PreDown = ip6tables -D OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL ! -d 10.0.0.50 -j REJECT PostUp = ip6tables -I OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL -j REJECT PostUp = iptables -I OUTPUT ! -o %i -m mark ! -mark $(wg show %i fwmark) -m addrtype ! -dst-type LOCAL ! -d 10.0.0.50 -j REJECT ip6tables -I OUTPUT ! -o m圜onfig-wireguard -m mark ! -mark $(wg show m圜onfig-wireguard fwmark) -m addrtype ! -dst-type LOCAL -j REJECT iptables -I OUTPUT ! -o m圜onfig-wireguard -m mark ! -mark $(wg show m圜onfig-wireguard fwmark) -m addrtype ! -dst-type LOCAL ! -d 10.0.0.50 -j REJECT ip -4 rule add table main suppress_prefixlength 0 ip -4 rule add not fwmark 51820 table 51820 ip -4 route add 0.0.0.0/0 dev m圜onfig-wireguard table 51820 ip -6 rule add table main suppress_prefixlength 0 ip -6 rule add not fwmark 51820 table 51820 ip -6 route add ::/0 dev m圜onfig-wireguard table 51820 ip link set mtu 1420 up dev m圜onfig-wireguard ip -4 address add #.#.#.#/32 dev m圜onfig-wireguard However, when I add an exclusion for a local ip 10.0.0.50 (as ! -d 10.0.0.50), the output is as follows (where "m圜onfig-wireguard" is the wireguard config): ip link add m圜onfig-wireguard type wireguard With just that change, wg-quick up and wg-quick down work fine. I split the PostUp and PreDown commands into two lines so its more readable. I have a wireguard config with a killswitch that I downloaded from Mullvad.
0 kommentar(er)
