kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

bundles/wireguard: fix forwarding firewall rules

Browse source
This commit is contained in:
Franzi 2022-03-13 15:15:08 +01:00
parent c0ebd25ffc
commit 5179edb458
Signed by: kunsi
GPG key ID: 12E3D2136B818350
1 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
bundles/wireguard/metadata.py
View file

@ -221,12 +221,11 @@ def snat(metadata):
if not node.has_bundle('nftables') or node.os == 'arch':
raise DoNotRunAgain
rules = {
'inet filter forward iif wg0 accept',
'inet filter forward oif wg0 accept',
}
rules = set()
for number, (peer, config) in enumerate(sorted(metadata.get('wireguard/peers', {}).items())):
rules.add(f'inet filter forward iif wg{number} accept')
rules.add(f'inet filter forward oif wg{number} accept')
for config in metadata.get('wireguard/peers', {}).values():
if 'snat_to' in config:
rules.add('nat postrouting ip saddr {} ip daddr != {} snat to {}'.format(
config['my_ip'],