Hi, I seem to require firewalling some peers' incoming traffic with special rules.
While it's certainly possible to add a bunch of iptables/nftables rules to classify traffic from the WG interface (just mirror the peers' AllowedIP entries …) this is redundant (thus possibly inconsistent) and bad for performance. How about a per-peer "fwmark" setting that marks that peer's incoming packets? -- -- Matthias Urlichs
signature.asc
Description: PGP signature
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
