From 354b10f72d8142cc6fcf81d60ffb8ee2eba7e4f4 Mon Sep 17 00:00:00 2001
From: I <igor@its.rel.pl>
Date: Sun, 23 Jun 2024 15:26:15 +0200
Subject: [PATCH] added example config

---
 wireguard/DOCS.md | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/wireguard/DOCS.md b/wireguard/DOCS.md
index 5508a92..da28895 100644
--- a/wireguard/DOCS.md
+++ b/wireguard/DOCS.md
@@ -202,10 +202,37 @@ IP range would be `192.168.0.0`. Suffix `/24` is a way of subnet mask
 specifying in CIDR, and usually you should not be worried by this. 
 
 **Hint**
+
 If you would like to access more than your HomeAssistant device, you can just 
 additional `iptables` commands before this command:
 - `iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT;`
 
+Finally your yaml `post_up` section may look like:
+```yaml
+post_up: >-
+  iptables -A FORWARD -i %i -d <internal-ip-address-of-your-HomeAssistant-instance> -j ACCEPT;
+  iptables -A FORWARD -i %i -d <internal-ip-address-of-any-additional-lan-device> -j ACCEPT;
+  iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT;
+  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
+  iptables -A FORWARD -i %i -o %o -j ACCEPT;
+  iptables -A FORWARD -i %i -d <LAN-IP-ADDRESS>/24 -j DROP
+```
+
+Example config of `post_up` section, with two LAN devices accessible:
+```yaml
+host: myautomatedhome.duckdns.org
+addresses:
+  - 172.27.66.1
+dns: []
+post_up: >-
+  iptables -A FORWARD -i %i -d 192.168.0.13 -j ACCEPT;  
+  iptables -A FORWARD -i %i -d 192.168.0.37 -j ACCEPT;
+  iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT;  
+  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;  
+  iptables -A FORWARD -i %i -o %o -j ACCEPT;  
+  iptables -A FORWARD -i %i -d 192.168.0.0/24 -j DROP
+```
+
 ### Option: `server.post_down` _(optional)_
 
 Allows you to run commands after WireGuard has been stopped. This is useful