stargate-cluster/vm-ansible
stargate-cluster/vm-ansible
1
0
Fork 0
Code Pull Requests Releases Activity

fix openvpn rules

Browse Source
This commit is contained in:
Torma Kristóf 2023-03-05 22:02:29 +01:00
parent 043cab21f5
commit bf6d01f2d2
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/openvpn/tasks/main.yaml
View File

@ -36,11 +36,13 @@
# START OPENVPN RULES # START OPENVPN RULES
# NAT table rules # NAT table rules
*nat *nat
-F
:POSTROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to everywhere # Allow traffic from OpenVPN client to everywhere
-A POSTROUTING -s 192.168.37.0/24 -o eth0 -j MASQUERADE -A POSTROUTING -s 192.168.37.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 192.168.37.0/24 -o eth2 -j MASQUERADE -A POSTROUTING -s 192.168.37.0/24 -o eth2 -j MASQUERADE
COMMIT COMMIT
*filter
-A ufw-before-input -i tun+ -j ACCEPT -A ufw-before-input -i tun+ -j ACCEPT
-A ufw-before-forward -i tun+ -j ACCEPT -A ufw-before-forward -i tun+ -j ACCEPT
-A ufw-before-forward -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT