From 9967a2dddcbf34f5811fa8b8750c2ac81c84fac3 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Fri, 11 Nov 2022 10:56:34 +0100
Subject: [PATCH] ip6t-firewall-gateway,ipt-firewall-gateway: add missing rules
 for wireguard VPN connection.

---
 ip6t-firewall-gateway | 2 ++
 ipt-firewall-gateway  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/ip6t-firewall-gateway b/ip6t-firewall-gateway
index 11fc362..6f579a2 100755
--- a/ip6t-firewall-gateway
+++ b/ip6t-firewall-gateway
@@ -936,9 +936,11 @@ echo_done
 echononl "\tPermit all traffic through WireGuard lines.."
 for _wg_if in ${wg_if_arr[@]} ; do
    $ip6t -A INPUT -i $_wg_if -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
    if $kernel_forward_between_interfaces ; then
       for _local_dev in ${local_if_arr[@]} ; do
          $ip6t -A FORWARD -i $_wg_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A FORWARD -i $_local_dev -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
       done
    fi
 done
diff --git a/ipt-firewall-gateway b/ipt-firewall-gateway
index d1b1995..559d1c2 100755
--- a/ipt-firewall-gateway
+++ b/ipt-firewall-gateway
@@ -1571,9 +1571,11 @@ echo_done
 echononl "\tPermit all traffic through WireGuard lines.."
 for _wg_if in ${wg_if_arr[@]} ; do
    $ipt -A INPUT -i $_wg_if -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
    if $kernel_activate_forwarding ; then
       for _local_dev in ${local_if_arr[@]} ; do
          $ipt -A FORWARD -i $_wg_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A FORWARD -i $_local_dev -o $_wg_if -m conntrack --ctstate NEW -j ACCEPT
       done
    fi
 done