##
##  { wg genkey | tee >({ echo -n "private: "; cat; } > /dev/stderr) | wg pubkey | sed 's/^/public:  /'; } |& sort; echo -n "shared:  "; wg genpsk
##

[Interface]
PrivateKey = XYZ
#PublicKey = XYZ
Address = 192.168.109.XYZ/32
#MTU = 1420

PreUp = true ______ PreUp ______
PreUp = iptables -w -I INPUT -i '%i' -j REJECT
PreUp = iptables -w -I INPUT -i '%i' -j LOG --log-prefix "%i: "
PreUp = iptables -w -I INPUT -i '%i' -p tcp -m tcp --dport 22 -j ACCEPT
PreUp = iptables -w -I INPUT -i '%i' -p icmp --icmp-type echo-reply -j ACCEPT
PreUp = iptables -w -I INPUT -i '%i' -p icmp --icmp-type echo-request -j ACCEPT
PreUp = iptables -w -I INPUT -i '%i' -p icmp --icmp-type time-exceeded -j ACCEPT
PreUp = iptables -w -I INPUT -i '%i' -p udp -m udp --dport 60000:60010 -j ACCEPT
PreUp = iptables -w -I INPUT -i '%i' -m state --state RELATED,ESTABLISHED -j ACCEPT
PreUp = iptables -w -I INPUT -i '%i' -p icmp --icmp-type destination-unreachable -j ACCEPT
PreUp = true ¯¯¯¯¯¯ PreUp ¯¯¯¯¯¯

PostDown = true ______ PostDown ______
PostDown = iptables-save | sed -n '/ -i %i /{s/^-A/iptables -w -D/;s:[</>]:\\&:g;p}' | sh
PostDown = iptables-save | sed -n '/^:\(%i[^ ]*\).*/{s//iptables -w -F \1/;s:[</>]:\\&:g;p}' | sh
PostDown = iptables-save | sed -n '/^:\(%i[^ ]*\).*/{s//iptables -w -X \1/;s:[</>]:\\&:g;p}' | sh
PostDown = true ¯¯¯¯¯¯ PostDown ¯¯¯¯¯¯

[Peer]
PublicKey = zJgA75jrzbEi7R1ha+Jcrwo7cVRRDKCEnJjt75bRZVQ=
PresharedKey = XYZ
Endpoint = support.sattler.ddnss.org:51820
AllowedIPs = 192.168.109.1/32
PersistentKeepalive = 25