From b7b3c8f8099cf6ec2b0ad69ce5a462bbc8663ddf Mon Sep 17 00:00:00 2001
From: Robin Rijkeboer <robin@richblox.nl>
Date: Mon, 10 Mar 2025 20:41:15 +0100
Subject: [PATCH 1/2] Add UFW configuration to the wireguard internal docs

Signed-off-by: Robin Rijkeboer <robin@richblox.nl>
---
 docs/guides/vpn/wireguard/internal.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/docs/guides/vpn/wireguard/internal.md b/docs/guides/vpn/wireguard/internal.md
index 1c2f91af5..84b2544b7 100644
--- a/docs/guides/vpn/wireguard/internal.md
+++ b/docs/guides/vpn/wireguard/internal.md
@@ -84,6 +84,27 @@ The rules will then be cleared once the tunnel is down.
 
     The important change is the extra `PostUp` and `PostDown` in the `[Interface]` section.
 <!-- markdownlint-enable code-block-style -->
+
+### `ufw`
+If you are using UFW the above doesn't work and you will need to edit `/etc/ufw/before.rules`:
+
+Insert this into the before.rules file but **before** the FIRST commit line:
+```bash
+# allow forwarding for trusted network
+-A ufw-before-forward -s 10.10.10.0/24 -j ACCEPT
+-A ufw-before-forward -d 10.10.10.0/24 -j ACCEPT
+``` 
+For IPv6 you need to do the same but at `/etc/ufw/before6.rules`:
+
+Put the following near the bottom but **before** the first COMMIT line:
+
+```bash
+# allow forwarding for trusted network
+-A ufw6-before-forward -s fd08:4711::/64 -j ACCEPT
+-A ufw6-before-forward -d fd08:4711::/64 -j ACCEPT
+```
+Restart ufw for the changes to take effect: `systemctl restart ufw`
+
 ## Allow clients to access other devices
 
 In our standard configuration, we have configured the clients in such a way that they can only speak to the server. Add the network range of your local network in CIDR notation (e.g., `192.168.2.1 - 192.168.2.254` -> `192.168.2.0/24`) in the `[Peers]` section of all clients you want to have this feature:

From feac8481ab4646ef426ced3ec6ef3b5ef39f7f5e Mon Sep 17 00:00:00 2001
From: Robin Rijkeboer <robin@richblox.nl>
Date: Mon, 10 Mar 2025 20:46:23 +0100
Subject: [PATCH 2/2] Add the correct spacings and remove trailing spaces #2512

Signed-off-by: Robin Rijkeboer <robin@richblox.nl>
---
 docs/guides/vpn/wireguard/internal.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/guides/vpn/wireguard/internal.md b/docs/guides/vpn/wireguard/internal.md
index 84b2544b7..bd455113c 100644
--- a/docs/guides/vpn/wireguard/internal.md
+++ b/docs/guides/vpn/wireguard/internal.md
@@ -86,14 +86,17 @@ The rules will then be cleared once the tunnel is down.
 <!-- markdownlint-enable code-block-style -->
 
 ### `ufw`
+
 If you are using UFW the above doesn't work and you will need to edit `/etc/ufw/before.rules`:
 
 Insert this into the before.rules file but **before** the FIRST commit line:
+
 ```bash
 # allow forwarding for trusted network
 -A ufw-before-forward -s 10.10.10.0/24 -j ACCEPT
 -A ufw-before-forward -d 10.10.10.0/24 -j ACCEPT
-``` 
+```
+
 For IPv6 you need to do the same but at `/etc/ufw/before6.rules`:
 
 Put the following near the bottom but **before** the first COMMIT line:
@@ -103,6 +106,7 @@ Put the following near the bottom but **before** the first COMMIT line:
 -A ufw6-before-forward -s fd08:4711::/64 -j ACCEPT
 -A ufw6-before-forward -d fd08:4711::/64 -j ACCEPT
 ```
+
 Restart ufw for the changes to take effect: `systemctl restart ufw`
 
 ## Allow clients to access other devices