kaboomserver/framework
1
0
Fork 0
mirror of https://github.com/kaboomserver/framework.git synced 2025-07-30 17:32:05 +00:00
Code Issues Projects Releases Wiki Activity

iptables: Use private IP ranges instead of loopback for masking

Browse source 
Turns out Bedrock players can't join otherwise...
This commit is contained in:
Kaboom 2025-07-20 22:20:40 +03:00
parent 768f11a617
commit 1fa2e89f04
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
config/iptables
View file

@ -1,11 +1,11 @@
# IPv4
iptables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source 127.42.0.0-127.42.255.255
iptables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source 127.42.0.0-127.42.255.255
iptables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source 10.131.0.0-10.131.255.255
iptables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source 10.131.0.0-10.131.255.255
iptables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
iptables-save > /etc/iptables/rules.v4
# IPv6
ip6tables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source fea7:dead:bee5::1-fea7:dead:bee5::ffff
ip6tables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source fea7:dead:bee5::1-fea7:dead:bee5::ffff
ip6tables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source fdef:dead:af::1-fdef:dead:af::ffff
ip6tables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source fdef:dead:af::1-fdef:dead:af::ffff
ip6tables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 5 --connlimit-mask 64 -j REJECT --reject-with tcp-reset
ip6tables-save > /etc/iptables/rules.v6