Add support for routing networks through wireguard connections.
This commit is contained in:
@ -241,6 +241,18 @@ echo_done # Flushing firewall iptable (IPv6)..
|
||||
echo
|
||||
|
||||
|
||||
echononl "\tMasquerade (NAT) interfaces.."
|
||||
if [[ ${#nat_device_arr[@]} -gt 0 ]] && $kernel_activate_forwarding ; then
|
||||
for _dev in ${nat_device_arr[@]} ; do
|
||||
$ip6t -t nat -A POSTROUTING -o $_dev -j MASQUERADE
|
||||
done
|
||||
echo_done
|
||||
else
|
||||
echo_skipped
|
||||
fi
|
||||
echo
|
||||
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Prevent bridged traffic getting pushed through the host's iptables rules
|
||||
@ -288,7 +300,6 @@ fi
|
||||
|
||||
|
||||
|
||||
|
||||
# -------------
|
||||
# ------------ Stopping firewall if only flushing was requested (parameter flush)
|
||||
# -------------
|
||||
@ -302,6 +313,34 @@ case $1 in
|
||||
esac
|
||||
|
||||
|
||||
# ---
|
||||
# - Permit all traffic through WireGuard lines
|
||||
# ---
|
||||
echononl "\tPermit all traffic through WireGuard lines.."
|
||||
for _wg_if in ${wg_if_arr[@]} ; do
|
||||
$ip6t -A INPUT -i $_wg_if -j ACCEPT
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -i $_wg_if -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
|
||||
|
||||
# ---
|
||||
# - Permit all traffic through VPN lines
|
||||
# ---
|
||||
echononl "\tPermit all traffic through VPN lines.."
|
||||
for _vpn_if in ${vpn_if_arr[@]} ; do
|
||||
$ip6t -A INPUT -i $_vpn_if -m state --state NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_vpn_if -m state --state NEW -j ACCEPT
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -i $_vpn_if -m state --state NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_vpn_if -m state --state NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
|
||||
|
||||
|
||||
# -------------
|
||||
# --- Pass through Devices Interfaces (not firewalled)
|
||||
@ -1008,36 +1047,6 @@ else
|
||||
fi
|
||||
|
||||
|
||||
# ---
|
||||
# - Permit all traffic through VPN lines
|
||||
# ---
|
||||
echononl "\tPermit all traffic through VPN lines.."
|
||||
for _vpn_if in ${vpn_if_arr[@]} ; do
|
||||
$ip6t -A INPUT -i $_vpn_if -m state --state NEW -j ACCEPT
|
||||
$ip6t -A OUTPUT -o $_vpn_if -m state --state NEW -j ACCEPT
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
$ip6t -A FORWARD -i $_vpn_if -m state --state NEW -j ACCEPT
|
||||
$ip6t -A FORWARD -o $_vpn_if -m state --state NEW -j ACCEPT
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
|
||||
|
||||
# ---
|
||||
# - Permit all traffic through WireGuard lines
|
||||
# ---
|
||||
echononl "\tPermit all traffic through WireGuard lines.."
|
||||
for _wg_if in ${wg_if_arr[@]} ; do
|
||||
$ip6t -A INPUT -i $_wg_if -m conntrack --ctstate NEW -j ACCEPT
|
||||
if $kernel_forward_between_interfaces ; then
|
||||
for _local_dev in ${local_if_arr[@]} ; do
|
||||
$ip6t -A FORWARD -i $_wg_if -o $_local_dev -m conntrack --ctstate NEW -j ACCEPT
|
||||
done
|
||||
fi
|
||||
done
|
||||
echo_done
|
||||
|
||||
|
||||
# ---
|
||||
# - Don't allow traffik into Unique local network (ULA)
|
||||
# ---
|
||||
|
||||
Reference in New Issue
Block a user