wireguard: prevent ufw from screwing up config

2024-06-19 14:04:51 -04:00 · 2024-06-19 14:04:51 -04:00 · 0f5d50ee44
commit 0f5d50ee44
parent 68e2867f44
1 changed files with 7 additions and 0 deletions
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@ -17,6 +17,13 @@
    reload: yes
  when: '"bastion" in group_names'

+- name: Prevent UFW from removing IP forwarding
+  lineinfile:
+    path: /etc/ufw/sysctl.conf
+    regexp: "^net/ipv4/ip_forward="
+    line: "net/ipv4/ip_forward=1"
+  when: '"bastion" in group_names'
+
 - name: Setup UFW rules to accept VPN traffic
  community.general.ufw:
    rule: allow