simono41/docker-wireguard
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #27 from jordanpotter/local_subnets

Browse source 
Allow specifying multiple local subnets
This commit is contained in:
Jordan Potter 2022-06-15 13:05:36 -07:00 committed by GitHub
commit db3380bf96
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -53,7 +53,7 @@ services:
## Local Network
If you wish to allow traffic to your local network, specify the subnet using the `LOCAL_SUBNET` environment variable:
If you wish to allow traffic to your local network, specify the subnet(s) using the `LOCAL_SUBNETS` environment variable:
```bash
docker run --name wireguard \
@ -61,7 +61,7 @@ docker run --name wireguard \
--cap-add SYS_MODULE \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
-v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf \
-e LOCAL_SUBNET=10.0.0.0/8 \
-e LOCAL_SUBNETS=10.1.0.0/16,10.2.0.0/16,10.3.0.0/16 \
jordanpotter/wireguard
```

20
entrypoint.sh
View file

@ -40,17 +40,23 @@ else
echo "Skipping IPv6 kill switch setup since IPv6 interface was not found" >&2
fi
# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNET
if [[ -z "$LOCAL_SUBNET" && "$LOCAL_NETWORK" ]]; then
LOCAL_SUBNET=$LOCAL_NETWORK
# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNETS
if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_NETWORK" ]]; then
LOCAL_SUBNETS=$LOCAL_NETWORK
fi
if [[ "$LOCAL_SUBNET" ]]; then
echo "Allowing traffic to local subnet ${LOCAL_SUBNET}" >&2
ip route add $LOCAL_SUBNET via $default_route_ip
iptables -I OUTPUT -d $LOCAL_SUBNET -j ACCEPT
# Support LOCAL_SUBNET environment variable, which was replaced by LOCAL_SUBNETS (plural)
if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_SUBNET" ]]; then
LOCAL_SUBNETS=$LOCAL_SUBNET
fi
for local_subnet in ${LOCAL_SUBNETS//,/$IFS}
do
echo "Allowing traffic to local subnet ${local_subnet}" >&2
ip route add $local_subnet via $default_route_ip
iptables -I OUTPUT -d $local_subnet -j ACCEPT
done
shutdown () {
wg-quick down $interface
exit 0