wg-allowed-ips
v0.2.0
Published
#### Motivation
Downloads
2
Readme
Wireguard AllowedIPs generator
Motivation
If we want to pass all traffic trough wireguard except some IPs, we can't do it in the wireguard configuration.
This blogpost contains more info about it, and even contains AllowedIPs generator, but does not work with large subnets.
In my case, I wanted to pass all traffic through wireguard except my country's traffic, and except cloudflare's traffic.
Usage
There are two options: --allowed-ips
and --disallowed-ips
,
both accepts the list of IP
s separated by newline or space,
the IP
can be in CIDR
format (IpV4
or IpV6
),
or range like 10.0.0.0 - 11.0.0.0
.
Example command for "everything except cloudflare/Netherlands/rfc1918/loopback":
npx wg-allowed-ips --allowed-ips "0/0 ::/0" --disallowed-ips "$(curl -L https://www.cloudflare.com/ips-v4) $(curl -L https://www.cloudflare.com/ips-v6) $(curl -L http://ipverse.net/ipblocks/data/countries/nl.zone) $(curl -L http://ipverse.net/ipblocks/data/countries/nl-ipv6.zone) 127.0.0.0/8 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 fd00::/8"
Note, that algorithm is not optimized at all, and can work slow in some cases, but it works correct even if you process large subnets.
You can use this project as a library, but it is not designed for this use case, it has heavy weight dependencies (effect-ts/fp-ts/io-ts), so please don't use it in the frontend.