# / === START OF FIREWALL === \ #

# ================== IPv4: Allow established and related connections =====================
PostUp = iptables -A FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = iptables -A FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
# ========================================================================================
# ================== IPv6: Allow established and related connections ======================
PostUp = ip6tables -A FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = ip6tables -A FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =========================================================================================

# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
PostUp = iptables -A FORWARD -i wg2 -o eth0 -j ACCEPT
# =====================================================================================================================================
# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port =================
PostUp = ip6tables -A FORWARD -i wg2 -o eth0 -j ACCEPT
# ======================================================================================================================================
# =====================================================================================================================================
PostUp = ip6tables -A FORWARD -i eth0 -o wg2 -j ACCEPT
# =====================================================================================================================================

# ============================ SNAT for outbound traffic ===================================
# ============================= IP Reserved for IPv4: [10.9.0.0/24] ===========================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.9.0.0/24 -j SNAT --to-source 154.29.72.51
# =============================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ===================================
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:10
# ===========================================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ==================================
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:e
# ==========================================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ==================================
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:f
# ==========================================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ===================================
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fdd4:39b8:8b48::3 -j SNAT --to-source 2604:f440:1::3:0:11
# ===========================================================================================================
# ========================= SNAT for outbound traffic END =================================== 

# ========================================== IPv6: PORT FORWARDING ======================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] =========================================
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
# ======================================================================================================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ========================================
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
# =====================================================================================================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ========================================
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
# =====================================================================================================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::3] =========================================
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
PostUp = ip6tables -t nat -A PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
# ======================================================================================================================================
# ========================================== IPv6: PORT FORWARDING END ==================================================

# ============= IPv4: DELETE Allow established and related connections ================================================================
PostDown = iptables -D FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
PostDown = iptables -D FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
# =======================================================================================================================================
# PostDown = iptables -D FORWARD -i wg2 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostDown = iptables -D FORWARD -i wg2 -o eth0 -j ACCEPT
# =======================================================================================================================================

# ============= IPv6: DELETE Allow established and related connections ================================================================
PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
PostDown = ip6tables -D FORWARD -i eth0 -o wg2 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
# ========================================================================================================================================
# PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostDown = ip6tables -D FORWARD -i wg2 -o eth0 -j ACCEPT
# ========================================================================================================================================

# ========================================== IPv6: PORT FORWARDING ====================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ===========================================
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:10 -j DNAT --to-destination fdd4:39b8:8b48::2
# ========================================================================================================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ==========================================
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:e -j DNAT --to-destination fdd4:39b8:8b48::2
# =======================================================================================================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::2] ==========================================
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:f -j DNAT --to-destination fdd4:39b8:8b48::2
# =======================================================================================================================================
# ================================== IP Port Forwarding Reserved for IPv6: [fdd4:39b8:8b48::3] ===========================================
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p tcp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
PostDown = ip6tables -t nat -D PREROUTING -i eth0 -p udp --dport 0:65535 -d 2604:f440:1::3:0:11 -j DNAT --to-destination fdd4:39b8:8b48::3
# ========================================================================================================================================
# ========================================== IPv6: PORT FORWARDING END ==================================================

# ============================ SNAT for outbound traffic =================================== 
# ============================= IP Reserved for IPv4: [10.9.0.0/24] =============================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.9.0.0/24 -j SNAT --to-source 154.29.72.51
# ===============================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] =====================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:10
# =============================================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ====================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:e
# ============================================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] ====================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::2 -j SNAT --to-source 2604:f440:1::3:0:f
# ============================================================================================================
# ============================= IP Reserved for IPv6: [fdd4:39b8:8b48::2] =====================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fdd4:39b8:8b48::3 -j SNAT --to-source 2604:f440:1::3:0:11
# =============================================================================================================
# ========================= SNAT for outbound traffic END =================================== 

# / === END OF FIREWALL === \ #