add some wireguard specific rules to demonreach

2021-09-04 13:45:02 -04:00 · 2021-09-04 13:45:02 -04:00 · cac6aab56a
parent d1c8a3eb55
commit cac6aab56a
2 changed files with 6 additions and 0 deletions
--- a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4
@ -12,6 +12,9 @@
 -A INPUT -p udp --dport 1194 -j ACCEPT
 -A INPUT -p udp --dport 53 -s 10.8.0.1/24 -j ACCEPT
 -A INPUT -p tcp --dport 53 -s 10.8.0.1/24 -j ACCEPT
+-A INPUT -p udp --dport 53 -s 10.66.66.0/24/24 -j ACCEPT
+-A INPUT -p tcp --dport 53 -s 10.66.66.0/24 -j ACCEPT
+-A INPUT -p udp --dport 51802 -j ACCEPT
 COMMIT
 *nat
 :PREROUTING ACCEPT
@ -19,4 +22,5 @@ COMMIT
 :OUTPUT ACCEPT
 :POSTROUTING ACCEPT
 -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
+-A POSTROUTING -s 10.66.66.0/24 -o eth0 -j MASQUERADE
 COMMIT
--- a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6
+++ b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6
@ -20,4 +20,6 @@
 -A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT
 -A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT
 -A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT
+:POSTROUTING ACCEPT
+-A POSTROUTING -s fd42:42:42::/64 -o eth0 -j MASQUERADE
 COMMIT