WG interface to ipv4

Christophe-Marie Duquesne chmd at chmd.fr
Mon May 7 15:35:39 CEST 2018


On Sun, May 6, 2018 at 9:39 PM, ѽ҉ᶬḳ℠ <vtol at gmx.net> wrote:

> With a thread model considering every piece of software being flawed in
> mind, and with whatever CVE unearthed being a point in case, it should be
> of little surprise that the question of mitigating surface exposure is
> raised. Once WG would gain traction beyond a niche app it is likely to be
> subjected to malicious attacks with increased frequency.
>


There is no need for a nob in wireguard to ensure that the wireguard
traffic goes through a specific interface or is bound to a specific ip
address. You can use iptables if you want to drop packets that are not for
the intended interface / ip address. You can disable ipv6 if you don't want
ipv6. If you think that wireguard could be flawed, why would you trust this
as a wireguard option? If you do not trust it, enforce it from the outside.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20180507/1af37973/attachment-0001.html>


More information about the WireGuard mailing list