Funny you suggest that :) I just found that option a couple of hours ago -----Original Message----- From: WireGuard <[email protected]> On Behalf Of Eddie Sent: 30 August 2020 20:09 Cc: [email protected] Subject: Re: AllowedIPs
Wouldn't using Table = off do everything you need, without touching the routing. Cheers. On 8/30/2020 1:56 AM, Aaron Bolton wrote: > Yes, this does thanks > > I plan on using Quagga for BGP over WireGuard tunnels so I guess I > need to avoid wg-quick if that makes changes to the routing table and > firewall as I want to manage those my self > >> On 30 Aug 2020, at 00:16, Eric Light <[email protected]> wrote: >> >> I believe it's both, in a way. >> >> As far as wg is concerned, the AllowedIPs is effectively an ACL. Any >> traffic hitting your wireguard interface from an IP not within the >> AllowedIPs will either be dropped on decryption, or won't even be >> decrypted. (It's one of these, but I can't remember which) >> >> On top of that, wg-quick interprets the AllowedIPs string and does other >> things, such as adding appropriate network routing (the second part of your >> guess), as well as modifying any client firewall rules to permit the traffic. >> >> Hope this helps :) >> >> E >> >> -------------------------------------------- >> Q: Why is this email five sentences or less? >> A: http://five.sentenc.es >> >>> On Sun, 30 Aug 2020, at 04:07, Aaron Bolton wrote: >>> I’m trying to understand AllowedIPs better is it effectively a ACL >>> that day what is allowed down the tunnel or is it mechanism to >>> configure what addresses get routed down the tunnel? >>> >>> Thanks in advance >>>
