mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-25 16:28:37 +00:00
wireguard subsystem
This commit is contained in:
parent
b67c7b4048
commit
4f7009181b
22
router/init-wg.sh
Executable file
22
router/init-wg.sh
Executable file
@ -0,0 +1,22 @@
|
||||
#! /bin/bash
|
||||
|
||||
# NOTE: The WG/UDP forwarding rules are set in fix-network.sh
|
||||
source "/sf/bin/funcs.sh"
|
||||
source "/sf/bin/funcs_net.sh"
|
||||
|
||||
unset SF_MAXOUT
|
||||
unset SF_MAXIN
|
||||
eval "$(grep ^SF_MAX /config/host/etc/sf/sf.conf)"
|
||||
|
||||
# The WG router goes directly to the Internet (and not via sf-router). Thus
|
||||
# we must traffic shape here (rather then sf-router).
|
||||
[[ -n $SF_MAXOUT ]] && {
|
||||
tc_set eth0 "${SF_MAXOUT}" dst || SLEEPEXIT 255 5 "tc failed"
|
||||
}
|
||||
|
||||
# Could 'police' incoming traffic but it's ugly and incoming traffic is normally
|
||||
# free anyhow.
|
||||
[[ -n $SF_MAXIN ]] && SLEEPEXIT 0 5 "WARNING: Incoming WireGuard traffic can not be limited"
|
||||
|
||||
# Keep 1 process alive so that master can use `nsenter` to enter this network namespace
|
||||
exec -a '[wg-sleep]' sleep infinity
|
Loading…
Reference in New Issue
Block a user