nuno a révisé ce gist 1 month ago. Aller à la révision
1 file changed, 102 insertions
gistfile1.txt(fichier créé)
| @@ -0,0 +1,102 @@ | |||
| 1 | + | function cmd::identity::help() { | |
| 2 | + | cat <<EOF | |
| 3 | + | Usage: wgctl identity <subcommand> [options] | |
| 4 | + | ||
| 5 | + | Manage peer identities. | |
| 6 | + | ||
| 7 | + | Subcommands: | |
| 8 | + | list List all identities | |
| 9 | + | show --name <name> Show identity details and device status | |
| 10 | + | add --name <name> Manually attach a peer to an identity | |
| 11 | + | --peer <peer> | |
| 12 | + | remove --name <name> Remove identity and all associated peers | |
| 13 | + | migrate [--dry-run] Create identities from existing peer names | |
| 14 | + | ||
| 15 | + | rule assign --name <name> Assign a rule to an identity | |
| 16 | + | --rule <rule> | |
| 17 | + | rule unassign --name <name> Remove rule from an identity | |
| 18 | + | rule show --name <name> Show current identity rule | |
| 19 | + | ||
| 20 | + | options --name <name> Set identity options | |
| 21 | + | [--policy <policy>] | |
| 22 | + | [--set-strict-rule | --unset-strict-rule] | |
| 23 | + | [--set-auto-apply | --unset-auto-apply] | |
| 24 | + | ||
| 25 | + | Examples: | |
| 26 | + | wgctl identity list | |
| 27 | + | wgctl identity show --name nuno | |
| 28 | + | wgctl identity rule assign --name nuno --rule admin | |
| 29 | + | wgctl identity rule unassign --name nuno | |
| 30 | + | wgctl identity options --name guests-identity --policy guest | |
| 31 | + | wgctl identity options --name nuno --set-strict-rule | |
| 32 | + | EOF | |
| 33 | + | } | |
| 34 | + | function cmd::rule::help() { | |
| 35 | + | cat <<EOF | |
| 36 | + | Usage: wgctl rule <subcommand> [options] | |
| 37 | + | ||
| 38 | + | Manage firewall rules with inheritance support. | |
| 39 | + | Rules can extend base rules to compose reusable access policies. | |
| 40 | + | Service names from 'wgctl net' can be used instead of raw IPs/ports. | |
| 41 | + | ||
| 42 | + | Subcommands: | |
| 43 | + | list, ls List all rules | |
| 44 | + | show, inspect Show rule details and inheritance | |
| 45 | + | add, new, create Create a new rule | |
| 46 | + | update, edit Update a rule and re-apply to peers | |
| 47 | + | remove, rm, del Remove a rule | |
| 48 | + | assign Assign a rule to a peer | |
| 49 | + | unassign Remove rule from a peer | |
| 50 | + | reapply Re-apply rule to all assigned peers | |
| 51 | + | migrate Apply default rules to unassigned peers | |
| 52 | + | ||
| 53 | + | Options for list: | |
| 54 | + | --base Show only base rules | |
| 55 | + | --no-base Hide base rules section | |
| 56 | + | --group <name> Filter by group (case insensitive) | |
| 57 | + | --detailed Show rule entries inline | |
| 58 | + | ||
| 59 | + | Options for add: | |
| 60 | + | --name <name> Rule name | |
| 61 | + | --desc <description> Description | |
| 62 | + | --group <group> Display group (e.g. VM Rules, Users) | |
| 63 | + | --extends <rule,...> Inherit from base rules (comma-separated) | |
| 64 | + | --base Create as base rule (not directly assignable) | |
| 65 | + | --allow-ip <ip/cidr> Allow IP or subnet (repeatable) | |
| 66 | + | --allow-port <ip:port:proto> Allow specific port (repeatable) | |
| 67 | + | --block-ip <ip/cidr> Block IP or subnet (repeatable) | |
| 68 | + | --block-port <ip:port:proto> Block specific port (repeatable) | |
| 69 | + | --block-service <name> Block named service (repeatable) | |
| 70 | + | --allow-service <name> Allow named service (repeatable) | |
| 71 | + | --dns-redirect Force DNS through Pi-hole | |
| 72 | + | ||
| 73 | + | Options for update: | |
| 74 | + | (same as add, plus:) | |
| 75 | + | --add-extends <rule,...> Add inherited base rules | |
| 76 | + | --remove-extends <rule,...> Remove inherited base rules | |
| 77 | + | --remove-allow-ip <ip> Remove allow IP entry | |
| 78 | + | --remove-allow-port <entry> Remove allow port entry | |
| 79 | + | --remove-block-ip <ip> Remove block IP entry | |
| 80 | + | --remove-block-port <entry> Remove block port entry | |
| 81 | + | ||
| 82 | + | Options for show: | |
| 83 | + | --name <name> Rule name | |
| 84 | + | --resolved Show resolved/merged entries | |
| 85 | + | --no-peers Hide assigned peers | |
| 86 | + | ||
| 87 | + | Options for reapply: | |
| 88 | + | --name <name> Rule name | |
| 89 | + | --all Reapply all rules | |
| 90 | + | ||
| 91 | + | Examples: | |
| 92 | + | wgctl rule list | |
| 93 | + | wgctl rule list --detailed | |
| 94 | + | wgctl rule list --group "VM Rules" | |
| 95 | + | wgctl rule show --name guest | |
| 96 | + | wgctl rule show --name moonlight-02 --resolved | |
| 97 | + | wgctl rule add --name no-proxmox --base --block-service proxmox | |
| 98 | + | wgctl rule add --name dev-01 --desc "Dev access" --extends no-lan | |
| 99 | + | wgctl rule assign --name dev-01 --peer laptop-nuno | |
| 100 | + | wgctl rule reapply --all | |
| 101 | + | EOF | |
| 102 | + | } | |
Plus récent
Plus ancien