pcvolkmer/docker-wireguard-boringtun
1
0
Fork 0
mirror of https://github.com/pcvolkmer/docker-wireguard-boringtun.git synced 2025-04-19 13:26:50 +00:00
Code Issues Packages Releases Activity

Add option to disable traffic forwarding

Browse Source
This commit is contained in:
Paul-Christian Volkmer 2022-12-06 20:54:46 +01:00
parent c88d16ca3d
commit f85d6dc215
3 changed files with 25 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -28,6 +28,7 @@ Customize the file `docker-compose`. You can change the following environment va
* `SERVER_PORT`: The port the service should listen at
* `NETWORK`: Some custom /24 network. e.g. `192.168.42.0`
* `CLIENTS`: Number of clients for which configurations are to be created. Do not use more than 240 clients.
* `DISABLE_FORWARD_ALL_TRAFFIC`: Use `true` or `yes` to not add iptables rules and do not forward all traffic.
If no environment variables are set, config creation script will ask you for settings.
@ -45,9 +46,16 @@ wg_1 | - Using endpoint hostname example.com
wg_1 | - Using port 51820
wg_1 | - Using network 192.168.42.0/24
wg_1 | - Generating 5 client configs and client QR codes
wg_1 | - Forward all traffic
wireguard_wg_1 exited with code 0
```
To disable traffic forwarding set `DISABLE_FORWARD_ALL_TRAFFIC` to `true` or `yes` or use
```
$ docker-compose run wg init --no-forward
```
### Start the service
Start the service in detached mode.

14
scripts/create-config.sh
View File

@ -40,6 +40,12 @@ if (( $CLIENTS > 240 )); then
fi
echo " - Generating $CLIENTS client configs and client QR codes"
if [ "$DISABLE_FORWARD_ALL_TRAFFIC" != "true" ] && [ "$DISABLE_FORWARD_ALL_TRAFFIC" != "yes" ]; then
echo " - Forward all traffic"
else
echo " - Do not forward all traffic"
fi
SERVER_SEC_KEY=$(wg genkey)
SERVER_PUB_KEY=$(echo $SERVER_SEC_KEY | wg pubkey)
@ -63,9 +69,17 @@ cat <<EOF >> $DEVICE.conf
Address = $NETWORK.1/24
ListenPort = $SERVER_PORT
PrivateKey = $SERVER_SEC_KEY
EOF
if [ "$DISABLE_FORWARD_ALL_TRAFFIC" != "true" ] && [ "$DISABLE_FORWARD_ALL_TRAFFIC" != "yes" ]; then
cat <<EOF >> $DEVICE.conf
PostUp = iptables -A FORWARD -i $DEVICE -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i $DEVICE -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
EOF
fi
cat <<EOF >> $DEVICE.conf
# <- $(date)
EOF

3
scripts/entrypoint.sh
View File

@ -36,6 +36,9 @@ case "$1" in
exit 0
;;
'init')
if [ "$2" == "--no-forward" ]; then
export DISABLE_FORWARD_ALL_TRAFFIC="yes"
fi
if [ ! -f "/etc/wireguard/$DEVICE.conf" ]; then
cd /etc/wireguard
/scripts/create-config.sh