Hi Larry >From looking at your config it looks like when the wiregusrd interface comes up You want to allow forward traffic And you want masqurade traffic leaving on eth0
1)You dont really need to add and remove those rules as the wireguard tunnel comes up id suggest just adding firewall rules statically 2) the firewall implementation in openbsd is pf (packet filter) the pf config file is in /etc/pf.conf 3)to check pf.conf syntax after editing pf.conf run the command pfctl -nvvf /etc/pf.conf 4)to commit pf configuration drop n from the command above eg pfctl -vvf /etc/pf.conf 5) to learn more about pf config check out Peter Hansteen's pf tutorial and his book of pf and man pf.conf for more details All the best On Tue 5 Feb 2019, 07:04 Larry Gadallah <lgadal...@gmail.com wrote: > Hi all: > > Does anyone know how to accomplish the equivalent of the Linux: > > PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -A FORWARD -o wg0 > -j ACC > EPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE > PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -D FORWARD -o > wg0 -j A > CCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE > > in the OpenBSD pf dialect? Does this trick even work for the > user-space Wireguard implementation? > > Thank you, > -- > Larry Gadallah, lgadallah AT gmail DOT com > PGP Sig: AE93 1785 6874 7111 48AD 63A6 2136 3651 981C F87B > >