diff options
Diffstat (limited to 'roles')
-rw-r--r-- | roles/wireguard/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/wireguard/templates/wg0.conf | 11 |
2 files changed, 12 insertions, 0 deletions
diff --git a/roles/wireguard/defaults/main.yml b/roles/wireguard/defaults/main.yml index 67964a5..9f7733a 100644 --- a/roles/wireguard/defaults/main.yml +++ b/roles/wireguard/defaults/main.yml @@ -1,2 +1,3 @@ wg_name: wg0 wg_listen_port: 51280 +wg_firewall: false diff --git a/roles/wireguard/templates/wg0.conf b/roles/wireguard/templates/wg0.conf index 1d6140c..aff1300 100644 --- a/roles/wireguard/templates/wg0.conf +++ b/roles/wireguard/templates/wg0.conf @@ -3,6 +3,17 @@ PrivateKey = {{ wg_private_key }} Address = {{ wg_addr4 }}, {{ wg_addr6 }} ListenPort = {{ wg_listen_port }} SaveConfig = false + +{% if wg_firewall %} +PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE +PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT +PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE +PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT +PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE +PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT +PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE +PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT +{% endif %} {% if wg_peers is defined %} {% for peer in wg_peers %} |