gistfile1.txt
· 3.9 KiB · Text
原始文件
function cmd::identity::help() {
cat <<EOF
Usage: wgctl identity <subcommand> [options]
Manage peer identities.
Subcommands:
list List all identities
show --name <name> Show identity details and device status
add --name <name> Manually attach a peer to an identity
--peer <peer>
remove --name <name> Remove identity and all associated peers
migrate [--dry-run] Create identities from existing peer names
rule assign --name <name> Assign a rule to an identity
--rule <rule>
rule unassign --name <name> Remove rule from an identity
rule show --name <name> Show current identity rule
options --name <name> Set identity options
[--policy <policy>]
[--set-strict-rule | --unset-strict-rule]
[--set-auto-apply | --unset-auto-apply]
Examples:
wgctl identity list
wgctl identity show --name nuno
wgctl identity rule assign --name nuno --rule admin
wgctl identity rule unassign --name nuno
wgctl identity options --name guests-identity --policy guest
wgctl identity options --name nuno --set-strict-rule
EOF
}
function cmd::rule::help() {
cat <<EOF
Usage: wgctl rule <subcommand> [options]
Manage firewall rules with inheritance support.
Rules can extend base rules to compose reusable access policies.
Service names from 'wgctl net' can be used instead of raw IPs/ports.
Subcommands:
list, ls List all rules
show, inspect Show rule details and inheritance
add, new, create Create a new rule
update, edit Update a rule and re-apply to peers
remove, rm, del Remove a rule
assign Assign a rule to a peer
unassign Remove rule from a peer
reapply Re-apply rule to all assigned peers
migrate Apply default rules to unassigned peers
Options for list:
--base Show only base rules
--no-base Hide base rules section
--group <name> Filter by group (case insensitive)
--detailed Show rule entries inline
Options for add:
--name <name> Rule name
--desc <description> Description
--group <group> Display group (e.g. VM Rules, Users)
--extends <rule,...> Inherit from base rules (comma-separated)
--base Create as base rule (not directly assignable)
--allow-ip <ip/cidr> Allow IP or subnet (repeatable)
--allow-port <ip:port:proto> Allow specific port (repeatable)
--block-ip <ip/cidr> Block IP or subnet (repeatable)
--block-port <ip:port:proto> Block specific port (repeatable)
--block-service <name> Block named service (repeatable)
--allow-service <name> Allow named service (repeatable)
--dns-redirect Force DNS through Pi-hole
Options for update:
(same as add, plus:)
--add-extends <rule,...> Add inherited base rules
--remove-extends <rule,...> Remove inherited base rules
--remove-allow-ip <ip> Remove allow IP entry
--remove-allow-port <entry> Remove allow port entry
--remove-block-ip <ip> Remove block IP entry
--remove-block-port <entry> Remove block port entry
Options for show:
--name <name> Rule name
--resolved Show resolved/merged entries
--no-peers Hide assigned peers
Options for reapply:
--name <name> Rule name
--all Reapply all rules
Examples:
wgctl rule list
wgctl rule list --detailed
wgctl rule list --group "VM Rules"
wgctl rule show --name guest
wgctl rule show --name moonlight-02 --resolved
wgctl rule add --name no-proxmox --base --block-service proxmox
wgctl rule add --name dev-01 --desc "Dev access" --extends no-lan
wgctl rule assign --name dev-01 --peer laptop-nuno
wgctl rule reapply --all
EOF
}
| 1 | function cmd::identity::help() { |
| 2 | cat <<EOF |
| 3 | Usage: wgctl identity <subcommand> [options] |
| 4 | |
| 5 | Manage peer identities. |
| 6 | |
| 7 | Subcommands: |
| 8 | list List all identities |
| 9 | show --name <name> Show identity details and device status |
| 10 | add --name <name> Manually attach a peer to an identity |
| 11 | --peer <peer> |
| 12 | remove --name <name> Remove identity and all associated peers |
