wgfw.rules

# Custom firewall rules in iptables compatible format that will be applied in idempotent manner on the server side at server startup time or each time `wgcg.sh --sync` command is executed.
#
# Note: Chain name cannot be changed, WGCG-CUSTOM will always be enforced even if some other chain name is specified.
# Note: When deleting a rule always delete a whole group of rules for particular client.
#
# Examples:
# # client-1: Allow HTTP and HTTPS traffic from client source IP 10.0.0.10 to destination IP 192.168.0.10, block everything else coming from this source IP.
# -A WGCG-CUSTOM -s 10.0.0.10 -d 192.168.0.10 -p tcp -m multiport --dports 80,443 -j ACCEPT
# -A WGCG-CUSTOM -s 10.0.0.10 -j DROP
#
# # client-2: Allow SSH traffic from client source IP 10.0.0.11 to destination IP 192.168.0.11, block everything else coming from this source IP.
# -A WGCG-CUSTOM -s 10.0.0.11 -d 192.168.0.11 -p tcp --dport 22 -j ACCEPT
# -A WGCG-CUSTOM -s 10.0.0.11 -j DROP
#
# # client-3: Delete following rule if exist.
# -D WGCG-CUSTOM -s 10.0.0.12 -d 192.168.0.12 -p tcp --dport 5432 -j ACCEPT