On Mon, Feb 04, 2019 at 10:58:31PM -0800, Larry Gadallah wrote: > Hi all: > > Does anyone know how to accomplish the equivalent of the Linux: > > PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 -j > ACC > EPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o wg0 > -j A > CCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE > > in the OpenBSD pf dialect? Does this trick even work for the > user-space Wireguard implementation? >
Not really knowing iptables I would think you want somthing like: pass in on wg0 pass out on eth0 received-on wg0 nat-to (eth0) Guess wg0 would be more like tun0 and eth0 could be egress so pass in on tun0 pass out on egress received-on tun0 nat-to (egress) -- :wq Claudio