| 13 | migrate [--dry-run] Create identities from existing peer names |
| 14 | |
| 15 | rule assign --name <name> Assign a rule to an identity |
| 16 | --rule <rule> |
| 17 | rule unassign --name <name> Remove rule from an identity |
| 18 | rule show --name <name> Show current identity rule |
| 19 | |
| 20 | options --name <name> Set identity options |
| 21 | [--policy <policy>] |
| 22 | [--set-strict-rule | --unset-strict-rule] |
| 23 | [--set-auto-apply | --unset-auto-apply] |
| 24 | |
| 25 | Examples: |
| 26 | wgctl identity list |
| 27 | wgctl identity show --name nuno |
| 28 | wgctl identity rule assign --name nuno --rule admin |
| 29 | wgctl identity rule unassign --name nuno |
| 30 | wgctl identity options --name guests-identity --policy guest |
| 31 | wgctl identity options --name nuno --set-strict-rule |
| 32 | EOF |
| 33 | } |
| 34 | function cmd::rule::help() { |
| 35 | cat <<EOF |
| 36 | Usage: wgctl rule <subcommand> [options] |
| 37 | |
| 38 | Manage firewall rules with inheritance support. |
| 39 | Rules can extend base rules to compose reusable access policies. |
| 40 | Service names from 'wgctl net' can be used instead of raw IPs/ports. |
| 41 | |
| 42 | Subcommands: |
| 43 | list, ls List all rules |
| 44 | show, inspect Show rule details and inheritance |
| 45 | add, new, create Create a new rule |
| 46 | update, edit Update a rule and re-apply to peers |
| 47 | remove, rm, del Remove a rule |
| 48 | assign Assign a rule to a peer |
| 49 | unassign Remove rule from a peer |
| 50 | reapply Re-apply rule to all assigned peers |
| 51 | migrate Apply default rules to unassigned peers |
| 52 | |
| 53 | Options for list: |
| 54 | --base Show only base rules |
| 55 | --no-base Hide base rules section |
| 56 | --group <name> Filter by group (case insensitive) |
| 57 | --detailed Show rule entries inline |
| 58 | |
| 59 | Options for add: |
| 60 | --name <name> Rule name |
| 61 | --desc <description> Description |
| 62 | --group <group> Display group (e.g. VM Rules, Users) |
| 63 | --extends <rule,...> Inherit from base rules (comma-separated) |
| 64 | --base Create as base rule (not directly assignable) |
| 65 | --allow-ip <ip/cidr> Allow IP or subnet (repeatable) |
| 66 | --allow-port <ip:port:proto> Allow specific port (repeatable) |
| 67 | --block-ip <ip/cidr> Block IP or subnet (repeatable) |
| 68 | --block-port <ip:port:proto> Block specific port (repeatable) |
| 69 | --block-service <name> Block named service (repeatable) |
| 70 | --allow-service <name> Allow named service (repeatable) |
| 71 | --dns-redirect Force DNS through Pi-hole |
| 72 | |
| 73 | Options for update: |
| 74 | (same as add, plus:) |
| 75 | --add-extends <rule,...> Add inherited base rules |
| 76 | --remove-extends <rule,...> Remove inherited base rules |
| 77 | --remove-allow-ip <ip> Remove allow IP entry |
| 78 | --remove-allow-port <entry> Remove allow port entry |
| 79 | --remove-block-ip <ip> Remove block IP entry |
| 80 | --remove-block-port <entry> Remove block port entry |
| 81 | |
| 82 | Options for show: |
| 83 | --name <name> Rule name |
| 84 | --resolved Show resolved/merged entries |
| 85 | --no-peers Hide assigned peers |
| 86 | |
| 87 | Options for reapply: |
| 88 | --name <name> Rule name |
| 89 | --all Reapply all rules |
| 90 | |
| 91 | Examples: |
| 92 | wgctl rule list |
| 93 | wgctl rule list --detailed |
| 94 | wgctl rule list --group "VM Rules" |
| 95 | wgctl rule show --name guest |
| 96 | wgctl rule show --name moonlight-02 --resolved |
| 97 | wgctl rule add --name no-proxmox --base --block-service proxmox |
| 98 | wgctl rule add --name dev-01 --desc "Dev access" --extends no-lan |
| 99 | wgctl rule assign --name dev-01 --peer laptop-nuno |
| 100 | wgctl rule reapply --all |
| 101 | EOF |
| 102 | } |
| 103 |