network: wireguard: do not add routes to AllowedIPs= by default

As setting such routes may break existing setups. Closes #21964. (cherry picked from commit cfe1237f38)
2025-01-06 13:17:44 +03:00 · 2022-01-16 15:53:13 +09:00 · 2022-01-16 15:53:13 +09:00 · 417622f42b
commit 417622f42b
parent 18aff8c857
2 changed files with 3 additions and 9 deletions
--- a/man/systemd.netdev.xml
+++ b/man/systemd.netdev.xml
@ -1572,7 +1572,7 @@
          <citerefentry><refentrytitle>networkd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
          or a number in the range 1…4294967295. When <literal>off</literal> the routes to the
          addresses specified in the <varname>AllowedIPs=</varname> setting will not be configured.
-          Defaults to <literal>main</literal>. This setting will be ignored when the same setting is
+          Defaults to <literal>off</literal>. This setting will be ignored when the same setting is
          specified in the [WireGuardPeer] section.</para>
        </listitem>
      </varlistentry>
--- a/src/network/netdev/wireguard.c
+++ b/src/network/netdev/wireguard.c
@ -895,13 +895,8 @@ int config_parse_wireguard_route_table(
        assert(data);
        assert(userdata);

-        if (isempty(rvalue)) {
-                *table = RT_TABLE_MAIN;
-                return 0;
-        }
-
-        if (streq(rvalue, "off")) {
-                *table = 0;
+        if (isempty(rvalue) || streq(rvalue, "off")) {
+                *table = 0; /* Disabled. */
                return 0;
        }

@ -1061,7 +1056,6 @@ static void wireguard_init(NetDev *netdev) {
        assert(w);

        w->flags = WGDEVICE_F_REPLACE_PEERS;
-        w->route_table = RT_TABLE_MAIN;
 }

 static void wireguard_done(NetDev *netdev) {