From 9d36fbae34445647cc1fb99caad45d8d1b79285d Mon Sep 17 00:00:00 2001 From: Jordan Potter Date: Sat, 16 Apr 2022 19:21:01 -0700 Subject: [PATCH] Allow specifying multiple local subnets --- README.md | 4 ++-- entrypoint.sh | 20 +++++++++++++------- 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index cbc9048..1f9e7ae 100644 --- a/README.md +++ b/README.md @@ -53,7 +53,7 @@ services: ## Local Network -If you wish to allow traffic to your local network, specify the subnet using the `LOCAL_SUBNET` environment variable: +If you wish to allow traffic to your local network, specify the subnet(s) using the `LOCAL_SUBNETS` environment variable: ```bash docker run --name wireguard \ @@ -61,7 +61,7 @@ docker run --name wireguard \ --cap-add SYS_MODULE \ --sysctl net.ipv4.conf.all.src_valid_mark=1 \ -v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \ - -e LOCAL_SUBNET=10.0.0.0/8 \ + -e LOCAL_SUBNETS=10.1.0.0/16,10.2.0.0/16,10.3.0.0/16 \ jordanpotter/wireguard ``` diff --git a/entrypoint.sh b/entrypoint.sh index 86e2f98..b969172 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -40,17 +40,23 @@ else echo "Skipping IPv6 kill switch setup since IPv6 interface was not found" >&2 fi -# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNET -if [[ -z "$LOCAL_SUBNET" && "$LOCAL_NETWORK" ]]; then - LOCAL_SUBNET=$LOCAL_NETWORK +# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNETS +if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_NETWORK" ]]; then + LOCAL_SUBNETS=$LOCAL_NETWORK fi -if [[ "$LOCAL_SUBNET" ]]; then - echo "Allowing traffic to local subnet ${LOCAL_SUBNET}" >&2 - ip route add $LOCAL_SUBNET via $default_route_ip - iptables -I OUTPUT -d $LOCAL_SUBNET -j ACCEPT +# Support LOCAL_SUBNET environment variable, which was replaced by LOCAL_SUBNETS (plural) +if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_SUBNET" ]]; then + LOCAL_SUBNETS=$LOCAL_SUBNET fi +for local_subnet in ${LOCAL_SUBNETS//,/$IFS} +do + echo "Allowing traffic to local subnet ${local_subnet}" >&2 + ip route add $local_subnet via $default_route_ip + iptables -I OUTPUT -d $local_subnet -j ACCEPT +done + shutdown () { wg-quick down $interface exit 0