beenull/raspap-webgui-mirror
1
0
Fork 0
mirror of https://github.com/RaspAP/raspap-webgui.git synced 2024-11-22 07:30:23 +00:00
Code Issues Projects Releases Packages Wiki Activity

Update iptables_rules.json

Browse source 
updated firewall rules for openvpn and wireguard to stop packet leakage if either tunnel abends.
This commit is contained in:
frankozland 2024-08-24 18:49:39 -04:00 committed by GitHub
parent 57199def06
commit c6520d99e9
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 16 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
config/iptables_rules.json
View file

@ -117,11 +117,16 @@
{ "var": "ap-device", "type": "string", "replace": "$INTERFACE$" } { "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
], ],
"rules": [ "rules": [
"-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT", "-A INPUT -s $IPADDRESS$ -j ACCEPT",
"-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT", "-A FORWARD -i tun+ -o wlan+ -j ACCEPT",
"-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT", "-A FORWARD -i tun+ -o tun+ -j DROP",
"-t nat -A POSTROUTING -o tun+ -j MASQUERADE" "-A FORWARD -i wlan+ -o tun+ -j ACCEPT",
"-A FORWARD -i eth+ -o tun+ -j ACCEPT",
"-A FORWARD -i tun+ -o eth+ -j ACCEPT",
"-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE",
"-P FORWARD DROP"
] ]
}, },
{ {
"name": "wireguard", "name": "wireguard",
@ -134,8 +139,13 @@
], ],
"rules": [ "rules": [
"-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT", "-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
"-A FORWARD -i wg+ -j ACCEPT", "-A FORWARD -i wg+ -o wlan+ -j ACCEPT",
"-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE" "-A FORWARD -i wg+ -o wg+ -j DROP",
"-A FORWARD -i wlan+ -o wg+ -j ACCEPT",
"-A FORWARD -i eth+ -o wg+ -j ACCEPT",
"-A FORWARD -i wg+ -o eth+ -j ACCEPT",
"-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE",
"-P FORWARD DROP"
] ]
} }
], ],