Usage of fwmark is my current workaround. If the same user id of an outer packets is not a bug then ignore it.
On Sun, Aug 25, 2019 at 10:07 PM Jason A. Donenfeld <[email protected]> wrote: > > On Sun, Aug 25, 2019 at 1:03 PM Vasili Pupkin <[email protected]> wrote: > > Yes. On kernel version 4, outer packets (i.e. encrypted packets) are > > sent from privileged user > > account credentials so they pass the iptables sandbox. On kernel 5 > > they inherit owner id of the user who sent unencrypted packets. > > Can you use the `fwmark` option and adjust your rules to match on > !1234 or the like? _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
