From 8fbdb6aa8c257e5d41e24f359ff8f81d2e243d67 Mon Sep 17 00:00:00 2001 From: Tobias Leuschner Date: Sat, 9 May 2026 12:22:43 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20Hotspot-Routing-Regeln=20f=C3=BCr=20Wir?= =?UTF-8?q?eGuard=20hinzugef=C3=BCgt=20und=20entfernt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/app.py b/app.py index d9338e5..5e5f188 100644 --- a/app.py +++ b/app.py @@ -327,6 +327,27 @@ def wg_update_state(): error=None, has_config=has_conf) +_AP_SUBNET = '10.42.0.0/24' # NetworkManager Hotspot-Standard + + +def _wg_add_hotspot_routes(): + """Hotspot-Subnet vom WireGuard-Tunnel ausschließen (höhere Priorität als wg-quick-Regeln).""" + subprocess.run(['ip', 'rule', 'add', 'from', _AP_SUBNET, + 'table', 'main', 'priority', '100'], capture_output=True) + subprocess.run(['ip', 'rule', 'add', 'to', _AP_SUBNET, + 'table', 'main', 'priority', '101'], capture_output=True) + log.info('Hotspot-Routing-Regeln gesetzt (Prio 100/101)') + + +def _wg_remove_hotspot_routes(): + """Hotspot-Routing-Regeln wieder entfernen.""" + subprocess.run(['ip', 'rule', 'del', 'from', _AP_SUBNET, + 'table', 'main', 'priority', '100'], capture_output=True) + subprocess.run(['ip', 'rule', 'del', 'to', _AP_SUBNET, + 'table', 'main', 'priority', '101'], capture_output=True) + log.info('Hotspot-Routing-Regeln entfernt') + + def wg_connect(): if not WG_CONF.exists(): with wg_lock: @@ -336,6 +357,7 @@ def wg_connect(): capture_output=True, text=True, timeout=30) if r.returncode == 0: time.sleep(1) + _wg_add_hotspot_routes() wg_update_state() log.info('WireGuard verbunden') return True @@ -352,6 +374,7 @@ def wg_connect(): def wg_disconnect(): + _wg_remove_hotspot_routes() r = subprocess.run(['wg-quick', 'down', WG_IFACE], capture_output=True, text=True, timeout=15) with wg_lock: