mirror of
https://github.com/eduardogsilva/wireguard_webadmin.git
synced 2025-08-05 02:34:35 +02:00
Firewall related/established rule fixed in the header
Auto Initialize firewall with default ruleset for new webadmin instances
This commit is contained in:
parent
6d30dae51c
commit
97db5844fe
5 changed files with 30 additions and 5 deletions
|
@ -42,10 +42,12 @@ def reset_firewall_to_default():
|
|||
description='Masquerade traffic from VPN to WAN',
|
||||
)
|
||||
|
||||
FirewallRule.objects.create(
|
||||
firewall_chain='forward', sort_order=0, rule_action='accept', description='Allow established/related traffic',
|
||||
state_established=True, state_related=True
|
||||
)
|
||||
# This rule will now be fixed in the firewall header
|
||||
#FirewallRule.objects.create(
|
||||
# firewall_chain='forward', sort_order=0, rule_action='accept', description='Allow established/related traffic',
|
||||
# state_established=True, state_related=True
|
||||
# )
|
||||
|
||||
FirewallRule.objects.create(
|
||||
firewall_chain='forward', sort_order=1, rule_action='reject', description='Reject traffic to private networks exiting on WAN interface',
|
||||
in_interface='wg+', out_interface=firewall_settings.wan_interface, destination_ip='10.0.0.0', destination_netmask=8
|
||||
|
@ -165,6 +167,8 @@ iptables -t filter -D FORWARD -j WGWADM_FORWARD >> /dev/null 2>&1
|
|||
iptables -t nat -I POSTROUTING -j WGWADM_POSTROUTING
|
||||
iptables -t nat -I PREROUTING -j WGWADM_PREROUTING
|
||||
iptables -t filter -I FORWARD -j WGWADM_FORWARD
|
||||
|
||||
iptables -t filter -A WGWADM_FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||
'''
|
||||
|
||||
|
||||
|
|
|
@ -71,6 +71,11 @@ def view_firewall_rule_list(request):
|
|||
if wireguard_instances.filter(legacy_firewall=True).exists():
|
||||
return redirect('/firewall/migration_required/')
|
||||
firewall_settings, firewall_settings_created = FirewallSettings.objects.get_or_create(name='global')
|
||||
if not firewall_settings.last_firewall_reset:
|
||||
reset_firewall_to_default()
|
||||
messages.success(request, 'VPN Firewall|Firewall initialized with the default rule set!')
|
||||
return redirect('/firewall/rule_list/')
|
||||
|
||||
current_chain = request.GET.get('chain', 'forward')
|
||||
if current_chain not in ['forward', 'portforward', 'postrouting']:
|
||||
current_chain = 'forward'
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue