Skip to content
/ wg-iptables-manager Public

An interactive bash tool for managing iptables port forwarding rules for Wireguard VPN setups, designed to simplify the process of bypassing Carrier-Grade NAT (CGNAT). Features a color-coded interface, automatic backups, and comprehensive rule management.

License

View license
1 star 0 forks Branches Tags Activity
Star

Mavrag/wg-iptables-manager

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
wg-iptables-manager.sh
wg-iptables-manager.sh
 
 

Repository files navigation

Wireguard IPTables Manager

A bash script to simplify managing port forwarding rules for Wireguard VPN setups, particularly useful for bypassing Carrier-Grade NAT (CGNAT).

Overview

This tool provides an interactive interface to:

  • Add, edit, and delete port forwarding rules
  • Automatically generate both creation (up) and deletion (down) scripts
  • Manage backups of your rule configurations
  • Validate inputs to prevent errors
  • Apply rules immediately or save for later

Background

This tool was created to help manage port forwarding rules for Wireguard VPN setups that bypass CGNAT, as described in the Bypass CGNAT guide.

Features

  • Interactive CLI Interface: Color-coded, menu-driven interface for easy rule management
  • Input Validation: Ensures all ports and IP addresses are valid
  • Automatic Backup: Creates timestamped backups before any changes
  • Configuration Management: Allows setting default internal IPs
  • Rule Management: Add, edit, delete, and restore rules with ease
  • Persistent Storage: Rules are stored in script files for persistence across reboots

Installation

  1. Clone this repository or download the script

  2. Make it executable:

    chmod +x wg-iptables-manager.sh

  3. Run with sudo privileges:

    sudo ./wg-iptables-manager.sh

Usage

The script is menu-driven and self-explanatory. Main options:

  • Add Rule: Forward a port from your WAN to an internal IP
  • Delete Rule: Remove an existing port forwarding rule
  • Edit Rule: Modify an existing rule's protocol, ports, or destination
  • Restore Backup: Return to a previous configuration state
  • Config: Change default settings like the target IP
  • Apply Rules: Apply the current ruleset to iptables

File Structure

The script creates and manages the following files:

  • /etc/wireguard/iptables-up.sh: Script to apply port forwarding rules
  • /etc/wireguard/iptables-down.sh: Script to remove port forwarding rules
  • /etc/wireguard/iptables-config.conf: Configuration file
  • /etc/wireguard/backups/: Directory containing timestamped backups

Security Considerations

  • Always run the script as root (it will check for this)
  • Be careful when opening ports as this creates potential security vulnerabilities
  • Consider using a firewall to restrict access to opened ports

Credits

  • Based on concepts from the Bypass CGNAT guide
  • Enhanced with a comprehensive interactive interface and safety features

License

This project is licensed under the Creative Commons Attribution-NonCommercial 4.0 International License (CC BY-NC 4.0) - see the LICENSE file for details.

This means you are free to share and adapt the material, but you must provide attribution and you may not use the material for commercial purposes.

About

An interactive bash tool for managing iptables port forwarding rules for Wireguard VPN setups, designed to simplify the process of bypassing Carrier-Grade NAT (CGNAT). Features a color-coded interface, automatic backups, and comprehensive rule management.

Topics

iptables port-forwarding wireguard cgnat

Resources

Readme

License

View license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages