Skip to content

Instantly share code, notes, and snippets.

@Fossil01

Fossil01/Wireguard Client Isolation.md

Created August 28, 2020 13:16
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Fossil01/7fa14619f195da2a4ccc62200531c87e to your computer and use it in GitHub Desktop.
Save Fossil01/7fa14619f195da2a4ccc62200531c87e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Wireguard Client Isolation.md

Wireguard Client Isolation

The Wireguard VPN doesn’t isolate clients on default. If you want to enable client isolation, you can do so via the following iptables rules:

iptables -I FORWARD -i wg0 -o wg0 -j REJECT --reject-with icmp-adm-prohibited
ip6tables -I FORWARD -i wg0 -o wg0 -j REJECT --reject-with icmp6-admin-prohibited

If you want relax the rules for certain clients you can do as follows (where 10.10.10.3 refers to the client and 10.10.10.0/24 to the Wireguard VPN network):

iptables -I FORWARD -i wg0 -s 10.10.10.3/32 -d 10.10.10.0/24 -j ACCEPT

Courtesy of: https://shibumi.dev/posts/isolated-clients-with-wireguard/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment