iBug

Asked: 2021-01-27 11:41:06 +0800 CST2021-01-27 11:41:06 +0800 CST 2021-01-27 11:41:06 +0800 CST

iptables allow traffic through wireguard gateway

I have a server A running as gateway for some intranet connected on eth0. A is connected to multiple "relay nodes" like B, C, D... via WireGuard.

Assume here's the IP setup:

Host	Address
A	10.0.0.1/24
B	10.0.0.2/24
C	10.0.0.3/24

A routes some traffic through WG. Here's a part of A's routing table:

...
172.16.0.0/16 via 10.0.0.2 dev wg0
172.17.0.0/16 via 10.0.0.3 dev wg0
...

I would like to allow all traffic routed through B (10.0.0.2), while blocking traffic routed through C. With pseudo-code, this is what I'm thinking:

-A FORWARD -o wg0 --via 10.0.0.2 -j ACCEPT
-A FORWARD -o wg0 --via 10.0.0.3 -j DROP
#                 ^^^^^^^^^^^^^^

There are a lot of items in the routing table that I don't want to repeat in iptables rules. Another problem is there's no MAC (or L2 in general) inside WG.

Is there any way to make this work?

iptables allow traffic through wireguard gateway

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

iptables allow traffic through wireguard gateway

0 Answers