Wireguard – exclude a single IP address
By AllowedIPs in the wireguard configuration file, you mean which IPs should be routed through the wireguard tunnel. So if you want to exclude a single IP address from these allowed IP addresses, all IP networks must be enabled except for that single IP(s)
The easiest way to do this is with a Pyhton script:
from ipaddress import ip_network
start = '0.0.0.0/0'
exclude = ['IP1REFREE', 'IP2REFREE']
result = [ip_network(start)]
for x in exclude:
n = ip_network(x)
new = []
for y in result:
if y.overlaps(n):
new.extend(y.address_exclude(n))
else:
new.append(y)
result = new
print(','.join(str(x) for x in sorted(result)))
Save this script as a +.py file and then you can run it, for example, like this (on Linux):
python3 subnets.py
You can then enter the result after “AllowedIPs =”.
3 Antworten zu “Wireguard – exclude a single IP address”
Hi there. Thanks for this script. I really struggled to figure out what to put in the allow IPs to exclude just couple of IPs. Really appreciate what you’ve done here. Have a good one!
Thank you!
Thank you Sir! That works!