diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-12-28 18:35:12 +0100 |
---|---|---|
committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2019-12-28 18:35:41 +0100 |
commit | 16e20de72293f048a5a42f78db9781db836d7409 (patch) | |
tree | 9a3487937a4dd660e78a388cc33c224870626ef3 | |
parent | Makefile: rework automatic version.h mangling (diff) | |
download | wireguard-tools-16e20de72293f048a5a42f78db9781db836d7409.tar.xz wireguard-tools-16e20de72293f048a5a42f78db9781db836d7409.zip |
wg-quick: linux: quote ifname for nft
Otherwise nft(8) has strange ideas of what a string is.
Suggested-by: RistiCore <RistiCore@mail.ee>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
-rwxr-xr-x | src/wg-quick/linux.bash | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash index e9c9052..cd5e066 100755 --- a/src/wg-quick/linux.bash +++ b/src/wg-quick/linux.bash @@ -227,7 +227,7 @@ add_default() { while read -r line; do [[ $line =~ .*inet6?\ ([0-9a-f:.]+)/[0-9]+.* ]] || continue printf -v restore '%s-I PREROUTING ! -i %s -d %s -m addrtype ! --src-type LOCAL -j DROP %s\n' "$restore" "$INTERFACE" "${BASH_REMATCH[1]}" "$marker" - printf -v nftcmd '%sadd rule %s %s preraw iifname != %s %s daddr %s fib saddr type != local drop\n' "$nftcmd" "$pf" "$nftable" "$INTERFACE" "$pf" "${BASH_REMATCH[1]}" + printf -v nftcmd '%sadd rule %s %s preraw iifname != "%s" %s daddr %s fib saddr type != local drop\n' "$nftcmd" "$pf" "$nftable" "$INTERFACE" "$pf" "${BASH_REMATCH[1]}" done < <(ip -o $proto addr show dev "$INTERFACE" 2>/dev/null) printf -v restore '%sCOMMIT\n*mangle\n-I POSTROUTING -m mark --mark %d -p udp -j CONNMARK --save-mark %s\n-I PREROUTING -p udp -j CONNMARK --restore-mark %s\nCOMMIT\n' "$restore" $table "$marker" "$marker" printf -v nftcmd '%sadd rule %s %s postmangle meta l4proto udp mark %d ct mark set mark \n' "$nftcmd" "$pf" "$nftable" $table |