Option to fwmark incoming packets?
Matthias Urlichs
matthias at urlichs.de
Thu Dec 6 18:41:05 CET 2018
Hi,
I seem to require firewalling some peers' incoming traffic with special rules.
While it's certainly possible to add a bunch of iptables/nftables rules to
classify traffic from the WG interface (just mirror the peers' AllowedIP
entries …) this is redundant (thus possibly inconsistent) and bad for
performance.
How about a per-peer "fwmark" setting that marks that peer's incoming packets?
--
-- Matthias Urlichs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20181206/94f8b9d8/attachment.asc>
More information about the WireGuard
mailing list