From 109670bd125e64a09397bb98ae9e56ec3f3ef736 Mon Sep 17 00:00:00 2001 From: Johan Date: Sat, 23 Mar 2024 15:56:30 +0100 Subject: [PATCH] Add support for specifying ports in Wireguard config --- BashScripts/install-wireguard-server.sh | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/BashScripts/install-wireguard-server.sh b/BashScripts/install-wireguard-server.sh index 4ff3fa1..7eb2c8d 100644 --- a/BashScripts/install-wireguard-server.sh +++ b/BashScripts/install-wireguard-server.sh @@ -8,7 +8,7 @@ read -e -p "Enter lan NIC: " -i $(ip route | grep default | sed -e 's/^.*dev.//' read -e -p "Enter VPN subnet: " -i "192.168.200" VPN_SUBNET read -e -p "Enter LAN subnet: " -i "192.168.0" LAN_SUBNET read -e -p "Enter VPN public hostname: " -i "home.myspace.nu" VPN_PUBLIC_HOST -read -e -p "Allowed destination LAN IPs (empty for all): " -i "${LAN_SUBNET}.1,${LAN_SUBNET}.2" ALLOWED_HOST_IPs +read -e -p "Allowed destination LAN IPs (empty for all): " -i "${LAN_SUBNET}.1 ${LAN_SUBNET}.2" ALLOWED_HOST_IPs if [ $(dpkg-query -W -f='${Status}' wireguard 2>/dev/null | grep -c "ok installed") -eq 0 ]; then @@ -41,12 +41,21 @@ then POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $LAN_SUBNET.0/24 -j ACCEPT " else - for i in ${ALLOWED_HOST_IPs//,/ } + for ip in ${ALLOWED_HOST_IPs// / } do - POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $i/32 -j ACCEPT + if [[ $ip == *":"* ]]; then + port=$(echo $ip | cut -f2 -d:) + ip=$(echo $ip | cut -f1 -d:) + POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT " - POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $i/32 -j ACCEPT + POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT " + else + POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $ip/32 -j ACCEPT +" + POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $ip/32 -j ACCEPT +" + fi done fi