aboutsummaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorLuis Ressel <aranea@aixah.de>2019-04-11 15:13:11 +0200
committerLuis Ressel <aranea@aixah.de>2019-04-11 15:52:15 +0200
commit25f49eae3c11dc5c98146d275a82302c5527b702 (patch)
tree990ff0b774d6dadd0a583d396e5d55d21191bf7b
parentversion: bump snapshot (diff)
downloadWireGuard-lr/man-allowedips.tar.xz
WireGuard-lr/man-allowedips.zip
wg.8: Rewrite AllowedIPs descriptionlr/man-allowedips
* The current text doesn't describe how overlapping values are handled. * "[addrs] to which outgoing traffic for this peer is directed" is vague and misleading. * 0.0.0.0/0 and ::/0 don't need to be mentioned, since they aren't special cases. (Should they be mentioned in the example section, though?) Thanks-to: jrb0001, MacGyver, zanijwa Signed-off-by: Luis Ressel <aranea@aixah.de>
-rw-r--r--src/tools/man/wg.812
1 files changed, 6 insertions, 6 deletions
diff --git a/src/tools/man/wg.8 b/src/tools/man/wg.8
index 2013825..038d75c 100644
--- a/src/tools/man/wg.8
+++ b/src/tools/man/wg.8
@@ -143,12 +143,12 @@ and may be omitted. This option adds an additional layer of symmetric-key
cryptography to be mixed into the already existing public-key cryptography,
for post-quantum resistance.
.IP \(bu
-AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with
-CIDR masks from which incoming traffic for this peer is allowed and to
-which outgoing traffic for this peer is directed. The catch-all
-\fI0.0.0.0/0\fP may be specified for matching all IPv4 addresses, and
-\fI::/0\fP may be specified for matching all IPv6 addresses. May be specified
-multiple times.
+AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with CIDR
+masks. Outgoing packets will be sent to the peer whose AllowedIPs contain the
+destination address. (If there are multiple matches, the one with the longest
+matching prefix is chosen.) Incoming packets are only accepted if traffic to
+their source IP would be sent to the same peer. May be specified multiple
+times.
.IP \(bu
Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
port number. This endpoint will be updated automatically to the most recent