I want to create a Firewall Rule what blocks Clients using the S2S Wireguard Tunnel (on
wg1) to access a specific IP-Adress.
My Problem is that the
wg1 Interface is Missing in the Interfaces Section and so I also cannot create a Firewall-Rule for this Interface.
When I try to create the wg1-Interface using the luci-GUI, then the S2S Connection gets stopped & breaks.
Creating One Role matching Any Zone has no affect for the S2S.
What can I do?
Maybe you should not use Luci, just use shell command:
I managed it now using
I added the Rules in the
iptables -I GL_S2S_FORWARD 1 -i wg1 -s 172.31.0.0/16 -j REJECT
So it works.
Important is that the rules are added with the
-I - Flag and at Index
1, because if not the rules already inserted in the
GL_S2S_FORWARD jain will already allow all rules:
-I GL_S2S_FORWARD -j zone_wan_dest_ACCEPT
-I GL_S2S_FORWARD -j zone_lan_dest_ACCEPT
-I GL_S2S_FORWARD -j GL_S2S_DEST_ACCEPT