Merge pull request #27 from jordanpotter/local_subnets

Allow specifying multiple local subnets
This commit is contained in:
Jordan Potter 2022-06-15 13:05:36 -07:00 committed by GitHub
commit db3380bf96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 9 deletions

View file

@ -53,7 +53,7 @@ services:
## Local Network ## Local Network
If you wish to allow traffic to your local network, specify the subnet using the `LOCAL_SUBNET` environment variable: If you wish to allow traffic to your local network, specify the subnet(s) using the `LOCAL_SUBNETS` environment variable:
```bash ```bash
docker run --name wireguard \ docker run --name wireguard \
@ -61,7 +61,7 @@ docker run --name wireguard \
--cap-add SYS_MODULE \ --cap-add SYS_MODULE \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \ --sysctl net.ipv4.conf.all.src_valid_mark=1 \
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \ -v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
-e LOCAL_SUBNET=10.0.0.0/8 \ -e LOCAL_SUBNETS=10.1.0.0/16,10.2.0.0/16,10.3.0.0/16 \
jordanpotter/wireguard jordanpotter/wireguard
``` ```

View file

@ -40,17 +40,23 @@ else
echo "Skipping IPv6 kill switch setup since IPv6 interface was not found" >&2 echo "Skipping IPv6 kill switch setup since IPv6 interface was not found" >&2
fi fi
# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNET # Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNETS
if [[ -z "$LOCAL_SUBNET" && "$LOCAL_NETWORK" ]]; then if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_NETWORK" ]]; then
LOCAL_SUBNET=$LOCAL_NETWORK LOCAL_SUBNETS=$LOCAL_NETWORK
fi fi
if [[ "$LOCAL_SUBNET" ]]; then # Support LOCAL_SUBNET environment variable, which was replaced by LOCAL_SUBNETS (plural)
echo "Allowing traffic to local subnet ${LOCAL_SUBNET}" >&2 if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_SUBNET" ]]; then
ip route add $LOCAL_SUBNET via $default_route_ip LOCAL_SUBNETS=$LOCAL_SUBNET
iptables -I OUTPUT -d $LOCAL_SUBNET -j ACCEPT
fi fi
for local_subnet in ${LOCAL_SUBNETS//,/$IFS}
do
echo "Allowing traffic to local subnet ${local_subnet}" >&2
ip route add $local_subnet via $default_route_ip
iptables -I OUTPUT -d $local_subnet -j ACCEPT
done
shutdown () { shutdown () {
wg-quick down $interface wg-quick down $interface
exit 0 exit 0