JoshsNetwork/NA-NYC-01-WIREGUARD-TUNNEL-FILES
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2024-03-22. You can view files and clone it, but cannot push or open issues or pull requests.
NA-NYC-01-WIREGUARD-TUNNEL-.../interfaces/NEW/wg1.new.conf
DIVISIONSolar 4da7fc0690
eeee
2024-03-08 15:16:25 -05:00

154 lines
No EOL
14 KiB
Text
Raw Permalink Blame History

# / === START OF FIREWALL === \ #
# Allow loopback traffic
PostUp = iptables -A INPUT -i lo -j ACCEPT
PostUp = iptables -A OUTPUT -o lo -j ACCEPT
PostUp = ip6tables -A INPUT -i lo -j ACCEPT
PostUp = ip6tables -A OUTPUT -o lo -j ACCEPT
# ================== IPv4: Allow established and related connections =====================
PostUp = iptables -A FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = iptables -A FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# ========================================================================================
# ================== IPv6: Allow established and related connections ======================
PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =========================================================================================
# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
# PostUp = iptables -A FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostUp = iptables -A FORWARD -i wg1 -o eth0 -j ACCEPT
# =====================================================================================================================================
# ====================================================================================================================================# PostUp = iptables -A FORWARD -i eth0 -o wg1 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7PostUp = iptables -A FORWARD -i eth0 -o wg1 -j ACCEPT
# ====================================================================================================================================# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port =================
# PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostUp = ip6tables -A FORWARD -i wg1 -o eth0 -j ACCEPT
# ======================================================================================================================================
# =====================================================================================================================================
# PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostUp = ip6tables -A FORWARD -i eth0 -o wg1 -j ACCEPT
# =====================================================================================================================================
# ============================ SNAT for outbound traffic ===================================
#PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
# =================================== IP Reserved for IPv4: [10.8.0.2] =====================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.2 -j SNAT --to-source 154.29.72.96
# ==========================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.3] =====================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.3 -j SNAT --to-source 154.29.72.59
# ==========================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.4] =====================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.4 -j SNAT --to-source 154.29.72.98
# ==========================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.6] ======================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.6 -j SNAT --to-source 154.29.72.100
# ===========================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.9] ======================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.9 -j SNAT --to-source 154.29.72.101
# ===========================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.11] ======================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.8.0.11 -j SNAT --to-source 154.29.72.102
# ============================================================================================
# =================================== DNAT for inbound traffic ==============================
# =================================== IP Reserved for IPv4: [10.8.0.2] ===============
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.96 -j DNAT --to-destination 10.8.0.2
# ====================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.3] ===============
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.59 -j DNAT --to-destination 10.8.0.3
# ====================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.4] ===============
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.98 -j DNAT --to-destination 10.8.0.4
# ====================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.6] ================
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.100 -j DNAT --to-destination 10.8.0.6
# =====================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.9] ================
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.101 -j DNAT --to-destination 10.8.0.9
# ======================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.11] ================
PostUp = iptables -t nat -A PREROUTING -d 154.29.72.102 -j DNAT --to-destination 10.8.0.11
# ======================================================================================
# ============= IPv4: DELETE Allow established and related connections ================================================================
PostDown = iptables -D FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
PostDown = iptables -D FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
# =======================================================================================================================================
# PostDown = iptables -D FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostDown = iptables -D FORWARD -i wg1 -o eth0 -j ACCEPT
# =======================================================================================================================================
# ============= IPv6: DELETE Allow established and related connections ================================================================
PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
PostDown = ip6tables -D FORWARD -i eth0 -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
# ========================================================================================================================================
# PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostDown = ip6tables -D FORWARD -i wg1 -o eth0 -j ACCEPT
# ========================================================================================================================================
# ============================ SNAT for outbound traffic ===================================
#PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.0/24 -j MASQUERADE
# =================================== IP Reserved for IPv4: [10.8.0.2] =======================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.2 -j SNAT --to-source 154.29.72.96
# ============================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.3] =====================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.3 -j SNAT --to-source 154.29.72.59
# ==========================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.4] =======================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.4 -j SNAT --to-source 154.29.72.98
# ============================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.6] ========================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.6 -j SNAT --to-source 154.29.72.100
# =============================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.9] ========================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.9 -j SNAT --to-source 154.29.72.101
# =============================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.10] =======================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.10 -j SNAT --to-source 154.29.72.98
# =============================================================================================
# =================================== IP Reserved for IPv4: [10.8.0.11] ========================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.8.0.11 -j SNAT --to-source 154.29.72.102
# ==============================================================================================
# # =================================== DNAT for inbound traffic ==========================
# # =================================== IP Reserved for IPv4: [10.8.0.2] =================
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.96 -j DNAT --to-destination 10.8.0.2
# # ======================================================================================
# # =================================== IP Reserved for IPv4: [10.8.0.2] =================
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.59 -j DNAT --to-destination 10.8.0.3
# # ======================================================================================
# # =================================== IP Reserved for IPv4: [10.8.0.4] =================
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.98 -j DNAT --to-destination 10.8.0.4
# # ======================================================================================
# # =================================== IP Reserved for IPv4: [10.8.0.6] ==================
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.100 -j DNAT --to-destination 10.8.0.6
# # =======================================================================================
# # =================================== IP Reserved for IPv4: [10.8.0.9] ==================
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.101 -j DNAT --to-destination 10.8.0.9
# # =======================================================================================
# # =================================== IP Reserved for IPv4: [10.8.0.11] ==================
PostDown = iptables -t nat -D PREROUTING -d 154.29.72.102 -j DNAT --to-destination 10.8.0.11
# ==========================================================================================
# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::2] ==================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::2 -j SNAT --to-source 2604:f440:1::3:0:b
# ============================================================================================================
# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::3] ==================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::3 -j SNAT --to-source 2604:f440:1::3:0:c
# ============================================================================================================
# =============================== IP Reserved for IPv6: [fd81:bb6b:ee21::4] ==================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fd81:bb6b:ee21::4 -j SNAT --to-source 2604:f440:1::3:0:d
# ============================================================================================================
# ================================= SNAT for outbound traffic END ============================================
# Allow loopback traffic
PostDown = iptables -D INPUT -i lo -j ACCEPT
PostDown = iptables -D OUTPUT -o lo -j ACCEPT
PostDown = ip6tables -D INPUT -i lo -j ACCEPT
PostDown = ip6tables -D OUTPUT -o lo -j ACCEPT
# / === END OF FIREWALL === \ #
Reference in a new issue View git blame Copy permalink