From cac6aab56a77c905c22d69c1d9d6766e7137bee3 Mon Sep 17 00:00:00 2001 From: staticsafe Date: Sat, 4 Sep 2021 13:45:02 -0400 Subject: [PATCH] add some wireguard specific rules to demonreach --- .../files/demonreach.asininetech.net.rules.v4 | 4 ++++ .../files/demonreach.asininetech.net.rules.v6 | 2 ++ 2 files changed, 6 insertions(+) diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4 b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4 index 4e35562..0d7a70d 100644 --- a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4 +++ b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v4 @@ -12,6 +12,9 @@ -A INPUT -p udp --dport 1194 -j ACCEPT -A INPUT -p udp --dport 53 -s 10.8.0.1/24 -j ACCEPT -A INPUT -p tcp --dport 53 -s 10.8.0.1/24 -j ACCEPT +-A INPUT -p udp --dport 53 -s 10.66.66.0/24/24 -j ACCEPT +-A INPUT -p tcp --dport 53 -s 10.66.66.0/24 -j ACCEPT +-A INPUT -p udp --dport 51802 -j ACCEPT COMMIT *nat :PREROUTING ACCEPT @@ -19,4 +22,5 @@ COMMIT :OUTPUT ACCEPT :POSTROUTING ACCEPT -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE +-A POSTROUTING -s 10.66.66.0/24 -o eth0 -j MASQUERADE COMMIT diff --git a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6 b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6 index 5a123af..11f6dc3 100644 --- a/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6 +++ b/ubuntu/roles/firewall-ruleset-deploy/files/demonreach.asininetech.net.rules.v6 @@ -20,4 +20,6 @@ -A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT -A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT -A icmp_in -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT +:POSTROUTING ACCEPT +-A POSTROUTING -s fd42:42:42::/64 -o eth0 -j MASQUERADE COMMIT