Home Explore Help
Register Sign In
antennine
/
infra_public
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: d16d30e9aa
Branches Tags
infra_public
/
roles
/
stable
/
build
/
files
/
packages
/
vs-ninux-wg
/
root
/
etc
/
uci-defaults
/
90_wg-firewall

90_wg-firewall 1.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536 
  1. #!/bin/sh
    2. 

  2. 

  3. uci set firewall.wg_allow="rule"
    4. 

  4. uci set firewall.wg_allow.src="*"
    5. 

  5. uci set firewall.wg_allow.target="ACCEPT"
    6. 

  6. uci set firewall.wg_allow.proto="udp"
    7. 

  7. uci set firewall.wg_allow.dest_port="51800"
    8. 

  8. uci set firewall.wg_allow.name="Allow-Wireguard-Inbound"
    9. 

  9. 

  10. # Add the firewall zone
    11. 

  11. uci add firewall zone
    12. 

  12. uci set firewall.@zone[-1].name='wg'
    13. 

  13. uci set firewall.@zone[-1].input='ACCEPT'
    14. 

  14. uci set firewall.@zone[-1].forward='ACCEPT'
    15. 

  15. uci set firewall.@zone[-1].output='ACCEPT'
    16. 

  16. uci set firewall.@zone[-1].masq='1'
    17. 

  17. 

  18. # Add the WG interface to it
    19. 

  19. uci set firewall.@zone[-1].network='wg0'
    20. 

  20. 

  21. # Forward WAN and LAN traffic to/from it
    22. 

  22. uci add firewall forwarding
    23. 

  23. uci set firewall.@forwarding[-1].src='wg'
    24. 

  24. uci set firewall.@forwarding[-1].dest='wan'
    25. 

  25. uci add firewall forwarding
    26. 

  26. uci set firewall.@forwarding[-1].src='wg'
    27. 

  27. uci set firewall.@forwarding[-1].dest='lan'
    28. 

  28. uci add firewall forwarding
    29. 

  29. uci set firewall.@forwarding[-1].src='lan'
    30. 

  30. uci set firewall.@forwarding[-1].dest='wg'
    31. 

  31. uci add firewall forwarding
    32. 

  32. uci set firewall.@forwarding[-1].src='wan'
    33. 

  33. uci set firewall.@forwarding[-1].dest='wg'
    34. 

  34. 

  35. uci commit firewall
    36. 

  36. /etc/init.d/firewall restart
    37.