mirror of
https://github.com/donaldzou/WGDashboard.git
synced 2025-07-14 09:06:58 +00:00
2d5796d161
Reimplemented Automatic Wireguard Configuration Generation Setting global Env Vars via the docker image build is still insecure, better to pass to dashboard before init.
26 lines
901 B
Bash
26 lines
901 B
Bash
#!/bin/bash
|
|
WIREGUARD_INTERFACE=ADMINS
|
|
WIREGUARD_LAN=10.0.0.1/24
|
|
MASQUERADE_INTERFACE=eth0
|
|
|
|
iptables -t nat -I POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN
|
|
|
|
# Add a WIREGUARD_wg0 chain to the FORWARD chain
|
|
CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"
|
|
iptables -N $CHAIN_NAME
|
|
iptables -A FORWARD -j $CHAIN_NAME
|
|
|
|
# Accept related or established traffic
|
|
iptables -A $CHAIN_NAME -o $WIREGUARD_INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
# Accept traffic from any Wireguard IP address connected to the Wireguard server
|
|
iptables -A $CHAIN_NAME -s $WIREGUARD_LAN -i $WIREGUARD_INTERFACE -j ACCEPT
|
|
|
|
# Allow traffic to the local loopback interface
|
|
iptables -A $CHAIN_NAME -o lo -j ACCEPT
|
|
|
|
# Drop everything else coming through the Wireguard interface
|
|
iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP
|
|
|
|
# Return to FORWARD chain
|
|
iptables -A $CHAIN_NAME -j RETURN |