Ultima attività 1 month ago

gistfile1.txt Raw
1function cmd::identity::help() {
2 cat <<EOF
3Usage: wgctl identity <subcommand> [options]
4
5Manage peer identities.
6
7Subcommands:
8 list List all identities
9 show --name <name> Show identity details and device status
10 add --name <name> Manually attach a peer to an identity
11 --peer <peer>
12 remove --name <name> Remove identity and all associated peers
13 migrate [--dry-run] Create identities from existing peer names
14
15 rule assign --name <name> Assign a rule to an identity
16 --rule <rule>
17 rule unassign --name <name> Remove rule from an identity
18 rule show --name <name> Show current identity rule
19
20 options --name <name> Set identity options
21 [--policy <policy>]
22 [--set-strict-rule | --unset-strict-rule]
23 [--set-auto-apply | --unset-auto-apply]
24
25Examples:
26 wgctl identity list
27 wgctl identity show --name nuno
28 wgctl identity rule assign --name nuno --rule admin
29 wgctl identity rule unassign --name nuno
30 wgctl identity options --name guests-identity --policy guest
31 wgctl identity options --name nuno --set-strict-rule
32EOF
33}
34function cmd::rule::help() {
35 cat <<EOF
36Usage: wgctl rule <subcommand> [options]
37
38Manage firewall rules with inheritance support.
39Rules can extend base rules to compose reusable access policies.
40Service names from 'wgctl net' can be used instead of raw IPs/ports.
41
42Subcommands:
43 list, ls List all rules
44 show, inspect Show rule details and inheritance
45 add, new, create Create a new rule
46 update, edit Update a rule and re-apply to peers
47 remove, rm, del Remove a rule
48 assign Assign a rule to a peer
49 unassign Remove rule from a peer
50 reapply Re-apply rule to all assigned peers
51 migrate Apply default rules to unassigned peers
52
53Options for list:
54 --base Show only base rules
55 --no-base Hide base rules section
56 --group <name> Filter by group (case insensitive)
57 --detailed Show rule entries inline
58
59Options for add:
60 --name <name> Rule name
61 --desc <description> Description
62 --group <group> Display group (e.g. VM Rules, Users)
63 --extends <rule,...> Inherit from base rules (comma-separated)
64 --base Create as base rule (not directly assignable)
65 --allow-ip <ip/cidr> Allow IP or subnet (repeatable)
66 --allow-port <ip:port:proto> Allow specific port (repeatable)
67 --block-ip <ip/cidr> Block IP or subnet (repeatable)
68 --block-port <ip:port:proto> Block specific port (repeatable)
69 --block-service <name> Block named service (repeatable)
70 --allow-service <name> Allow named service (repeatable)
71 --dns-redirect Force DNS through Pi-hole
72
73Options for update:
74 (same as add, plus:)
75 --add-extends <rule,...> Add inherited base rules
76 --remove-extends <rule,...> Remove inherited base rules
77 --remove-allow-ip <ip> Remove allow IP entry
78 --remove-allow-port <entry> Remove allow port entry
79 --remove-block-ip <ip> Remove block IP entry
80 --remove-block-port <entry> Remove block port entry
81
82Options for show:
83 --name <name> Rule name
84 --resolved Show resolved/merged entries
85 --no-peers Hide assigned peers
86
87Options for reapply:
88 --name <name> Rule name
89 --all Reapply all rules
90
91Examples:
92 wgctl rule list
93 wgctl rule list --detailed
94 wgctl rule list --group "VM Rules"
95 wgctl rule show --name guest
96 wgctl rule show --name moonlight-02 --resolved
97 wgctl rule add --name no-proxmox --base --block-service proxmox
98 wgctl rule add --name dev-01 --desc "Dev access" --extends no-lan
99 wgctl rule assign --name dev-01 --peer laptop-nuno
100 wgctl rule reapply --all
101EOF
102}
103