Update postup.sh

Added drop rules to drop the traffic between the peers, this is required for enhanced security.
donaldzou · Sep 4, 2024 · 32a6678 · 32a6678
1 parent e218532
commit 32a6678
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/src/iptable-rules/postup.sh b/src/iptable-rules/postup.sh
@@ -22,5 +22,8 @@ iptables -A $CHAIN_NAME -o lo -j ACCEPT
 # Drop everything else coming through the Wireguard interface
 iptables -A $CHAIN_NAME -i $WIREGUARD_INTERFACE -j DROP
 
+# Drop traffic between the peers
+iptables -I FORWARD -i $WIREGUARD_INTERFACE -o $WIREGUARD_INTERFACE -j DROP
+
 # Return to FORWARD chain
-iptables -A $CHAIN_NAME -j RETURN
+iptables -A $CHAIN_NAME -j RETURN