From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ipfire-scm+bounces-106-archive=lists.ipfire.org@lists.ipfire.org>
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bKtQT6TWwz30Bx
	for <archive@lists.ipfire.org>; Sun, 15 Jun 2025 12:55:13 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (secp384r1)
	 client-signature RSA-PSS (4096 bits))
	(Client CN "mail01.haj.ipfire.org", Issuer "R10" (verified OK))
	by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bKtQT6LcNz2y9H
	for <ipfire-scm@lists.ipfire.org>; Sun, 15 Jun 2025 12:55:13 +0000 (UTC)
Received: from people01.haj.ipfire.org (people01.haj.ipfire.org [172.28.1.161])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits)
	 client-signature ECDSA (secp384r1))
	(Client CN "people01.haj.ipfire.org", Issuer "E6" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4bKtQT5g1gzrg
	for <ipfire-scm@lists.ipfire.org>; Sun, 15 Jun 2025 12:55:13 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
	s=202003ed25519; t=1749992113;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=s7/Rqdz5s9wf8yVIYH6UTmFBc31fiwmknfICgSt07b0=;
	b=4xX5cDQQPexS00lou1HQYlvdPSAwrAvsjk29atYf1oLSTlp0KU9A5AA7YosXMFOAyISSlG
	/Aveaf9WKQXPJgAg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa;
	t=1749992113;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc; bh=s7/Rqdz5s9wf8yVIYH6UTmFBc31fiwmknfICgSt07b0=;
	b=XGaOPJeMZ0R57OTV9fTmp/zmMBhRair2pix73lJKr30QI2EVhdcVl4MG5Qo9NZtBHKFZ6g
	97sK+pj21XbIODFZrfXrTYi6WvHJl4r2nvqAJeFScz1br/lNT9f1razlFzo42HXnMGfnbR
	nZRidNp1Nyy5oTkKo/3OLQd6T6BVTkRAN8LFLzyYtorGEFOhLv1v547rfWxL7LycOdpY9/
	2idRfeQnb7nWkNe4PXTevu0vcuKPRwX6jXiA/UzSz0mKhl5DlTtHKtHn4K9tr5GH0UNrhi
	thCzsKB8VDwXsE6VLDWxwCdKmavPFE4o0oxxBcPNrKzBzNGq7O6BLtgkRk1rcg==
Received: by people01.haj.ipfire.org (Postfix, from userid 1000)
	id 4bKtQT5Gqdz2xZx; Sun, 15 Jun 2025 12:55:13 +0000 (UTC)
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 8e1a9a3699e7061405ae7ee49caf672558a1c792
X-Git-Refname: refs/heads/next
X-Git-Reftype: branch
X-Git-Oldrev: 09fc0f7d298f6a68d37809f17696e2609de9f2fc
X-Git-Newrev: 8e1a9a3699e7061405ae7ee49caf672558a1c792
Message-Id: <4bKtQT5Gqdz2xZx@people01.haj.ipfire.org>
Date: Sun, 15 Jun 2025 12:55:13 +0000 (UTC)
From: Michael Tremer <git@ipfire.org>
Precedence: list
List-Id: <ipfire-scm.lists.ipfire.org>
List-Subscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+subscribe@lists.ipfire.org?subject=subscribe>
List-Unsubscribe: <https://lists.ipfire.org/>,
 <mailto:ipfire-scm+unsubscribe@lists.ipfire.org?subject=unsubscribe>
List-Post: <mailto:ipfire-scm@lists.ipfire.org>
List-Help: <mailto:ipfire-scm+help@lists.ipfire.org?subject=help>
Sender: <ipfire-scm@lists.ipfire.org>
Mail-Followup-To: <ipfire-scm@lists.ipfire.org>

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  8e1a9a3699e7061405ae7ee49caf672558a1c792 (commit)
      from  09fc0f7d298f6a68d37809f17696e2609de9f2fc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8e1a9a3699e7061405ae7ee49caf672558a1c792
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Sun Jun 15 13:52:28 2025 +0100

    wireguard: Don't use fwmarks for the gateways
    
    This slightly conflicts with the reverse path filter which does not seem
    to consider the mark and therefore does not resolve to the correct route.
    
    There is not too much benefit of using the mark, except its elegance, a
    more accurate lookup and that we were hiding a direct route to the
    gateway from the clients.
    
    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

-----------------------------------------------------------------------

Summary of changes:
 src/initscripts/system/wireguard | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

Difference in files:
diff --git a/src/initscripts/system/wireguard b/src/initscripts/system/wireguard
index 00862743b..caaa69cb9 100644
--- a/src/initscripts/system/wireguard
+++ b/src/initscripts/system/wireguard
@@ -27,9 +27,6 @@ shopt -s nullglob
 
 eval $(/usr/local/bin/readhash /var/ipfire/wireguard/settings)
 
-# Mark all packets coming out of the WireGuard interfaces
-WG_MARK="0x00800000"
-
 interfaces() {
 	local id
 	local enabled
@@ -223,7 +220,6 @@ generate_config() {
 		fi
 
 		echo "[Interface]"
-		echo "FwMark = ${WG_MARK}"
 
 		if [ -n "${privkey}" ]; then
 			echo "PrivateKey = ${privkey}"
@@ -324,7 +320,7 @@ reload_firewall() {
 
 	# Ensure that the table is being looked up
 	if ! ip rule | grep -q "lookup wg"; then
-		ip rule add table wg fwmark "${WG_MARK}"
+		ip rule add table wg
 	fi
 }
 


hooks/post-receive
--
IPFire 2.x development tree