aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/wireguard
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--roles/wireguard/defaults/main.yml1
-rw-r--r--roles/wireguard/templates/wg0.conf11
2 files changed, 12 insertions, 0 deletions
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml
index 67964a5..9f7733a 100644
--- a/roles/wireguard/defaults/main.yml
+++ b/roles/wireguard/defaults/main.yml
@@ -1,2 +1,3 @@
wg_name: wg0
wg_listen_port: 51280
+wg_firewall: false
diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf
index 1d6140c..aff1300 100644
--- a/roles/wireguard/templates/wg0.conf
+++ b/roles/wireguard/templates/wg0.conf
@@ -3,6 +3,17 @@ PrivateKey = {{ wg_private_key }}
Address = {{ wg_addr4 }}, {{ wg_addr6 }}
ListenPort = {{ wg_listen_port }}
SaveConfig = false
+
+{% if wg_firewall %}
+PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
+PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT
+PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
+PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT
+PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
+PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT
+PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
+PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT
+{% endif %}
{% if wg_peers is defined %}
{% for peer in wg_peers %}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 16:34:12 +0000