if not using firewalld; then server port is not opened in the firewall

[helarsen]

Hello, If distro is not using firewalld but iptables, then the script does not open the server port/udp in the firewall.

Script says (irrelevant stuff deleted)

if pgrep firewalld; then
echo "PostUp = firewall-cmd --add-port ${SERVER_PORT}/udp ...
else
echo "PostUp = iptables -A FORWARD -i ${SERVER_PUB_NIC} -o ${SERVER_WG_NIC} -j ACCEPT; iptables -A FORWARD -i ${SERVER_WG_NIC} -j ACCEPT; iptables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE; ip6tables -A FORWARD -i ${SERVER_WG_NIC} -j ACCEPT; ip6tables -t nat -A POSTROUTING -o ${SERVER_PUB_NIC} -j MASQUERADE
...

so as seen, no mention of SERVER_PORT to iptables. And sure enough on Raspberry Pi, it does not work unless the port is opened "manually". I would expect to see something like this in addition to the existing code:

echo "PostUp = iptables -A INPUT -p udp -m udp --dport ${SERVER_PORT} -j ACCEPT; ....
....    "PostDown = iptables -D INPUT -p udp -m udp --dport ${SERVER_PORT} -j ACCEPT; ...

thanks for a nice tool though!

[helarsen]

ahh I see there is already a related pull request https://github.com/angristan/wireguard-install/pull/270#issue-988388929. What are the prospects of merging this?

The suggested addition above seems to work on raspberry pi (debian) although it is not exactly the same

[angristan]

Should be fixed by https://github.com/angristan/wireguard-install/pull/334