Wouldn't using Table = off do everything you need, without touching the
routing.
Cheers.
On 8/30/2020 1:56 AM, Aaron Bolton wrote:
Yes, this does thanks
I plan on using Quagga for BGP over WireGuard tunnels so I guess I
need to avoid wg-quick if that makes changes to the routing table and
firewall as I want to manage those my self
On 30 Aug 2020, at 00:16, Eric Light <[email protected]> wrote:
I believe it's both, in a way.
As far as wg is concerned, the AllowedIPs is effectively an ACL. Any traffic
hitting your wireguard interface from an IP not within the AllowedIPs will
either be dropped on decryption, or won't even be decrypted. (It's one of
these, but I can't remember which)
On top of that, wg-quick interprets the AllowedIPs string and does other
things, such as adding appropriate network routing (the second part of your
guess), as well as modifying any client firewall rules to permit the traffic.
Hope this helps :)
E
--------------------------------------------
Q: Why is this email five sentences or less?
A: http://five.sentenc.es
On Sun, 30 Aug 2020, at 04:07, Aaron Bolton wrote:
I’m trying to understand AllowedIPs better is it effectively a ACL
that day what is allowed down the tunnel or is it mechanism to
configure what addresses get routed down the tunnel?
Thanks in advance
