be sure to add iptables to drop packets if there's no back and forth exchange of data, then you...

vpShane • last Wednesday at 5:04 AM • 1 reply • view on HN

be sure to add iptables to drop packets if there's no back and forth exchange of data, then you're good2go as fake/wrong keys don't use resources to determine if a key is legit or not. not that big of a deal and wg just doesn't reply anyways

And good choice on the wireguard only, only issue I had is devops/testing things and not being connected to the wireguard because I'd be connected to another wireguard and couldn't ssh in to the server.

WireGuard _all_ of the things

Replies

lxgr • last Wednesday at 8:04 AM

> add iptables to drop packets if there's no back and forth exchange of data, then you're good2go as fake/wrong keys don't use resources to determine if a key is legit or not.

How does an initial connection work in that scheme?

Seems like a pretty big footgun for questionable benefit, since a main benefit of Wireguard is that it’s very lean in terms of resources.

alt Hacker News

Replies