1
0

modules/wireguard-initrd: fix udp option for ipproto in ip rule

This commit is contained in:
clerie 2023-11-05 15:17:54 +01:00
parent 111ebefd1d
commit 8e98e29e97

View File

@ -58,16 +58,21 @@ in
persistent-keepalive "25" \
allowed-ips "0.0.0.0/0,::/0,10.20.30.0/24,2a01:4f8:c0c:15f1::/113"
#ip route add "::/0" dev "wg-initrd" table 1337
#ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
ip route add "::/0" dev "wg-initrd" table 1337
ip route add "0.0.0.0/0" dev "wg-initrd" table 1337
# Error: Argument "udp" is wrong: Invalid "ipproto" value
# For some reason ip rule does not recognize "udp" as a value for "ipproto" in initrd,
# so we pass the numeric value for it manually
# This is from linux/include/uapi/linux/in.h
IPPROTO_UDP=17
${concatMapStringsSep "\n" (ip: ''
ip -6 rule add from "${ip}" lookup 1337 prio 19000
ip -6 rule add from "${ip}" unreachable prio 19001
'') cfg.ipv6s}
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 lookup main prio 20000
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto udp dport 51820 unreachable prio 20001
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto $IPPROTO_UDP dport 51820 lookup main prio 20000
ip -6 rule add to "2a01:4f8:c0c:15f1::1/128" ipproto $IPPROTO_UDP dport 51820 unreachable prio 20001
ip -6 rule add lookup main prio 21000
ip -6 rule add lookup 1337 prio 21001
ip -6 rule add unreachable prio 21000
@ -77,8 +82,8 @@ in
ip -4 rule add from "${ip}" lookup 1337 prio 19000
ip -4 rule add from "${ip}" unreachable prio 19001
'') cfg.ipv4s}
ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 lookup main prio 20000
ip -4 rule add to "78.47.183.82/32" ipproto udp dport 51820 unreachable prio 20001
ip -4 rule add to "78.47.183.82/32" ipproto $IPPROTO_UDP dport 51820 lookup main prio 20000
ip -4 rule add to "78.47.183.82/32" ipproto $IPPROTO_UDP dport 51820 unreachable prio 20001
ip -4 rule add lookup main prio 21000
ip -4 rule add lookup 1337 prio 21001
ip -4 rule add unreachable prio 21000