From 48bc83539530a956309055c1316c593fd0198140 Mon Sep 17 00:00:00 2001
From: Jon Spriggs <jon@sprig.gs>
Date: Tue, 8 Apr 2025 23:41:45 +0100
Subject: [PATCH] Add 172.16.0.0/12 plus documentation

---
 README.md      | 2 +-
 lxc-iptag      | 7 ++++++-
 lxc-iptag.conf | 7 ++++++-
 3 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 2a888be..88d8a6b 100644
--- a/README.md
+++ b/README.md
@@ -32,7 +32,7 @@ Open `/usr/local/etc/lxc-iptag.conf` and change the config
 
 | Option                          | Example                                     | Description                                                                                             |
 | ------------------------------- | ------------------------------------------- | ------------------------------------------------------------------------------------------------------- |
-| CIDR_LIST                       | `(192.168.0.0/16 100.64.0.0/10 10.0.0.0/8)` | IP filter list in CIDR format                                                                           |
+| CIDR_LIST                       | `(192.168.0.0/16 172.16.0.0/12 10.0.0.0/8)` | IP filter list in CIDR format                                                                           |
 | LOOP_INTERVAL                   | `60`                                        | Main loop interval(seconds)                                                                             |
 | FW_NET_INTERFACE_CHECK_INTERVAL | `60`                                        | The interval(seconds) for using `ip link` to check lxc status changed (Set -1 to disable this feature) |
 | LXC_STATUS_CHECK_INTERVAL       | `-1`                                        | The interval(seconds) for using `pct list` to check lxc status changed (Set -1 to disable this feature) |
diff --git a/lxc-iptag b/lxc-iptag
index 1d0ce48..7d00ce2 100755
--- a/lxc-iptag
+++ b/lxc-iptag
@@ -2,10 +2,15 @@
 
 # =============== CONFIGURATION =============== #
 
+# The first three are RFC1918 addresses which should be used inside your local network.
+# The last one is the RFC6598 address pool (CGNAT) used for ISPs to allocate to networks
+# without allocating all the routers public IP addresses. It has also been used by a lot
+# of VPN services for their internal addressing (e.g. Tailscale, Netbird).
 CIDR_LIST=(
     192.168.0.0/16
-    100.64.0.0/10
+    172.16.0.0/12
     10.0.0.0/8
+    100.64.0.0/10
 )
 LOOP_INTERVAL=60
 FW_NET_INTERFACE_CHECK_INTERVAL=60
diff --git a/lxc-iptag.conf b/lxc-iptag.conf
index c012e04..c45e11b 100644
--- a/lxc-iptag.conf
+++ b/lxc-iptag.conf
@@ -1,7 +1,12 @@
+# The first three are RFC1918 addresses which should be used inside your local network.
+# The last one is the RFC6598 address pool (CGNAT) used for ISPs to allocate to networks
+# without allocating all the routers public IP addresses. It has also been used by a lot
+# of VPN services for their internal addressing (e.g. Tailscale, Netbird).
 CIDR_LIST=(
     192.168.0.0/16
-    100.64.0.0/10
+    172.16.0.0/12
     10.0.0.0/8
+    100.64.0.0/10
 )
 LOOP_INTERVAL=60
 FW_NET_INTERFACE_CHECK_INTERVAL=60