Fix firewall rules not loading on reboot

- Enable and start nftables service during installation - Create /etc/nftables.conf that includes /etc/nftables.d/wireguard.conf - nftables service now loads firewall rules automatically on boot - Update documentation to reflect proper configuration file paths - Remove historical VALIDATION.md document - Clean up documentation references to non-existent scripts
2026-01-12 16:12:06 +01:00
parent 6b97f0532f
commit 22688d96b5
6 changed files with 125 additions and 286 deletions
--- a/wireguard.sh
+++ b/wireguard.sh
@@ -155,6 +155,8 @@ EOF
    # Configure nftables
    echo "Configuring nftables firewall..."
    mkdir -p /etc/nftables.d
+
+    # Create wireguard config in /etc/nftables.d
    cat > /etc/nftables.d/wireguard.conf <<EOF
 #!/usr/sbin/nft -f
 # nftables configuration for WireGuard VPN
@@ -206,7 +208,34 @@ table ip6 nat {
 }
 EOF

-    nft -f /etc/nftables.d/wireguard.conf
+    # Create /etc/nftables.conf that includes wireguard.conf
+    # The nftables service loads /etc/nftables.conf by default
+    cat > /etc/nftables.conf <<EOF
+#!/usr/sbin/nft -f
+# nftables configuration automatically generated by wireguard.sh
+flush ruleset
+include "/etc/nftables.d/wireguard.conf"
+EOF
+
+    chmod 600 /etc/nftables.conf
+    chmod 600 /etc/nftables.d/wireguard.conf
+
+    nft -f /etc/nftables.conf
+
+    # Enable nftables service to load rules on boot
+    echo "Enabling nftables service..."
+    systemctl enable nftables.service
+    systemctl start nftables.service
+
+    # Verify nftables is running
+    if ! systemctl is-active --quiet nftables.service; then
+        echo "ERROR: nftables service failed to start"
+        echo "=== Service Status ==="
+        systemctl status nftables.service
+        exit 1
+    fi
+
+    echo "nftables service started successfully"

    # Generate server keys
    echo "Generating server keys..."