/ refactor help section

This commit is contained in:
RadekSabacky
2025-11-20 16:04:22 +01:00
parent 18d271f481
commit 7b96adf7a8
@@ -1212,42 +1212,41 @@ case "$cmd" in
usage: $0 <command> [args]
high level workflows:
full_tunnel_setup run tunnel iptables and checks for nymtun0 and nymwg
exit_policy_install install and configure wireguard exit policy
complete_networking_configuration run tunnel setup, exit policy install and tests
complete_networking_configuration Run tunnel setup, exit policy install and tests
exit_policy_install Install and configure wireguard exit policy
full_tunnel_setup Run tunnel iptables and checks for nymtun0 and nymwg
tunnel and nat helpers:
fetch_ipv6_address_nym_tun show global ipv6 address on ${TUNNEL_INTERFACE}
fetch_and_display_ipv6 show ipv6 on uplink ${NETWORK_DEVICE}
apply_iptables_rules apply nat/forward rules for ${TUNNEL_INTERFACE}
apply_iptables_rules_wg apply nat/forward rules for ${WG_INTERFACE}
check_nymtun_iptables inspect forward chain for ${TUNNEL_INTERFACE}
check_nym_wg_tun inspect forward chain for ${WG_INTERFACE}
check_ipv6_ipv4_forwarding show ipv4/ipv6 forwarding flags
check_ip_routing show ipv4 and ipv6 routes
perform_pings test ipv4 and ipv6 pings
joke_through_the_mixnet test via ${TUNNEL_INTERFACE} with joke
joke_through_wg_tunnel test via ${WG_INTERFACE} with joke
configure_dns_and_icmp_wg allow ping and dns on this host
adjust_ip_forwarding enable ipv4/ipv6 forwarding via sysctl.d
remove_duplicate_rules <iface> deduplicate rules for interface in FORWARD and ${NYM_CHAIN}
adjust_ip_forwarding Enable ipv4/ipv6 forwarding via sysctl.d
apply_iptables_rules Apply nat/forward rules for ${TUNNEL_INTERFACE}
apply_iptables_rules_wg Apply nat/forward rules for ${WG_INTERFACE}
check_ip_routing Show ipv4 and ipv6 routes
check_ipv6_ipv4_forwarding Show ipv4/ipv6 forwarding flags
check_nym_wg_tun Inspect forward chain for ${WG_INTERFACE}
check_nymtun_iptables Inspect forward chain for ${TUNNEL_INTERFACE}
configure_dns_and_icmp_wg Allow ping and dns ports on this host
fetch_and_display_ipv6 Show ipv6 on uplink ${NETWORK_DEVICE}
fetch_ipv6_address_nym_tun Show global ipv6 address on ${TUNNEL_INTERFACE}
joke_through_the_mixnet Test via ${TUNNEL_INTERFACE} with joke
joke_through_wg_tunnel Test via ${WG_INTERFACE} with joke
perform_pings Test ipv4 and ipv6 pings
remove_duplicate_rules <iface> Deduplicate FORWARD and ${NYM_CHAIN} rules for <iface> (required).
exit policy manager:
exit_policy_install install exit policy (iptables rules and blocklist)
check_firewall_setup run ordering sanity check (dns/icmp + FORWARD jump)
exit_policy_status show status of exit policy and forwarding
exit_policy_test_connectivity test connectivity via ${WG_INTERFACE}
exit_policy_clear remove ${NYM_CHAIN} chains and hooks
check_firewall_setup Run ordering sanity check (dns/icmp + FORWARD jump)
exit_policy_clear Remove ${NYM_CHAIN} chains and hooks
exit_policy_install Install exit policy (iptables rules and blocklist)
exit_policy_status Show status of exit policy and forwarding
exit_policy_test_connectivity Test connectivity via ${WG_INTERFACE}
exit_policy_tests [--skip-default-reject]
run verification tests on exit policy
Run verification tests on exit policy (options: --skip-default-reject).
environment overrides:
TUNNEL_INTERFACE default nymtun0
WG_INTERFACE default nymwg
NETWORK_DEVICE uplink device, auto-detected if not set
NETWORK_DEVICE Auto-detected uplink (e.g., eth0). Set manually if detection fails.
TUNNEL_INTERFACE Default: nymtun0. Requires root privileges (sudo) to manage.
WG_INTERFACE Default: nymwg - Must match your WireGuard interface name.
EOF
status=0
;;
*)