webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 10:35:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

wireguard: Automatically apply MASQUERADE for peers with local address

Browse Source 
commit 459bb750298c09990c0c8d4677f0f442887304d0
    Author: Michael Tremer <michael.tremer@ipfire.org>
    Date:   Sat Apr 26 14:30:44 2025 +0200

        wireguard: Automatically apply MASQUERADE for peers with local address

        In this case we are the client and we cannot leak any local subnets.

        Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2025-07-02 18:53:06 +00:00
parent 3a8cd99ef1
commit e9c5334eeb
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/initscripts/system/firewall
View File

@@ -217,10 +217,14 @@ iptables_init() {
iptables -A OUTPUT -m policy --dir out --pol none -j IPSECBLOCK
# Block unauthorized WireGuard traffic
ipatbles -N WGBLOCK
iptables -N WGBLOCK
iptables -A INPUT -i wg+ -j WGBLOCK
iptables -A FORWARD -i wg+ -j WGBLOCK
# NAT for WireGuard peers
iptables -t nat -N WGNAT
iptables -t nat -A POSTROUTING -j WGNAT
# Block OpenVPN transfer networks
iptables -N OVPNBLOCK
iptables -A INPUT -i tun+ -j OVPNBLOCK