Skip to content

Support different ipv6 network device in network-tunnel-manager.sh #6255

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: feat/operators/ntm-upgrades
Choose a base branch
from
+105 −68
Open

Support different ipv6 network device in network-tunnel-manager.sh #6255

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
1ed0de7
Support different ipv6 network device in network-tunnel-manager.sh
heri16 Nov 29, 2025
86f1307
Fine tune network-tunnel-manager.sh
heri16 Dec 1, 2025
865707b
Change env variable `NET4_DEVICE` to `IPV4_UPLINK_DEV`
heri16 Dec 2, 2025
f80a464
Add `uplink_dev_v4` and `uplink_dev_v6` flag to nym-node-cli.py
heri16 Dec 2, 2025
ca44c49
Add `--uplink-dev-v4` and `--uplink-dev-v6` flag to nym-node-cli
heri16 Dec 2, 2025
46eead6
Use `IPV4_UPLINK_DEV` and `IPV6_UPLINK_DEV` env variables in quic_bri…
heri16 Dec 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions documentation/docs/components/outputs/command-outputs/nym-node-cli-install-help.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ usage: nym-node-cli install [-h] [-V] [-d BRANCH] [-v]
[--description DESCRIPTION]
[--public-ip PUBLIC_IP]
[--nym-node-binary NYM_NODE_BINARY]
[--uplink-dev UPLINK_DEV] [--env KEY=VALUE]
[--uplink-dev-v4 IPV4_UPLINK_DEV]
[--uplink-dev-v6 IPV6_UPLINK_DEV] [--env KEY=VALUE]

options:
-h, --help show this help message and exit
Expand All @@ -30,8 +31,11 @@ options:
External IPv4 address (autodetected if omitted)
--nym-node-binary NYM_NODE_BINARY
URL for nym-node binary (autodetected if omitted)
--uplink-dev UPLINK_DEV
Override uplink interface used for NAT/FORWARD (e.g.,
--uplink-dev-v4 IPV4_UPLINK_DEV
Override ipv4 uplink interface used for NAT/FORWARD (e.g.,
'eth0'; autodetected if omitted)
--uplink-dev-v6 IPV6_UPLINK_DEV
Override ipv6 uplink interface used for NAT/FORWARD (e.g.,
'eth0.1'; autodetected if omitted)
--env KEY=VALUE (Optional) Extra ENV VARS, e.g. --env CUSTOM_KEY=value
```
122 changes: 69 additions & 53 deletions scripts/nym-node-setup/network-tunnel-manager.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,10 +89,12 @@ WG_INTERFACE="${WG_INTERFACE:-nymwg}"

# Function to detect and validate uplink interface
detect_uplink_interface() {
local cmd="$1"
local host="$2"
local ip
local dev

dev="$(eval "$cmd" 2>/dev/null | awk '{print $5}' | head -n1 || true)"
ip="$(getent ahosts${1//-/v} "$host" 2>/dev/null | awk '$2=="STREAM" {print $1}' | head -n1 || true)"
dev="$(ip $1 -o route get "$ip" 2>/dev/null | awk '{print $5}' || true)"

if [[ -n "$dev" && "$dev" =~ ^[a-zA-Z0-9._-]+$ ]]; then
echo "$dev"
Expand All @@ -102,15 +104,20 @@ detect_uplink_interface() {
}

# uplink device detection, can be overridden
NETWORK_DEVICE="${NETWORK_DEVICE:-}"
if [[ -z "$NETWORK_DEVICE" ]]; then
NETWORK_DEVICE="$(detect_uplink_interface "ip -o route show default")"
IPV4_UPLINK_DEV="${IPV4_UPLINK_DEV:-}"
if [[ -z "$IPV4_UPLINK_DEV" ]]; then
IPV4_UPLINK_DEV="$(detect_uplink_interface -4 "ifconfig.co")"
fi
if [[ -z "$NETWORK_DEVICE" ]]; then
NETWORK_DEVICE="$(detect_uplink_interface "ip -o route show default table all")"
if [[ -z "$IPV4_UPLINK_DEV" ]]; then
error "cannot determine ipv4 uplink interface. set IPV4_UPLINK_DEV"
exit 1
fi
IPV6_UPLINK_DEV="${IPV6_UPLINK_DEV:-}"
if [[ -z "$IPV6_UPLINK_DEV" ]]; then
IPV6_UPLINK_DEV="$(detect_uplink_interface -6 "ifconfig.co")"
