FOR TIPS, gUIDES & TUTORIALS

subscribe to our Youtube

GO TO YOUTUBE

12727 questions

15118 answers

24262 comments

47315 members

0 votes
63 views 0 comments
by
Look at PNG.

In terms of security; does the firewall zone configuration setting look right?

I set up wireguard on a new RUT950 and i have the resulting configuration as shown in PNG.

1 Answer

+1 vote
by
Hello,

The resulting firewall configuration is indeed necessary.

Wireguard clients must be allowed to access the internet, thus the Masquerading option, basically meaning one to many network address translation (NAT).

It also needs to accept traffic generated by Wireguard (wg0 or similar) interface. This results in Input/Output fields set as Allow.

Lastly, there has to be traffic forwarding from LAN to Wireguard interfaces and vice versa. Due to that, there is Inter-zone forwarding added between these zones.

Best regards,