Wireguard and FirewallD settings

Hi all,

just spent several days in setting up Wireguard server/client and I finish to recognize that FirewallD was filtering the connection to the internet from server but I couldn’t understand where, no way.

Until when I noticed the interface field empty with the default setting:

sudo firewall-cmd --zone=public --list-all

public (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 10.0.0.0/24
services: dhcpv6-client dns dns-over-tls ftp http https imap imaps mdns pop3 pop3s smtp smtp-submission smtps ssh
ports: 20/tcp 2222/tcp 10000-10100/tcp 20000/tcp 49152-65535/tcp 51820/udp
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Once changed the setting in order to specify the interfaces involved one by one:

sudo firewall-cmd --zone=public --list-all

public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 wg0
sources: 10.0.0.0/24
services: dhcpv6-client dns dns-over-tls ftp http https imap imaps mdns pop3 pop3s smtp smtp-submission smtps ssh
ports: 20/tcp 2222/tcp 10000-10100/tcp 20000/tcp 49152-65535/tcp 51820/udp
protocols:
forward: yes
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:

…I got everything running like a charm!

I just wanted to share that finding in case it might be useful for future threads on the subject.

Thank you.

So I presume by that wiregard creates some sort of virtual interface?

Yes, it does, both on server and client. That Wireguard worked fine from the beginning with the handshake and exchange of data between server and client but I got mad because I could not access to the internet once established the connection. Now it works fine.