diff options
| author |   Tom Yan <tom.ty89@gmail.com> | 2022-06-17 19:34:19 +0800 |
|---|---|---|
| committer |   Jason A. Donenfeld <Jason@zx2c4.com> | 2022-06-17 13:53:43 +0200 |
| commit | 71799a8f6d1450b63071a21cad6ed434b348d3d5 (patch) | |
| tree | 20e5554c36e3b2b48fd89e00d8dcbec093d1067a | |
| parent | global: dual license core files as MIT for FreeBSD (diff) | |
| download | wireguard-tools-master.tar.xz wireguard-tools-master.zip | |
The wireguard route table ip rule should stay as a no-op until the
`suppress_prefixlength 0 table main` rule is in effect. Therefore, add
the wireguard default route to its route table after the latter rule is
added.
Signed-off-by: Tom Yan <tom.ty89@gmail.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| -rwxr-xr-x | src/wg-quick/linux.bash | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index e4d4c4f..69e5bef 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -220,9 +220,9 @@ add_default() { fi local proto=-4 iptables=iptables pf=ip [[ $1 == *:* ]] && proto=-6 iptables=ip6tables pf=ip6 - cmd ip $proto route add "$1" dev "$INTERFACE" table $table cmd ip $proto rule add not fwmark $table table $table cmd ip $proto rule add table main suppress_prefixlength 0 + cmd ip $proto route add "$1" dev "$INTERFACE" table $table local marker="-m comment --comment \"wg-quick(8) rule for $INTERFACE\"" restore=$'*raw\n' nftable="wg-quick-$INTERFACE" nftcmd printf -v nftcmd '%sadd table %s %s\n' "$nftcmd" "$pf" "$nftable" |