I have a site-to-site WireGuard tunnel setup between a GL-AR750S Slate and an Netgate SG-3100 running pfSense 21.02 (pfSense 2.5.0) which now has support for WireGuard. Everything runs great, but I have to always switch two things on the Slate when the WireGuard client comes up. I’m sure it’s handled by the /etc/init.d/wireguard script, but alas, need a bit of help.
When the WireGuard client tunnel is brought up, it looks like this where the INPUT on the wireguard zone is set to DROP and Masquerading is turned ON:
I have to manually change the INPUT to ACCEPT and turn Masquerading OFF:
Here are the relevant iptable changes I need to make:
Any help on where I can make the changes so it persists, would be greatly appreciated. Thanks in advance.