From c77354e6b2d4d1727ca4c8462372a364543f797d Mon Sep 17 00:00:00 2001
From: JoshS <me@joshsevero.dev>
Date: Fri, 8 Mar 2024 15:14:24 -0500
Subject: [PATCH] first

---
 sysctl.conf  |   3 +
 wg0.new.conf |  61 ++++++++++++++++++++
 wg1.new.conf | 154 +++++++++++++++++++++++++++++++++++++++++++++++++++
 wg2.new.conf | 116 ++++++++++++++++++++++++++++++++++++++
 4 files changed, 334 insertions(+)
 create mode 100644 sysctl.conf
 create mode 100644 wg0.new.conf
 create mode 100644 wg1.new.conf
 create mode 100644 wg2.new.conf

diff --git a/sysctl.conf b/sysctl.conf
new file mode 100644
index 0000000..0aecbde
--- /dev/null
+++ b/sysctl.conf
@@ -0,0 +1,3 @@
+net.ipv4.ip_forward = 1
+net.ipv6.conf.all.forwarding = 1
+net.ipv4.conf.all.proxy_arp = 1
\ No newline at end of file
diff --git a/wg0.new.conf b/wg0.new.conf
new file mode 100644
index 0000000..2157db5
--- /dev/null
+++ b/wg0.new.conf
@@ -0,0 +1,61 @@
+# / === START OF FIREWALL === \ #
+
+# ================== IPv4: Allow established and related connections =====================
+PostUp = iptables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# ========================================================================================
+# ================== IPv6: Allow established and related connections ======================
+PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =========================================================================================
+
+# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
+# PostUp = iptables -A FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
+# =====================================================================================================================================
+# PostUp = iptables -A FORWARD -i eth0 -o wg0 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
+# =====================================================================================================================================
+
+# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port ================
+# PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -j ACCEPT
+# =====================================================================================================================================
+# PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -j ACCEPT
+# =====================================================================================================================================
+
+# SNAT for outbound traffic
+# ============================= IP Reserved for IPv4: [10.7.0.0/24] ===========================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.7.0.0/24 -j SNAT --to-source 154.29.72.51
+# =============================================================================================
+# ============================= IP Reserved for IPv6: [fd81:bb6b:ee21::2] ======================================
+PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fddd:2c4:2c4:2c4::/24 -j SNAT --to-source 2604:f440:1::3:0:a
+# ==============================================================================================================
+
+# ============= IPv4: DELETE Allow established and related connections ================================================================
+PostDown = iptables -D FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+# PostDown = iptables -D FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
+# =====================================================================================================================================
+
+# ============= IPv6: DELETE Allow established and related connections ================================================================
+PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+PostDown = ip6tables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+# PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -j ACCEPT
+# =====================================================================================================================================
+
+# Remove SNAT rule
+# ============================= IP Reserved for IPv4: [10.7.0.0/24] =============================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.7.0.0/24 -j SNAT --to-source 154.29.72.51
+# ===============================================================================================
+# ============================= IP Reserved for IPv6: [fd81:bb6b:ee21::2] ========================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fddd:2c4:2c4:2c4::/24 -j SNAT --to-source 2604:f440:1::3:0:a
+# ================================================================================================================
+# / === END OF FIREWALL === \ #
\ No newline at end of file
diff --git a/wg1.new.conf b/wg1.new.conf
new file mode 100644
index 0000000..2c68d28
--- /dev/null
+++ b/wg1.new.conf
@@ -0,0 +1,154 @@
+# / === START OF FIREWALL === \ #
+
+# Allow loopback traffic
+PostUp = iptables -A INPUT -i lo -j ACCEPT
+PostUp = iptables -A OUTPUT -o lo -j ACCEPT
+PostUp = ip6tables -A INPUT -i lo -j ACCEPT
+PostUp = ip6tables -A OUTPUT -o lo -j ACCEPT
+# ================== IPv4: Allow established and related connections =====================
+PostUp = iptables -A FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+PostUp = iptables -A FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# ========================================================================================
+# ================== IPv6: Allow established and related connections ======================
+PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =========================================================================================
+
+# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
+# PostUp = iptables -A FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostUp = iptables -A FORWARD -i wg1 -o eth0 -j ACCEPT
+# =====================================================================================================================================
+# ====================================================================================================================================# PostUp = iptables -A FORWARD -i eth0 -o wg1 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7PostUp = iptables -A FORWARD -i eth0 -o wg1 -j ACCEPT
+# ====================================================================================================================================# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port =================
+# PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -j ACCEPT
+# ======================================================================================================================================
+# =====================================================================================================================================
+# PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -j ACCEPT
+# =====================================================================================================================================
+
+# ============================ SNAT for outbound traffic =================================== 
+#PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
+# =================================== IP Reserved for IPv4: [10.8.0.2] =====================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.2 -j SNAT --to-source 154.29.72.96
+# ==========================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.3] =====================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.3 -j SNAT --to-source 154.29.72.59
+# ==========================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.4] =====================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.4 -j SNAT --to-source 154.29.72.98
+# ==========================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.6] ======================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.6 -j SNAT --to-source 154.29.72.100
+# ===========================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.9] ======================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.9 -j SNAT --to-source 154.29.72.101
