Add support for specifying ports in Wireguard config

BashScripts/install-wireguard-server.sh

@@ -8,7 +8,7 @@ read -e -p "Enter lan NIC: " -i $(ip route | grep default | sed -e 's/^.*dev.//'
 read -e -p "Enter VPN subnet: " -i "192.168.200" VPN_SUBNET
 read -e -p "Enter LAN subnet: " -i "192.168.0" LAN_SUBNET
 read -e -p "Enter VPN public hostname: " -i "home.myspace.nu" VPN_PUBLIC_HOST
-read -e -p "Allowed destination LAN IPs (empty for all): " -i "${LAN_SUBNET}.1,${LAN_SUBNET}.2" ALLOWED_HOST_IPs
+read -e -p "Allowed destination LAN IPs (empty for all): " -i "${LAN_SUBNET}.1 ${LAN_SUBNET}.2" ALLOWED_HOST_IPs
 
 if [ $(dpkg-query -W -f='${Status}' wireguard 2>/dev/null | grep -c "ok installed") -eq 0 ];
 then
@@ -41,12 +41,21 @@ then
 	POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $LAN_SUBNET.0/24 -j ACCEPT
 "
 else
-	for i in ${ALLOWED_HOST_IPs//,/ }
+	for ip in ${ALLOWED_HOST_IPs// / }
 	do
-		POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $i/32 -j ACCEPT
+		if [[ $ip == *":"* ]]; then
+	        port=$(echo $ip | cut -f2 -d:)
+	        ip=$(echo $ip | cut -f1 -d:)
+			POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT
 "
-		POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $i/32 -j ACCEPT
+			POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $ip/32 -p tcp -m multiport --dports $port -j ACCEPT
 "
+		else
+			POSTUP="$POSTUP""PostUp = iptables -A FORWARD -i %i -d $ip/32 -j ACCEPT
+"
+			POSTDOWN="$POSTDOWN""PostDown = iptables -D FORWARD -i %i -d $ip/32 -j ACCEPT
+"
+		fi
 	done
 fi