beenull/raspap-webgui-mirror
1
0
Fork 0
mirror of https://github.com/RaspAP/raspap-webgui.git synced 2024-11-22 07:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

Add installation script

Browse source 
Add wireguard iptables rules
This commit is contained in:
Christian Zeitnitz 2021-07-17 22:26:56 +02:00
parent 5f0eb25f5c
commit 2e1781a2eb
2 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
config/iptables_rules.json
View file

@ -95,13 +95,28 @@
"dependson": [ "dependson": [
{ "var": "openvpn-enable", "type": "bool" }, { "var": "openvpn-enable", "type": "bool" },
{ "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" }, { "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" },
{ "var": "client-device", "type": "string", "replace": "$INTERFACE$" } { "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
], ],
"rules": [ "rules": [
"-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
"-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT", "-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT",
"-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT", "-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT",
"-t nat -A POSTROUTING -o tun+ -j MASQUERADE" "-t nat -A POSTROUTING -o tun+ -j MASQUERADE"
] ]
},
{
"name": "wireguard",
"comment": "Rules for wireguard device (wg)",
"dependson": [
{ "var": "wireguard-enable", "type": "bool" },
{ "var": "wireguard-serverip", "type": "string", "replace": "$IPADDRESS$" },
{ "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
],
"rules": [
"-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
"-A FORWARD -i wg+ -j ACCEPT",
"-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE"
]
} }
], ],
"exception_rules": [ "exception_rules": [

20
installers/install_feature_firewall.sh Normal file
View file

@ -0,0 +1,20 @@
#!/bin/bash
#
# RaspAP feature installation: Firewall
# to be sources by the RaspAP installer script
# Author: @zbchristian <christian@zeitnitz.eu>
# Author URI: https://github.com/zbchristian/
# License: GNU General Public License v3.0
# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
function _install_feature_firewall() {
name="feature firewall"
_install_log "Install $name"
_install_log " - copy configuration file"
# create config dir
sudo mkdir "/etc/raspap/networking/firewall" || _install_status 1 "Unable to create firewall config directory
# copy firewall configuration
sudo cp "$webroot_dir/config/iptables_rules.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
_install_status 0
}