From 25f49eae3c11dc5c98146d275a82302c5527b702 Mon Sep 17 00:00:00 2001 From: Luis Ressel Date: Thu, 11 Apr 2019 15:13:11 +0200 Subject: wg.8: Rewrite AllowedIPs description * The current text doesn't describe how overlapping values are handled. * "[addrs] to which outgoing traffic for this peer is directed" is vague and misleading. * 0.0.0.0/0 and ::/0 don't need to be mentioned, since they aren't special cases. (Should they be mentioned in the example section, though?) Thanks-to: jrb0001, MacGyver, zanijwa Signed-off-by: Luis Ressel --- src/tools/man/wg.8 | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/tools/man/wg.8 b/src/tools/man/wg.8 index 2013825..038d75c 100644 --- a/src/tools/man/wg.8 +++ b/src/tools/man/wg.8 @@ -143,12 +143,12 @@ and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance. .IP \(bu -AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with -CIDR masks from which incoming traffic for this peer is allowed and to -which outgoing traffic for this peer is directed. The catch-all -\fI0.0.0.0/0\fP may be specified for matching all IPv4 addresses, and -\fI::/0\fP may be specified for matching all IPv6 addresses. May be specified -multiple times. +AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with CIDR +masks. Outgoing packets will be sent to the peer whose AllowedIPs contain the +destination address. (If there are multiple matches, the one with the longest +matching prefix is chosen.) Incoming packets are only accepted if traffic to +their source IP would be sent to the same peer. May be specified multiple +times. .IP \(bu Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a port number. This endpoint will be updated automatically to the most recent -- cgit v1.2.3-59-g8ed1b