From ff40c4bbb1f61b884e0463d6ee4274237feca479 Mon Sep 17 00:00:00 2001
From: "Alex A. Naanou" <alex.nanou@gmail.com>
Date: Mon, 15 Jan 2024 18:38:43 +0300
Subject: [PATCH] fix...

Signed-off-by: Alex A. Naanou <alex.nanou@gmail.com>
---
 host/templates/pve/etc/firewall/cluster.fw | 4 +++-
 wireguard/make.sh                          | 6 ++++--
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/host/templates/pve/etc/firewall/cluster.fw b/host/templates/pve/etc/firewall/cluster.fw
index bf5a7f4..f9ba294 100644
--- a/host/templates/pve/etc/firewall/cluster.fw
+++ b/host/templates/pve/etc/firewall/cluster.fw
@@ -7,7 +7,7 @@ enable: 1
 
 [RULES]
 
-IN ACCEPT -i vmbr3 -log nolog # STUB
+IN ACCEPT -i vmbr3 -log nolog # ADMIN
 IN REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
 IN REJECT -i vmbr0 -p udp -dport 67 -sport 67 -log nolog # dhcp
 OUT REJECT -i vmbr0 -p udp -dport 68 -sport 68 -log nolog # dhcp
@@ -17,6 +17,8 @@ OUT DHCPfwd(REJECT) -i vmbr0 -log nolog
 IN DNS(ACCEPT) -i vmbr0 -log nolog
 IN Ping(ACCEPT) -i vmbr0 -log nolog
 IN SSH(ACCEPT) -i vmbr0 -log nolog
+IN ACCEPT -i vmbr0 -p udp -dport 51820 -log nolog # Wireguard
+IN ACCEPT -i vmbr0 -p udp -dport 51821 -log nolog # Wireguard (alt)
 |IN OpenVPN(ACCEPT) -i vmbr0 -log nolog
 IN Web(ACCEPT) -i vmbr0 -log nolog
 IN ACCEPT -i vmbr0 -p udp -dport 22027 -log nolog # syncthing
diff --git a/wireguard/make.sh b/wireguard/make.sh
index 72e5082..9ce98e6 100755
--- a/wireguard/make.sh
+++ b/wireguard/make.sh
@@ -52,13 +52,15 @@ xread "Wireguard endpoint port: " ENDPOINT_PORT
 CLIENT_IPS=${CLIENT_IPS:-10.42.0.0/16}
 ALLOWED_IPS=${ALLOWED_IPS:-0.0.0.0/0,${CLIENT_IPS}}
 
+DNS=${DNS:-${NS_LAN_IP:-${DFL_NS_LAN_IP}}}
+DNS=${DNS/\/*}
+xread "Local network DNS:" DNS
+
 xreadYes "Show profile as QRcode when done?" QRCODE
 
 readVars
 
 
-DNS=${NS_LAN_IP/\/*}
-
 
 
 #----------------------------------------------------------------------