Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PostUp, PostDown, PreDown truncated #549

Open
bitrate16 opened this issue Feb 12, 2024 · 1 comment · May be fixed by #656
Open

PostUp, PostDown, PreDown truncated #549

bitrate16 opened this issue Feb 12, 2024 · 1 comment · May be fixed by #656

Comments

@bitrate16
Copy link

bitrate16 commented Feb 12, 2024
edited
Loading

When setting very long command for PostUp, PostDown or PreDown, or command containing shell variables reference, after applying config, command is truncated.

Example:

iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE; WGUI="10.10.0.1"; TARGET="192.168.2.27; forward_port () { iptables -t nat -A PREROUTING -p "$1" -d "$2" --dport "$4" -j DNAT --to "$3:$5"; iptables -A FORWARD -p "$1" -d "$3" --dport "$4" -j ACCEPT; }; forward_port udp "$WGUI" "$TARGET" 53 10153; forward_port tcp "$WGUI" "$TARGET" 80 10080; forward_port tcp "$WGUI" "$TARGET" 443 10443;

After reapplying config it becomes (shown in web ui):

iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE; WGUI=

Example 2:

iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE; iptables -t nat -A PREROUTING -p "udp" -d "10.10.0.1" --dport "53" -j DNAT --to "192.168.2.27:10153"; iptables -A FORWARD -p "udp" -d "192.168.2.27" --dport "53" -j ACCEPT; iptables -t nat -A PREROUTING -p "tcp" -d "10.10.0.1" --dport "80" -j DNAT --to "192.168.2.27:10080"; iptables -A FORWARD -p "tcp" -d "192.168.2.27" --dport "80" -j ACCEPT; iptables -t nat -A PREROUTING -p "tcp" -d "10.10.0.1" --dport "443" -j DNAT --to "192.168.2.27:10443"; iptables -A FORWARD -p "tcp" -d "192.168.2.27" --dport "443" -j ACCEPT

After reapplying config it becomes (shown in web ui):

iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE; iptables -t nat -A PREROUTING -p

which makes absolutely unuseful specifying long custom configuration for iptables.

I've checked wg0.conf after first apply - command matches original. After opening settings in web ui, command is truncated in settings and truncated after second config apply.

I'm using portainer and don't know how to add external files in it unlike in standalone docker on host, so it's important to use long command for custom forwarding rules (preferrable with shell functions to make them shorter), but I can't.

UPD: When settting same config without quotes, everything works
@schwarmik
Copy link

schwarmik commented Feb 14, 2024
edited
Loading

I had the same problem and I also have a lot of iptables commands. In my opinion, the cleanest solution is to outsource the commands to a script. The script is then executed via PostUp or PostDown

PostUp = /etc/wireguard/ifscript.sh up
PostDown = /etc/wireguard/ifscript.sh down

if [ "$1" = "up" ]; then .... your PostUp Commands elif [ "$1" = "down" ]; then .... your PostDown Commands fi

@rwillert rwillert linked a pull request Dec 19, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Escape html special chars rwillert/wireguard-ui
2 participants
@bitrate16 @schwarmik