#!/bin/bash
sleep 20

# Fixer le port WireGuard
docker exec wiregate wg set ADMINS listen-port 51820

# Corriger l'endpoint
docker exec wiregate sed -i 's|Endpoint = nkhproxy.duckdns.org:|Endpoint = nkhproxy.duckdns.org:51820|' /WireGate/master-key/master.conf

# Lancer Tor
docker exec wiregate mkdir -p /WireGate/log /var/log/tor
docker exec -d wiregate bash -c "sed -i '/^Bridge$/d; /^ClientTransportPlugin/d' /etc/tor/torrc && tor"

sleep 10

# Règles iptables NAT
docker exec wiregate iptables -t nat -F PREROUTING
docker exec wiregate iptables -t nat -A PREROUTING -i ADMINS -p udp --dport 53 -j DNAT --to-destination 8.8.8.8:53
docker exec wiregate iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE
docker exec wiregate iptables -t nat -A PREROUTING -i ADMINS -d 10.0.0.0/8 -j RETURN
docker exec wiregate iptables -t nat -A PREROUTING -i ADMINS -d 172.16.0.0/12 -j RETURN
docker exec wiregate iptables -t nat -A PREROUTING -i ADMINS -d 192.168.0.0/16 -j RETURN
docker exec wiregate iptables -t nat -A PREROUTING -i ADMINS -p tcp -j DNAT --to-destination 172.21.0.2:59040

# Bloquer WebRTC et UDP
docker exec wiregate iptables -F FORWARD
docker exec wiregate iptables -A FORWARD -i ADMINS -p udp --dport 53 -j ACCEPT
docker exec wiregate iptables -A FORWARD -i ADMINS -p tcp -j ACCEPT
docker exec wiregate iptables -A FORWARD -i ADMINS -p udp -j DROP
docker exec wiregate iptables -A FORWARD -o ADMINS -j ACCEPT