Linux kernel 5 different behavior

Vasili Pupkin diggest at
Sun Aug 25 22:04:06 CEST 2019

Usage of fwmark is my current workaround. If the same user id of an
outer packets is not a bug then ignore it.

On Sun, Aug 25, 2019 at 10:07 PM Jason A. Donenfeld <Jason at> wrote:
> On Sun, Aug 25, 2019 at 1:03 PM Vasili Pupkin <diggest at> wrote:
> > Yes. On kernel version 4, outer packets (i.e. encrypted packets) are
> > sent from privileged user
> > account credentials so they pass the iptables sandbox. On kernel 5
> > they inherit owner id of the user who sent unencrypted packets.
> Can you use the `fwmark` option and adjust your rules to match on
> !1234 or the like?

More information about the WireGuard mailing list