From bf6d01f2d24d4c75c4ff3a1e63492c4d19c9e6f1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Krist=C3=B3f=20Torma?= <tormakristof@tormakristof.eu>
Date: Sun, 5 Mar 2023 22:02:29 +0100
Subject: [PATCH] fix openvpn rules

---
 roles/openvpn/tasks/main.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/openvpn/tasks/main.yaml b/roles/openvpn/tasks/main.yaml
index e97747b..46d4468 100644
--- a/roles/openvpn/tasks/main.yaml
+++ b/roles/openvpn/tasks/main.yaml
@@ -36,11 +36,13 @@
       # START OPENVPN RULES
       # NAT table rules
       *nat
+      -F
       :POSTROUTING ACCEPT [0:0]
       # Allow traffic from OpenVPN client to everywhere
       -A POSTROUTING -s 192.168.37.0/24 -o eth0 -j MASQUERADE
       -A POSTROUTING -s 192.168.37.0/24 -o eth2 -j MASQUERADE
       COMMIT
+      *filter
       -A ufw-before-input -i tun+ -j ACCEPT
       -A ufw-before-forward -i tun+ -j ACCEPT
       -A ufw-before-forward -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT