firewall: Allow WG traffic when the firewall is in permissive mode

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index 21165e9338dc9693a0b2220d9b81dc852d342d59..872a921401884d5f17152e73091176172b42104b 100755 (executable)
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -54,6 +54,7 @@ esac
 
 HAVE_IPSEC="true"
 HAVE_OPENVPN="true"
+HAVE_WG="true"
 
 # INPUT
 
@@ -97,6 +98,14 @@ case "${HAVE_OPENVPN},${POLICY}" in
                ;;
 esac
 
+# WireGuard INPUT
+case "${HAVE_WG},${POLICY}" in
+       true,MODE1) ;;
+       true,*)
+               iptables -A POLICYIN -i wg+ -j ACCEPT
+               ;;
+esac
+
 case "${FWPOLICY2}" in
        REJECT)
                if [ "${DROPINPUT}" = "on" ]; then
@@ -149,6 +158,9 @@ case "${POLICY}" in
                # Grant access for OpenVPN connections
                iptables -A POLICYFWD -i tun+ -j ACCEPT
 
+               # Grant access for WireGuard
+               iptables -A POLICYFWD -i wg+ -j ACCEPT
+
                if [ -n "${IFACE}" ]; then
                        if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
                                iptables -A POLICYFWD -i "${BLUE_DEV}" -s "${BLUE_NETADDRESS}/${BLUE_NETMASK}" -o "${IFACE}" -j ACCEPT