first
This commit is contained in:
commit
c77354e6b2
4 changed files with 334 additions and 0 deletions
3
sysctl.conf
Normal file
3
sysctl.conf
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
net.ipv4.ip_forward = 1
|
||||
net.ipv6.conf.all.forwarding = 1
|
||||
net.ipv4.conf.all.proxy_arp = 1
|
||||
61
wg0.new.conf
Normal file
61
wg0.new.conf
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
# / === START OF FIREWALL === \ #
|
||||
|
||||
# ================== IPv4: Allow established and related connections =====================
|
||||
PostUp = iptables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# ========================================================================================
|
||||
# ================== IPv6: Allow established and related connections ======================
|
||||
PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =========================================================================================
|
||||
|
||||
# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
|
||||
# PostUp = iptables -A FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# PostUp = iptables -A FORWARD -i eth0 -o wg0 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
|
||||
# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port ================
|
||||
# PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
|
||||
# SNAT for outbound traffic
|
||||
# ============================= IP Reserved for IPv4: [10.7.0.0/24] ===========================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.7.0.0/24 -j SNAT --to-source 154.29.72.51
|
||||
# =============================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fd81:bb6b:ee21::2] ======================================
|
||||
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fddd:2c4:2c4:2c4::/24 -j SNAT --to-source 2604:f440:1::3:0:a
|
||||
# ==============================================================================================================
|
||||
|
||||
# ============= IPv4: DELETE Allow established and related connections ================================================================
|
||||
PostDown = iptables -D FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# PostDown = iptables -D FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
|
||||
# ============= IPv6: DELETE Allow established and related connections ================================================================
|
||||
PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
PostDown = ip6tables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
|
||||
# Remove SNAT rule
|
||||
# ============================= IP Reserved for IPv4: [10.7.0.0/24] =============================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.7.0.0/24 -j SNAT --to-source 154.29.72.51
|
||||
# ===============================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fd81:bb6b:ee21::2] ========================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fddd:2c4:2c4:2c4::/24 -j SNAT --to-source 2604:f440:1::3:0:a
|
||||
# ================================================================================================================
|
||||
# / === END OF FIREWALL === \ #
|
||||
154
wg1.new.conf
Normal file
154
wg1.new.conf
Normal file
|
|
@ -0,0 +1,154 @@
|
|||
# / === START OF FIREWALL === \ #
|
||||
|
||||
# Allow loopback traffic
|
||||
PostUp = iptables -A INPUT -i lo -j ACCEPT
|
||||
PostUp = iptables -A OUTPUT -o lo -j ACCEPT
|
||||
PostUp = ip6tables -A INPUT -i lo -j ACCEPT
|
||||
PostUp = ip6tables -A OUTPUT -o lo -j ACCEPT
|
||||
# ================== IPv4: Allow established and related connections =====================
|
||||
PostUp = iptables -A FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
PostUp = iptables -A FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# ========================================================================================
|
||||
# ================== IPv6: Allow established and related connections ======================
|
||||
PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =========================================================================================
|
||||
|
||||
# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
|
||||
# PostUp = iptables -A FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostUp = iptables -A FORWARD -i wg1 -o eth0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# ====================================================================================================================================# PostUp = iptables -A FORWARD -i eth0 -o wg1 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7PostUp = iptables -A FORWARD -i eth0 -o wg1 -j ACCEPT
|
||||
# ====================================================================================================================================# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port =================
|
||||
# PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -j ACCEPT
|
||||
# ======================================================================================================================================
|
||||
# =====================================================================================================================================
|
||||
# PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
|
||||
# ============================ SNAT for outbound traffic ===================================
|
||||
#PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.2] =====================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.2 -j SNAT --to-source 154.29.72.96
|
||||
# ==========================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.3] =====================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.3 -j SNAT --to-source 154.29.72.59
|
||||
# ==========================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.4] =====================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.4 -j SNAT --to-source 154.29.72.98
|
||||
# ==========================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.6] ======================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.6 -j SNAT --to-source 154.29.72.100
|
||||
# ===========================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.9] ======================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.9 -j SNAT --to-source 154.29.72.101
|
||||
# ===========================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.11] ======================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.11 -j SNAT --to-source 154.29.72.102
|
||||
# ============================================================================================
|
||||
|
||||
# =================================== DNAT for inbound traffic ==============================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.2] ===============
|
||||
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.96 -j DNAT --to-destination 10.8.0.2
|
||||
# ====================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.3] ===============
|
||||
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.59 -j DNAT --to-destination 10.8.0.3
|
||||
# ====================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.4] ===============
|
||||
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.98 -j DNAT --to-destination 10.8.0.4
|
||||
# ====================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.6] ================
|
||||
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.100 -j DNAT --to-destination 10.8.0.6
|
||||