+# ===========================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.11] ======================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.11 -j SNAT --to-source 154.29.72.102
+# ============================================================================================
+
+# =================================== DNAT for inbound traffic ==============================
+# =================================== IP Reserved for IPv4: [10.8.0.2] ===============
+PostUp = iptables -t nat -A PREROUTING -d 154.29.72.96 -j DNAT --to-destination 10.8.0.2
+# ====================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.3] ===============
+PostUp = iptables -t nat -A PREROUTING -d 154.29.72.59 -j DNAT --to-destination 10.8.0.3
+# ====================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.4] ===============
+PostUp = iptables -t nat -A PREROUTING -d 154.29.72.98 -j DNAT --to-destination 10.8.0.4
+# ====================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.6] ================
+PostUp = iptables -t nat -A PREROUTING -d 154.29.72.100 -j DNAT --to-destination 10.8.0.6
+# =====================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.9] ================
+PostUp = iptables -t nat -A PREROUTING -d 154.29.72.101 -j DNAT --to-destination 10.8.0.9
+# ======================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.11] ================
+PostUp = iptables -t nat -A PREROUTING -d 154.29.72.102 -j DNAT --to-destination 10.8.0.11
+# ======================================================================================
+
+# ============= IPv4: DELETE Allow established and related connections ================================================================
+PostDown = iptables -D FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+PostDown = iptables -D FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+# =======================================================================================================================================
+# PostDown = iptables -D FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostDown = iptables -D FORWARD -i wg1 -o eth0 -j ACCEPT
+# =======================================================================================================================================
+
+# ============= IPv6: DELETE Allow established and related connections ================================================================
+PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+PostDown = ip6tables -D FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+# ========================================================================================================================================
+# PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -j ACCEPT
+# ========================================================================================================================================
+
+# ============================ SNAT for outbound traffic =================================== 
+#PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
+# =================================== IP Reserved for IPv4: [10.8.0.2] =======================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.2 -j SNAT --to-source 154.29.72.96
+# ============================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.3] =====================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.3 -j SNAT --to-source 154.29.72.59
+# ==========================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.4] =======================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.4 -j SNAT --to-source 154.29.72.98
+# ============================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.6] ========================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.6 -j SNAT --to-source 154.29.72.100
+# =============================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.9] ========================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.9 -j SNAT --to-source 154.29.72.101
+# =============================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.10] =======================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.10 -j SNAT --to-source 154.29.72.98
+# =============================================================================================
+# =================================== IP Reserved for IPv4: [10.8.0.11] ========================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.11 -j SNAT --to-source 154.29.72.102
+# ==============================================================================================
+
+# # =================================== DNAT for inbound traffic ==========================
+# # =================================== IP Reserved for IPv4: [10.8.0.2] =================
+PostDown = iptables -t nat -D PREROUTING -d 154.29.72.96 -j DNAT --to-destination 10.8.0.2
+# # ======================================================================================
+# # =================================== IP Reserved for IPv4: [10.8.0.2] =================
+PostDown = iptables -t nat -D PREROUTING -d 154.29.72.59 -j DNAT --to-destination 10.8.0.3
+# # ======================================================================================
+# # =================================== IP Reserved for IPv4: [10.8.0.4] =================
+PostDown = iptables -t nat -D PREROUTING -d 154.29.72.98 -j DNAT --to-destination 10.8.0.4
+# # ======================================================================================
+# # =================================== IP Reserved for IPv4: [10.8.0.6] ==================
+PostDown = iptables -t nat -D PREROUTING -d 154.29.72.100 -j DNAT --to-destination 10.8.0.6
+# # =======================================================================================
+# # =================================== IP Reserved for IPv4: [10.8.0.9] ==================
+PostDown = iptables -t nat -D PREROUTING -d 154.29.72.101 -j DNAT --to-destination 10.8.0.9
+# # =======================================================================================
+# # =================================== IP Reserved for IPv4: [10.8.0.11] ==================
+PostDown = iptables -t nat -D PREROUTING -d 154.29.72.102 -j DNAT --to-destination 10.8.0.11
+# ==========================================================================================
+
+
+# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::2] ==================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::2 -j SNAT --to-source 2604:f440:1::3:0:b
+# ============================================================================================================
+# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::3] ==================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::3 -j SNAT --to-source 2604:f440:1::3:0:c
+# ============================================================================================================
+# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::4] ==================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::4 -j SNAT --to-source 2604:f440:1::3:0:d
+# ============================================================================================================
+# ================================= SNAT for outbound traffic END ============================================
+
+# Allow loopback traffic
+PostDown = iptables -D INPUT -i lo -j ACCEPT
+PostDown = iptables -D OUTPUT -o lo -j ACCEPT
+PostDown = ip6tables -D INPUT -i lo -j ACCEPT
+PostDown = ip6tables -D OUTPUT -o lo -j ACCEPT
+
+# / === END OF FIREWALL === \ #
\ No newline at end of file
diff --git a/wg2.new.conf b/wg2.new.conf
new file mode 100644
index 0000000..bd3f05d
--- /dev/null
+++ b/wg2.new.conf
@@ -0,0 +1,116 @@
+# / === START OF FIREWALL === \ #
+
+# ================== IPv4: Allow established and related connections =====================
+PostUp = iptables -A FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+PostUp = iptables -A FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# ========================================================================================
