From be9aab6f55a2f9188b913cc54ecdb61bbcf8f9ab Mon Sep 17 00:00:00 2001
From: Himbeer <himbeer@disroot.org>
Date: Sat, 17 Aug 2024 23:26:39 +0200
Subject: Allow VPN access from everywhere (including WAN, excluding Isolated)

---
 src/main.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/main.rs')

diff --git a/src/main.rs b/src/main.rs
index 1436a5f..f381274 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -108,6 +108,15 @@ fn filter() -> Result<()> {
         .accept();
     batch.add(&allow_wan_dhcpv6, MsgType::Add);
 
+    let deny_isolated_vpn = Rule::new(&input)?
+        .iface("eth0.30")?
+        .dport(51820, Protocol::UDP)
+        .drop();
+    batch.add(&deny_isolated_vpn, MsgType::Add);
+
+    let allow_any_vpn = Rule::new(&input)?.dport(51820, Protocol::UDP).accept();
+    batch.add(&allow_any_vpn, MsgType::Add);
+
     let deny_wan = Rule::new(&input)?.iface("ppp0")?.drop();
     batch.add(&deny_wan, MsgType::Add);
 
-- 
cgit v1.2.3