Config wireguard with csf
csfpre.sh
CSF blocks Wireguard traffic, so we need to add some rules to iptables. Here are the instructions on how to do it.
Create a csfpre.sh
file in the CSF path, for example, /etc/csf/csfpre.sh
.csfpre.sh
adds iptable rules to CSF before it launches.
1 | !/bin/bash |
en3
is your network interface10.7.0.2/24
and fddd:2c4:2c4:2c4::2/64
is your wireguard internal ip.
Don’t forget to give permission to the script: chmod +x /etc/csf/csfpre.sh.
Finally, run:
csf -ra
wg0 configuration
add the follow line to the wg0.conf
1 | PostUp = iptables -w -t nat -A POSTROUTING -o ens3 -j MASQUERADE; ip6tables -w -t nat -A POSTROUTING -o ens3 -j MASQUERADE |