+# ================== IPv6: Allow established and related connections ======================
+PostUp = ip6tables -A FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+PostUp = ip6tables -A FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =========================================================================================
+
+# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
+PostUp = iptables -A FORWARD -i wg2 -o eth0 -j ACCEPT
+# =====================================================================================================================================
+# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port =================
+PostUp = ip6tables -A FORWARD -i wg2 -o eth0 -j ACCEPT
+# ======================================================================================================================================
+# =====================================================================================================================================
+PostUp = ip6tables -A FORWARD -i eth0 -o wg2 -j ACCEPT
+# =====================================================================================================================================
+
+# ============================ SNAT for outbound traffic ===================================
+# ============================= IP Reserved for IPv4: [10.9.0.0/24] ===========================
+PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.9.0.0/24 -j SNAT --to-source 154.29.72.51
+# =============================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ===================================
+PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:10
+# ===========================================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ==================================
+PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:e
+# ==========================================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ==================================
+PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:f
+# ==========================================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ===================================
+PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::3 -j SNAT --to-source 2604:f440:1::3:0:11
+# ===========================================================================================================
+# ========================= SNAT for outbound traffic END =================================== 
+
+# ========================================== IPv6: PORT FORWARDING ======================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] =========================================
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
+# ======================================================================================================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ========================================
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
+# =====================================================================================================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ========================================
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
+# =====================================================================================================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::3] =========================================
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
+PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
+# ======================================================================================================================================
+# ========================================== IPv6: PORT FORWARDING END ==================================================
+
+# ============= IPv4: DELETE Allow established and related connections ================================================================
+PostDown = iptables -D FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+PostDown = iptables -D FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+# =======================================================================================================================================
+# PostDown = iptables -D FORWARD -i wg2 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostDown = iptables -D FORWARD -i wg2 -o eth0 -j ACCEPT
+# =======================================================================================================================================
+
+# ============= IPv6: DELETE Allow established and related connections ================================================================
+PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+PostDown = ip6tables -D FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+# =====================================================================================================================================
+# ========================================================================================================================================
+# PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
+PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -j ACCEPT
+# ========================================================================================================================================
+
+# ========================================== IPv6: PORT FORWARDING ====================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ===========================================
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
+# ========================================================================================================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ==========================================
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
+# =======================================================================================================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ==========================================
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
+# =======================================================================================================================================
+# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::3] ===========================================
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
+PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
+# ========================================================================================================================================
+# ========================================== IPv6: PORT FORWARDING END ==================================================
+
+# ============================ SNAT for outbound traffic =================================== 
+# ============================= IP Reserved for IPv4: [10.9.0.0/24] =============================
+PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.9.0.0/24 -j SNAT --to-source 154.29.72.51
+# ===============================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] =====================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:10
+# =============================================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ====================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:e
+# ============================================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ====================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:f
+# ============================================================================================================
+# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] =====================================
+PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::3 -j SNAT --to-source 2604:f440:1::3:0:11
+# =============================================================================================================
+# ========================= SNAT for outbound traffic END =================================== 
+
+# / === END OF FIREWALL === \ #