I have a server A running as gateway for some intranet connected on
eth0. A is connected to multiple “relay nodes” like B, C, D… via WireGuard.
Assume here’s the IP setup:
A routes some traffic through WG. Here’s a part of A’s routing table:
... 172.16.0.0/16 via 10.0.0.2 dev wg0 172.17.0.0/16 via 10.0.0.3 dev wg0 ...
I would like to allow all traffic routed through B (
10.0.0.2), while blocking traffic routed through C. With pseudo-code, this is what I’m thinking:
-A FORWARD -o wg0 --via 10.0.0.2 -j ACCEPT -A FORWARD -o wg0 --via 10.0.0.3 -j DROP # ^^^^^^^^^^^^^^
There are a lot of items in the routing table that I don’t want to repeat in iptables rules. Another problem is there’s no MAC (or L2 in general) inside WG.
Is there any way to make this work?