diff --git a/entrypoint.sh b/entrypoint.sh index 1e268cc..7e8548e 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -3,7 +3,7 @@ set -e configs=`find /etc/wireguard -type f -printf "%f\n"` -if [[ -z $configs ]]; then +if [[ -z "$configs" ]]; then echo "No configuration files found in /etc/wireguard" >&2 exit 1 fi @@ -24,8 +24,12 @@ docker_network_rule=$([ ! -z "$docker_network" ] && echo "! -d $docker_network" iptables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker_network_rule -j REJECT docker6_network="$(ip -o addr show dev eth0 | awk '$3 == "inet6" {print $4}')" -docker6_network_rule=$([ ! -z "$docker6_network" ] && echo "! -d $docker6_network" || echo "") -ip6tables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker6_network_rule -j REJECT +if [[ -z "$docker6_network" ]]; then + echo "Skipping ipv6 killswitch setup since ipv6 interface was not found..." >&2 +else + docker6_network_rule=$([ ! -z "$docker6_network" ] && echo "! -d $docker6_network" || echo "") + ip6tables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker6_network_rule -j REJECT +fi shutdown () { wg-quick down $interface