iptables filter table fix (#285)

7 years ago · 655a917dd2
parent a558b5b549
commit 655a917dd2
3 changed files with 2 additions and 15 deletions
--- a/roles/vpn/tasks/ubuntu.yml
+++ b/roles/vpn/tasks/ubuntu.yml
@ -24,21 +24,6 @@
    - strongswan
    - netfilter-persistent

- name: Ubuntu | Configure iptables so IPSec traffic can traverse the tunnel
-  iptables: table=nat chain=POSTROUTING source="{{ vpn_network }}" jump=MASQUERADE
-  when: (security_enabled is not defined) or
-        (security_enabled is defined and security_enabled != "y")
-  notify:
-    - save iptables
-
- name: Ubuntu | Configure ip6tables so IPSec traffic can traverse the tunnel
-  iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
-  when: ((security_enabled is not defined) or
-        (security_enabled is defined and security_enabled != "y")) and
-        ipv6_support is defined and ipv6_support == "yes"
-  notify:
-    - save iptables
-
 - name: Ubuntu | Ensure that the strongswan service directory exist
  file: path=/etc/systemd/system/strongswan.service.d/ state=directory mode=0755  owner=root group=root

--- a/roles/vpn/templates/rules.v4.j2
+++ b/roles/vpn/templates/rules.v4.j2
@ -41,3 +41,4 @@ COMMIT
 -A FORWARD -p tcp -m multiport --ports 137,139 -j DROP
 -A FORWARD -m conntrack --ctstate NEW -s {{ vpn_network }} -m policy --pol ipsec --dir in -j ACCEPT
 COMMIT
+
--- a/roles/vpn/templates/rules.v6.j2
+++ b/roles/vpn/templates/rules.v6.j2
@ -55,3 +55,4 @@ COMMIT
 -A ICMPV6-CHECK-LOG -j LOG --log-prefix "ICMPV6-CHECK-LOG DROP "
 -A ICMPV6-CHECK-LOG -j DROP
 COMMIT
+