iptables – percentage sign followed by an i (%i)

I have this iptables rule that comes with my autogenerated wireguard config as a postup rule. I tried to figure out each step of the rule. But neither the manual or a search engine would tell me what the %i means, behind the -o/--out-interface option. I guess it’s a lookup or wildcard for the interface name.

iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

It doesn’t mean anything to iptables. It comes from wg-quick, which replaces each %i in a PostUp command with the actual WireGuard interface name currently being configured.

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply