Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Interfaces
- # LAN enp0s3
- # TUN wg0
- *nat
- -P POSTROUTING ACCEPT
- -P PREROUTING ACCEPT
- # NAT the VPN client traffic to LAN
- -A POSTROUTING -s 10.10.10.0/24 -o enp0s3 -j MASQUERADE
- COMMIT
- *filter
- # Default Politics
- -P INPUT DROP
- -P FORWARD DROP
- -P OUTPUT ACCEPT
- # Allow traffic between TUN & LAN
- -A FORWARD -i wg+ -o enp0s3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- -A FORWARD -i enp0s3 -o wg+ -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
- # Allow apt update/upgrade
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- # Allowed Services
- -A INPUT -p udp --dport 51820 -j ACCEPT
- -A INPUT -p tcp --dport 22 -j ACCEPT
- -A INPUT -p icmp -s 10.10.10.0/24 -j ACCEPT
- -A INPUT -j DROP
- -A FORWARD -j DROP
- -A OUTPUT -j ACCEPT
- COMMIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
