Posted on November 3, 2020 at 11:54 am
Here are “iptables -S” rules for WireGuard VPN server:
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i ens2 -o wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT |
You can allow only safe IP addresses to use WireGuard (order is important):
iptables -A INPUT -s 1.2.3.4/32 -i ens2 -p udp -m udp --dport 51490 -j ACCEPT iptables -A INPUT -i ens2 -p udp -m udp --dport 51490 -j DROP |
First you add the ACCEPT rules and at the end you add the DROP rule.
Here is an example of final iptables rules:
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -s 1.2.3.4/32 -i ens2 -p udp -m udp --dport 50490 -j ACCEPT -A INPUT -i ens2 -p udp -m udp --dport 50490 -j DROP -A FORWARD -i ens2 -o wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT |
Overwrite 1.2.3.4 with your IP and change port 50490 accordingly.
You may also replace ens2 with your ethernet network interface (e.g eth0).
Updated on November 5, 2020 at 1:48 am
Other Posts
- How to List All Iptables NAT Rules
- Parse or Split FTP URL in Delphi XE using TIdURI
- How to Download a File via FTP in Delphi XE
- Public FTP Server to Test Upload and Download
- How to Parse Command-Line Arguments in Bash
- How to Make Iptables Rules Persistent
- Bash Install Iptables-Persistent Automatically
- Route OpenVPN Connections Through Floating IP
Updated Posts
- How to fix "Clickable elements too close together"
- How to fix "Text too small to read"
- Create Custom Rest Endpoints for WP Rest API
- Timestamp URLs for SHA1 SHA256 Code Sign 2021
- PHP Multi-cURL to Run Parallel cURL Requests (Example)
- The following signatures were invalid: EXPKEYSIG B188E2B695BD4743
- Best Clean Monospace Web Fonts 2021
- Add New Path to Delphi 10.4 Sydney on Library Path