Allow access WireGuard via port 53/UDP
This commit is contained in:
parent
3fcd038fdf
commit
40631b7876
@ -6,4 +6,4 @@ DNS = 10.10.10.1
|
||||
[Peer]
|
||||
PublicKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
|
||||
AllowedIPs = 0.0.0.0/0, ::/0
|
||||
Endpoint = XXX.XXX.XXX.XXX:80
|
||||
Endpoint = XXX.XXX.XXX.XXX:51820
|
||||
|
@ -1,6 +1,6 @@
|
||||
[Interface]
|
||||
Address = 10.10.10.1/24
|
||||
ListenPort = 80
|
||||
ListenPort = 51820
|
||||
# Load keys
|
||||
PostUp = [ -e '/etc/wireguard/%i-privatekey' ] || (umask 077 && wg genkey > '/etc/wireguard/%i-privatekey')
|
||||
PostUp = [ -e '/etc/wireguard/%i-publickey' ] || (umask 022 && wg pubkey < '/etc/wireguard/%i-privatekey' > '/etc/wireguard/%i-publickey')
|
||||
@ -23,3 +23,8 @@ PostUp = iptables -A INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && iptables -
|
||||
PostUp = ip6tables -A INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && ip6tables -A INPUT -i '%i' -p udp --dport 53 -j ACCEPT
|
||||
PostDown = iptables -D INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && iptables -D INPUT -i '%i' -p udp --dport 53 -j ACCEPT
|
||||
PostDown = ip6tables -D INPUT -i '%i' -p tcp --dport 53 -j ACCEPT && ip6tables -D INPUT -i '%i' -p udp --dport 53 -j ACCEPT
|
||||
# Allow access WireGuard via port 53/UDP (to circumvent some firewalls)
|
||||
PostUp = iptables -t nat -A PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820
|
||||
PostUp = ip6tables -t nat -A PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820
|
||||
PostDown = iptables -t nat -D PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820
|
||||
PostDown = ip6tables -t nat -D PREROUTING -i "$(cat '/etc/wireguard/%i-iface')" -p udp --dport 53 -j REDIRECT --to-port 51820
|
||||
|
@ -29,6 +29,6 @@ kvm \
|
||||
-smp 1 -m 512 \
|
||||
-nographic -serial mon:stdio \
|
||||
-device e1000,netdev=n0 \
|
||||
-netdev user,id=n0,hostfwd=tcp::2222-:22,hostfwd=tcp::8080-:80 \
|
||||
-netdev user,id=n0,hostfwd=tcp::2222-:22,hostfwd=udp::5353-:53 \
|
||||
-drive file="${SNAPSHOT_DISK:?}",if=virtio,format=qcow2 \
|
||||
-drive file="${USERDATA_DISK:?}",if=virtio,format=raw
|
||||
|
@ -108,7 +108,7 @@ build {
|
||||
"ufw default deny incoming",
|
||||
"ufw default allow outgoing",
|
||||
"ufw allow from any to any port 22 proto tcp",
|
||||
"ufw allow from any to any port 80 proto udp"
|
||||
"ufw allow from any to any port 51820 proto udp"
|
||||
]
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user