Mirrors/wireguard_webadmin
1
0
Fork 0
mirror of https://github.com/eduardogsilva/wireguard_webadmin.git synced 2025-04-19 00:45:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Use destination port from port forward rule in iptables commands

Browse Source
This commit is contained in:
Eduardo Silva 2025-03-13 10:14:50 -03:00
parent c574607173
commit c8aedc5437
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
firewall/tools.py
View File

@ -1,7 +1,8 @@
from firewall.models import FirewallRule, FirewallSettings, RedirectRule
from wireguard.models import Peer, PeerAllowedIP, WireGuardInstance
from django.utils import timezone from django.utils import timezone
from firewall.models import FirewallRule, FirewallSettings, RedirectRule
from wireguard.models import PeerAllowedIP, WireGuardInstance
def get_peer_addresses(peers, include_networks): def get_peer_addresses(peers, include_networks):
addresses = [] addresses = []
@ -218,19 +219,27 @@ def generate_port_forward_firewall():
for redirect_rule in RedirectRule.objects.all().order_by('port'): for redirect_rule in RedirectRule.objects.all().order_by('port'):
description = f" - {redirect_rule.description} " if redirect_rule.description else "" description = f" - {redirect_rule.description} " if redirect_rule.description else ""
rule_destination = redirect_rule.ip_address rule_destination = redirect_rule.ip_address
try:
if redirect_rule.port_forward:
destination_port = int(redirect_rule.port_forward)
else:
destination_port = redirect_rule.port
except:
destination_port = redirect_rule.port
if redirect_rule.peer: if redirect_rule.peer:
peer_allowed_ip_address = PeerAllowedIP.objects.filter(peer=redirect_rule.peer, config_file='server', netmask=32, priority=0).first() peer_allowed_ip_address = PeerAllowedIP.objects.filter(peer=redirect_rule.peer, config_file='server', netmask=32, priority=0).first()
if peer_allowed_ip_address: if peer_allowed_ip_address:
rule_destination = peer_allowed_ip_address.allowed_ip rule_destination = peer_allowed_ip_address.allowed_ip
if rule_destination: if rule_destination:
rule_text = f"# {redirect_rule.port}/{redirect_rule.protocol} - {redirect_rule.uuid} - Port Forward Rule set{description}\n" rule_text = f"# {redirect_rule.port}/{redirect_rule.protocol} - {redirect_rule.uuid} - Port Forward Rule set{description}\n"
rule_text += f"iptables -t nat -A WGWADM_PREROUTING -p {redirect_rule.protocol} -d wireguard-webadmin -i {wan_interface} --dport {redirect_rule.port} -j DNAT --to-dest {rule_destination}:{redirect_rule.port}\n" rule_text += f"iptables -t nat -A WGWADM_PREROUTING -p {redirect_rule.protocol} -d wireguard-webadmin -i {wan_interface} --dport {redirect_rule.port} -j DNAT --to-dest {rule_destination}:{destination_port}\n"
if redirect_rule.masquerade_source: if redirect_rule.masquerade_source:
rule_text += f"iptables -t nat -A WGWADM_POSTROUTING -p {redirect_rule.protocol} -d {rule_destination} -o wg+ --dport {redirect_rule.port} -j MASQUERADE\n" rule_text += f"iptables -t nat -A WGWADM_POSTROUTING -p {redirect_rule.protocol} -d {rule_destination} -o wg+ --dport {destination_port} -j MASQUERADE\n"
if redirect_rule.add_forward_rule: if redirect_rule.add_forward_rule:
rule_text += f"iptables -t filter -A WGWADM_FORWARD -p {redirect_rule.protocol} -d {rule_destination} -i {wan_interface} -o wg+ --dport {redirect_rule.port} -j ACCEPT\n" rule_text += f"iptables -t filter -A WGWADM_FORWARD -p {redirect_rule.protocol} -d {rule_destination} -i {wan_interface} -o wg+ --dport {destination_port} -j ACCEPT\n"
redirect_firewall += rule_text redirect_firewall += rule_text