improved Database & Models
This commit is contained in:
commit
0bbe91bec3
18 changed files with 956 additions and 0 deletions
60
templates/nftables.ejs
Normal file
60
templates/nftables.ejs
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
#!/usr/sbin/nft -f
|
||||
|
||||
# Lösche alte Tabelle
|
||||
flush ruleset
|
||||
|
||||
table inet <%= interface.ifName %> {
|
||||
|
||||
<% addressGroupList.forEach((addressGroup) => { %>
|
||||
set addressGroup_<%= addressGroup.name %> {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = { <%= addressGroup.addressList.join(", ") %> }
|
||||
}
|
||||
<% }) %>
|
||||
|
||||
<% addressGroupList.forEach((addressGroup) => { %>
|
||||
set addressGroup_<%= addressGroup.name %> {
|
||||
type ipv4_addr
|
||||
flags interval
|
||||
elements = { <%= addressGroup.addressList.join(", ") %> }
|
||||
}
|
||||
<% }) %>
|
||||
|
||||
chain input_<%= interface.ifName %> {
|
||||
type filter hook input priority 0; policy drop;
|
||||
|
||||
# Traffic vom Interface akzeptieren
|
||||
iif "<%= interface %>" tcp dport { 22, 53 } accept
|
||||
iif "<%= interface %>" udp dport 53 accept
|
||||
iif "<%= interface %>" icmp type echo-request accept
|
||||
iif "<%= interface %>" ip saddr @allowed_sources_<%= instanceId %> counter accept
|
||||
}
|
||||
|
||||
chain forward_<%= interface.ifName %> {
|
||||
type filter hook forward priority 0; policy drop;
|
||||
|
||||
# Eingehende Pakete von erlaubten IPs weiterleiten
|
||||
iif "<%= interface %>" ip saddr @allowed_sources_<%= instanceId %> ip daddr @allowed_destinations_<%= instanceId %> accept
|
||||
|
||||
# Rückläufige Antworten zulassen (established connections)
|
||||
oif "<%= interface %>" ip saddr @allowed_destinations_<%= instanceId %> ip daddr @allowed_sources_<%= instanceId %> ct state established accept
|
||||
}
|
||||
|
||||
chain output_<%= interface.ifName %> {
|
||||
type filter hook output priority 0; policy accept;
|
||||
|
||||
# Host -> WG Interface
|
||||
oif "<%= interface %>" ip daddr @allowed_destinations_<%= instanceId %> accept
|
||||
}
|
||||
|
||||
chain postrouting_<%= interface.ifName %> {
|
||||
type route hook output priority 100; policy accept;
|
||||
ip saddr <%= localSubnet %> oif "<%= outboundInterface %>" masquerade
|
||||
}
|
||||
|
||||
}
|
||||
<% accessRuleList.forEach((accessRule) => { %>
|
||||
<%= accessRule.proto %> dport <%= accessRule.dstport %> ip saddr
|
||||
# Description: <%= accessRule.description %>
|
||||
<% }) %>
|
||||
11
templates/wg_client.ejs
Normal file
11
templates/wg_client.ejs
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
[Interface]
|
||||
PrivateKey = <%= client.PrivateKey %>
|
||||
Address = <%= client.allowedIps %>
|
||||
DNS = 1.1.1.1
|
||||
|
||||
[Peer]
|
||||
PublicKey = <%= server.publicKey %>
|
||||
PresharedKey = <%= client.presharedKey %>
|
||||
Endpoint = <%= server.endpoint %>:<%= server.listenPort %>
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
PersistentKeepalive = <%= client.allowedIps %>
|
||||
14
templates/wg_server.ejs
Normal file
14
templates/wg_server.ejs
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
[Interface]
|
||||
Address = <%= interface.ifAddress %>
|
||||
<% if (interface.dnsServer) { %>
|
||||
DNS = <%= interface.dnsServer %>
|
||||
<% } %>
|
||||
PrivateKey = <%= interface.privateKey %>
|
||||
ListenPort = <%= interface.listenPort %>
|
||||
|
||||
<% peerList.forEach((peer) => { %>
|
||||
[Peer]
|
||||
# <%= peer.name %>
|
||||
PublicKey = <%= peer.publicKey %>
|
||||
|
||||
<% }) %>
|
||||
Loading…
Add table
Add a link
Reference in a new issue