Always allow inbound wireguard
This commit is contained in:
parent
5a1a151de6
commit
63d5ff273b
1 changed files with 1 additions and 12 deletions
|
@ -226,11 +226,6 @@ in
|
|||
elements = { 22, 3128 }
|
||||
}
|
||||
|
||||
set internal_access_udp {
|
||||
type inet_service; flags interval;
|
||||
elements = { 51820 }
|
||||
}
|
||||
|
||||
set network_required_udp {
|
||||
type inet_service; flags interval;
|
||||
elements = { 53, 67, 68, 546, 547 }
|
||||
|
@ -331,13 +326,7 @@ in
|
|||
$WAN : jump rate_limit
|
||||
}
|
||||
|
||||
udp dport @internal_access_udp ct state new iifname vmap {
|
||||
$BRIDGE : accept,
|
||||
$WG0 : accept,
|
||||
$DEVICES : jump reject_politely,
|
||||
$WIFI : jump rate_limit,
|
||||
$WAN : jump rate_limit
|
||||
}
|
||||
udp dport 51820 ct state new accept comment "Allow wireguard"
|
||||
|
||||
udp dport @network_required_udp ct state new accept comment "Allow internal network required stuff"
|
||||
|
||||
|
|
Loading…
Reference in a new issue