mirror of
https://github.com/RaspAP/raspap-webgui.git
synced 2024-11-25 09:00:25 +00:00
Add installation script
Add wireguard iptables rules
This commit is contained in:
parent
5f0eb25f5c
commit
2e1781a2eb
2 changed files with 36 additions and 1 deletions
|
@ -95,13 +95,28 @@
|
|||
"dependson": [
|
||||
{ "var": "openvpn-enable", "type": "bool" },
|
||||
{ "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" },
|
||||
{ "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
|
||||
{ "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
|
||||
],
|
||||
"rules": [
|
||||
"-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
|
||||
"-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT",
|
||||
"-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT",
|
||||
"-t nat -A POSTROUTING -o tun+ -j MASQUERADE"
|
||||
]
|
||||
},
|
||||
{
|
||||
"name": "wireguard",
|
||||
"comment": "Rules for wireguard device (wg)",
|
||||
"dependson": [
|
||||
{ "var": "wireguard-enable", "type": "bool" },
|
||||
{ "var": "wireguard-serverip", "type": "string", "replace": "$IPADDRESS$" },
|
||||
{ "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
|
||||
],
|
||||
"rules": [
|
||||
"-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
|
||||
"-A FORWARD -i wg+ -j ACCEPT",
|
||||
"-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE"
|
||||
]
|
||||
}
|
||||
],
|
||||
"exception_rules": [
|
||||
|
|
20
installers/install_feature_firewall.sh
Normal file
20
installers/install_feature_firewall.sh
Normal file
|
@ -0,0 +1,20 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# RaspAP feature installation: Firewall
|
||||
# to be sources by the RaspAP installer script
|
||||
# Author: @zbchristian <christian@zeitnitz.eu>
|
||||
# Author URI: https://github.com/zbchristian/
|
||||
# License: GNU General Public License v3.0
|
||||
# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
|
||||
|
||||
function _install_feature_firewall() {
|
||||
name="feature firewall"
|
||||
|
||||
_install_log "Install $name"
|
||||
_install_log " - copy configuration file"
|
||||
# create config dir
|
||||
sudo mkdir "/etc/raspap/networking/firewall" || _install_status 1 "Unable to create firewall config directory
|
||||
# copy firewall configuration
|
||||
sudo cp "$webroot_dir/config/iptables_rules.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
|
||||
_install_status 0
|
||||
}
|
Loading…
Reference in a new issue