23 lines
793 B
Django/Jinja
23 lines
793 B
Django/Jinja
#!/bin/bash
|
|
set -x
|
|
|
|
|
|
if [[ "add" == ${1} ]]
|
|
then
|
|
{% for forward_target in wireguard_forward_targets %}
|
|
iptables -A FORWARD -i {{ wireguard_if }} -d {{ forward_target }} -j ACCEPT
|
|
{% endfor %}
|
|
iptables -A FORWARD -o {{ wireguard_if }} -j ACCEPT
|
|
iptables -t nat -A POSTROUTING -s {{ wireguard_subnet }} -o {{ wireguard_inet_if }} -j SNAT --to-source {{ wireguard_snat_address }}
|
|
iptables -P FORWARD DROP
|
|
fi
|
|
|
|
if [[ "del" == ${1} ]]
|
|
then
|
|
{% for forward_target in wireguard_forward_targets %}
|
|
iptables -D FORWARD -i {{ wireguard_if }} -d {{ forward_target }} -j ACCEPT
|
|
{% endfor %}
|
|
iptables -D FORWARD -o {{ wireguard_if }} -j ACCEPT
|
|
iptables -t nat -D POSTROUTING -s {{ wireguard_subnet }} -o {{ wireguard_inet_if }} -j SNAT --to-source {{ wireguard_snat_address }}
|
|
fi
|