mirror of
https://github.com/hackerschoice/segfault.git
synced 2024-06-30 18:51:22 +00:00
wireguard subsystem
This commit is contained in:
parent
b67c7b4048
commit
4f7009181b
22
router/init-wg.sh
Executable file
22
router/init-wg.sh
Executable file
@ -0,0 +1,22 @@
|
|||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
# NOTE: The WG/UDP forwarding rules are set in fix-network.sh
|
||||||
|
source "/sf/bin/funcs.sh"
|
||||||
|
source "/sf/bin/funcs_net.sh"
|
||||||
|
|
||||||
|
unset SF_MAXOUT
|
||||||
|
unset SF_MAXIN
|
||||||
|
eval "$(grep ^SF_MAX /config/host/etc/sf/sf.conf)"
|
||||||
|
|
||||||
|
# The WG router goes directly to the Internet (and not via sf-router). Thus
|
||||||
|
# we must traffic shape here (rather then sf-router).
|
||||||
|
[[ -n $SF_MAXOUT ]] && {
|
||||||
|
tc_set eth0 "${SF_MAXOUT}" dst || SLEEPEXIT 255 5 "tc failed"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Could 'police' incoming traffic but it's ugly and incoming traffic is normally
|
||||||
|
# free anyhow.
|
||||||
|
[[ -n $SF_MAXIN ]] && SLEEPEXIT 0 5 "WARNING: Incoming WireGuard traffic can not be limited"
|
||||||
|
|
||||||
|
# Keep 1 process alive so that master can use `nsenter` to enter this network namespace
|
||||||
|
exec -a '[wg-sleep]' sleep infinity
|
Loading…
Reference in New Issue
Block a user