From b64f80e7cfd9d3c094bce8d7ba6400d95cb8805f Mon Sep 17 00:00:00 2001 From: Andrew Prokhorenkov Date: Thu, 5 Mar 2020 08:53:25 -0600 Subject: [PATCH] add ipv6 rules --- wireguard-install.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/wireguard-install.sh b/wireguard-install.sh index 568e71b..645f5a0 100644 --- a/wireguard-install.sh +++ b/wireguard-install.sh @@ -127,9 +127,10 @@ ListenPort = $SERVER_PORT PrivateKey = $SERVER_PRIV_KEY" > "/etc/wireguard/$SERVER_WG_NIC.conf" if [[ "$OS" = 'fedora' ]]; then - FIREWALLD_ADDRESS=$(echo $SERVER_WG_IPV4 | cut -d"." -f1-3)".0" - echo "PostUp = firewall-cmd --add-port $SERVER_PORT/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=$FIREWALLD_ADDRESS/24 masquerade' -PostDown = firewall-cmd --remove-port $SERVER_PORT/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=$FIREWALLD_ADDRESS/24 masquerade'" >> "/etc/wireguard/$SERVER_WG_NIC.conf" + FIREWALLD_IPV4_ADDRESS=$(echo $SERVER_WG_IPV4 | cut -d"." -f1-3)".0" + FIREWALLD_IPV6_ADDRESS=$(echo $SERVER_WG_IPV6 | sed 's/:[^:]*$/:0/') + echo "PostUp = firewall-cmd --add-port $SERVER_PORT/udp && firewall-cmd --add-rich-rule='rule family=ipv4 source address=$FIREWALLD_IPV4_ADDRESS/24 masquerade' && firewall-cmd --add-rich-rule='rule family=ipv6 source address=$FIREWALLD_IPV6_ADDRESS/24 masquerade' +PostDown = firewall-cmd --remove-port $SERVER_PORT/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=$FIREWALLD_IPV4_ADDRESS/24 masquerade' && && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=$FIREWALLD_IPV6_ADDRESS/24 masquerade'" >> "/etc/wireguard/$SERVER_WG_NIC.conf" else echo "PostUp = iptables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -A FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -A POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE PostDown = iptables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; iptables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE; ip6tables -D FORWARD -i $SERVER_WG_NIC -j ACCEPT; ip6tables -t nat -D POSTROUTING -o $SERVER_PUB_NIC -j MASQUERADE" >> "/etc/wireguard/$SERVER_WG_NIC.conf"