fix openvpn rules

2023-03-05 22:02:29 +01:00 · 2023-03-05 22:02:29 +01:00 · bf6d01f2d2
commit bf6d01f2d2
parent 043cab21f5
1 changed files with 2 additions and 0 deletions
--- a/roles/openvpn/tasks/main.yaml
+++ b/roles/openvpn/tasks/main.yaml
@ -36,11 +36,13 @@
      # START OPENVPN RULES
      # NAT table rules
      *nat
+      -F
      :POSTROUTING ACCEPT [0:0]
      # Allow traffic from OpenVPN client to everywhere
      -A POSTROUTING -s 192.168.37.0/24 -o eth0 -j MASQUERADE
      -A POSTROUTING -s 192.168.37.0/24 -o eth2 -j MASQUERADE
      COMMIT
+      *filter
      -A ufw-before-input -i tun+ -j ACCEPT
      -A ufw-before-forward -i tun+ -j ACCEPT
      -A ufw-before-forward -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT