Skip to content

Commit

Permalink
add firewalld FORWARD rule
Browse files Browse the repository at this point in the history
add firewalld FORWARD rule in PostUp & PostDown stage.
  • Loading branch information
dellnoantechnp authored Jul 19, 2024
1 parent 39caf2f commit bb42271
Showing 1 changed file with 5 additions and 1 deletion.
6 changes: 5 additions & 1 deletion wireguard-install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -237,7 +237,11 @@ PrivateKey = ${SERVER_PRIV_KEY}" >"/etc/wireguard/${SERVER_WG_NIC}.conf"
FIREWALLD_IPV4_ADDRESS=$(echo "${SERVER_WG_IPV4}" | cut -d"." -f1-3)".0"
FIREWALLD_IPV6_ADDRESS=$(echo "${SERVER_WG_IPV6}" | sed 's/:[^:]*$/:0/')
echo "PostUp = firewall-cmd --add-port ${SERVER_PORT}/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --add-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'
PostDown = firewall-cmd --remove-port ${SERVER_PORT}/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'" >>"/etc/wireguard/${SERVER_WG_NIC}.conf"
PostUp = firewall-cmd --direct --add-rule ipv4 filter FORWARD 1 -i ${SERVER_WG_NIC} -j ACCEPT && firewall-cmd --direct --add-rule ipv4 filter FORWARD 1 -o ${SERVER_WG_NIC} -j ACCEPT
PostUp = firewall-cmd --direct --add-rule ipv6 filter FORWARD 1 -i ${SERVER_WG_NIC} -j ACCEPT && firewall-cmd --direct --add-rule ipv6 filter FORWARD 1 -o ${SERVER_WG_NIC} -j ACCEPT
PostDown = firewall-cmd --remove-port ${SERVER_PORT}/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'
PostDown = firewall-cmd --direct --remove-rule ipv4 filter FORWARD 1 -i ${SERVER_WG_NIC} -j ACCEPT && firewall-cmd --direct --remove-rule ipv4 filter FORWARD 1 -o ${SERVER_WG_NIC} -j ACCEPT
PostDown = firewall-cmd --direct --remove-rule ipv6 filter FORWARD 1 -i ${SERVER_WG_NIC} -j ACCEPT && firewall-cmd --direct --remove-rule ipv6 filter FORWARD 1 -o ${SERVER_WG_NIC} -j ACCEPT" >>"/etc/wireguard/${SERVER_WG_NIC}.conf "
else
echo "PostUp = iptables -I INPUT -p udp --dport ${SERVER_PORT} -j ACCEPT
PostUp = iptables -I FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT
Expand Down

0 comments on commit bb42271

Please sign in to comment.