webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

wireguard: Automatically apply MASQUERADE for peers with local address

Browse Source 
commit 459bb750298c09990c0c8d4677f0f442887304d0
Author: Michael Tremer <michael.tremer@ipfire.org>
Date:   Sat Apr 26 14:30:44 2025 +0200

    wireguard: Automatically apply MASQUERADE for peers with local address

    In this case we are the client and we cannot leak any local subnets.

    Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2025-06-25 09:32:14 -07:00
parent 53443e304a
commit 5d1364bf86
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/initscripts/system/firewall
View File

@@ -218,10 +218,14 @@ iptables_init() {
iptables -A OUTPUT -m policy --dir out --pol none -j IPSECBLOCK iptables -A OUTPUT -m policy --dir out --pol none -j IPSECBLOCK
# Block unauthorized WireGuard traffic # Block unauthorized WireGuard traffic
ipatbles -N WGBLOCK iptables -N WGBLOCK
iptables -A INPUT -i wg+ -j WGBLOCK iptables -A INPUT -i wg+ -j WGBLOCK
iptables -A FORWARD -i wg+ -j WGBLOCK iptables -A FORWARD -i wg+ -j WGBLOCK
# NAT for WireGuard peers
iptables -t nat -N WGNAT
iptables -t nat -A POSTROUTING -j WGNAT
# Block OpenVPN transfer networks # Block OpenVPN transfer networks
iptables -N OVPNBLOCK iptables -N OVPNBLOCK
iptables -A INPUT -i tun+ -j OVPNBLOCK iptables -A INPUT -i tun+ -j OVPNBLOCK