mirror/webgui
1
0
Fork 0
mirror of https://github.com/unraid/webgui.git synced 2026-05-05 01:09:25 -05:00
Code Issues Packages Projects Releases Wiki Activity

WireGuard: use kill switch when tunnel inactive

Browse Source 
Docker containers have no access when the WG tunnel is inactive
This commit is contained in:
bergware
2022-04-16 00:00:20 +02:00
parent bc771e5ce0
commit 838becf80c
1 changed files with 18 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
plugins/dynamix/include/update.wireguard.php
+18 -3
View File
@@ -91,15 +91,29 @@ function addDocker($vtun) {
$network = "$dockernet.$index.0/24";
exec("docker network create $vtun --subnet=$network 2>/dev/null");
$error = dockerNet($vtun);
if (!$error && !exec("ip rule|grep -Pom1 'from $network'")) {
extract(parse_ini_file('state/network.ini',true));
$thisnet = long2ip(ip2long($eth0['IPADDR:0']) & ip2long($eth0['NETMASK:0'])).'/'.mask2cidr($eth0['NETMASK:0']);
$gateway = $eth0['GATEWAY:0'];
exec("ip -4 rule add from $network table $index");
exec("ip -4 route add unreachable default table $index");
exec("ip -4 route add $thisnet via $gateway table $index");
}
}
return $error;
}
function delDocker($vtun) {
global $dockerd;
global $dockerd,$dockernet;
$error = false;
if ($dockerd && !dockerNet($vtun)) {
$index = substr($vtun,2)+200;
$network = "$dockernet.$index.0/24";
exec("docker network rm $vtun 2>/dev/null");
$error = !dockerNet($vtun);
if (!$error && exec("ip rule|grep -Pom1 'from $network'")) {
exec("ip -4 route flush table $index");
exec("ip -4 rule del from $network table $index");
}
}
return $error;
}
@@ -203,11 +217,12 @@ function parseInput($vtun,&$input,&$x) {
$network = "$dockernet.$index.0/24";
$thisnet = long2ip(ip2long($eth0['IPADDR:0']) & ip2long($eth0['NETMASK:0'])).'/'.mask2cidr($eth0['NETMASK:0']);
$gateway = $eth0['GATEWAY:0'];
$conf[] = "PostUp=ip -4 rule add from $network table $index";
$conf[] = "PostUp=ip -4 route flush table $index";
$conf[] = "PostUp=ip -4 route add default via $tunip table $index";
$conf[] = "PostUp=ip -4 route add $thisnet via $gateway table $index";
$conf[] = "PostDown=ip -4 route flush table $index";
$conf[] = "PostDown=ip -4 rule del from $network table $index";
$conf[] = "PostDown=ip -4 route add unreachable default table $index";
$conf[] = "PostDown=ip -4 route add $thisnet via $gateway table $index";
}
$conf[] = "\n[Peer]";
// add peers, this is only used for peer sections