From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ipfire-scm+bounces-105-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bKtQQ6GpKz30Bx
	for <archive@lists.ipfire.org>; Sun, 15 Jun 2025 12:55:10 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bKtQQ5znJz2y9H
	for <ipfire-scm@lists.ipfire.org>; Sun, 15 Jun 2025 12:55:10 +0000 (UTC)
Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature ECDSA (secp384r1) client-digest SHA384)
	(Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4bKtQQ0yRvzrg
	for <ipfire-scm@lists.ipfire.org>; Sun, 15 Jun 2025 12:55:10 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1749992110;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=0U1+DtVj69OQt9EbPcLXTNCpi4xH6vqZeFaHlCbqt+A=;
	b=vAuOd8c5hGBHoONFr1lMBcR7Hrpnb7930RB6i73dBMcvtIe5bK0gL5uY+cSb7WyPJApAm8
	gJEdKjtX8eLqyeAA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1749992110;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=0U1+DtVj69OQt9EbPcLXTNCpi4xH6vqZeFaHlCbqt+A=;
	b=C1m448mmrgs+FXwpeE7QubMCZv8kxjcyYPVJ2531Sh6bA2++j+Xkpal04SnsETftJbAZbp
	iCYWdNb1OgGQA3gYZRcITqdTDlbudjuZeV+HhQR5iicUXHPTE/GiJrd7CUrafuBm5wJ9OR
	18NlYeUTQFSz9PN1WJInK+wfCymUlm48guidgE6NGaANpn/fwq6xtm94U86zRd/a3cnCD9
	9IyB1I4604IhqHz5S/EkBiIyL7HDXAQ4BfCj9zoyBcprUxYq3CQfCeRNOer5GZL9D4fOoM
	VM1tg6hpsUihHrMjeYojQulLEH6hY1qTw4JsmpCwNGvlsmdKWGeBeyDYnNJxLg==
Received: by people01.haj.ipfire.org (Postfix, from userid 1000)
	id 4bKtQP6wWGz2xZx; Sun, 15 Jun 2025 12:55:09 +0000 (UTC)
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, master, updated. baa22ec7a699eb8f5b73db54b9abfbf8580583ae
X-Git-Refname: refs/heads/master
X-Git-Reftype: branch
X-Git-Oldrev: 60668b8297555e92d2df01fd47f3b96c18d3636d
X-Git-Newrev: baa22ec7a699eb8f5b73db54b9abfbf8580583ae
Message-Id: <4bKtQP6wWGz2xZx@people01.haj.ipfire.org>
Date: Sun, 15 Jun 2025 12:55:09 +0000 (UTC)
From: Michael Tremer <git@ipfire.org>
Precedence: list
List-Id: <ipfire-scm.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:ipfire-scm@lists.ipfire.org>
List-Help: <mailto:ipfire-scm+help@lists.ipfire.org?subject=help>
Sender: <ipfire-scm@lists.ipfire.org>
Mail-Followup-To: <ipfire-scm@lists.ipfire.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, master has been updated
       via  baa22ec7a699eb8f5b73db54b9abfbf8580583ae (commit)
      from  60668b8297555e92d2df01fd47f3b96c18d3636d (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit baa22ec7a699eb8f5b73db54b9abfbf8580583ae
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Sun Jun 15 13:52:28 2025 +0100

    wireguard: Don't use fwmarks for the gateways
    
    This slightly conflicts with the reverse path filter which does not seem
    to consider the mark and therefore does not resolve to the correct route.
    
    There is not too much benefit of using the mark, except its elegance, a
    more accurate lookup and that we were hiding a direct route to the
    gateway from the clients.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 src/initscripts/system/wireguard | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

Difference in files:
diff --git a/src/initscripts/system/wireguard b/src/initscripts/system/wireguard
index 00862743b..caaa69cb9 100644
--- a/src/initscripts/system/wireguard
+++ b/src/initscripts/system/wireguard
@@ -27,9 +27,6 @@ shopt -s nullglob
 
 eval $(/usr/local/bin/readhash /var/ipfire/wireguard/settings)
 
-# Mark all packets coming out of the WireGuard interfaces
-WG_MARK="0x00800000"
-
 interfaces() {
 	local id
 	local enabled
@@ -223,7 +220,6 @@ generate_config() {
 		fi
 
 		echo "[Interface]"
-		echo "FwMark = ${WG_MARK}"
 
 		if [ -n "${privkey}" ]; then
 			echo "PrivateKey = ${privkey}"
@@ -324,7 +320,7 @@ reload_firewall() {
 
 	# Ensure that the table is being looked up
 	if ! ip rule | grep -q "lookup wg"; then
-		ip rule add table wg fwmark "${WG_MARK}"
+		ip rule add table wg
 	fi
 }
 


hooks/post-receive
--
IPFire 2.x development tree