mat1
August 27, 2021, 4:54pm
1
Hello,
I want to create a Firewall Rule what blocks Clients using the S2S Wireguard Tunnel (on wg1
) to access a specific IP-Adress.
My Problem is that the wg1
Interface is Missing in the Interfaces Section and so I also cannot create a Firewall-Rule for this Interface.
When I try to create the wg1-Interface using the luci-GUI, then the S2S Connection gets stopped & breaks.
Creating One Role matching Any Zone has no affect for the S2S.
What can I do?
Thank you
Matthias
alzhao
August 30, 2021, 8:11am
2
Maybe you should not use Luci, just use shell command: iptables
mat1
August 30, 2021, 8:49am
3
I managed it now using iptables
.
I added the Rules in the GL_S2S_FORWARD
jain
iptables -I GL_S2S_FORWARD 1 -i wg1 -s 172.31.0.0/16 -j REJECT
So it works.
Important is that the rules are added with the -I
- Flag and at Index 1
, because if not the rules already inserted in the GL_S2S_FORWARD
jain will already allow all rules:
-I GL_S2S_FORWARD -j zone_wan_dest_ACCEPT
-I GL_S2S_FORWARD -j zone_lan_dest_ACCEPT
-I GL_S2S_FORWARD -j GL_S2S_DEST_ACCEPT
Thank you!
1 Like