webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

firewall: Allow WG traffic when the firewall is in permissive mode

Browse Source 
commit d6868ae94c63d0f708985e6bb6604a4bd40cf1a8
    Author: Michael Tremer <michael.tremer@ipfire.org>
    Date:   Fri Sep 6 18:20:46 2024 +0200

        firewall: Allow WG traffic when the firewall is in permissive mode

        Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2025-07-04 03:40:37 +00:00
parent 7b0cc24bbf
commit 97e543817a
1 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
config/firewall/firewall-policy
View File

@@ -54,6 +54,7 @@ esac
HAVE_IPSEC="true" HAVE_IPSEC="true"
HAVE_OPENVPN="true" HAVE_OPENVPN="true"
HAVE_WG="true"
# INPUT # INPUT
@@ -97,6 +98,14 @@ case "${HAVE_OPENVPN},${POLICY}" in
;; ;;
esac esac
# WireGuard INPUT
case "${HAVE_WG},${POLICY}" in
true,MODE1) ;;
true,*)
iptables -A POLICYIN -i wg+ -j ACCEPT
;;
esac
case "${FWPOLICY2}" in case "${FWPOLICY2}" in
REJECT) REJECT)
if [ "${DROPINPUT}" = "on" ]; then if [ "${DROPINPUT}" = "on" ]; then
@@ -149,6 +158,9 @@ case "${POLICY}" in
# Grant access for OpenVPN connections # Grant access for OpenVPN connections
iptables -A POLICYFWD -i tun+ -j ACCEPT iptables -A POLICYFWD -i tun+ -j ACCEPT
# Grant access for WireGuard
iptables -A POLICYFWD -i wg+ -j ACCEPT
if [ -n "${IFACE}" ]; then if [ -n "${IFACE}" ]; then
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT