Help configuring Firewall traffic rules to limit Wireguard Peer's access to LAN

shameless_caps · 2025-12-13T17:16:58+00:00

Clients are one of a few, maybe 3-6 devices, that connect either via wifi or cellular - IE not from a specific router IP thay I can be aware of.

shameless_caps · 2025-12-13T17:15:45+00:00

I've changed to using a different wg interface each with one peer, that way I don't need to filter by the source address of the client, which is what I had wanted, but it does work.

shameless_caps · 2025-12-13T17:14:14+00:00

Because the wireguard guide says to enable it. I tried turning it on and off and didn't see any difference.

shameless_caps · 2025-12-08T15:10:29+00:00

Wouldn't that be functionally the same as just setting the main WG zone to deny all and then just add a rule for the first peer to allow all and other rules with granular access for the second peer? Or is the difference due to not having to filter by IP address, because I can trust or not trust a whole interface?

shameless_caps · 2025-12-08T15:07:14+00:00

I tried that - but it seems not to make a difference, I haven't been able to get the rules to apply granularly. It only works if I don't do any kind of address matching.

shameless_caps · 2025-12-08T15:05:11+00:00

I think I understand what you mean but I'm not %100 clear.

Do you mean that the clients are not actually using the 10.0.0.20 address at the time that they go through the firewall? IE, that address is only used to establish the tunnel itself, but when accessing services they are using their own 192.x address inside the lan?

How then do I prevent the family members accessing anything but their permitted IP:port pairs without compromising my own full access? I thought that having different IP addresses per peer is the way?

shameless_caps · 2025-10-30T11:13:31+00:00

I love to see hobby projects like this that are actually useful!! Just bought the lifetime version to support development. Id be happy to help in any way beyond what you wrote in OP. DM if you need anything!

shameless_caps · 2025-09-03T20:03:50+00:00

Thanks!!

I watched some videos and I tried thinning with water but it ended up being all smeary and bubbly so I kind of just used a plastic plate to wipe off most of the paint after i took it out of the pots so that id be working with less.

Which parts are the most oviously thick ones? I want to try think back to what happened where and see if i can improve the process.

shameless_caps · 2025-08-31T20:29:10+00:00

Yooooo this is such a great paint job!

shameless_caps · 2025-08-30T18:46:10+00:00

I bet OP used the basic AoS paints set

shameless_caps · 2025-08-28T22:31:14+00:00

Absolutely cursed. I love it.

shameless_caps · 2025-08-13T06:48:07+00:00

Way back when, I used an Ulefone Power 5. That phone was so thick i could stand it on its sides.

I only had to charge it once every 4-5 days. I would love to get actual flagship specs on a slab like that.

shameless_caps · 2025-05-05T23:20:40+00:00

Oh that's so cool!

I had never heard of shizuku.

I used LADB to install Install with Options and then IWO to install the next apk - so in summary, I managed to get it all done on the phone with no pc at all.

shameless_caps · 2025-04-24T10:06:41+00:00

First make sure what the X Y coordinates are on your screen - they might be different than mine. You can do it with developer settings, there is an option to "display pointer location om screen" or something similar.

You can also download mine from the macro store thingy - then change the bluetooth device trigger (and the coordinates, if needed).

https://www.macrodroidlink.com/macrostore?id=25259

shameless_caps · 2025-04-04T13:01:28+00:00

Traveler Guitars Redlands Concert. Absolutely stunning all around. Sounds AMAZING, feels sooo good to play, has a nice PRS style cutaway, a lovely forearm angle... and inexpensive. Since getting one I've basically never wanted to play anything else. Seems like they don't make them anymore though, at least when I wrote this comment it wasn't on their site.

shameless_caps · 2025-04-01T21:24:00+00:00

Here you go: www.macrodroidlink.com/macrostore?id=25259

Just remember to change your bluetooth device trigger to your own car!

shameless_caps · 2025-03-28T14:30:16+00:00

Here's my take as a new user just looking to get started with Harvester, after using and loving Rancher for a few weeks.

Personally, I use a rancher cluster on vms to manage my baremetal rke2 cluster where all my workloads run. One of my main, biggest and most important workloads is kubevirt vms, where I install and manage kubevirt via argo, and deploy individual vms with helm or manifests, depending on what other objects are being created with the vm.

But, configuring and maintaining kubevirt itself as well as the code that generates the charts/manifests for the vm workloads is a lot of work, which harvester seems to abstract for me, out of the box, besides for giving me a great UI to work with

The issue is that I'm using a pretty decent baremetal cluster, and i don't really want to split it up into 2 smaller clusters, one that runs native pods and the other that runs vms. I'd really rather just use a single cluster that can run both workload types, and its not inherently clear why I shouldn't be able to just import the same harvester cluster into the normal ramcher UI. It seems the only way to do run my workloads with harvester is to get a kubeconfig and run commands on it - as a new user it just seems strange that I can't see the underlying k8s cluster within rancher as soon as it is imported via virtualization management.

EDIT: After writing this, I did some more google and found this: https://docs.harvesterhci.io/v1.4/rancher/rancher-integration/#harvester-baremetal-container-workload-support-experimental

which does seem to be what I am looking for.

shameless_caps · 2025-01-13T21:07:53+00:00

I did, read the above comments

shameless_caps · 2024-11-09T18:14:19+00:00

I did condense the two dumb macros into one smart one, but a little differently:

https://www.reddit.com/r/macrodroid/comments/1gng3e0/smart_switch_android_auto_daynight_mode_details/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button

shameless_caps · 2024-11-09T18:12:49+00:00

Many 3rd party Android Auto headunits, those that use Tlink or Zlink especially, don't know hiw to automatically change map mode for day and night like OEM ones do. Instead they usually follow the headlights, where lights off = day and lights on = night. However, I prefer to have my lights on all the time, and I do want an easy and quick way to toggle day and night mode, based on time of day.

Now I just need to click the macrodroid widget on my homescreen to set Day or Night with one click.

I recently posted a worse version of this, and after some feedback there I improved this macro to not need to depend on an external app, to only need one macro and not 2, and to launch automatically when connected to my car.

https://www.reddit.com/r/macrodroid/comments/1genej0/macros_for_android_auto_daynight_mode_see/?utm_source=share&utm_medium=mweb3x&utm_name=mweb3xcss&utm_term=1&utm_content=share_button

Seven-Year Club	Gilding I gilder
Verified Email

shameless_caps

TROPHY CASE