From: Peter Hyman <pete@peterhyman.com>
To: wireguard@lists.zx2c4.com
Subject: [PATCH] Improvements to wg-quick output for linux.bash.
Date: Fri, 19 Nov 2021 09:33:34 -0600 [thread overview]
Message-ID: <20211119093334.3428f3ee@tommyv.localhost> (raw)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
- From c675c173a8b008bd2853fde8688f4da34271ae18 Mon Sep 17 00:00:00 2001
From: Peter Hyman <pete@peterhyman.com>
Date: Fri, 19 Nov 2021 08:30:29 -0600
Subject: [PATCH] Improvements to wg-quick output for linux.bash.
Replaced use of '<(echo $var)' for 'wg setconf -f' and 'nft -f' commands.
Use of '<(echo $var)' obscured actual input to 'wg' and 'nft' commands
and replaced with /dev/fd/63 which just indicates piped input.
After this commit, output will reflect actual commands for 'nft'
and will echo the config parameters being read by 'wg setconf'.
Config parameters will also hide Private and Preshared keys like
the 'wg' command.
Before
======
[#] wg setconf wg0 /dev/fd/63
[#] nft -f /dev/fd/63
After
=====
[#] wg setconf wg0 /dev/fd/63
wg configuration
[Interface]
PrivateKey = (hidden)
ListenPort = 51820
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
PresharedKey = (hidden)
AllowedIPs = 0.0.0.0/0
Endpoint = xxx.xxx.xxx.xxx:51820
PersistentKeepalive = 25
[#] nft delete table ip wg-quick-wg0
Signed-off-by: Peter Hyman <pete@peterhyman.com>
- ---
src/wg-quick/linux.bash | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index e4d4c4f..f4f7298 100755
- --- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -192,7 +192,7 @@ remove_firewall() {
while read -r table; do
[[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table"
done < <(nft list tables 2>/dev/null)
- - [[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd")
+ [[ -z $nftcmd ]] || cmd nft "$nftcmd"
fi
if type -p iptables >/dev/null; then
local line iptables found restore
@@ -239,7 +239,7 @@ add_default() {
printf -v nftcmd '%sadd rule %s %s premangle meta l4proto udp meta mark set ct mark \n' "$nftcmd" "$pf" "$nftable"
[[ $proto == -4 ]] && cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1
if type -p nft >/dev/null; then
- - cmd nft -f <(echo -n "$nftcmd")
+ cmd nft "$nftcmd"
else
echo -n "$restore" | cmd $iptables-restore -n
fi
@@ -248,7 +248,10 @@ add_default() {
}
set_config() {
+ local WG_CONFIGTMP
+ WG_CONFIGTMP=$(echo "wg configuration\n$WG_CONFIG" | sed -e 's/\(PrivateKey = \|PresharedKey = \).*$/\1(hidden)/')
cmd wg setconf "$INTERFACE" <(echo "$WG_CONFIG")
+ echo -e "$WG_CONFIGTMP"
}
save_config() {
- --
2.34.0
- --
Peter Hyman
GPG: 0x467FBF7D
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAmGXw84ACgkQTTfGLUZ/v3079gCgvx2ZCbBfmFH2FQbSXAl2lhPy
svMAmwav2EfkYwJ2jLgBm0ws5j6IQURc
=Ls+S
-----END PGP SIGNATURE-----
reply other threads:[~2021-11-21 7:26 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211119093334.3428f3ee@tommyv.localhost \
--to=pete@peterhyman.com \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).