diff options
author | Luis Ressel <aranea@aixah.de> | 2019-04-11 15:13:11 +0200 |
---|---|---|
committer | Luis Ressel <aranea@aixah.de> | 2019-04-11 15:52:15 +0200 |
commit | 25f49eae3c11dc5c98146d275a82302c5527b702 (patch) | |
tree | 990ff0b774d6dadd0a583d396e5d55d21191bf7b | |
parent | version: bump snapshot (diff) | |
download | wireguard-monolithic-historical-25f49eae3c11dc5c98146d275a82302c5527b702.tar.xz wireguard-monolithic-historical-25f49eae3c11dc5c98146d275a82302c5527b702.zip |
wg.8: Rewrite AllowedIPs descriptionlr/man-allowedips
* The current text doesn't describe how overlapping values are handled.
* "[addrs] to which outgoing traffic for this peer is directed" is vague
and misleading.
* 0.0.0.0/0 and ::/0 don't need to be mentioned, since they aren't
special cases. (Should they be mentioned in the example section,
though?)
Thanks-to: jrb0001, MacGyver, zanijwa
Signed-off-by: Luis Ressel <aranea@aixah.de>
-rw-r--r-- | src/tools/man/wg.8 | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/src/tools/man/wg.8 b/src/tools/man/wg.8 index 2013825..038d75c 100644 --- a/src/tools/man/wg.8 +++ b/src/tools/man/wg.8 @@ -143,12 +143,12 @@ and may be omitted. This option adds an additional layer of symmetric-key cryptography to be mixed into the already existing public-key cryptography, for post-quantum resistance. .IP \(bu -AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with -CIDR masks from which incoming traffic for this peer is allowed and to -which outgoing traffic for this peer is directed. The catch-all -\fI0.0.0.0/0\fP may be specified for matching all IPv4 addresses, and -\fI::/0\fP may be specified for matching all IPv6 addresses. May be specified -multiple times. +AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with CIDR +masks. Outgoing packets will be sent to the peer whose AllowedIPs contain the +destination address. (If there are multiple matches, the one with the longest +matching prefix is chosen.) Incoming packets are only accepted if traffic to +their source IP would be sent to the same peer. May be specified multiple +times. .IP \(bu Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a port number. This endpoint will be updated automatically to the most recent |