42 lines
939 B
Plaintext
42 lines
939 B
Plaintext
table ip wg {}; delete table ip wg
|
|
|
|
table ip wg {
|
|
chain input {
|
|
type filter hook input priority filter; policy drop;
|
|
ct state invalid counter drop
|
|
ct state {established,related} counter accept
|
|
|
|
iif "lo" counter accept
|
|
ip protocol {icmp,icmpv6} counter accept
|
|
|
|
tcp dport $SSH_PORT counter accept comment "ssh"
|
|
iif "$iface" udp dport 443 counter accept comment "wg"
|
|
|
|
counter comment "dropped"
|
|
}
|
|
|
|
chain forward {
|
|
type filter hook forward priority filter; policy drop;
|
|
|
|
iif "wg0" counter accept
|
|
oif "wg0" counter accept
|
|
|
|
counter comment "dropped"
|
|
}
|
|
|
|
chain output {
|
|
type filter hook output priority filter; policy accept;
|
|
|
|
counter comment "accepted"
|
|
}
|
|
|
|
chain postrouting {
|
|
type nat hook postrouting priority srcnat; policy drop;
|
|
|
|
oif "$iface" counter masquerade
|
|
oif "wg0" counter masquerade
|
|
|
|
counter comment "dropped"
|
|
}
|
|
}
|