Merge pull request #27 from jordanpotter/local_subnets
Allow specifying multiple local subnets
This commit is contained in:
Jordan Potter
GitHub
commit
db3380bf96
2 changed files with 15 additions and 9 deletions
|
|
@ -53,7 +53,7 @@ services:
|
||||||
|
|
||||||
## Local Network
|
## Local Network
|
||||||
|
|
||||||
If you wish to allow traffic to your local network, specify the subnet using the `LOCAL_SUBNET` environment variable:
|
If you wish to allow traffic to your local network, specify the subnet(s) using the `LOCAL_SUBNETS` environment variable:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
docker run --name wireguard \
|
docker run --name wireguard \
|
||||||
|
|
@ -61,7 +61,7 @@ docker run --name wireguard \
|
||||||
--cap-add SYS_MODULE \
|
--cap-add SYS_MODULE \
|
||||||
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
|
||||||
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
|
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
|
||||||
-e LOCAL_SUBNET=10.0.0.0/8 \
|
-e LOCAL_SUBNETS=10.1.0.0/16,10.2.0.0/16,10.3.0.0/16 \
|
||||||
jordanpotter/wireguard
|
jordanpotter/wireguard
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -40,17 +40,23 @@ else
|
||||||
echo "Skipping IPv6 kill switch setup since IPv6 interface was not found" >&2
|
echo "Skipping IPv6 kill switch setup since IPv6 interface was not found" >&2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNET
|
# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNETS
|
||||||
if [[ -z "$LOCAL_SUBNET" && "$LOCAL_NETWORK" ]]; then
|
if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_NETWORK" ]]; then
|
||||||
LOCAL_SUBNET=$LOCAL_NETWORK
|
LOCAL_SUBNETS=$LOCAL_NETWORK
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$LOCAL_SUBNET" ]]; then
|
# Support LOCAL_SUBNET environment variable, which was replaced by LOCAL_SUBNETS (plural)
|
||||||
echo "Allowing traffic to local subnet ${LOCAL_SUBNET}" >&2
|
if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_SUBNET" ]]; then
|
||||||
ip route add $LOCAL_SUBNET via $default_route_ip
|
LOCAL_SUBNETS=$LOCAL_SUBNET
|
||||||
iptables -I OUTPUT -d $LOCAL_SUBNET -j ACCEPT
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
for local_subnet in ${LOCAL_SUBNETS//,/$IFS}
|
||||||
|
do
|
||||||
|
echo "Allowing traffic to local subnet ${local_subnet}" >&2
|
||||||
|
ip route add $local_subnet via $default_route_ip
|
||||||
|
iptables -I OUTPUT -d $local_subnet -j ACCEPT
|
||||||
|
done
|
||||||
|
|
||||||
shutdown () {
|
shutdown () {
|
||||||
wg-quick down $interface
|
wg-quick down $interface
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue