diff options
| -rw-r--r-- | roles/wgtor/templates/wgtor0.conf.j2 | 8 | ||||
| -rw-r--r-- | roles/wgvpn/templates/wgvpn0.conf.j2 | 6 |
2 files changed, 7 insertions, 7 deletions
diff --git a/roles/wgtor/templates/wgtor0.conf.j2 b/roles/wgtor/templates/wgtor0.conf.j2 index 6acb081..d535967 100644 --- a/roles/wgtor/templates/wgtor0.conf.j2 +++ b/roles/wgtor/templates/wgtor0.conf.j2 @@ -6,10 +6,10 @@ ListenPort = 51822 # See for source of iptables rules. # https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy -PostUp = iptables -t nat -A PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353 -PostUp = iptables -t nat -A PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353 -PostUp = iptables -t nat -A PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040 -PostUp = iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 +PostUp = iptables --wait -t nat -A PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353 +PostUp = iptables --wait -t nat -A PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353 +PostUp = iptables --wait -t nat -A PREROUTING -i %i -p tcp --syn -j REDIRECT --to-ports 9040 +PostUp = iptables --wait -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-ports 9040 PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 53 -j REDIRECT --to-ports 5353 PostDown = iptables -t nat -D PREROUTING -i %i -p udp --dport 5353 -j REDIRECT --to-ports 5353 diff --git a/roles/wgvpn/templates/wgvpn0.conf.j2 b/roles/wgvpn/templates/wgvpn0.conf.j2 index d70832c..090d4b2 100644 --- a/roles/wgvpn/templates/wgvpn0.conf.j2 +++ b/roles/wgvpn/templates/wgvpn0.conf.j2 @@ -3,9 +3,9 @@ PrivateKey = {{ wireguard_private_key }} Address = 10.0.1.1/24 ListenPort = 51821 -PostUp = iptables -A FORWARD -i %i -j ACCEPT -PostUp = iptables -A FORWARD -o %i -j ACCEPT -PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +PostUp = iptables --wait -A FORWARD -i %i -j ACCEPT +PostUp = iptables --wait -A FORWARD -o %i -j ACCEPT +PostUp = iptables --wait -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT PostDown = iptables -D FORWARD -o %i -j ACCEPT |