Summary: | net-vpn/wireguard-tools[wg-quick] should not hard-depend on a firewall tool (iptables or nftables) | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Christopher Head <bugs> |
Component: | Current packages | Assignee: | Jason A. Donenfeld <zx2c4> |
Status: | UNCONFIRMED --- | ||
Severity: | minor | CC: | kfm |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Christopher Head
2021-10-07 04:21:38 UTC
> However, wg-quick works just fine without either one installed, and without the corresponding kernel options enabled either.
It needs fwmark (firewall mark) to work. It uses it in iptables/nftables to make sure that only wireguard packets get out so that nothing leaks.
> It needs fwmark
Actually my bad, it doesn't, it's optional.
|