ip6t-firewall-gateway,ipt-firewall-gateway: add missing rules for wireguard VPN connection.

2022-11-11 10:56:34 +01:00 · 2022-11-11 10:56:34 +01:00 · 9967a2dddc
commit 9967a2dddc
parent 338b2cf8d7
2 changed files with 4 additions and 0 deletions
--- a/2
+++ b/2
@ -936,9 +936,11 @@ echo_done
 echononl "\tPermit all traffic through WireGuard lines.."
 for _wg_if in ${wg_if_arr[@]} ; do
   $ip6t -A INPUT -i $_wg_if -m conntrack --ctstate NEW -j ACCEPT
   $ip6t -A OUTPUT -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
   if $kernel_forward_between_interfaces ; then
      for _local_dev in ${local_if_arr[@]} ; do
         $ip6t -A FORWARD -i $_wg_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
         $ip6t -A FORWARD -i $_local_dev -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
      done
   fi
 done
--- a/2
+++ b/2
@ -1571,9 +1571,11 @@ echo_done
 echononl "\tPermit all traffic through WireGuard lines.."
 for _wg_if in ${wg_if_arr[@]} ; do
   $ipt -A INPUT -i $_wg_if -m conntrack --ctstate NEW -j ACCEPT
   $ipt -A OUTPUT -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
   if $kernel_activate_forwarding ; then
      for _local_dev in ${local_if_arr[@]} ; do
         $ipt -A FORWARD -i $_wg_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
         $ipt -A FORWARD -i $_local_dev -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
      done
   fi
 done