123456789101112131415161718192021222324252627282930313233343536 |
- #!/bin/sh
- uci set firewall.wg_allow="rule"
- uci set firewall.wg_allow.src="*"
- uci set firewall.wg_allow.target="ACCEPT"
- uci set firewall.wg_allow.proto="udp"
- uci set firewall.wg_allow.dest_port="51800"
- uci set firewall.wg_allow.name="Allow-Wireguard-Inbound"
- # Add the firewall zone
- uci add firewall zone
- uci set firewall.@zone[-1].name='wg'
- uci set firewall.@zone[-1].input='ACCEPT'
- uci set firewall.@zone[-1].forward='ACCEPT'
- uci set firewall.@zone[-1].output='ACCEPT'
- uci set firewall.@zone[-1].masq='1'
- # Add the WG interface to it
- uci set firewall.@zone[-1].network='wg0'
- # Forward WAN and LAN traffic to/from it
- uci add firewall forwarding
- uci set firewall.@forwarding[-1].src='wg'
- uci set firewall.@forwarding[-1].dest='wan'
- uci add firewall forwarding
- uci set firewall.@forwarding[-1].src='wg'
- uci set firewall.@forwarding[-1].dest='lan'
- uci add firewall forwarding
- uci set firewall.@forwarding[-1].src='lan'
- uci set firewall.@forwarding[-1].dest='wg'
- uci add firewall forwarding
- uci set firewall.@forwarding[-1].src='wan'
- uci set firewall.@forwarding[-1].dest='wg'
- uci commit firewall
- /etc/init.d/firewall restart
|