<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, May 6, 2018 at 9:39 PM, ѽ҉ᶬḳ℠ <span dir="ltr"><<a href="mailto:vtol@gmx.net" target="_blank">vtol@gmx.net</a>></span> wrote:<span class=""></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
With a thread model considering every piece of software being flawed in mind, and with whatever CVE unearthed being a point in case, it should be of little surprise that the question of mitigating surface exposure is raised. Once WG would gain traction beyond a niche app it is likely to be subjected to malicious attacks with increased frequency.<br></blockquote><div><br><br></div><div>There is no need for a nob in wireguard to ensure that the wireguard traffic goes through a specific interface or is bound to a specific ip address. You can use iptables if you want to drop packets that are not for the intended interface / ip address. You can disable ipv6 if you don't want ipv6. If you think that wireguard could be flawed, why would you trust this as a wireguard option? If you do not trust it, enforce it from the outside.<br></div></div><br></div></div>