From: sgf <sgf.dma@gmail.com>
Date: Tue, 13 Jun 2023 12:27:35 +0000 (+0300)
Subject: wireguard. Use suppress_prefixlength to avoid hardcoding local network.
X-Git-Url: https://gitweb.sgf-dma.tk/?a=commitdiff_plain;h=e7bb281a6b5f1e4c9e272c45a95167c106d80d6a;p=iptables.git

wireguard. Use suppress_prefixlength to avoid hardcoding local network.
---

diff --git a/wireguard-for_NATed_network/.wg4.conf.swp b/wireguard-for_NATed_network/.wg4.conf.swp
new file mode 100644
index 0000000..b350f80
Binary files /dev/null and b/wireguard-for_NATed_network/.wg4.conf.swp differ
diff --git a/wireguard-for_NATed_network/wg4.conf b/wireguard-for_NATed_network/wg4.conf
index 5155d8f..234105a 100644
--- a/wireguard-for_NATed_network/wg4.conf
+++ b/wireguard-for_NATed_network/wg4.conf
@@ -4,18 +4,22 @@ Address = 10.10.238.146
 
 Table = off
 
-# Add table for routing marked packets into wireguard.
+# Add rule for routing marked packets into wireguard using separate table.
 PostUp = ip rule add pref 444 fwmark 4 table 444
-# Default route to wireguard.
+# Default route to wireguard in separate table.
 PostUp = ip ro add default dev wg4 table 444
 # Route replies back to sender. Otherwise, they'll be looped back to
-# wireguard.
-PostUp = ip ro add 192.168.4.0/24 dev br0 table 444
+# wireguard. Either copy explicit route into separate table:
+#PostUp = ip ro add 192.168.4.0/24 dev br0 table 444
+# Or use main table, which already has all needed routes for local networks,
+# and just suppress default route there. In that case, i don't need to
+# hardcode NAT-ed network anywhere.
+PostUp = ip rule add pref 443 fwmark 4 suppress_prefixlength 0 table main
 
 # Undo all changes.
 PreDown = ip rule del pref 444 fwmark 4 table 444
 PreDown = ip ro del default dev wg4 table 444
-PreDown = ip ro del 192.168.4.0/24 dev br0 table 444
+PreDown = ip rule del pref 443 fwmark 4 suppress_prefixlength 0 table main
 
 [Peer]
 Endpoint = ...