From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Jason@zx2c4.com Received: from krantz.zx2c4.com (localhost [127.0.0.1]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 5d13926e for ; Thu, 21 Sep 2017 12:27:04 +0000 (UTC) Received: from frisell.zx2c4.com (frisell.zx2c4.com [192.95.5.64]) by krantz.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 7812b183 for ; Thu, 21 Sep 2017 12:27:04 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTP id 303d705c for ; Thu, 21 Sep 2017 12:46:07 +0000 (UTC) Received: by frisell.zx2c4.com (ZX2C4 Mail Server) with ESMTPSA id 3a2bc346 (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128:NO) for ; Thu, 21 Sep 2017 12:46:07 +0000 (UTC) Received: by mail-io0-f178.google.com with SMTP id n69so10552347ioi.5 for ; Thu, 21 Sep 2017 05:54:26 -0700 (PDT) MIME-Version: 1.0 In-Reply-To: References: From: "Jason A. Donenfeld" Date: Thu, 21 Sep 2017 14:54:25 +0200 Message-ID: Subject: Re: [wireguard-dev] Ability to use one udp port for multiple wg interfaces To: nicolas prochazka Content-Type: text/plain; charset="UTF-8" Cc: WireGuard mailing list List-Id: Development discussion of WireGuard List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Perhaps I'm not understanding your last message, but it's most certainly possible to bind to a particular IP address with a service. It's also possible to bind to _all_ IP addresses, and then use iptables to control which source networks have access to a particular port. Finally, within a service, if you only allow input from wg0 since allowed-ips gives strong cryptographic binding, you can explicitly filter on the IP addresses you get from recvfrom. I don't understand your meaning of "internal dev".