From 8d8d07be841843255db92761d028ea079434168e Mon Sep 17 00:00:00 2001
From: Cimbali <me@cimba.li>
Date: Sat, 15 Apr 2023 21:11:48 +0100
Subject: [PATCH] Add range of IP addresses for socks relays (exit nodes)

Use 10.124.0.0/20 as documented in the code
---
 linux/netfilter/netfilter.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/linux/netfilter/netfilter.go b/linux/netfilter/netfilter.go
index 3e94bd4ad8..5eb07db911 100644
--- a/linux/netfilter/netfilter.go
+++ b/linux/netfilter/netfilter.go
@@ -408,7 +408,10 @@ func (ctx *nftCtx) nftRestrictTraffic(ifname string) {
 	})
 
 	element := []nftables.SetElement{
+		{ Key: net.ParseIP("10.124.0.0").To4() },
+		{ Key: net.ParseIP("10.124.240.0").To4(), IntervalEnd: true },
 		{ Key: net.ParseIP("10.64.0.1").To4() },
+		{ Key: net.ParseIP("10.64.0.2").To4(), IntervalEnd: true },
 	}
 	mozvpn_ctx.conn.SetAddElements(mozvpn_ctx.relayset, element)
 }
@@ -693,6 +696,7 @@ func NetfilterCreateTables() int32 {
 		Table:      mozvpn_ctx.table,
 		Name:       "mozvpn-socks5-relays",
 		KeyType:    nftables.TypeIPAddr,
+		Interval:   true,
 	}
 	mozvpn_ctx.conn.AddSet(mozvpn_ctx.relayset, nil)