From 768f11a6175b0221d717e9fa1b289efbe6d3023b Mon Sep 17 00:00:00 2001
From: Kaboom <58372747+kaboombot@users.noreply.github.com>
Date: Fri, 18 Jul 2025 19:52:22 +0300
Subject: [PATCH] iptables: Use non-routable addresses for masking

And increase the range to 65536 addresses.
---
 config/iptables | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/config/iptables b/config/iptables
index e897eca..9e97222 100644
--- a/config/iptables
+++ b/config/iptables
@@ -1,11 +1,11 @@
 # IPv4
-iptables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source 192.168.1.0-192.168.100.100
-iptables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source 192.168.1.0-192.168.100.100
+iptables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source 127.42.0.0-127.42.255.255
+iptables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source 127.42.0.0-127.42.255.255
 iptables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 5 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
 iptables-save > /etc/iptables/rules.v4
 
 # IPv6
-ip6tables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source fd00:dead:beef::1-fd00:dead:beef::6464
-ip6tables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source fd00:dead:beef::1-fd00:dead:beef::6464
+ip6tables -t nat -A INPUT -p tcp --dport 25565 -j SNAT --to-source fea7:dead:bee5::1-fea7:dead:bee5::ffff
+ip6tables -t nat -A INPUT -p udp --dport 19132 -j SNAT --to-source fea7:dead:bee5::1-fea7:dead:bee5::ffff
 ip6tables -A INPUT -p tcp --syn --dport 25565 -m connlimit --connlimit-above 5 --connlimit-mask 64 -j REJECT --reject-with tcp-reset
 ip6tables-save > /etc/iptables/rules.v6