feat(wireguard): WIREGUARD_ALLOWED_IPS variable (#1291)

internal/wireguard/route.go

@@ -3,11 +3,30 @@ package wireguard
 import (
 	"fmt"
 	"net/netip"
+	"strings"
 
 	"github.com/qdm12/gluetun/internal/netlink"
 )
 
-// TODO add IPv6 route if IPv6 is supported
+func (w *Wireguard) addRoutes(link netlink.Link, destinations []netip.Prefix,
+	firewallMark int) (err error) {
+	for _, dst := range destinations {
+		err = w.addRoute(link, dst, firewallMark)
+		if err == nil {
+			continue
+		}
+
+		if dst.Addr().Is6() && strings.Contains(err.Error(), "permission denied") {
+			w.logger.Errorf("cannot add route for IPv6 due to a permission denial. "+
+				"Ignoring and continuing execution; "+
+				"Please report to https://github.com/qdm12/gluetun/issues/998 if you find a fix. "+
+				"Full error string: %s", err)
+			continue
+		}
+		return fmt.Errorf("adding route for destination %s: %w", dst, err)
+	}
+	return nil
+}
 
 func (w *Wireguard) addRoute(link netlink.Link, dst netip.Prefix,
 	firewallMark int) (err error) {