Suggestion for WireGuard

Kassem Omega kassemomega at gmail.com
Mon Aug 30 13:19:46 UTC 2021


Hi,

I sent this before a couple of times to the mailing list but either it
didn't go through or it is forbidden somehow? I never got any decision
from the list moderator that it is forbidden to send suggestions at
all. Hopefully someone can answer with anything.

I was wondering if there is any chance of adding the opposite of
AllowedIPs option to WireGuard?

Currently, WireGuard has a whitelist option only that specifies which
IPs to go through it, however I believe adding the blacklist option
would be beneficial and easier to configure.

The use case: allowing all traffic to go through WireGuard except
specific ranges.

Right now to do this I must use this long list of ranges to achieve this:

AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4,
32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6,
172.0.0.0/12, 172.16.0.0/24, 172.32.0.0/11, 172.64.0.0/10,
172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9,
192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15,
192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8,
194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4, 8.8.8.8/32

However, if the DisallowedIPs option is available, I'd simply use:

DisallowedIPs = 192.168.0.0/16, 10.0.0.0/8

What do you think?

Thank you.
Kassem


More information about the WireGuard mailing list