Yes, this does thanks I plan on using Quagga for BGP over WireGuard tunnels so I guess I need to avoid wg-quick if that makes changes to the routing table and firewall as I want to manage those my self
> On 30 Aug 2020, at 00:16, Eric Light <[email protected]> wrote: > > I believe it's both, in a way. > > As far as wg is concerned, the AllowedIPs is effectively an ACL. Any traffic > hitting your wireguard interface from an IP not within the AllowedIPs will > either be dropped on decryption, or won't even be decrypted. (It's one of > these, but I can't remember which) > > On top of that, wg-quick interprets the AllowedIPs string and does other > things, such as adding appropriate network routing (the second part of your > guess), as well as modifying any client firewall rules to permit the traffic. > > Hope this helps :) > > E > > -------------------------------------------- > Q: Why is this email five sentences or less? > A: http://five.sentenc.es > >> On Sun, 30 Aug 2020, at 04:07, Aaron Bolton wrote: >> I’m trying to understand AllowedIPs better is it effectively a ACL >> that day what is allowed down the tunnel or is it mechanism to >> configure what addresses get routed down the tunnel? >> >> Thanks in advance >>
