18 lines
492 B
Bash
18 lines
492 B
Bash
#!/bin/bash
|
|
if [ -z "${ALLOWED_CIDR}" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
WG_MARK=$(wg show wg0 fwmark)
|
|
DEFAULT_ROUTE=$(ip route | grep default | awk '{print $3}')
|
|
|
|
for cidr in ${ALLOWED_CIDR}; do
|
|
if ! ip route 2>/dev/null | grep -q "${cidr}" ; then
|
|
ip route add ${cidr} via ${DEFAULT_ROUTE}
|
|
fi
|
|
iptables -A OUTPUT -d ${cidr} -j ACCEPT
|
|
done
|
|
|
|
iptables -A OUTPUT -o lo -j ACCEPT
|
|
iptables -A OUTPUT -o wg0 -j ACCEPT
|
|
iptables -A OUTPUT -m mark ! --mark $WG_MARK -m addrtype ! --dst-type LOCAL -j REJECT |