Hi,
When advertising default to a client, we need to restrict access to some subnets.
Can this feature be enhanced to create pritunl server iptables rule denying traffic to subnets marked as Net Gateway?
Net gateway does not block access, it only instructs the client to route that subnet through the default gateway. The client can ignore that route instruction, WireGuard connections also currently ignore all net gateway routes. This should be done with a firewall instead.
This is clear.
What I’m asking is a feature request to deny certain subnets as a part of server configuration when adevertising default / other supernets.
This is problematic to achieve with firewall when NAT is enabled in Pritunl for VPC-peered AWS environments which can’t be transitive.