[WireGuard] [PATCH 4/4] Clarify what Peer.AllowedIPs actually constrains
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri Jul 1 00:55:23 CEST 2016
It looks to me like AllowedIPs acts as a filter for traffic sent by
the peer. To avoid some other confused interpretation (e.g. IP
addresses that are allowed to be configured on this interface),
clarify the meaning in this configuration.
If this isn't correct, please clarify!
src/tools/wg.8 | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/tools/wg.8 b/src/tools/wg.8
index ae2ff1e..6da1770 100644
@@ -125,9 +125,10 @@ private key, and usually transmitted out of band to the author of the
configuration file. Required.
AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with
-CIDR masks. The catch-all \fI0.0.0.0/0\fP may be specified for matching
-all IPv4 addresses, and \fI::/0\fP may be specified for matching all
-IPv6 addresses. Required.
+CIDR masks that this peer is allowed to produce traffic from. The
+catch-all \fI0.0.0.0/0\fP may be specified for matching all IPv4
+addresses, and \fI::/0\fP may be specified for matching all IPv6
Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
port number. If an Endpoint field is not provided, then any remote address
More information about the WireGuard