Add installation script

Add wireguard iptables rules
2021-07-17 22:26:56 +02:00 · 2021-07-17 22:26:56 +02:00 · 2e1781a2eb
parent 5f0eb25f5c
commit 2e1781a2eb
2 changed files with 36 additions and 1 deletions
--- a/config/iptables_rules.json
+++ b/config/iptables_rules.json
@ -95,13 +95,28 @@
            "dependson": [
                  { "var": "openvpn-enable", "type": "bool" },
                  { "var": "openvpn-serverip", "type": "string", "replace": "$IPADDRESS$" },
-                  { "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
+                  { "var": "ap-device", "type": "string", "replace": "$INTERFACE$" }
            ],
            "rules": [
+                "-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
                "-A FORWARD -i tun+ -o $INTERFACE$ -m state --state RELATED,ESTABLISHED -j ACCEPT",
                "-A FORWARD -i $INTERFACE$ -o tun+ -j ACCEPT",
                "-t nat -A POSTROUTING -o tun+ -j MASQUERADE"
            ]
+        },
+        {
+            "name": "wireguard",
+            "comment": "Rules for wireguard device (wg)",
+            "dependson": [
+                  { "var": "wireguard-enable", "type": "bool" },
+                  { "var": "wireguard-serverip", "type": "string", "replace": "$IPADDRESS$" },
+                  { "var": "client-device", "type": "string", "replace": "$INTERFACE$" }
+            ],
+            "rules": [
+                "-A INPUT -p udp -s $IPADDRESS$ -j ACCEPT",
+                "-A FORWARD -i wg+ -j ACCEPT",
+                "-t nat -A POSTROUTING -o $INTERFACE$ -j MASQUERADE"
+            ]
        }
    ],
    "exception_rules": [
--- a/installers/install_feature_firewall.sh
+++ b/installers/install_feature_firewall.sh
@ -0,0 +1,20 @@
+#!/bin/bash
+#
+# RaspAP feature installation: Firewall
+# to be sources by the RaspAP installer script
+# Author: @zbchristian <christian@zeitnitz.eu>
+# Author URI: https://github.com/zbchristian/
+# License: GNU General Public License v3.0
+# License URI: https://github.com/raspap/raspap-webgui/blob/master/LICENSE
+
+function _install_feature_firewall() {
+    name="feature firewall"
+
+    _install_log "Install $name"
+    _install_log " - copy configuration file"
+	# create config dir
+	sudo mkdir "/etc/raspap/networking/firewall" || _install_status 1 "Unable to create firewall config directory 
+    # copy firewall configuration 
+    sudo cp "$webroot_dir/config/iptables_rules.json" "/etc/raspap/networking/" || _install_status 1 "Unable to install client configuration ($name)"
+    _install_status 0
+}