Suggestion for WireGuard

Feng Li lifeng1519 at
Thu Sep 2 04:54:21 UTC 2021

I have asked this question some months ago like you,
and don't get my answer, this is a workaround from me
to calculate the AllowedIPs, maybe can help you:

import ipaddress

def address_exclude(rr, r1):
    out = []
    for r in rr:
        if r1.subnet_of(r):
            out += list(r.address_exclude(r1))
    return out

def calc_exclude(includes, excludes):
    includes_addr = [ ipaddress.ip_network(i) for i in includes ]
    excludes_addr = [ ipaddress.ip_network(e) for e in excludes ]

    for e in excludes_addr:
        includes_addr = address_exclude(includes_addr, e)
    strs = [str(i) for i in includes_addr]
    print("AllowedIPs = " + ",".join(strs))

calc_exclude(includes=[''], excludes=['', ''])

I have asked this question here too:

On Wed, Sep 1, 2021 at 9:50 PM Kassem Omega <kassemomega at> wrote:
> Hi,
> I sent this before a couple of times to the mailing list but either it
> didn't go through or it is forbidden somehow? I never got any decision
> from the list moderator that it is forbidden to send suggestions at
> all. Hopefully someone can answer with anything.
> I was wondering if there is any chance of adding the opposite of
> AllowedIPs option to WireGuard?
> Currently, WireGuard has a whitelist option only that specifies which
> IPs to go through it, however I believe adding the blacklist option
> would be beneficial and easier to configure.
> The use case: allowing all traffic to go through WireGuard except
> specific ranges.
> Right now to do this I must use this long list of ranges to achieve this:
> AllowedIPs =,,,,,
> However, if the DisallowedIPs option is available, I'd simply use:
> DisallowedIPs =,
> What do you think?
> Thank you.
> Kassem

More information about the WireGuard mailing list