aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/wireguard/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/wireguard/templates')
-rw-r--r--roles/wireguard/templates/wg0.conf11
1 files changed, 11 insertions, 0 deletions
diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf
index 1d6140c..aff1300 100644
--- a/roles/wireguard/templates/wg0.conf
+++ b/roles/wireguard/templates/wg0.conf
@@ -3,6 +3,17 @@ PrivateKey = {{ wg_private_key }}
Address = {{ wg_addr4 }}, {{ wg_addr6 }}
ListenPort = {{ wg_listen_port }}
SaveConfig = false
+
+{% if wg_firewall %}
+PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
+PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT
+PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
+PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT
+PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
+PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT
+PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
+PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT
+{% endif %}
{% if wg_peers is defined %}
{% for peer in wg_peers %}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 07:01:50 +0000