Linux kernel 5 different behavior

Jason A. Donenfeld Jason at zx2c4.com
Sun Aug 25 21:07:40 CEST 2019


On Sun, Aug 25, 2019 at 1:03 PM Vasili Pupkin <diggest at gmail.com> wrote:
> Yes. On kernel version 4, outer packets (i.e. encrypted packets) are
> sent from privileged user
> account credentials so they pass the iptables sandbox. On kernel 5
> they inherit owner id of the user who sent unencrypted packets.

Can you use the `fwmark` option and adjust your rules to match on
!1234 or the like?


More information about the WireGuard mailing list