最終更新 1 month ago

nuno revised this gist 1 month ago. Go to revision

1 file changed, 102 insertions

gistfile1.txt(file created)

@@ -0,0 +1,102 @@
1 + function cmd::identity::help() {
2 + cat <<EOF
3 + Usage: wgctl identity <subcommand> [options]
4 +
5 + Manage peer identities.
6 +
7 + Subcommands:
8 + list List all identities
9 + show --name <name> Show identity details and device status
10 + add --name <name> Manually attach a peer to an identity
11 + --peer <peer>
12 + remove --name <name> Remove identity and all associated peers
13 + migrate [--dry-run] Create identities from existing peer names
14 +
15 + rule assign --name <name> Assign a rule to an identity
16 + --rule <rule>
17 + rule unassign --name <name> Remove rule from an identity
18 + rule show --name <name> Show current identity rule
19 +
20 + options --name <name> Set identity options
21 + [--policy <policy>]
22 + [--set-strict-rule | --unset-strict-rule]
23 + [--set-auto-apply | --unset-auto-apply]
24 +
25 + Examples:
26 + wgctl identity list
27 + wgctl identity show --name nuno
28 + wgctl identity rule assign --name nuno --rule admin
29 + wgctl identity rule unassign --name nuno
30 + wgctl identity options --name guests-identity --policy guest
31 + wgctl identity options --name nuno --set-strict-rule
32 + EOF
33 + }
34 + function cmd::rule::help() {
35 + cat <<EOF
36 + Usage: wgctl rule <subcommand> [options]
37 +
38 + Manage firewall rules with inheritance support.
39 + Rules can extend base rules to compose reusable access policies.
40 + Service names from 'wgctl net' can be used instead of raw IPs/ports.
41 +
42 + Subcommands:
43 + list, ls List all rules
44 + show, inspect Show rule details and inheritance
45 + add, new, create Create a new rule
46 + update, edit Update a rule and re-apply to peers
47 + remove, rm, del Remove a rule
48 + assign Assign a rule to a peer
49 + unassign Remove rule from a peer
50 + reapply Re-apply rule to all assigned peers
51 + migrate Apply default rules to unassigned peers
52 +
53 + Options for list:
54 + --base Show only base rules
55 + --no-base Hide base rules section
56 + --group <name> Filter by group (case insensitive)
57 + --detailed Show rule entries inline
58 +
59 + Options for add:
60 + --name <name> Rule name
61 + --desc <description> Description
62 + --group <group> Display group (e.g. VM Rules, Users)
63 + --extends <rule,...> Inherit from base rules (comma-separated)
64 + --base Create as base rule (not directly assignable)
65 + --allow-ip <ip/cidr> Allow IP or subnet (repeatable)
66 + --allow-port <ip:port:proto> Allow specific port (repeatable)
67 + --block-ip <ip/cidr> Block IP or subnet (repeatable)
68 + --block-port <ip:port:proto> Block specific port (repeatable)
69 + --block-service <name> Block named service (repeatable)
70 + --allow-service <name> Allow named service (repeatable)
71 + --dns-redirect Force DNS through Pi-hole
72 +
73 + Options for update:
74 + (same as add, plus:)
75 + --add-extends <rule,...> Add inherited base rules
76 + --remove-extends <rule,...> Remove inherited base rules
77 + --remove-allow-ip <ip> Remove allow IP entry
78 + --remove-allow-port <entry> Remove allow port entry
79 + --remove-block-ip <ip> Remove block IP entry
80 + --remove-block-port <entry> Remove block port entry
81 +
82 + Options for show:
83 + --name <name> Rule name
84 + --resolved Show resolved/merged entries
85 + --no-peers Hide assigned peers
86 +
87 + Options for reapply:
88 + --name <name> Rule name
89 + --all Reapply all rules
90 +
91 + Examples:
92 + wgctl rule list
93 + wgctl rule list --detailed
94 + wgctl rule list --group "VM Rules"
95 + wgctl rule show --name guest
96 + wgctl rule show --name moonlight-02 --resolved
97 + wgctl rule add --name no-proxmox --base --block-service proxmox
98 + wgctl rule add --name dev-01 --desc "Dev access" --extends no-lan
99 + wgctl rule assign --name dev-01 --peer laptop-nuno
100 + wgctl rule reapply --all
101 + EOF
102 + }
Newer Older