1
0

modules/wireguard-initrd: fix routing policy

This commit is contained in:
clerie 2023-10-12 22:17:25 +02:00
parent 2e390e9ef9
commit 18f67dff98

View File

@ -58,16 +58,16 @@ in
persistent-keepalive "25" \
allowed-ips "0.0.0.0/0,::/0,10.20.30.0/24,2a01:4f8:c0c:15f1::/113"
ip route add "::/0" dev "wg-initrd" table 1337
ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
#ip route add "::/0" dev "wg-initrd" table 1337
#ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
${concatMapStringsSep "\n" (ip: ''
ip -6 rule add from "${ip}" lookup 1337 prio 19000
ip -6 rule add from "${ip}" unreachable prio 19001
'') cfg.ipv6s}
ip -6 rule add from "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
ip -6 rule add from "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
ip -6 rule add lookup main prio 21000
ip -6 rule add lookup 1337 prio 21001
ip -6 rule add unreachable prio 21000
@ -77,8 +77,8 @@ in
ip -4 rule add from "${ip}" lookup 1337 prio 19000
ip -4 rule add from "${ip}" unreachable prio 19001
'') cfg.ipv4s}
ip -4 rule add from "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
ip -4 rule add from "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
ip -4 rule add lookup main prio 21000
ip -4 rule add lookup 1337 prio 21001
ip -4 rule add unreachable prio 21000