4. Components
4. Components
← Architecture | Index | Next →
4.1 Component List
| Component | Purpose |
|---|---|
| WireGuard interface (wg0) | Encrypted transport and private addressing |
| Host firewall (UFW) | Enforce WG-only ingress policy |
| Service bindings | Ensure internal services listen on WG IP |
4.2 Responsibilities and Interfaces
WireGuard Interface
| Aspect | Description |
|---|---|
| Responsibility | Provide encrypted host-to-host connectivity |
| Inputs | Peer public keys, endpoints, WG IPs |
| Outputs | Encrypted tunnel interface |
| Dependencies | Host networking, UDP reachability |
| Failure Mode | Peer handshake failure |
| Recovery | Verify endpoints, restart wg0 |
Host Firewall (UFW)
| Aspect | Description |
|---|---|
| Responsibility | Block public/LAN access to internal services |
| Inputs | Interface policies and allowed ports |
| Outputs | Enforced ingress rules |
| Dependencies | wg0 active |
| Failure Mode | Over-permissive rules |
| Recovery | Reapply standard policy |
Service Bindings
| Aspect | Description |
|---|---|
| Responsibility | Ensure services are reachable via WG only |
| Inputs | Host WG IP and service port |
| Outputs | Service bound to WG interface |
| Dependencies | Service owner configuration |
| Failure Mode | Service exposed on public interface |
| Recovery | Update bindings and validate |
End of Components — RFC-WG-0002