diff --git a/airoha/base-files/etc/hotplug.d/proto/10-wireguard b/airoha/base-files/etc/hotplug.d/proto/10-wireguard
new file mode 100755
index 0000000000000000000000000000000000000000..c6e820f6cd18ef01e861d42336dd047972a415cc
--- /dev/null
+++ b/airoha/base-files/etc/hotplug.d/proto/10-wireguard
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+[ "$PROTOCOL" = "wireguard" ] || exit 0
+[ "$ACTION" = "post-setup" -o "$ACTION" = "pre-teardown" ] || exit 0
+[ -n "$INTERFACE" ] || exit 0
+
+readonly LISTEN_PORT="$(wg show "${INTERFACE}" listen-port)"
+[ -n "$LISTEN_PORT" ] || exit 0
+
+[ "$ACTION" = "post-setup" ] && CMD=add || CMD=del
+/userfs/bin/ppemgr localin $CMD dport $((LISTEN_PORT))
diff --git a/brcmbca/base-files/etc/hotplug.d/proto/10-wireguard b/brcmbca/base-files/etc/hotplug.d/proto/10-wireguard
new file mode 100755
index 0000000000000000000000000000000000000000..06786a7e65937140e193d5720f80473544c88f14
--- /dev/null
+++ b/brcmbca/base-files/etc/hotplug.d/proto/10-wireguard
@@ -0,0 +1,41 @@
+#!/bin/sh
+
+[ "$PROTOCOL" = "wireguard" ] || exit 0
+[ "$ACTION" = "pre-setup" -o "$ACTION" = "post-teardown" ] || exit 0
+[ -n "$INTERFACE" ] || exit 0
+
+if [ "$ACTION" = "pre-setup" ]; then
+	iptables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I input_rule -i "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I input_rule -i "${INTERFACE}" -j SKIPLOG
+
+	iptables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I forwarding_rule -i "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I forwarding_rule -i "${INTERFACE}" -j SKIPLOG
+
+	iptables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I output_rule -o "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I output_rule -o "${INTERFACE}" -j SKIPLOG
+
+	iptables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	iptables -w -I forwarding_rule -o "${INTERFACE}" -j SKIPLOG
+	ip6tables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -I forwarding_rule -o "${INTERFACE}" -j SKIPLOG
+else
+	iptables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D input_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+
+	iptables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D forwarding_rule -i "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+
+	iptables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D output_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+
+	iptables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+	ip6tables -w -D forwarding_rule -o "${INTERFACE}" -j SKIPLOG > /dev/null 2>&1
+fi
+
+fcctl flush