#!/bin/sh
/sbin/ipfw -q add 60000 deny all from any to me
/sbin/ipfw -q add 61000 allow all from 10.0.0.0/24 to 10.0.0.0/24

#!/bin/sh
# PROVIDE: wireguard_firewall
# REQUIRE: wireguard
# KEYWORD: shutdown

. /etc/rc.subr

name="wireguard_firewall"
rcvar="wireguard_firewall_enable"

: ${wireguard_firewall_enable:="NO"}

command="/root/bin/wireguard-firewall"

load_rc_config $name
run_rc_command "$1"

#!/bin/sh
# PROVIDE: wireguard_mtu
# REQUIRE: wireguard
# KEYWORD: shutdown

. /etc/rc.subr

name="wireguard_mtu"
rcvar="wireguard_mtu_enable"

: ${wireguard_mtu_enable:="NO"}

command="/sbin/ifconfig"
command_args="wg0 mtu 1350"

load_rc_config $name
run_rc_command "$1"

firewall_enable="YES"
firewall_logging="YES"
firewall_logif="YES"
firewall_type="workstation"
firewall_myservices="PORT_WG/udp"
firewall_allowservices="any"
wireguard_firewall_enable="YES"
wireguard_enable="YES"
wireguard_interfaces="wg0"
wireguard_wg0_ips="10.0.0.1/24"
wireguard_wg0_routes="10.0.0.0/24"
gateway_enable="YES"

[Interface]
PrivateKey = ThePrivateKey
ListenPort = PORT_WG

[Peer]
PublicKey = ThePublicKey
AllowedIPs = 10.0.0.2

[Peer]
PublicKey = ThePublicKey2
AllowedIPs = 10.0.0.3

#!/bin/sh
# PROVIDE: wireguard_mtu
# REQUIRE: wireguard
# KEYWORD: shutdown

. /etc/rc.subr

name="wireguard_mtu"
rcvar="wireguard_mtu_enable"

: ${wireguard_mtu_enable:="NO"}

command="/sbin/ifconfig"
command_args="wg0 mtu 1350"

load_rc_config $name
run_rc_command "$1"

firewall_enable="YES"
firewall_logging="YES"
firewall_logif="YES"
firewall_type="workstation"
wireguard_enable="YES"
wireguard_interfaces="wg0"
wireguard_wg0_ips="10.0.0.2/24"
wireguard_wg0_routes="10.0.0.0/24"

[Interface]
PrivateKey = ThePrivateKey

[Peer]
PublicKey = ThePublicKeyOfTheEndpoint
AllowedIPs = 10.0.0.0/24
Endpoint = EndpointIP:WG_PORT
PersistentKeepalive = 25