fi
if [[ -z "$NETWORK_DEVICE" ]]; then
error "cannot determine uplink interface. set NETWORK_DEVICE or UPLINK_DEV"
if [[ -z "$IPV6_UPLINK_DEV" ]]; then
error "cannot determine ipv6 uplink interface. set IPV6_UPLINK_DEV"
exit 1
fi

Expand Down Expand Up @@ -194,11 +201,11 @@ fetch_ipv6_address() {

fetch_and_display_ipv6() {
local ipv6_address
ipv6_address=$(ip -6 addr show "$NETWORK_DEVICE" scope global | awk '/inet6/ {print $2}')
ipv6_address=$(ip -6 addr show "$IPV6_UPLINK_DEV" scope global | awk '/inet6/ {print $2}')
if [[ -z "$ipv6_address" ]]; then
error "no global ipv6 address found on $NETWORK_DEVICE"
error "no global ipv6 address found on $IPV6_UPLINK_DEV"
else
ok "ipv6 address on $NETWORK_DEVICE: $ipv6_address"
ok "ipv6 address on $IPV6_UPLINK_DEV: $ipv6_address"
fi
}

Expand Down Expand Up @@ -343,28 +350,31 @@ remove_duplicate_rules() {

apply_iptables_rules() {
local interface=$1
info "applying iptables rules for $interface using uplink $NETWORK_DEVICE"
info "applying iptables rules for $interface using uplink $IPV4_UPLINK_DEV"
sleep 1

# ipv4 nat and forwarding
iptables -t nat -C POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE 2>/dev/null || \
iptables -t nat -A POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE
iptables -t nat -C POSTROUTING -o "$IPV4_UPLINK_DEV" -j MASQUERADE 2>/dev/null || \
iptables -t nat -A POSTROUTING -o "$IPV4_UPLINK_DEV" -j MASQUERADE

iptables -C FORWARD -i "$interface" -o "$NETWORK_DEVICE" -j ACCEPT 2>/dev/null || \
iptables -I FORWARD 1 -i "$interface" -o "$NETWORK_DEVICE" -j ACCEPT
iptables -C FORWARD -i "$interface" -o "$IPV4_UPLINK_DEV" -j ACCEPT 2>/dev/null || \
iptables -I FORWARD 1 -i "$interface" -o "$IPV4_UPLINK_DEV" -j ACCEPT

iptables -C FORWARD -i "$NETWORK_DEVICE" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
iptables -I FORWARD 2 -i "$NETWORK_DEVICE" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -C FORWARD -i "$IPV4_UPLINK_DEV" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
iptables -I FORWARD 2 -i "$IPV4_UPLINK_DEV" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT

info "applying ip6tables rules for $interface using uplink $IPV6_UPLINK_DEV"
sleep 1

# ipv6 nat and forwarding
ip6tables -t nat -C POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE 2>/dev/null || \
ip6tables -t nat -A POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE
ip6tables -t nat -C POSTROUTING -o "$IPV6_UPLINK_DEV" -j MASQUERADE 2>/dev/null || \
ip6tables -t nat -A POSTROUTING -o "$IPV6_UPLINK_DEV" -j MASQUERADE

ip6tables -C FORWARD -i "$interface" -o "$NETWORK_DEVICE" -j ACCEPT 2>/dev/null || \
ip6tables -I FORWARD 1 -i "$interface" -o "$NETWORK_DEVICE" -j ACCEPT
ip6tables -C FORWARD -i "$interface" -o "$IPV6_UPLINK_DEV" -j ACCEPT 2>/dev/null || \
ip6tables -I FORWARD 1 -i "$interface" -o "$IPV6_UPLINK_DEV" -j ACCEPT

ip6tables -C FORWARD -i "$NETWORK_DEVICE" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
ip6tables -I FORWARD 2 -i "$NETWORK_DEVICE" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT
ip6tables -C FORWARD -i "$IPV6_UPLINK_DEV" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
ip6tables -I FORWARD 2 -i "$IPV6_UPLINK_DEV" -o "$interface" -m state --state RELATED,ESTABLISHED -j ACCEPT

save_iptables_rules
}
