nicolabelluti/wg-cgnat
nicolabelluti/wg-cgnat
1
1
Fork 0
generated from nicolabelluti/template-ansible
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wg-cgnat/roles/install_wireguard/templates/iptables.sh.j2

28 lines
1.6 KiB
Django/Jinja
Raw Blame History

#!/usr/bin/env bash
{{ ansible_managed | comment('plain') }}
set -xeu
WG_INTERFACE=$1
iptables $2 FORWARD -i $WG_INTERFACE -j ACCEPT
iptables $2 FORWARD -o $WG_INTERFACE -j ACCEPT
iptables -t nat $2 POSTROUTING -o {{ ansible_facts.default_ipv4.interface }} -j MASQUERADE
{% if (install_wireguard__forward_tcp_ports is defined) and install_wireguard__forward_tcp_ports %}
for TCP_PORT in {{ install_wireguard__forward_tcp_ports | join(" ") }}; do
iptables $2 FORWARD -i {{ ansible_facts.default_ipv4.interface }} -o $WG_INTERFACE -p tcp --syn --dport $TCP_PORT -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat $2 PREROUTING -i {{ ansible_facts.default_ipv4.interface }} -p tcp --dport $TCP_PORT -j DNAT --to-destination {{ install_wireguard__peer_ip }}
iptables -t nat $2 POSTROUTING -o $WG_INTERFACE -p tcp --dport $TCP_PORT -d {{ install_wireguard__peer_ip }} -j SNAT --to-source {{ install_wireguard__server_ip }}
done
{% endif %}
{% if (install_wireguard__forward_udp_ports is defined) and install_wireguard__forward_udp_ports %}
for UDP_PORT in {{ install_wireguard__forward_udp_ports | join(" ") }}; do
iptables $2 FORWARD -i {{ ansible_facts.default_ipv4.interface }} -o $WG_INTERFACE -p udp --dport $UDP_PORT -m conntrack --ctstate NEW -j ACCEPT
iptables -t nat $2 PREROUTING -i {{ ansible_facts.default_ipv4.interface }} -p udp --dport $UDP_PORT -j DNAT --to-destination {{ install_wireguard__peer_ip }}
iptables -t nat $2 POSTROUTING -o $WG_INTERFACE -p udp --dport $UDP_PORT -d {{ install_wireguard__peer_ip }} -j SNAT --to-source {{ install_wireguard__server_ip }}
done
{% endif %}
Reference in New Issue View Git Blame Copy Permalink