# MediaStack (10.48.200.35) WireGuard client config # Tunnels all internet traffic through WireGuard CT (10.48.200.67) # Kill-switch: iptables blocks any non-WireGuard internet traffic # File: /etc/wireguard/wg0.conf [Interface] PrivateKey = UAaoNldLsxWJerLJAjGlncrm41Ay9QMsK3O1XaTlxmg= Address = 10.200.0.4/24 DNS = 10.48.200.90 PostUp = iptables -I OUTPUT ! -o wg0 -m mark ! --mark 51820 -m addrtype ! --dst-type LOCAL -j REJECT; iptables -I OUTPUT -d 10.48.200.0/24 -j ACCEPT PostDown = iptables -D OUTPUT -d 10.48.200.0/24 -j ACCEPT; iptables -D OUTPUT ! -o wg0 -m mark ! --mark 51820 -m addrtype ! --dst-type LOCAL -j REJECT [Peer] PublicKey = Fqb1KLfHe1r3+Hwhem7YGZB2KikGYy/8pPsOIP4rn18= Endpoint = 10.48.200.67:51821 AllowedIPs = 0.0.0.0/0 PersistentKeepalive = 25