Iptables: how to allow forwarding from wireguard NIC only to some IP

iptables wireguard ip-forwarding

Solution 1:

Sure you can, instead of arbitrarily allowing traffic, just make sure it goes to the destination IP you expect:

-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 
-A FORWARD -i wg0 -d 192.168.1.45 -j ACCEPT

As a side note, I wouldn't add and remove rules in the PostUp and PostDown hooks, it isn't useful to remove them when the interface no longer exists as they don't do anything in that case. Just leave them there all the time, it's less error-prone and easier to manage.

Related

Elasticsearch connection refused
Does the fire rate for Bulwark of Harmony work if you're in an offensive war?
Guitar Hero game play on Wii versus XBox 360 and Playstation 3
Can mobs drop special items?
What are the possible drops for defeating Yeti Zombie?
How do Zenyatta and Mercy's damage boosts stack?
Are there 'headshot' or 'limb' damage, and other specific body part hit effects in Alan Wake?
Can a Pichu wearing a Santa hat hatch from an egg?
What is chaos damage in Path of Exile?
Does the difficulty level affect the mini-games (snatch etc)?
Can I remove emoticon button from Steam friends chat?
Can I shoot through Deathtrap?