# =====================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.9] ================
|
||||
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.101 -j DNAT --to-destination 10.8.0.9
|
||||
# ======================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.11] ================
|
||||
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.102 -j DNAT --to-destination 10.8.0.11
|
||||
# ======================================================================================
|
||||
|
||||
# ============= IPv4: DELETE Allow established and related connections ================================================================
|
||||
PostDown = iptables -D FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
PostDown = iptables -D FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# =======================================================================================================================================
|
||||
# PostDown = iptables -D FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostDown = iptables -D FORWARD -i wg1 -o eth0 -j ACCEPT
|
||||
# =======================================================================================================================================
|
||||
|
||||
# ============= IPv6: DELETE Allow established and related connections ================================================================
|
||||
PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
PostDown = ip6tables -D FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# ========================================================================================================================================
|
||||
# PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -j ACCEPT
|
||||
# ========================================================================================================================================
|
||||
|
||||
# ============================ SNAT for outbound traffic ===================================
|
||||
#PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.2] =======================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.2 -j SNAT --to-source 154.29.72.96
|
||||
# ============================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.3] =====================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.3 -j SNAT --to-source 154.29.72.59
|
||||
# ==========================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.4] =======================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.4 -j SNAT --to-source 154.29.72.98
|
||||
# ============================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.6] ========================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.6 -j SNAT --to-source 154.29.72.100
|
||||
# =============================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.9] ========================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.9 -j SNAT --to-source 154.29.72.101
|
||||
# =============================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.10] =======================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.10 -j SNAT --to-source 154.29.72.98
|
||||
# =============================================================================================
|
||||
# =================================== IP Reserved for IPv4: [10.8.0.11] ========================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.11 -j SNAT --to-source 154.29.72.102
|
||||
# ==============================================================================================
|
||||
|
||||
# # =================================== DNAT for inbound traffic ==========================
|
||||
# # =================================== IP Reserved for IPv4: [10.8.0.2] =================
|
||||
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.96 -j DNAT --to-destination 10.8.0.2
|
||||
# # ======================================================================================
|
||||
# # =================================== IP Reserved for IPv4: [10.8.0.2] =================
|
||||
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.59 -j DNAT --to-destination 10.8.0.3
|
||||
# # ======================================================================================
|
||||
# # =================================== IP Reserved for IPv4: [10.8.0.4] =================
|
||||
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.98 -j DNAT --to-destination 10.8.0.4
|
||||
# # ======================================================================================
|
||||
# # =================================== IP Reserved for IPv4: [10.8.0.6] ==================
|
||||
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.100 -j DNAT --to-destination 10.8.0.6
|
||||
# # =======================================================================================
|
||||
# # =================================== IP Reserved for IPv4: [10.8.0.9] ==================
|
||||
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.101 -j DNAT --to-destination 10.8.0.9
|
||||
# # =======================================================================================
|
||||
# # =================================== IP Reserved for IPv4: [10.8.0.11] ==================
|
||||
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.102 -j DNAT --to-destination 10.8.0.11
|
||||
# ==========================================================================================
|
||||
|
||||
|
||||
# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::2] ==================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::2 -j SNAT --to-source 2604:f440:1::3:0:b
|
||||
# ============================================================================================================
|
||||
# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::3] ==================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::3 -j SNAT --to-source 2604:f440:1::3:0:c
|
||||
# ============================================================================================================
|
||||
# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::4] ==================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::4 -j SNAT --to-source 2604:f440:1::3:0:d
|
||||
# ============================================================================================================
|
||||
# ================================= SNAT for outbound traffic END ============================================
|
||||
|
||||
# Allow loopback traffic
|
||||
PostDown = iptables -D INPUT -i lo -j ACCEPT
|
||||
PostDown = iptables -D OUTPUT -o lo -j ACCEPT
|
||||
PostDown = ip6tables -D INPUT -i lo -j ACCEPT
|
||||
PostDown = ip6tables -D OUTPUT -o lo -j ACCEPT
|
||||
|
||||
# / === END OF FIREWALL === \ #
|
||||
116
wg2.new.conf
Normal file
116
wg2.new.conf
Normal file
|
|
@ -0,0 +1,116 @@
|
|||
# / === START OF FIREWALL === \ #
|
||||
|
||||
# ================== IPv4: Allow established and related connections =====================
|
||||
PostUp = iptables -A FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
PostUp = iptables -A FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# ========================================================================================
|
||||
# ================== IPv6: Allow established and related connections ======================
|
||||
PostUp = ip6tables -A FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
PostUp = ip6tables -A FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =========================================================================================
|
||||
|
||||
# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
