From bb76eb86a4748cae4efa1c9a86d0c3015b44b72f Mon Sep 17 00:00:00 2001
From: billz <billzimmerman@gmail.com>
Date: Fri, 25 Jul 2025 11:55:18 -0700
Subject: [PATCH] Append PostUpEx/PreDown rules to WG config

---
 config/defaults.json | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/config/defaults.json b/config/defaults.json
index a0e1b190..093715fb 100644
--- a/config/defaults.json
+++ b/config/defaults.json
@@ -49,7 +49,9 @@
       "ListenPort": [ "51820" ],
       "DNS": [ "9.9.9.9" ],
       "PostUp": [ "iptables -A FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -A FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A  POSTROUTING -o wg0 -j MASQUERADE" ],
-      "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ]
+      "PostDown": [ "iptables -D FORWARD -i wlan0 -o wg0 -j ACCEPT; iptables -D FORWARD -i wg0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D  POSTROUTING -o wg0 -j MASQUERADE" ],
+      "PostUpEx": [ "iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d %s -j REJECT" ],
+      "PreDown": [ "iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL ! -d %s -j REJECT" ]
     },
     "peer": {
       "Address": [ "10.8.1.2/24" ],