S2S Firewall Rule


I want to create a Firewall Rule what blocks Clients using the S2S Wireguard Tunnel (on wg1) to access a specific IP-Adress.

My Problem is that the wg1 Interface is Missing in the Interfaces Section and so I also cannot create a Firewall-Rule for this Interface.

When I try to create the wg1-Interface using the luci-GUI, then the S2S Connection gets stopped & breaks.

Creating One Role matching Any Zone has no affect for the S2S.

What can I do?

Thank you

Maybe you should not use Luci, just use shell command: iptables

I managed it now using iptables.

I added the Rules in the GL_S2S_FORWARD jain

iptables -I GL_S2S_FORWARD 1 -i wg1 -s -j REJECT

So it works.

Important is that the rules are added with the -I - Flag and at Index 1, because if not the rules already inserted in the GL_S2S_FORWARD jain will already allow all rules:

        -I GL_S2S_FORWARD -j zone_wan_dest_ACCEPT                                           
        -I GL_S2S_FORWARD -j zone_lan_dest_ACCEPT                                           

Thank you!

1 Like