Update
This commit is contained in:
Maurice
@@ -1,6 +1,6 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
echo "Setting up Wireguard ..."
|
echo "Setting up Wireguard ..."
|
||||||
apk add wireguard-tools
|
apk add wireguard-tools wireguard-tools-openrc
|
||||||
|
|
||||||
# Generate server private and public keys
|
# Generate server private and public keys
|
||||||
mkdir -p /etc/wireguard
|
mkdir -p /etc/wireguard
|
||||||
@@ -20,7 +20,6 @@ echo "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.d/ip_forward.conf
|
|||||||
sysctl -p /etc/sysctl.d/ip_forward.conf
|
sysctl -p /etc/sysctl.d/ip_forward.conf
|
||||||
|
|
||||||
# Auto-start Wireguard on boot
|
# Auto-start Wireguard on boot
|
||||||
apk add wireguard-tools-openrc
|
|
||||||
ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.wg0
|
ln -s /etc/init.d/wg-quick /etc/init.d/wg-quick.wg0
|
||||||
rc-update add wg-quick.wg0
|
rc-update add wg-quick.wg0
|
||||||
rc-service wg-quick.wg0 start
|
rc-service wg-quick.wg0 start
|
||||||
11
todo.txt
11
todo.txt
@@ -1,12 +1,3 @@
|
|||||||
backup(), restore()
|
backup(), restore()
|
||||||
|
|
||||||
Volume labels (label)
|
Volume labels (label)
|
||||||
|
|
||||||
Switch to NFTables or UFW.
|
|
||||||
|
|
||||||
Firewall:
|
|
||||||
- Block all traffic by default
|
|
||||||
- Allow outgoing (wan) http,https,dns,ssh,ntp,ping
|
|
||||||
- Allow incoming (wan) http,https,ssh,wireguard
|
|
||||||
- Allow wireguard traffic to lan (so access for instance 192.168.2.x) and wan (access the internet),
|
|
||||||
BUT only http,https,ping,dns
|
|
||||||
Reference in New Issue
Block a user