|
|
|
@ -46,29 +46,38 @@ def setup_wireguard():
|
|
|
|
"""Set up WireGuard with complete system configuration"""
|
|
|
|
"""Set up WireGuard with complete system configuration"""
|
|
|
|
print_step("🔒", "Setting up WireGuard system configuration...")
|
|
|
|
print_step("🔒", "Setting up WireGuard system configuration...")
|
|
|
|
|
|
|
|
|
|
|
|
# Load WireGuard kernel module
|
|
|
|
# Ensure WireGuard kernel module is loaded
|
|
|
|
print("Loading WireGuard kernel module...")
|
|
|
|
print("Loading WireGuard kernel module...")
|
|
|
|
run_command("sudo modprobe wireguard", "Failed to load WireGuard kernel module", shell=True)
|
|
|
|
run_command("sudo modprobe wireguard", "Failed to load WireGuard kernel module", shell=True)
|
|
|
|
|
|
|
|
|
|
|
|
# Enable IP forwarding
|
|
|
|
# Enable IP forwarding
|
|
|
|
print("Enabling IP forwarding...")
|
|
|
|
print("Enabling IP forwarding...")
|
|
|
|
run_command("sudo sh -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'", "Failed to enable IP forwarding", shell=True)
|
|
|
|
run_command(
|
|
|
|
run_command("sudo sysctl -w net.ipv4.ip_forward=1", "Failed to enable IP forwarding", shell=True)
|
|
|
|
"sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf",
|
|
|
|
|
|
|
|
"Failed to update sysctl.conf",
|
|
|
|
|
|
|
|
shell=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
run_command(
|
|
|
|
|
|
|
|
"sudo sysctl -p",
|
|
|
|
|
|
|
|
"Failed to apply sysctl changes",
|
|
|
|
|
|
|
|
shell=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
# Apply iptables rules
|
|
|
|
# Apply iptables rules
|
|
|
|
print("Applying iptables rules to allow SSH and route traffic correctly...")
|
|
|
|
print("Applying iptables rules to allow SSH and route traffic correctly...")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Ensure SSH access is allowed
|
|
|
|
ssh_rules = [
|
|
|
|
ssh_rules = [
|
|
|
|
"sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT",
|
|
|
|
"sudo iptables -I INPUT -p tcp --dport 22 -j ACCEPT",
|
|
|
|
"sudo iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT",
|
|
|
|
"sudo iptables -I OUTPUT -p tcp --sport 22 -j ACCEPT",
|
|
|
|
"sudo iptables -I FORWARD -p tcp --dport 22 -j ACCEPT"
|
|
|
|
"sudo iptables -I FORWARD -p tcp --dport 22 -j ACCEPT",
|
|
|
|
|
|
|
|
"sudo iptables -t nat -I POSTROUTING -p tcp --dport 22 -j RETURN"
|
|
|
|
]
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
|
|
for rule in ssh_rules:
|
|
|
|
for rule in ssh_rules:
|
|
|
|
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
|
|
|
|
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
|
|
|
|
|
|
|
|
|
|
|
|
# Apply NAT rules for VPN traffic
|
|
|
|
# Apply NAT rules for VPN traffic
|
|
|
|
print("Applying NAT and forwarding rules...")
|
|
|
|
|
|
|
|
nat_rules = [
|
|
|
|
nat_rules = [
|
|
|
|
"sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
|
|
|
"sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE",
|
|
|
|
"sudo iptables -A FORWARD -i wg0 -j ACCEPT",
|
|
|
|
"sudo iptables -A FORWARD -i wg0 -j ACCEPT",
|
|
|
|
@ -78,16 +87,32 @@ def setup_wireguard():
|
|
|
|
for rule in nat_rules:
|
|
|
|
for rule in nat_rules:
|
|
|
|
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
|
|
|
|
run_command(rule, f"Failed to apply iptables rule: {rule}", shell=True)
|
|
|
|
|
|
|
|
|
|
|
|
# Allow web interface access
|
|
|
|
# Install and save iptables rules persistently
|
|
|
|
print_step("🌐", "Allowing web interface on port 1337...")
|
|
|
|
print("Installing and saving iptables-persistent...")
|
|
|
|
run_command("sudo iptables -A INPUT -p tcp --dport 1337 -j ACCEPT", "Failed to open port 1337", shell=True)
|
|
|
|
run_command(["apt-get", "install", "-y", "iptables-persistent"], "Failed to install iptables-persistent")
|
|
|
|
|
|
|
|
|
|
|
|
# Ensure rules are correct before saving
|
|
|
|
|
|
|
|
print_step("💾", "Saving iptables rules for persistence...")
|
|
|
|
|
|
|
|
run_command("sudo iptables -S", "Failed to verify iptables rules", shell=True)
|
|
|
|
|
|
|
|
run_command("sudo netfilter-persistent save", "Failed to save iptables rules", shell=True)
|
|
|
|
run_command("sudo netfilter-persistent save", "Failed to save iptables rules", shell=True)
|
|
|
|
run_command("sudo netfilter-persistent reload", "Failed to reload iptables rules", shell=True)
|
|
|
|
run_command("sudo netfilter-persistent reload", "Failed to reload iptables rules", shell=True)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Update nameserver
|
|
|
|
|
|
|
|
print("Updating nameserver...")
|
|
|
|
|
|
|
|
run_command(
|
|
|
|
|
|
|
|
"sudo sed -i 's/nameserver .*/nameserver 1.1.1.1/' /etc/resolv.conf",
|
|
|
|
|
|
|
|
"Failed to update nameserver",
|
|
|
|
|
|
|
|
shell=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Install iptables-persistent and save rules
|
|
|
|
|
|
|
|
print("Making iptables rules persistent...")
|
|
|
|
|
|
|
|
run_command(
|
|
|
|
|
|
|
|
["apt-get", "install", "-y", "iptables-persistent"],
|
|
|
|
|
|
|
|
"Failed to install iptables-persistent"
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
run_command(
|
|
|
|
|
|
|
|
"sudo iptables-save | sudo tee /etc/iptables/rules.v4",
|
|
|
|
|
|
|
|
"Failed to save iptables rules",
|
|
|
|
|
|
|
|
shell=True
|
|
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
def main():
|
|
|
|
if os.geteuid() != 0:
|
|
|
|
if os.geteuid() != 0:
|
|
|
|
print("❌ This script must be run as root (sudo)")
|
|
|
|
print("❌ This script must be run as root (sudo)")
|
|
|
|
|
