[PATCH 0/1] Trying to rephrase man-file AllowedIPs again

[PATCH 0/1] Trying to rephrase man-file AllowedIPs again

[Daniel Lublin]

Giving another stab at this, after my (quite's) initial though on IRC

Daniel Lublin (1):
  wg(8): rephrase wording on AllowedIPs

 src/tools/wg.8 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

-- 
2.16.1

[PATCH 1/1] wg(8): rephrase wording on AllowedIPs

[Daniel Lublin]

---
 src/tools/wg.8 | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/tools/wg.8 b/src/tools/wg.8
index 49dc15b..b49fb7a 100644
--- a/src/tools/wg.8
+++ b/src/tools/wg.8
@@ -143,12 +143,12 @@ and may be omitted. This option adds an additional layer of symmetric-key
 cryptography to be mixed into the already existing public-key cryptography,
 for post-quantum resistance.
 .IP \(bu
-AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with
-CIDR masks from which incoming traffic for this peer is allowed and to
-which outgoing traffic for this peer is directed. The catch-all
-\fI0.0.0.0/0\fP may be specified for matching all IPv4 addresses, and
-\fI::/0\fP may be specified for matching all IPv6 addresses. May be specified
-multiple times. Required.
+AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses with CIDR
+masks, declaring the sources of incoming traffic that are allowed through the
+peer, and as well defining which destinations of outgoing traffic that will be
+directed through the peer. The catch-all \fI0.0.0.0/0\fP may be specified for
+matching all IPv4 addresses, and \fI::/0\fP may be specified for matching all
+IPv6 addresses. May be specified multiple times. Required.
 .IP \(bu
 Endpoint \(em an endpoint IP or hostname, followed by a colon, and then a
 port number. This endpoint will be updated automatically to the most recent
-- 
2.16.1

Re: [PATCH 1/1] wg(8): rephrase wording on AllowedIPs

[Lonnie Abelbeck]

On Feb 18, 2018, at 6:02 AM, Daniel Lublin <daniel@lublin.se> wrote:

> +AllowedIPs \(em a comma-separated list of IP (v4 or v6) addresses =
with CIDR
> +masks, declaring the sources of incoming traffic that are allowed =
through the
> +peer, and as well defining which destinations of outgoing traffic =
that will be
> +directed through the peer. The catch-all \fI0.0.0.0/0\fP may be =
specified for
> +matching all IPv4 addresses, and \fI::/0\fP may be specified for =
matching all
> +IPv6 addresses. May be specified multiple times. Required.

Personally, in an effort to make this more clear, from this reference:
Cryptokey Routing
https://www.wireguard.com/#cryptokey-routing

This quote offered clarity to me ...
--
When sending packets, the list of allowed IPs behaves as a sort of =
routing table, and when receiving packets, the list of allowed IPs =
behaves as a sort of access control list.
--

Lonnie