- daemon/wgctl-conntrack: Go daemon for conntrack DESTROY events - wgctl-conntrack.service: systemd service - core/lib/accept_events.py: accept_events(), accept_aggregate() - ctx::accept_events_log: .wgctl/daemon/accept_events.log - activity: ACCEPT row with bytes in/out and conn count - activity: accept dest rows with ↓/↑ bytes at end - activity: --accept, --drop, --external flags - activity: unified w_count for drop/accept alignment - activity: drop service rows in red - activity: accept dest rows in green - sysctl: nf_conntrack_acct=1 for byte counting - note: --exclude-service/--include-service deferred
21 lines
514 B
Desktop File
21 lines
514 B
Desktop File
[Unit]
|
|
Description=wgctl conntrack accept logging daemon
|
|
After=network.target wg-quick@wg0.service
|
|
Requires=wg-quick@wg0.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
ExecStart=/etc/wireguard/wgctl/daemon/wgctl-conntrack/wgctl-conntrack \
|
|
--wg-dir /etc/wireguard
|
|
Restart=on-failure
|
|
RestartSec=5s
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
SyslogIdentifier=wgctl-conntrack
|
|
|
|
# Needs CAP_NET_ADMIN for netlink conntrack
|
|
AmbientCapabilities=CAP_NET_ADMIN
|
|
CapabilityBoundingSet=CAP_NET_ADMIN
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|