Hello,
I want to create a Firewall Rule what blocks Clients using the S2S Wireguard Tunnel (on wg1) to access a specific IP-Adress.
My Problem is that the wg1 Interface is Missing in the Interfaces Section and so I also cannot create a Firewall-Rule for this Interface.
When I try to create the wg1-Interface using the luci-GUI, then the S2S Connection gets stopped & breaks.
Creating One Role matching Any Zone has no affect for the S2S.
What can I do?
Thank you
Matthias
Maybe you should not use Luci, just use shell command: iptables
I managed it now using iptables.
I added the Rules in the GL_S2S_FORWARD jain
iptables -I GL_S2S_FORWARD 1 -i wg1 -s 172.31.0.0/16 -j REJECT
So it works.
Important is that the rules are added with the -I - Flag and at Index 1, because if not the rules already inserted in the GL_S2S_FORWARD jain will already allow all rules:
-I GL_S2S_FORWARD -j zone_wan_dest_ACCEPT
-I GL_S2S_FORWARD -j zone_lan_dest_ACCEPT
-I GL_S2S_FORWARD -j GL_S2S_DEST_ACCEPT
Thank you!