Option to fwmark incoming packets?

Matthias Urlichs matthias at urlichs.de
Thu Dec 6 18:41:05 CET 2018


I seem to require firewalling some peers' incoming traffic with special rules.

While it's certainly possible to add a bunch of iptables/nftables rules to
classify traffic from the WG interface (just mirror the peers' AllowedIP
entries …) this is redundant (thus possibly inconsistent) and bad for

How about a per-peer "fwmark" setting that marks that peer's incoming packets?

-- Matthias Urlichs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20181206/94f8b9d8/attachment.asc>

More information about the WireGuard mailing list