git Service of IN-Ulm e.V. Explore Help
Sign In
ulpeters
/
snippets
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

inital

Toastie 2 years ago
parent
c61161e4a7
commit
ce8741af8f
1 changed files with 34 additions and 0 deletions
Split View Show Diff Stats
  1. 34 0
      linux/wireguard/wg-persistent.sh

+ 34 - 0
linux/wireguard/wg-persistent.sh
View File 

@@ -0,0 +1,34 @@
 
+#!/bin/bash
 
+
 
+### References
 
+# https://wiki.archlinux.org/title/WireGuard
 
+
 
+# Make an running config from wg-instant.sh persistent
 
+
 
+
 
+wg showconf wg0 > /etc/wireguard/wg0.conf
 
+# remove endpoint IPs from dynamic peers
 
+# add for [Interface]
 
+Address = 192.168.130.1/24
 
+PostUp = iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; iptables -I INPUT 1 -i %i -j ACCEPT; iptables -I FORWARD 1 -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; iptables -I FORWARD 1 -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; iptables -I INPUT 1 -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
 
+PostDown = iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; iptables -D INPUT -i %i -j ACCEPT; iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; iptables -D FORWARD -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
 
+
 
+## Rules in several lines for better readability
 
+iptables -t nat -I POSTROUTING 1 -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
+iptables -I INPUT 1 -i %i -j ACCEPT; 
+iptables -I FORWARD 1 -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; 
+iptables -I FORWARD 1 -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
+iptables -I INPUT 1 -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
 
+
 
+iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
+iptables -D INPUT -i %i -j ACCEPT; 
+iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o %i -j ACCEPT; 
+iptables -D FORWARD -i %i -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
+iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
 
+
 
+iptables -t nat -D POSTROUTING -s 192.168.130.0/24 -o $(ip link | grep -o -E "ens[0-9]") -j MASQUERADE; 
+iptables -D INPUT -i wg0 -j ACCEPT; 
+iptables -D FORWARD -i $(ip link | grep -o -E "ens[0-9]") -o wg0 -j ACCEPT; 
+iptables -D FORWARD -i wg0 -o $(ip link | grep -o -E "ens[0-9]") -j ACCEPT; 
+iptables -D INPUT -i $(ip link | grep -o -E "ens[0-9]") -p udp --dport 51871 -j ACCEPT
 
+