          AmbientCapabilities = "CAP_NET_ADMIN CAP_NET_RAW";
-          CapabilityBoundingSet = "CAP_NET_ADMIN CAP_NET_RAW";
+          AmbientCapabilities = "CAP_NET_ADMIN";
+          CapabilityBoundingSet = "CAP_NET_ADMIN";
           PrivateDevices = false;
           PrivateUsers = false;
           RestrictAddressFamilies = "AF_INET AF_INET6 AF_NETLINK";