summaryrefslogtreecommitdiff
path: root/roles/network/wireguard/gateway/templates/systemd-iptables.service.j2
diff options
context:
space:
mode:
Diffstat (limited to 'roles/network/wireguard/gateway/templates/systemd-iptables.service.j2')
-rw-r--r--roles/network/wireguard/gateway/templates/systemd-iptables.service.j242
1 files changed, 42 insertions, 0 deletions
diff --git a/roles/network/wireguard/gateway/templates/systemd-iptables.service.j2 b/roles/network/wireguard/gateway/templates/systemd-iptables.service.j2
new file mode 100644
index 00000000..11cf4b8a
--- /dev/null
+++ b/roles/network/wireguard/gateway/templates/systemd-iptables.service.j2
@@ -0,0 +1,42 @@
+[Unit]
+Wants=network-online.target
+After=network-online.target
+
+
+[Service]
+Type=oneshot
+
+{% if 'ip_snat' in item.value %}
+ExecStart=/usr/sbin/sysctl net.ipv4.ip_forward=1
+{% for addr in item.value.addresses %}
+ExecStart=/sbin/iptables -t nat -A POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
+{% endfor %}
+{% endif %}
+{% for forward in item.value.port_forwardings | default([]) %}
+{% for port in forward.tcp_ports | default([]) %}
+ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
+{% endfor %}
+{% for port in forward.udp_ports | default([]) %}
+ExecStart=/sbin/iptables -t nat -A PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
+{% endfor %}
+{% endfor %}
+
+{% if 'ip_snat' in item.value %}
+{% for addr in item.value.addresses %}
+ExecStop=/sbin/iptables -t nat -D POSTROUTING -s {{ addr | ipaddr('network/prefix') }} -o {{ item.value.ip_snat.interface }} -j SNAT --to {{ item.value.ip_snat.to }}
+{% endfor %}
+{% endif %}
+{% for forward in item.value.port_forwardings | default([]) %}
+{% for port in forward.tcp_ports | default([]) %}
+ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p tcp --dport {{ port }} -j DNAT --to {{ forward.tcp_ports[port] }}
+{% endfor %}
+{% for port in forward.udp_ports | default([]) %}
+ExecStop=/sbin/iptables -t nat -D PREROUTING -d {{ forward.dest }} -p udp --dport {{ port }} -j DNAT --to {{ forward.udp_ports[port] }}
+{% endfor %}
+{% endfor %}
+
+RemainAfterExit=yes
+
+
+[Install]
+WantedBy=multi-user.target
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 05:25:08 +0000