* [PATCH] Improvements to wg-quick output for linux.bash.
@ 2021-11-19 15:33 Peter Hyman
0 siblings, 0 replies; only message in thread
From: Peter Hyman @ 2021-11-19 15:33 UTC (permalink / raw)
To: wireguard
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
- From c675c173a8b008bd2853fde8688f4da34271ae18 Mon Sep 17 00:00:00 2001
From: Peter Hyman <pete@peterhyman.com>
Date: Fri, 19 Nov 2021 08:30:29 -0600
Subject: [PATCH] Improvements to wg-quick output for linux.bash.
Replaced use of '<(echo $var)' for 'wg setconf -f' and 'nft -f' commands.
Use of '<(echo $var)' obscured actual input to 'wg' and 'nft' commands
and replaced with /dev/fd/63 which just indicates piped input.
After this commit, output will reflect actual commands for 'nft'
and will echo the config parameters being read by 'wg setconf'.
Config parameters will also hide Private and Preshared keys like
the 'wg' command.
Before
======
[#] wg setconf wg0 /dev/fd/63
[#] nft -f /dev/fd/63
After
=====
[#] wg setconf wg0 /dev/fd/63
wg configuration
[Interface]
PrivateKey = (hidden)
ListenPort = 51820
[Peer]
PublicKey = xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
PresharedKey = (hidden)
AllowedIPs = 0.0.0.0/0
Endpoint = xxx.xxx.xxx.xxx:51820
PersistentKeepalive = 25
[#] nft delete table ip wg-quick-wg0
Signed-off-by: Peter Hyman <pete@peterhyman.com>
- ---
src/wg-quick/linux.bash | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/wg-quick/linux.bash b/src/wg-quick/linux.bash
index e4d4c4f..f4f7298 100755
- --- a/src/wg-quick/linux.bash
+++ b/src/wg-quick/linux.bash
@@ -192,7 +192,7 @@ remove_firewall() {
while read -r table; do
[[ $table == *" wg-quick-$INTERFACE" ]] && printf -v nftcmd '%sdelete %s\n' "$nftcmd" "$table"
done < <(nft list tables 2>/dev/null)
- - [[ -z $nftcmd ]] || cmd nft -f <(echo -n "$nftcmd")
+ [[ -z $nftcmd ]] || cmd nft "$nftcmd"
fi
if type -p iptables >/dev/null; then
local line iptables found restore
@@ -239,7 +239,7 @@ add_default() {
printf -v nftcmd '%sadd rule %s %s premangle meta l4proto udp meta mark set ct mark \n' "$nftcmd" "$pf" "$nftable"
[[ $proto == -4 ]] && cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1
if type -p nft >/dev/null; then
- - cmd nft -f <(echo -n "$nftcmd")
+ cmd nft "$nftcmd"
else
echo -n "$restore" | cmd $iptables-restore -n
fi
@@ -248,7 +248,10 @@ add_default() {
}
set_config() {
+ local WG_CONFIGTMP
+ WG_CONFIGTMP=$(echo "wg configuration\n$WG_CONFIG" | sed -e 's/\(PrivateKey = \|PresharedKey = \).*$/\1(hidden)/')
cmd wg setconf "$INTERFACE" <(echo "$WG_CONFIG")
+ echo -e "$WG_CONFIGTMP"
}
save_config() {
- --
2.34.0
- --
Peter Hyman
GPG: 0x467FBF7D
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAmGXw84ACgkQTTfGLUZ/v3079gCgvx2ZCbBfmFH2FQbSXAl2lhPy
svMAmwav2EfkYwJ2jLgBm0ws5j6IQURc
=Ls+S
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-11-21 7:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-19 15:33 [PATCH] Improvements to wg-quick output for linux.bash Peter Hyman
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).