General • Re: wireguard problem

Code:

add action=accept chain=input comment="Allow WireGuard" dst-port=18881 \    protocol=udpadd action=accept chain=input comment="Allow WireGuard traffic" src-address=\    10.88.88.0/24add action=accept chain=forward comment="Allow Wiregurard to LAN" in-interface=\    wireguard1 out-interface-list=LANadd action=accept chain=input comment="Allow established,related,untracked" \    connection-state=established,related,untrackedadd action=drop chain=input comment="Drop invalid" connection-state=invalidadd action=accept chain=input comment="Allow ICMP after RAW" protocol=icmpadd action=accept chain=input comment="Allow LAN" src-address-list=\    local_lan_ipv4add action=accept chain=input comment="Allow LAN DNS queries-UDP" dst-port=53 \    in-interface-list=LAN protocol=udpadd action=accept chain=input comment="Allow LAN DNS queries-TCP" dst-port=53 \    in-interface-list=LAN protocol=tcpadd action=drop chain=input comment="Drop all else" disabled=yesadd action=drop chain=input comment="Drop all not coming from LAN" \    in-interface-list=!LANadd action=accept chain=forward comment="Accept in ipsec policy" ipsec-policy=\    in,ipsecadd action=accept chain=forward comment="Accept out ipsec policy" ipsec-policy=\    out,ipsecadd action=accept chain=forward comment="Accept established,related,untracked" \    connection-state=established,related,untrackedadd action=drop chain=forward comment="Drop invalid" connection-state=invalidadd action=accept chain=forward comment="Allow internet traffic" \    in-interface-list=LAN out-interface-list=WANadd action=accept chain=forward comment="Allow Wiregurard to LAN" disabled=yes \    dst-address=10.88.88.0/24 in-interface-list=LANadd action=accept chain=forward comment="Allow dst-nat from both WAN and LAN" \    connection-nat-state=dstnatadd action=accept chain=forward comment="Accept all coming from LAN" \    in-interface-list=LANadd action=drop chain=forward comment="Drop all else"add action=drop chain=forward comment="defconf: drop invalid" connection-state=\    invalid disabled=yesadd action=drop chain=forward comment="defconf: drop bad forward IPs" disabled=\    yes src-address-list=no_forward_ipv4add action=drop chain=forward comment="defconf: drop bad forward IPs" disabled=\    yes dst-address-list=no_forward_ipv4

As you can see, I put everything related to Wireguard at the top.

Statistics: Posted by JAza — Mon Jan 29, 2024 7:59 am