JoshsNetwork/NA-NYC-01-WIREGUARD-TUNNEL-FILES
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2024-03-22. You can view files and clone it, but cannot push or open issues or pull requests.
NA-NYC-01-WIREGUARD-TUNNEL-.../wg0.new.conf
JoshS c77354e6b2 first
2024-03-08 15:14:24 -05:00

61 lines
No EOL
5.5 KiB
Text
Raw Blame History

# / === START OF FIREWALL === \ #
# ================== IPv4: Allow established and related connections =====================
PostUp = iptables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = iptables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# ========================================================================================
# ================== IPv6: Allow established and related connections ======================
PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =========================================================================================
# ========================================== IPv4: Log outbound traffic from WireGuard VPN to any destination and port ================
# PostUp = iptables -A FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostUp = iptables -A FORWARD -i wg0 -o eth0 -j ACCEPT
# =====================================================================================================================================
# PostUp = iptables -A FORWARD -i eth0 -o wg0 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostUp = iptables -A FORWARD -i eth0 -o wg0 -j ACCEPT
# =====================================================================================================================================
# ========================================== IPv6: Log outbound traffic from WireGuard VPN to any destination and port ================
# PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostUp = ip6tables -A FORWARD -i wg0 -o eth0 -j ACCEPT
# =====================================================================================================================================
# PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -j LOG --log-prefix "INBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostUp = ip6tables -A FORWARD -i eth0 -o wg0 -j ACCEPT
# =====================================================================================================================================
# SNAT for outbound traffic
# ============================= IP Reserved for IPv4: [10.7.0.0/24] ===========================
PostUp = iptables -t nat -A POSTROUTING -o eth0 -s 10.7.0.0/24 -j SNAT --to-source 154.29.72.51
# =============================================================================================
# ============================= IP Reserved for IPv6: [fd81:bb6b:ee21::2] ======================================
PostUp = ip6tables -t nat -A POSTROUTING -o eth0 -s fddd:2c4:2c4:2c4::/24 -j SNAT --to-source 2604:f440:1::3:0:a
# ==============================================================================================================
# ============= IPv4: DELETE Allow established and related connections ================================================================
PostDown = iptables -D FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
PostDown = iptables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
# PostDown = iptables -D FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostDown = iptables -D FORWARD -i wg0 -o eth0 -j ACCEPT
# =====================================================================================================================================
# ============= IPv6: DELETE Allow established and related connections ================================================================
PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
PostDown = ip6tables -D FORWARD -i eth0 -o wg0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# =====================================================================================================================================
# PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -j LOG --log-prefix "OUTBOUND_TRAFFIC: " --log-ip-options --log-tcp-options --log-level 7
PostDown = ip6tables -D FORWARD -i wg0 -o eth0 -j ACCEPT
# =====================================================================================================================================
# Remove SNAT rule
# ============================= IP Reserved for IPv4: [10.7.0.0/24] =============================
PostDown = iptables -t nat -D POSTROUTING -o eth0 -s 10.7.0.0/24 -j SNAT --to-source 154.29.72.51
# ===============================================================================================
# ============================= IP Reserved for IPv6: [fd81:bb6b:ee21::2] ========================================
PostDown = ip6tables -t nat -D POSTROUTING -o eth0 -s fddd:2c4:2c4:2c4::/24 -j SNAT --to-source 2604:f440:1::3:0:a
# ================================================================================================================
# / === END OF FIREWALL === \ #
Reference in a new issue View git blame Copy permalink