Skip to content

Commit

Permalink
Add --killswitch option
Browse files Browse the repository at this point in the history 
When used, a killswitch is added using iptables.

Fix #24
  • Loading branch information
@NilsIrl
NilsIrl committed Sep 13, 2020
1 parent d444437 commit 18fa687
Showing 1 changed file with 19 additions and 1 deletion.
20 changes: 19 additions & 1 deletion src/main.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,12 @@ fn app() -> clap::App<'static, 'static> {
.takes_value(true)
.conflicts_with("port")
.long("hop"),
)
.arg(
Arg::with_name("killswitch")
.help("Enables a kill switch.")
.long("killswitch")
.takes_value(false),
),
)
.setting(AppSettings::SubcommandRequiredElseHelp),
Expand Down Expand Up @@ -613,7 +619,7 @@ fn main() {
"[Interface]
PrivateKey = {}
Address = {}
DNS = {}
DNS = {}{}
[Peer]
PublicKey = {}
Expand All @@ -622,6 +628,18 @@ Endpoint = {}:{}\n",
privkey_base64,
address,
IPV4_GATEWAY,
if save_m.is_present("killswitch") {
"\nPostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show \
%i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables \
-I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m \
addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! \
--dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark \
! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j \
REJECT"
} else {
""
},
server.public_key,
allowed_ips,
ip,
Expand Down

0 comments on commit 18fa687

Please sign in to comment.