UFW
Server
Allow Wireguard UDP port
ufw allow 51820/udpAllow forwarding from VPN to LAN
ufw route allow in on wg0 out on eth0Enable forwarding in config
Edit /etc/default/ufw, set DEFAULT_FORWARD_POLICY="ACCEPT". Add this value on a newline if it does not exist already.
NAT (internet sharing)
Edit /etc/ufw/before.rules:
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
COMMITSSH access via VPN
ufw allow in on wg0 to any port 22 proto tcpHTTP/HTTPS via VPN
ufw allow in on wg0 to any port 80 proto tcp
ufw allow in on wg0 to any port 443 proto tcpAllow specific ports
ufw route allow in on wg0 to any port 22
ufw route allow in on wg0 to any port 443Deny inbound VPN traffic
ufw route deny in on wg0Client
Allow all outgoing traffic
ufw default allow outgoingAllow WireGuard interface outbound explicitly
ufw allow out on wg0Deny all incoming
ufw default deny incomingAllow loopback
ufw allow in on loLast updated on