On 10.12.2019 18:48, Jason A. Donenfeld wrote:
restore '%s-I PREROUTING ! -i %s -d %s -m addrtype ! --src-type LOCAL -j DROP nftcmd '%sadd rule %s %s preraw iifname != %s %s daddr %s fib saddr type != local drop
I am trying to understand the rulesets. When you check the type of the source address of the incoming packet its type just can't be local to our machine, it is the address of the sender. The source address of the packet can only be local if the packet was sent from the same machine. Isn't this part of the rule redundant?
_______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
