gandc/awg-openwrt
1
0
Fork 0
mirror of https://github.com/Slava-Shchipunov/awg-openwrt.git synced 2026-03-14 01:13:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add firewall settings

Browse Source
This commit is contained in:
Slava-Shchipunov
2024-10-26 02:53:26 +07:00
parent 9d1e5e5f70
commit 7195728872
1 changed files with 33 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
amneziawg-install.sh
View File

@@ -97,15 +97,15 @@ install_awg_packages() {
}
configure_amneziawg_interface() {
INTERFACE_NAME="awg1"
CONFIG_NAME="amneziawg_awg1"
INTERFACE_NAME="awg0"
CONFIG_NAME="amneziawg_0"
PROTO="amneziawg"
ZONE_NAME="awg_internal"
ZONE_NAME="awg0"
read -r -p "Enter the private key (from [Interface]):"$'\n' AWG_PRIVATE_KEY_INT
while true; do
read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (from [Interface]):"$'\n' AWG_IP
read -r -p "Enter internal IP address with subnet, example 192.168.100.5/24 (Address from [Interface]):"$'\n' AWG_IP
if echo "$AWG_IP" | egrep -oq '^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]+$'; then
break
else
@@ -157,12 +157,39 @@ configure_amneziawg_interface() {
uci set network.@${CONFIG_NAME}[0].name="${INTERFACE_NAME}_client"
uci set network.@${CONFIG_NAME}[0].public_key=$AWG_PUBLIC_KEY_INT
uci set network.@${CONFIG_NAME}[0].preshared_key=$AWG_PRESHARED_KEY_INT
uci set network.@${CONFIG_NAME}[0].route_allowed_ips='0'
uci set network.@${CONFIG_NAME}[0].route_allowed_ips='1'
uci set network.@${CONFIG_NAME}[0].persistent_keepalive='25'
uci set network.@${CONFIG_NAME}[0].endpoint_host=$AWG_ENDPOINT_INT
uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0'
uci set network.@${CONFIG_NAME}[0].allowed_ips='0.0.0.0/0 ::/0'
uci set network.@${CONFIG_NAME}[0].endpoint_port=$AWG_ENDPOINT_PORT_INT
uci commit network
if ! uci show firewall | grep -q "@zone.*name='${ZONE_NAME}'"; then
printf "\033[32;1mZone Create\033[0m\n"
uci add firewall zone
uci set firewall.@zone[-1].name=$ZONE_NAME
uci set firewall.@zone[-1].network=$INTERFACE_NAME
uci set firewall.@zone[-1].forward='REJECT'
uci set firewall.@zone[-1].output='ACCEPT'
uci set firewall.@zone[-1].input='REJECT'
uci set firewall.@zone[-1].masq='1'
uci set firewall.@zone[-1].mtu_fix='1'
uci set firewall.@zone[-1].family='ipv4'
uci commit firewall
fi
if ! uci show firewall | grep -q "@forwarding.*name='${ZONE_NAME}'"; then
printf "\033[32;1mConfigured forwarding\033[0m\n"
uci add firewall forwarding
uci set firewall.@forwarding[-1]=forwarding
uci set firewall.@forwarding[-1].name="${ZONE_NAME}-lan"
uci set firewall.@forwarding[-1].dest=${ZONE_NAME}
uci set firewall.@forwarding[-1].src='lan'
uci set firewall.@forwarding[-1].family='ipv4'
uci commit firewall
fi
service network restart
}
check_repo