Merge fa5b28e2ee into d35bd6e75b

Update postdown.sh
Added a corresponding rule to clean up the peer drop traffic rule in the postdown script.
2024-09-20 07:16:25 +08:00 · 2024-09-12 12:17:29 +08:00 · 2024-09-04 17:20:28 +05:30 · 2024-09-04 17:19:05 +05:30
2 changed files with 8 additions and 2 deletions
--- a/src/iptable-rules/postdown.sh
+++ b/src/iptable-rules/postdown.sh
@ -7,7 +7,10 @@ CHAIN_NAME="WIREGUARD_$WIREGUARD_INTERFACE"

 iptables -t nat -D POSTROUTING -o $MASQUERADE_INTERFACE -j MASQUERADE -s $WIREGUARD_LAN

+# Remove the drop rules between the peers
+iptables -D FORWARD -i $WIREGUARD_INTERFACE -o $WIREGUARD_INTERFACE -j DROP
+
 # Remove and delete the WIREGUARD_wg0 chain
 iptables -D FORWARD -j $CHAIN_NAME
 iptables -F $CHAIN_NAME
-iptables -X $CHAIN_NAME
+iptables -X $CHAIN_NAME
--- a/src/iptable-rules/postup.sh
+++ b/src/iptable-rules/postup.sh
@ -22,5 +22,8 @@ iptables -A $CHAIN_NAME -o lo -j ACCEPT
 # Drop everything else coming through the Wireguard interface
 iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP

+# Drop traffic between the peers
+iptables -I FORWARD -i $WIREGUARD_INTERFACE -o $WIREGUARD_INTERFACE -j DROP
+
 # Return to FORWARD chain
-iptables -A $CHAIN_NAME -j RETURN
+iptables -A $CHAIN_NAME -j RETURN
Author	SHA1	Message	Date
mzs114	4313d66061	Merge `fa5b28e2ee` into `d35bd6e75b`	2024-09-12 12:17:29 +08:00
mzs114	fa5b28e2ee	Update postdown.sh Added a corresponding rule to clean up the peer drop traffic rule in the postdown script.	2024-09-04 17:20:28 +05:30
mzs114	32a6678378	Update postup.sh Added drop rules to drop the traffic between the peers, this is required for enhanced security.	2024-09-04 17:19:05 +05:30