|
||||
PostUp = iptables -A FORWARD -i wg2 -o eth0 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port =================
|
||||
PostUp = ip6tables -A FORWARD -i wg2 -o eth0 -j ACCEPT
|
||||
# ======================================================================================================================================
|
||||
# =====================================================================================================================================
|
||||
PostUp = ip6tables -A FORWARD -i eth0 -o wg2 -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
|
||||
# ============================ SNAT for outbound traffic ===================================
|
||||
# ============================= IP Reserved for IPv4: [10.9.0.0/24] ===========================
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.9.0.0/24 -j SNAT --to-source 154.29.72.51
|
||||
# =============================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ===================================
|
||||
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:10
|
||||
# ===========================================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ==================================
|
||||
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:e
|
||||
# ==========================================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ==================================
|
||||
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:f
|
||||
# ==========================================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ===================================
|
||||
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::3 -j SNAT --to-source 2604:f440:1::3:0:11
|
||||
# ===========================================================================================================
|
||||
# ========================= SNAT for outbound traffic END ===================================
|
||||
|
||||
# ========================================== IPv6: PORT FORWARDING ======================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] =========================================
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
# ======================================================================================================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ========================================
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
# =====================================================================================================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ========================================
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
# =====================================================================================================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::3] =========================================
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
|
||||
# ======================================================================================================================================
|
||||
# ========================================== IPv6: PORT FORWARDING END ==================================================
|
||||
|
||||
# ============= IPv4: DELETE Allow established and related connections ================================================================
|
||||
PostDown = iptables -D FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
PostDown = iptables -D FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# =======================================================================================================================================
|
||||
# PostDown = iptables -D FORWARD -i wg2 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostDown = iptables -D FORWARD -i wg2 -o eth0 -j ACCEPT
|
||||
# =======================================================================================================================================
|
||||
|
||||
# ============= IPv6: DELETE Allow established and related connections ================================================================
|
||||
PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
PostDown = ip6tables -D FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
# =====================================================================================================================================
|
||||
# ========================================================================================================================================
|
||||
# PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
|
||||
PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -j ACCEPT
|
||||
# ========================================================================================================================================
|
||||
|
||||
# ========================================== IPv6: PORT FORWARDING ====================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ===========================================
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
# ========================================================================================================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ==========================================
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
# =======================================================================================================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ==========================================
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
|
||||
# =======================================================================================================================================
|
||||
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::3] ===========================================
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
|
||||
# ========================================================================================================================================
|
||||
# ========================================== IPv6: PORT FORWARDING END ==================================================
|
||||
|
||||
# ============================ SNAT for outbound traffic ===================================
|
||||
# ============================= IP Reserved for IPv4: [10.9.0.0/24] =============================
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.9.0.0/24 -j SNAT --to-source 154.29.72.51
|
||||
# ===============================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] =====================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:10
|
||||
# =============================================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ====================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:e
|
||||
# ============================================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ====================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:f
|
||||
# ============================================================================================================
|
||||
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] =====================================
|
||||
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::3 -j SNAT --to-source 2604:f440:1::3:0:11
|
||||
# =============================================================================================================
|
||||
# ========================= SNAT for outbound traffic END ===================================
|
||||
|
||||
# / === END OF FIREWALL === \ #
|
||||
Reference in a new issue