Posted on November 3, 2020 at 11:54 am
Here are “iptables -S” rules for WireGuard VPN server:
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A FORWARD -i ens2 -o wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT |
You can allow only safe IP addresses to use WireGuard (order is important):
iptables -A INPUT -s 1.2.3.4/32 -i ens2 -p udp -m udp --dport 51490 -j ACCEPT iptables -A INPUT -i ens2 -p udp -m udp --dport 51490 -j DROP |
First you add the ACCEPT rules and at the end you add the DROP rule.
Here is an example of final iptables rules:
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -s 1.2.3.4/32 -i ens2 -p udp -m udp --dport 50490 -j ACCEPT -A INPUT -i ens2 -p udp -m udp --dport 50490 -j DROP -A FORWARD -i ens2 -o wg0 -j ACCEPT -A FORWARD -i wg0 -j ACCEPT |
Overwrite 1.2.3.4 with your IP and change port 50490 accordingly.
You may also replace ens2 with your ethernet network interface (e.g eth0).
Updated on November 5, 2020 at 1:48 am
Other Posts
- Route OpenVPN Connections Through Floating IP
- How to Configure a Floating IP in a VPS (Hetzner)
- Set OpenVPN to Listed on a Specific IP Address
- Bash Trim Leading and Trailing Whitespace from a String
- Bash Get Name of Ethernet Network Interface
- VPN Providers with Dedicated Static IP Address
- OpenVPN Iptables Rules
- WireGuard VPN Iptables Rules
Updated Posts
- AMD Chipsets & Graphics Card Drivers for Windows 7, 8, 10
- AMD Radeon 7400 Drivers for Windows 10
- How to pass custom command-line parameters in InnoSetup
- Add Desktop shortcut for all Windows PC users
- Programmatically create desktop icon with InnoSetup
- GeneratePress - a Lightweight WordPress Theme 2021
- InnoSetup disable DesktopIcon via command-line
- Use cURL to authenticate with JWT Bearer tokens