fix...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
2025-10-28 10:40:07 +00:00 · 2024-01-15 18:38:43 +03:00 · 2024-01-15 18:38:43 +03:00 · ff40c4bbb1
commit ff40c4bbb1
parent 3527c7db01
2 changed files with 7 additions and 3 deletions
--- a/host/templates/pve/etc/firewall/cluster.fw
+++ b/host/templates/pve/etc/firewall/cluster.fw
@ -7,7 +7,7 @@ enable: 1

 [RULES]

-IN ACCEPT -i vmbr3 -log nolog # STUB
+IN ACCEPT -i vmbr3 -log nolog # ADMIN
 IN REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
 IN REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
 OUT REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
@ -17,6 +17,8 @@ OUT DHCPfwd(REJECT) -i vmbr0 -log nolog
 IN DNS(ACCEPT) -i vmbr0 -log nolog
 IN Ping(ACCEPT) -i vmbr0 -log nolog
 IN SSH(ACCEPT) -i vmbr0 -log nolog
+IN ACCEPT -i vmbr0 -p udp -dport 51820 -log nolog # Wireguard
+IN ACCEPT -i vmbr0 -p udp -dport 51821 -log nolog # Wireguard (alt)
 |IN OpenVPN(ACCEPT) -i vmbr0 -log nolog
 IN Web(ACCEPT) -i vmbr0 -log nolog
 IN ACCEPT -i vmbr0 -p udp -dport 22027 -log nolog # syncthing
--- a/wireguard/make.sh
+++ b/wireguard/make.sh
@ -52,13 +52,15 @@ xread "Wireguard endpoint port: " ENDPOINT_PORT
 CLIENT_IPS=${CLIENT_IPS:-10.42.0.0/16}
 ALLOWED_IPS=${ALLOWED_IPS:-0.0.0.0/0,${CLIENT_IPS}}

+DNS=${DNS:-${NS_LAN_IP:-${DFL_NS_LAN_IP}}}
+DNS=${DNS/\/*}
+xread "Local network DNS:" DNS
+
 xreadYes "Show profile as QRcode when done?" QRCODE

 readVars


-DNS=${NS_LAN_IP/\/*}
-


 #----------------------------------------------------------------------