[WireGuard] [PATCH 4/4] Clarify what Peer.AllowedIPs actually constrains

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jul 1 00:55:23 CEST 2016

It looks to me like AllowedIPs acts as a filter for traffic sent by
the peer.  To avoid some other confused interpretation (e.g. IP
addresses that are allowed to be configured on this interface),
clarify the meaning in this configuration.

If this isn't correct, please clarify!
 src/tools/wg.8 | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/tools/wg.8 b/src/tools/wg.8
index ae2ff1e..6da1770 100644
--- a/src/tools/wg.8
+++ b/src/tools/wg.8
@@ -125,9 +125,10 @@ private key, and usually transmitted out of band to the author of the
 configuration file. Required.
 .IP \(bu
 AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with
-CIDR masks. The catch-all \fI0.0.0.0/0\fP may be specified for matching
-all IPv4 addresses, and \fI::/0\fP may be specified for matching all
-IPv6 addresses. Required.
+CIDR masks that this peer is allowed to produce traffic from.  The
+catch-all \fI0.0.0.0/0\fP may be specified for matching all IPv4
+addresses, and \fI::/0\fP may be specified for matching all IPv6
+addresses. Required.
 .IP \(bu
 Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
 port number.  If an Endpoint field is not provided, then any remote address

More information about the WireGuard mailing list