I want only one device behind WG tunnel. The device is on its own native VLAN (one bridge, one Ethernet port, 255.255.255.252 subnet mask). To what exactly do I apply WG interface and what NAT firewall rules do I need?
I use static IP, static ARP, no DHCP, and as such non-administrative device traffic is only forwarded.
Input/Output chains looks like this:
- Accept admin device to router TCP port 443 (new, related, established for input, and related, established for output)
- Drop all other traffic to router
I assume the above chains will need to accept traffic from WG device into WG port (51820), but again, I don’t understand how to assign WG interface to a specific device or IP or VLAN…