wireguard: Block unauthorized traffic

commit 89b976e9a7e4da13b82de4aadadb63ffaf3031a6 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Thu Apr 25 20:32:57 2024 +0200 wireguard: Block unauthorized traffic Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 18:45:54 +02:00 · 2025-07-02 18:48:39 +00:00
parent c74e903b32
commit 3a8cd99ef1
1 changed files with 5 additions and 0 deletions
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -216,6 +216,11 @@ iptables_init() {
 	iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
 	iptables -A OUTPUT  -m policy --dir out --pol none -j IPSECBLOCK

+	# Block unauthorized WireGuard traffic
+	ipatbles -N WGBLOCK
+	iptables -A INPUT   -i wg+ -j WGBLOCK
+	iptables -A FORWARD -i wg+ -j WGBLOCK
+
 	# Block OpenVPN transfer networks
 	iptables -N OVPNBLOCK
 	iptables -A INPUT   -i tun+ -j OVPNBLOCK