On Tue, Feb 05, 2019 at 08:20:20AM +0100, Claudio Jeker wrote: > Not really knowing iptables I would think you want somthing like: > > pass in on wg0 > pass out on eth0 received-on wg0 nat-to (eth0) > > Guess wg0 would be more like tun0 and eth0 could be egress so > > pass in on tun0 > pass out on egress received-on tun0 nat-to (egress)
I was going to write much what Claudio said here but also (after looking it up in the iptables man page on a nearby system) it looks like your application needs to insert and delete rules in a running rule set, so you might consider inserting somewhere in the basic setup for your application that you set up an anchor in the system's pf.conf where it can do just that. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
