Issue with firewalld settings and some IPv6 handling

[SoLoR1]

First there is a little bug in your firewalld settings:

PostDown = firewall-cmd --zone=public --add-interface=${SERVER_WG_NIC} && firewall-cmd --remove-port ${SERVER_PORT}/udp && firewall-cmd --remove-rich-rule='rule family=ipv4 source address=${FIREWALLD_IPV4_ADDRESS}/24 masquerade' && firewall-cmd --remove-rich-rule='rule family=ipv6 source address=${FIREWALLD_IPV6_ADDRESS}/24 masquerade'" >>"/etc/wireguard/${SERVER_WG_NIC}.conf"

There should be --remove-interface there.

Now other issues with firewalld and IPv6 handling:

• we should have a choice in to what zone we want to add wireguard interface in i personally have it in trusted zone, same as my lan interface, because i want to have same access over wireguard as i would be connected to lan.

• other issue is IPv6 handling, there should be choice if IPv6 traffic is masqueraded or no. I have /56 subnet from my ISP, i have no issue assigning one of /64 subnets to VPN and use it natively.

• dns setting currently doesnt take IPv6 as a valid DNS server

And I know all this settings can be later fixed in config and i did that, just suggesting some things, that i noticed in my setup.