Expand Down Expand Up @@ -539,37 +549,40 @@ create_nym_chain() {
ip6tables -N "$NYM_CHAIN"
fi

if ! iptables -C FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN" 2>/dev/null; then
iptables -I FORWARD 1 -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN"
if ! iptables -C FORWARD -i "$WG_INTERFACE" -o "$IPV4_UPLINK_DEV" -j "$NYM_CHAIN" 2>/dev/null; then
iptables -I FORWARD 1 -i "$WG_INTERFACE" -o "$IPV4_UPLINK_DEV" -j "$NYM_CHAIN"
fi

if ! ip6tables -C FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN" 2>/dev/null; then
ip6tables -I FORWARD 1 -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN"
if ! ip6tables -C FORWARD -i "$WG_INTERFACE" -o "$IPV6_UPLINK_DEV" -j "$NYM_CHAIN" 2>/dev/null; then
ip6tables -I FORWARD 1 -i "$WG_INTERFACE" -o "$IPV6_UPLINK_DEV" -j "$NYM_CHAIN"
fi
}

setup_nat_rules() {
info "setting up nat and forwarding rules for $WG_INTERFACE via $NETWORK_DEVICE"
info "setting up ipv4 nat and forwarding rules for $WG_INTERFACE via $IPV4_UPLINK_DEV"

if ! iptables -t nat -C POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE 2>/dev/null; then
iptables -t nat -A POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE
fi
if ! ip6tables -t nat -C POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE 2>/dev/null; then
ip6tables -t nat -A POSTROUTING -o "$NETWORK_DEVICE" -j MASQUERADE
if ! iptables -t nat -C POSTROUTING -o "$IPV4_UPLINK_DEV" -j MASQUERADE 2>/dev/null; then
iptables -t nat -A POSTROUTING -o "$IPV4_UPLINK_DEV" -j MASQUERADE
fi

if ! iptables -C FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j ACCEPT 2>/dev/null; then
iptables -I FORWARD 1 -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j ACCEPT
if ! iptables -C FORWARD -i "$WG_INTERFACE" -o "$IPV4_UPLINK_DEV" -j ACCEPT 2>/dev/null; then
iptables -I FORWARD 1 -i "$WG_INTERFACE" -o "$IPV4_UPLINK_DEV" -j ACCEPT
fi
if ! iptables -C FORWARD -i "$IPV4_UPLINK_DEV" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null; then
iptables -I FORWARD 2 -i "$IPV4_UPLINK_DEV" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT
fi
if ! iptables -C FORWARD -i "$NETWORK_DEVICE" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null; then
iptables -I FORWARD 2 -i "$NETWORK_DEVICE" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT

info "setting up ipv6 nat and forwarding rules for $WG_INTERFACE via $IPV6_UPLINK_DEV"

if ! ip6tables -t nat -C POSTROUTING -o "$IPV6_UPLINK_DEV" -j MASQUERADE 2>/dev/null; then
ip6tables -t nat -A POSTROUTING -o "$IPV6_UPLINK_DEV" -j MASQUERADE
fi

if ! ip6tables -C FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j ACCEPT 2>/dev/null; then
ip6tables -I FORWARD 1 -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j ACCEPT
if ! ip6tables -C FORWARD -i "$WG_INTERFACE" -o "$IPV6_UPLINK_DEV" -j ACCEPT 2>/dev/null; then
ip6tables -I FORWARD 1 -i "$WG_INTERFACE" -o "$IPV6_UPLINK_DEV" -j ACCEPT
fi
if ! ip6tables -C FORWARD -i "$NETWORK_DEVICE" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null; then
ip6tables -I FORWARD 2 -i "$NETWORK_DEVICE" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT
if ! ip6tables -C FORWARD -i "$IPV6_UPLINK_DEV" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null; then
ip6tables -I FORWARD 2 -i "$IPV6_UPLINK_DEV" -o "$WG_INTERFACE" -m state --state RELATED,ESTABLISHED -j ACCEPT
fi
}

Expand Down Expand Up @@ -772,16 +785,17 @@ clear_exit_policy_rules() {
iptables -F "$NYM_CHAIN" 2>/dev/null || true
ip6tables -F "$NYM_CHAIN" 2>/dev/null || true

iptables -D FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN" 2>/dev/null || true
ip6tables -D FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN" 2>/dev/null || true
iptables -D FORWARD -i "$WG_INTERFACE" -o "$IPV4_UPLINK_DEV" -j "$NYM_CHAIN" 2>/dev/null || true
ip6tables -D FORWARD -i "$WG_INTERFACE" -o "$IPV6_UPLINK_DEV" -j "$NYM_CHAIN" 2>/dev/null || true

iptables -X "$NYM_CHAIN" 2>/dev/null || true
ip6tables -X "$NYM_CHAIN" 2>/dev/null || true
}

show_exit_policy_status() {
info "nym exit policy status"
info "network device: $NETWORK_DEVICE"
info "ipv4 uplink device: $IPV4_UPLINK_DEV"
info "ipv6 uplink device: $IPV6_UPLINK_DEV"
info "wireguard interface: $WG_INTERFACE"
echo

Expand Down Expand Up @@ -1063,15 +1077,15 @@ test_forward_chain_hook() {

local failures=0

if iptables -C FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN" 2>/dev/null; then
ok "ipv4 forward hook ok: -i $WG_INTERFACE -o $NETWORK_DEVICE -> $NYM_CHAIN"
if iptables -C FORWARD -i "$WG_INTERFACE" -o "$IPV4_UPLINK_DEV" -j "$NYM_CHAIN" 2>/dev/null; then
ok "ipv4 forward hook ok: -i $WG_INTERFACE -o $IPV4_UPLINK_DEV -> $NYM_CHAIN"
else
error "ipv4 forward hook missing or wrong"
((failures++))
fi

if ip6tables -C FORWARD -i "$WG_INTERFACE" -o "$NETWORK_DEVICE" -j "$NYM_CHAIN" 2>/dev/null; then
ok "ipv6 forward hook ok: -i $WG_INTERFACE -o $NETWORK_DEVICE -> $NYM_CHAIN"
if ip6tables -C FORWARD -i "$WG_INTERFACE" -o "$IPV6_UPLINK_DEV" -j "$NYM_CHAIN" 2>/dev/null; then
ok "ipv6 forward hook ok: -i $WG_INTERFACE -o $IPV6_UPLINK_DEV -> $NYM_CHAIN"
else
error "ipv6 forward hook missing or wrong"
((failures++))
Expand Down Expand Up @@ -1167,7 +1181,8 @@ nym_tunnel_setup() {
}

exit_policy_install() {
info "installing nym wireguard exit policy for ${WG_INTERFACE} via ${NETWORK_DEVICE}"
info "installing nym wireguard ipv4 exit policy for ${WG_INTERFACE} via ${IPV4_UPLINK_DEV}"
info "installing nym wireguard ipv6 exit policy for ${WG_INTERFACE} via ${IPV6_UPLINK_DEV}"
exit_policy_install_deps
adjust_ip_forwarding
create_nym_chain
Expand Down Expand Up @@ -1309,7 +1324,7 @@ tunnel and nat helpers:
check_nym_wg_tun Inspect forward chain for ${WG_INTERFACE}
check_nymtun_iptables Inspect forward chain for ${TUNNEL_INTERFACE}
configure_dns_and_icmp_wg Allow ping and dns ports on this host
fetch_and_display_ipv6 Show ipv6 on uplink ${NETWORK_DEVICE}
fetch_and_display_ipv6 Show ipv6 on uplink ${IPV6_UPLINK_DEV}
fetch_ipv6_address_nym_tun Show global ipv6 address on ${TUNNEL_INTERFACE}
joke_through_the_mixnet Test via ${TUNNEL_INTERFACE} with joke
joke_through_wg_tunnel Test via ${WG_INTERFACE} with joke
Expand All @@ -1326,7 +1341,8 @@ exit policy manager:
Run verification tests on exit policy (options: --skip-default-reject).

environment overrides:
NETWORK_DEVICE Auto-detected uplink (e.g., eth0). Set manually if detection fails.
IPV4_UPLINK_DEV Auto-detected ipv4 uplink (e.g., eth0). Set manually if detection fails.
IPV6_UPLINK_DEV Auto-detected ipv6 uplink (e.g., eth0). Set manually if detection fails.
TUNNEL_INTERFACE Default: nymtun0. Requires root privileges (sudo) to manage.
WG_INTERFACE Default: nymwg - Must match your WireGuard interface name.

