WireGuard is a modern, secure VPN protocol that can be used to set up a virtual private network (VPN) on Linux. To set up firewall rules for WireGuard, you can use the iptables command. Here’s an example of how you can set up firewall rules for a WireGuard VPN on Linux:
- First, you will need to create a new chain for WireGuard in the iptables firewall by running the following command:
sudo iptables -N wireguard
- Next, you will need to allow all traffic to and from the WireGuard interface by running the following commands:
sudo iptables -A wireguard -i wg0 -j ACCEPT
sudo iptables -A wireguard -o wg0 -j ACCEPT
- To block all incoming traffic to the WireGuard interface, you can use the following command:
sudo iptables -A INPUT -i wg0 -j REJECT
- To block all outgoing traffic from the WireGuard interface, you can use the following command:
sudo iptables -A OUTPUT -o wg0 -j REJECT
- To allow incoming traffic from a specific IP address to the WireGuard interface, you can use the following command:
sudo iptables -A wireguard -i wg0 -s <IP_ADDRESS> -j ACCEPT
- To allow outgoing traffic to a specific IP address from the WireGuard interface, you can use the following command:
sudo iptables -A wireguard -o wg0 -d <IP_ADDRESS> -j ACCEPT
- To allow incoming traffic to the WireGuard interface on a specific port, you can use the following command:
sudo iptables -A wireguard -i wg0 -p <PROTOCOL> --dport <PORT> -j ACCEPT
- To allow outgoing traffic from the WireGuard interface on a specific port, you can use the following command:
sudo iptables -A wireguard -o wg0 -p <PROTOCOL> --sport <PORT> -j ACCEPT
It’s important to note that, these are just example commands. You will need to adjust them to fit your specific use case and the desired level of security. Additionally, you will need to test the changes before deploying them in a production environment. And also, you can use the command “sudo iptables-save” to save the changes.