aredn/files/etc/local/mesh-firewall/04-wireguard

#!/bin/sh

vtunduciport=$(uci get vtun.@options[0].port 2>/dev/null)
vtundport=${vtunduciport:-5525}
issupernode=$(uci get aredn.@supernode[0].enable 2>/dev/null)
if [ "$issupernode" = "1" ]; then
    vtundport=$(($vtundport+1000))
fi
vtundportend=$(($vtundport+128))

nft insert rule ip fw4 input_wan udp dport $vtundport-$vtundportend accept comment \"Wireguard\"
if [ "$(/sbin/uci -q get aredn.@tunnel[0].wanonly)" != "0" ]; then
    nft insert rule ip fw4 output_wifi udp dport $vtundport-$vtundportend reject comment \"Wireguard\"
    nft insert rule ip fw4 output_dtdlink udp dport $vtundport-$vtundportend reject comment \"Wireguard\"
fi
Wireguard tunnel support (#968) * Wireguard tunnel support * Fix wireguard firewall rules * Add Wireguard tunnels to LQM * Filter vlans on main bridge * If you paste a tunnel config into any field, it will auto-populate all fields correctly * Fix bad password keyword * Fix bad feeds change * Fix bad merge 2023-12-06 12:39:23 -07:00			`#!/bin/sh`

			`vtunduciport=$(uci get vtun.@options[0].port 2>/dev/null)`
			`vtundport=${vtunduciport:-5525}`
Wireguard support - take 2. (#1056) 2024-01-07 17:17:52 -07:00			`issupernode=$(uci get aredn.@supernode[0].enable 2>/dev/null)`
			`if [ "$issupernode" = "1" ]; then`
			`vtundport=$(($vtundport+1000))`
			`fi`
			`vtundportend=$(($vtundport+128))`
Wireguard tunnel support (#968) * Wireguard tunnel support * Fix wireguard firewall rules * Add Wireguard tunnels to LQM * Filter vlans on main bridge * If you paste a tunnel config into any field, it will auto-populate all fields correctly * Fix bad password keyword * Fix bad feeds change * Fix bad merge 2023-12-06 12:39:23 -07:00
Wireguard support - take 2. (#1056) 2024-01-07 17:17:52 -07:00			`nft insert rule ip fw4 input_wan udp dport $vtundport-$vtundportend accept comment \"Wireguard\"`
Wireguard tunnel support (#968) * Wireguard tunnel support * Fix wireguard firewall rules * Add Wireguard tunnels to LQM * Filter vlans on main bridge * If you paste a tunnel config into any field, it will auto-populate all fields correctly * Fix bad password keyword * Fix bad feeds change * Fix bad merge 2023-12-06 12:39:23 -07:00			`if [ "$(/sbin/uci -q get aredn.@tunnel[0].wanonly)" != "0" ]; then`
Wireguard support - take 2. (#1056) 2024-01-07 17:17:52 -07:00			`nft insert rule ip fw4 output_wifi udp dport $vtundport-$vtundportend reject comment \"Wireguard\"`
			`nft insert rule ip fw4 output_dtdlink udp dport $vtundport-$vtundportend reject comment \"Wireguard\"`
Wireguard tunnel support (#968) * Wireguard tunnel support * Fix wireguard firewall rules * Add Wireguard tunnels to LQM * Filter vlans on main bridge * If you paste a tunnel config into any field, it will auto-populate all fields correctly * Fix bad password keyword * Fix bad feeds change * Fix bad merge 2023-12-06 12:39:23 -07:00			`fi`