Expand Down
10 changes: 6 additions & 4 deletions scripts/nym-node-setup/nym-node-cli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -573,9 +573,10 @@ def run_node_installation(self,args):
"""Main function called by argparser command install running full node install flow"""
self.ensure_env_values(args)
# Pass uplink override to all helper scripts if provided
if getattr(args, "uplink_dev", None):
os.environ["UPLINK_DEV"] = args.uplink_dev
os.environ["NETWORK_DEVICE"] = args.uplink_dev
if getattr(args, "uplink_dev_v4", None):
os.environ["IPV4_UPLINK_DEV"] = args.uplink_dev_v4
if getattr(args, "uplink_dev_v6", None):
os.environ["IPV6_UPLINK_DEV"] = args.uplink_dev_v6
self.run_script(self.prereqs_install_sh)
self.run_script(self.node_install_sh)
self.run_script(self.service_config_sh)
Expand Down Expand Up @@ -640,7 +641,8 @@ def parser_main(self):
install_parser.add_argument("--description", help="Short public description of the node")
install_parser.add_argument("--public-ip", help="External IPv4 address (autodetected if omitted)")
install_parser.add_argument("--nym-node-binary", help="URL for nym-node binary (autodetected if omitted)")
install_parser.add_argument("--uplink-dev", help="Override uplink interface used for NAT/FORWARD (e.g., 'eth0'; autodetected if omitted)")
install_parser.add_argument("--uplink-dev-v4", help="Override ipv4 uplink interface used for NAT/FORWARD (e.g., 'eth0'; autodetected if omitted)")
install_parser.add_argument("--uplink-dev-v6", help="Override ipv6 uplink interface used for NAT/FORWARD (e.g., 'eth0.1'; autodetected if omitted)")

# generic fallback
install_parser.add_argument(
Expand Down
31 changes: 23 additions & 8 deletions scripts/nym-node-setup/quic_bridge_deployment.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,16 +60,27 @@ NYM_ETC_BRIDGES="$NYM_ETC_DIR/bridges.toml"
NYM_ETC_CLIENT_PARAMS_DEFAULT="$NYM_ETC_DIR/client_bridge_params.json"
SERVICE_FILE="/etc/systemd/system/nym-bridge.service"

NET_DEV="${UPLINK_DEV:-}"
if [[ -z "$NET_DEV" ]]; then
NET_DEV="$(ip -o route show default 2>/dev/null | awk '{print $5}' | head -n1)"
[[ -z "$NET_DEV" ]] && NET_DEV="$(ip -o route show default table all 2>/dev/null | awk '{print $5}' | head -n1)"
NET4_DEV="${IPV4_UPLINK_DEV:-}"
if [[ -z "$NET4_DEV" ]]; then
NET4_DEV="$(ip -o route show default 2>/dev/null | awk '{print $5}' | head -n1)"
[[ -z "$NET4_DEV" ]] && NET4_DEV="$(ip -4 -o route get "$(getent ahostsv4 "ifconfig.co" | awk '$2=="STREAM" {print $1}' | head -n1)" 2>/dev/null | awk '{print $5}')"
fi
if [[ -z "$NET_DEV" ]]; then
echo -e "${RED}Cannot determine uplink interface. Set UPLINK_DEV.${RESET}" | tee -a "$LOG_FILE"
if [[ -z "$NET4_DEV" ]]; then
echo -e "${RED}Cannot determine uplink interface. Set IPV4_UPLINK_DEV.${RESET}" | tee -a "$LOG_FILE"
exit 1
fi
echo "Using uplink device: $NET_DEV"
echo "Using ipv4 uplink device: $NET4_DEV"

NET6_DEV="${IPV6_UPLINK_DEV:-}"
if [[ -z "$NET6_DEV" ]]; then
NET6_DEV="$(ip -o route show default 2>/dev/null | awk '{print $5}' | head -n1)"
[[ -z "$NET6_DEV" ]] && NET6_DEV="$(ip -6 -o route get "$(getent ahostsv6 "ifconfig.co" | awk '$2=="STREAM" {print $1}' | head -n1)" 2>/dev/null | awk '{print $5}')"
fi
if [[ -z "$NET6_DEV" ]]; then
echo -e "${RED}Cannot determine uplink interface. Set IPV6_UPLINK_DEV.${RESET}" | tee -a "$LOG_FILE"
exit 1
fi
echo "Using ipv6 uplink device: $NET6_DEV"

WG_IFACE="nymwg"

Expand Down Expand Up @@ -454,7 +465,7 @@ EOF
apply_bridge_iptables_rules() {
title "Checking iptables rules for bridge routing"

echo "Inspecting current iptables state for interface ${WG_IFACE} and uplink ${NET_DEV}."
echo "Inspecting current iptables state for interface ${WG_IFACE} and uplink ${NET4_DEV}."
echo

echo "IPv4 FORWARD:"
Expand All @@ -463,6 +474,10 @@ apply_bridge_iptables_rules() {
echo "IPv4 NAT POSTROUTING:"
iptables -t nat -L POSTROUTING -n -v 2>/dev/null | sed -n '1,20p' || true
echo

echo "Inspecting current ip6tables state for interface ${WG_IFACE} and uplink ${NET6_DEV}."
echo

echo "IPv6 FORWARD:"
ip6tables -L FORWARD -n -v 2>/dev/null | sed -n '1,20p' || true
echo
Expand Down