Update

2025-09-24 14:00:38 +02:00
parent 12681bd7e2
commit aea521cba4
7 changed files with 15 additions and 4 deletions
--- a/install.sh
+++ b/install.sh
@@ -14,7 +14,6 @@ base_dir=$(pwd)
 cd ./installation
 source ./basic.sh
 source ./podman.sh
-source ./firewall.sh

 cd "$base_dir"

--- a/services/firewall/global.policy.json
+++ b/services/firewall/global.policy.json
--- a/services/firewall/icmp.policy.json
+++ b/services/firewall/icmp.policy.json
--- a/services/firewall/install.sh
+++ b/services/firewall/install.sh
@@ -5,7 +5,7 @@ apk add -u awall # important -u flag!
 apk add ip6tables iptables
 modprobe -v ip_tables
 modprobe -v ip6_tables
-modprobe -v iptable_nat #if NAT is used
+#modprobe -v iptable_nat #if NAT is used

 # Register services
 rc-update add iptables
--- a/services/firewall/outgoing.policy.json
+++ b/services/firewall/outgoing.policy.json
--- a/services/wireguard/vpn_traffic.policy.json
+++ b/services/wireguard/vpn_traffic.policy.json
@@ -0,0 +1,12 @@
+{
+    "description": "Allow VPN traffic through Wireguard interface",
+    "filter": [
+        {
+            "in": "VPN",
+            "out": "_fw",
+            "service": [ "ssh", "dns", "ping", "http", "https" ],
+            "action": "accept",
+            "src": "10.0.0.1/24"
+        }
+    ]
+}
--- a/update.sh
+++ b/update.sh
@@ -24,8 +24,8 @@ for service in "./services"/*/; do
  for policy in *.policy.json; do
    [ -e "$policy" ] || continue
    POLICY_NAME="${policy%.policy.json}"
-    ln -sf "./$policy" "/etc/awall/optional/$POLICY_NAME.policy.json"
-    awall enable "$POLICY_NAME.policy"
+    ln -sf "./$policy" "/etc/awall/optional/$POLICY_NAME.json"
+    awall enable "$POLICY_NAME"
  done

  cd "$base_dir"