simono41/docker-wireguard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Replace LOCAL_NETWORK with LOCAL_SUBNET

Browse source
This commit is contained in:
Jordan Potter 2021-03-08 21:17:08 -06:00
parent 522c8ff06d
commit 777a5c044e
3 changed files with 13 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Dockerfile
View file

@ -2,7 +2,7 @@ FROM alpine:3.12.1
RUN apk add --no-cache \ RUN apk add --no-cache \
openresolv iptables ip6tables iproute2 wireguard-tools \ openresolv iptables ip6tables iproute2 wireguard-tools \
findutils # Needed for find's -printf flag. findutils # Needed for find's -printf flag
COPY entrypoint.sh /entrypoint.sh COPY entrypoint.sh /entrypoint.sh

6
README.md
View file

@ -27,7 +27,7 @@ docker run -it --rm \
## Local Network ## Local Network
If you wish to allow traffic to your local network, specify the subnet using the `LOCAL_NETWORK` environment variable: If you wish to allow traffic to your local network, specify the subnet using the `LOCAL_SUBNET` environment variable:
```bash ```bash
docker run --name wireguard \ docker run --name wireguard \
@ -35,7 +35,7 @@ docker run --name wireguard \
--cap-add SYS_MODULE \ --cap-add SYS_MODULE \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \ --sysctl net.ipv4.conf.all.src_valid_mark=1 \
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \ -v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
-e LOCAL_NETWORK=10.0.0.0/8 \ -e LOCAL_SUBNET=10.0.0.0/8 \
jordanpotter/wireguard jordanpotter/wireguard
``` ```
@ -59,6 +59,6 @@ docker run -it --rm \
## Versioning ## Versioning
Wireguard is new technology and its behavior may change in the future. For this reason, it's recommended to specify an image tag when running this container, such as `jordanpotter/wireguard:2.1.0`. Wireguard is new technology and its behavior may change in the future. For this reason, it's recommended to specify an image tag when running this container, such as `jordanpotter/wireguard:2.1.1`.
The available tags are listed [here](https://hub.docker.com/r/jordanpotter/wireguard/tags). The available tags are listed [here](https://hub.docker.com/r/jordanpotter/wireguard/tags).

13
entrypoint.sh
View file

@ -37,10 +37,15 @@ else
ip6tables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker6_network_rule -j REJECT ip6tables -I OUTPUT ! -o $interface -m mark ! --mark $(wg show $interface fwmark) -m addrtype ! --dst-type LOCAL $docker6_network_rule -j REJECT
fi fi
if [[ "$LOCAL_NETWORK" ]]; then # Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNET
echo "Allowing traffic to local network ${LOCAL_NETWORK}" >&2 if [[ -z "$LOCAL_SUBNET" && "$LOCAL_NETWORK" ]]; then
ip route add $LOCAL_NETWORK via $default_route_ip LOCAL_SUBNET=$LOCAL_NETWORK
iptables -I OUTPUT -d $LOCAL_NETWORK -j ACCEPT fi
if [[ "$LOCAL_SUBNET" ]]; then
echo "Allowing traffic to local subnet ${LOCAL_SUBNET}" >&2
ip route add $LOCAL_SUBNET via $default_route_ip
iptables -I OUTPUT -d $LOCAL_SUBNET -j ACCEPT
fi fi
shutdown () { shutdown () {