wireguard: Block unauthorized traffic

commit 89b976e9a7e4da13b82de4aadadb63ffaf3031a6 Author: Michael Tremer <michael.tremer@ipfire.org> Date: Thu Apr 25 20:32:57 2024 +0200 wireguard: Block unauthorized traffic Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
2026-04-09 10:35:53 +02:00 · 2025-06-25 09:29:27 -07:00
parent 457c79518d
commit 53443e304a
1 changed files with 5 additions and 0 deletions
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -217,6 +217,11 @@ iptables_init() {
 	iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
 	iptables -A OUTPUT  -m policy --dir out --pol none -j IPSECBLOCK

+	# Block unauthorized WireGuard traffic
+	ipatbles -N WGBLOCK
+	iptables -A INPUT   -i wg+ -j WGBLOCK
+	iptables -A FORWARD -i wg+ -j WGBLOCK
+
 	# Block OpenVPN transfer networks
 	iptables -N OVPNBLOCK
 	iptables -A INPUT   -i tun+ -j OVPNBLOCK