From aea521cba47f6bb23aa31e40feb6ac7120afcf6c Mon Sep 17 00:00:00 2001 From: Maurice Date: Wed, 24 Sep 2025 14:00:38 +0200 Subject: [PATCH] Update --- install.sh | 1 - services/{basic => firewall}/global.policy.json | 0 services/{basic => firewall}/icmp.policy.json | 0 .../firewall.sh => services/firewall/install.sh | 2 +- services/{basic => firewall}/outgoing.policy.json | 0 services/wireguard/vpn_traffic.policy.json | 12 ++++++++++++ update.sh | 4 ++-- 7 files changed, 15 insertions(+), 4 deletions(-) rename services/{basic => firewall}/global.policy.json (100%) rename services/{basic => firewall}/icmp.policy.json (100%) rename installation/firewall.sh => services/firewall/install.sh (92%) rename services/{basic => firewall}/outgoing.policy.json (100%) create mode 100644 services/wireguard/vpn_traffic.policy.json diff --git a/install.sh b/install.sh index 69078f9..2ffc61c 100755 --- a/install.sh +++ b/install.sh @@ -14,7 +14,6 @@ base_dir=$(pwd) cd ./installation source ./basic.sh source ./podman.sh -source ./firewall.sh cd "$base_dir" diff --git a/services/basic/global.policy.json b/services/firewall/global.policy.json similarity index 100% rename from services/basic/global.policy.json rename to services/firewall/global.policy.json diff --git a/services/basic/icmp.policy.json b/services/firewall/icmp.policy.json similarity index 100% rename from services/basic/icmp.policy.json rename to services/firewall/icmp.policy.json diff --git a/installation/firewall.sh b/services/firewall/install.sh similarity index 92% rename from installation/firewall.sh rename to services/firewall/install.sh index 93de9e3..f8cb4e9 100644 --- a/installation/firewall.sh +++ b/services/firewall/install.sh @@ -5,7 +5,7 @@ apk add -u awall # important -u flag! apk add ip6tables iptables modprobe -v ip_tables modprobe -v ip6_tables -modprobe -v iptable_nat #if NAT is used +#modprobe -v iptable_nat #if NAT is used # Register services rc-update add iptables diff --git a/services/basic/outgoing.policy.json b/services/firewall/outgoing.policy.json similarity index 100% rename from services/basic/outgoing.policy.json rename to services/firewall/outgoing.policy.json diff --git a/services/wireguard/vpn_traffic.policy.json b/services/wireguard/vpn_traffic.policy.json new file mode 100644 index 0000000..f275d8a --- /dev/null +++ b/services/wireguard/vpn_traffic.policy.json @@ -0,0 +1,12 @@ +{ + "description": "Allow VPN traffic through Wireguard interface", + "filter": [ + { + "in": "VPN", + "out": "_fw", + "service": [ "ssh", "dns", "ping", "http", "https" ], + "action": "accept", + "src": "10.0.0.1/24" + } + ] +} \ No newline at end of file diff --git a/update.sh b/update.sh index 1c2f910..a5b91e2 100644 --- a/update.sh +++ b/update.sh @@ -24,8 +24,8 @@ for service in "./services"/*/; do for policy in *.policy.json; do [ -e "$policy" ] || continue POLICY_NAME="${policy%.policy.json}" - ln -sf "./$policy" "/etc/awall/optional/$POLICY_NAME.policy.json" - awall enable "$POLICY_NAME.policy" + ln -sf "./$policy" "/etc/awall/optional/$POLICY_NAME.json" + awall enable "$POLICY_NAME" done cd "$base_dir"