wireguard: Block unauthorized traffic

commit 89b976e9a7e4da13b82de4aadadb63ffaf3031a6
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Thu Apr 25 20:32:57 2024 +0200

    wireguard: Block unauthorized traffic

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>

src/initscripts/system/firewall

@@ -217,6 +217,11 @@ iptables_init() {
 	iptables -A FORWARD -m policy --dir out --pol none -j IPSECBLOCK
 	iptables -A OUTPUT  -m policy --dir out --pol none -j IPSECBLOCK
 
+	# Block unauthorized WireGuard traffic
+	ipatbles -N WGBLOCK
+	iptables -A INPUT   -i wg+ -j WGBLOCK
+	iptables -A FORWARD -i wg+ -j WGBLOCK
+
 	# Block OpenVPN transfer networks
 	iptables -N OVPNBLOCK
 	iptables -A INPUT   -i tun+ -j OVPNBLOCK