Merge pull request #27 from jordanpotter/local_subnets

Allow specifying multiple local subnets
3 years ago · db3380bf96
2 changed files with 15 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -53,7 +53,7 @@ services:

 ## Local Network

-If you wish to allow traffic to your local network, specify the subnet using the `LOCAL_SUBNET` environment variable:
+If you wish to allow traffic to your local network, specify the subnet(s) using the `LOCAL_SUBNETS` environment variable:

 ```bash
 docker run --name wireguard                                          \
@ -61,7 +61,7 @@ docker run --name wireguard                                          \
    --cap-add SYS_MODULE                                             \
    --sysctl net.ipv4.conf.all.src_valid_mark=1                      \
    -v /path/to/conf/mullvad.conf:/etc/wireguard/mullvad.conf        \
-    -e LOCAL_SUBNET=10.0.0.0/8                                       \
+    -e LOCAL_SUBNETS=10.1.0.0/16,10.2.0.0/16,10.3.0.0/16             \
    jordanpotter/wireguard
 ```

--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -40,17 +40,23 @@ else
    echo "Skipping IPv6 kill switch setup since IPv6 interface was not found" >&2
 fi

-# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNET
-if [[ -z "$LOCAL_SUBNET" && "$LOCAL_NETWORK" ]]; then
-    LOCAL_SUBNET=$LOCAL_NETWORK
+# Support LOCAL_NETWORK environment variable, which was replaced by LOCAL_SUBNETS
+if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_NETWORK" ]]; then
+    LOCAL_SUBNETS=$LOCAL_NETWORK
 fi

-if [[ "$LOCAL_SUBNET" ]]; then
-    echo "Allowing traffic to local subnet ${LOCAL_SUBNET}" >&2
-    ip route add $LOCAL_SUBNET via $default_route_ip
-    iptables -I OUTPUT -d $LOCAL_SUBNET -j ACCEPT
+# Support LOCAL_SUBNET environment variable, which was replaced by LOCAL_SUBNETS (plural)
+if [[ -z "$LOCAL_SUBNETS" && "$LOCAL_SUBNET" ]]; then
+    LOCAL_SUBNETS=$LOCAL_SUBNET
 fi

+for local_subnet in ${LOCAL_SUBNETS//,/$IFS}
+do
+    echo "Allowing traffic to local subnet ${local_subnet}" >&2
+    ip route add $local_subnet via $default_route_ip
+    iptables -I OUTPUT -d $local_subnet -j ACCEPT
+done
+
 shutdown () {
    wg-quick down $interface
    exit 0