Black_Duck
Explorer
- Joined
- Oct 8, 2022
- Messages
- 61
Hi @v.komendaHello!
I am register at this forum to add my 5 cents :)
I had some troubles with apps and i am think your scripts work very dirty, so i made small changes:
WG_POST_UP
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o enp37s0 -j MASQUERADE -m comment --comment WGEASY; iptables -A INPUT -p udp -m udp --dport 51820 -j ACCEPT -m comment --comment WGEASY; iptables -A FORWARD -i wg0 -j ACCEPT -m comment --comment WGEASY; iptables -A FORWARD -o wg0 -j ACCEPT -m comment --comment WGEASY
WG_PRE_UP
iptables-save | grep -v WGEASY | iptables-restore
WG_POST_DOWN
iptables-save | grep -v WGEASY | iptables-restore
Imho, in this way it will not affect other containers networking.
Although I follow what you are doing in the proposed changes, Im not convinced they are necessary. The iptable changes introduced by the Wg-easy environment variables only change the routing tables in the wg-easy container - they have no impact on other containers or apps. The changes are merely for routing from wireguard to the external network through the NIC or Bridge and does not affect other apps.
Couple of other points:
- with Version 9 of the app, you no longer need to set the WG-POST_UP Environment variable - just set the Application Variable "Device Name" to your NIC or Bridge.
- Generally use of the WG_POST_DOWN is discouraged, as this will not be executed if for instance the server goes down. In this case your iptables will not be restored.