Merge branch 'master' into multiport

2025-12-16 20:08:27 +01:00 · 2023-05-09 15:37:30 -04:00
parent 28ecfcbc03 eb9f22a8fa
commit 0e593ad582
68 changed files with 2565 additions and 673 deletions
--- a/examples/config.yml
+++ b/examples/config.yml
@@ -223,6 +223,10 @@ tun:
    #  metric: 100
    #  install: true

+  # On linux only, set to true to manage unsafe routes directly on the system route table with gateway routes instead of
+  # in nebula configuration files. Default false, not reloadable.
+  #use_system_route_table: false
+
  # EXPERIMENTAL: This option may change or disappear in the future.
  # Multiport spreads outgoing UDP packets across multiple UDP send ports,
  # which allows nebula to work around any issues on the underlay network.
@@ -342,7 +346,8 @@ firewall:
  #   host: `any` or a literal hostname, ie `test-host`
  #   group: `any` or a literal group name, ie `default-group`
  #   groups: Same as group but accepts a list of values. Multiple values are AND'd together and a certificate would have to contain all groups to pass
-  #   cidr: a CIDR, `0.0.0.0/0` is any.
+  #   cidr: a remote CIDR, `0.0.0.0/0` is any.
+  #   local_cidr: a local CIDR, `0.0.0.0/0` is any. This could be used to filter destinations when using unsafe_routes.
  #   ca_name: An issuing CA name
  #   ca_sha: An issuing CA shasum