Allow VPN access from everywhere (including WAN, excluding Isolated)

1 files changed, 9 insertions, 0 deletions

diff --git a/src/main.rs b/src/main.rs
index 1436a5f..f381274 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -108,6 +108,15 @@ fn filter() -> Result<()> {
         .accept();
     batch.add(&allow_wan_dhcpv6, MsgType::Add);
 
+    let deny_isolated_vpn = Rule::new(&input)?
+        .iface("eth0.30")?
+        .dport(51820, Protocol::UDP)
+        .drop();
+    batch.add(&deny_isolated_vpn, MsgType::Add);
+
+    let allow_any_vpn = Rule::new(&input)?.dport(51820, Protocol::UDP).accept();
+    batch.add(&allow_any_vpn, MsgType::Add);
+
     let deny_wan = Rule::new(&input)?.iface("ppp0")?.drop();
     batch.add(&deny_wan, MsgType::Add);