On 2019-10-21 16:19, 4642 wrote:
###### Egress #######
pass in on egress inet proto udp from any to (egress:0) port 51820
rdr-to $wg_svr
pass out quick on egress inet
###### LAN #######
pass in on $lan_if inet proto udp from any to (egress:0) port
51820 rdr-to $wg_svr
pass in on $lan_if inet
pass out quick on $lan_if inet
###### WG #######
pass in on $wg_if inet
pass out quick on $wg_if inet
Thanks for looking.
Keith.
You might want to consider adding "quick" to all of the rules above
without them (rdr-to rules and the pass in on your local interfaces
rules).
my two cents: I would add specific networks for who can pass out _new
connections_ onto your lan and wireguard networks through those
interfaces (the pass out quick on local network rules are a little wide
open)
