Merge pull request #4 from bobbypage/ipv6

Only set ipv6 killswitch if ipv6 interface exists
This commit is contained in:
Jordan Potter 2020-09-12 20:59:54 -05:00 committed by GitHub
commit 123557b6bb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3,7 +3,7 @@
set -e set -e
configs=`find /etc/wireguard -type f -printf "%f\n"` configs=`find /etc/wireguard -type f -printf "%f\n"`
if [[ -z $configs ]]; then if [[ -z "$configs" ]]; then
echo "No configuration files found in /etc/wireguard" >&2 echo "No configuration files found in /etc/wireguard" >&2
exit 1 exit 1
fi fi
@ -24,8 +24,12 @@ docker_network_rule=$([ ! -z "$docker_network" ] && echo "! -d $docker_network"
iptables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker_network_rule -j REJECT iptables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker_network_rule -j REJECT
docker6_network="$(ip -o addr show dev eth0 | awk '$3 == "inet6" {print $4}')" docker6_network="$(ip -o addr show dev eth0 | awk '$3 == "inet6" {print $4}')"
docker6_network_rule=$([ ! -z "$docker6_network" ] && echo "! -d $docker6_network" || echo "") if [[ -z "$docker6_network" ]]; then
ip6tables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker6_network_rule -j REJECT echo "Skipping ipv6 killswitch setup since ipv6 interface was not found..." >&2
else
docker6_network_rule=$([ ! -z "$docker6_network" ] && echo "! -d $docker6_network" || echo "")
ip6tables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker6_network_rule -j REJECT
fi
shutdown () { shutdown () {
wg-quick down $interface wg-quick down $interface