WG interface to ipv4

ѽ҉ᶬḳ℠ vtol at gmx.net
Sun May 6 11:26:33 CEST 2018

> Please tell us how adding such an option could possibly enhance security, given that you can get the same effect with a simple iptables rule.
Security enhanced by /tailoring mitigating surfaces, which is not for 
netfilter rules, different concepts. netfilter rules, particular 
iptables, can get easily convoluted in complex scenarios.
If it were for everything network security related to be resolved by 
netfilter rules than certainly the likes of ssh, dnsmasq, ntp, bind, 
unbound etc would not need to implement features like socket contains 
and binding to iface/subnet. Or do reckon such as obsolete nonsense?

Look, except for Kalin's response 
(https://lists.zx2c4.com/pipermail/wireguard/2018-May/002759.html) the 
reluctance to consider this is rather apparent. Which is fine as 
statement and of course anyone is at liberty to deploy WG. I think I 
made my point and if it is considered invalid than it is fair enough and 
no need to be argued further.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4174 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180506/99b7ca3c/attachment.p7s>

More information about the WireGuard mailing list