From 0f5d50ee440d5106659599a10447d2e46afa4bfd Mon Sep 17 00:00:00 2001 From: dogeystamp Date: Wed, 19 Jun 2024 14:04:51 -0400 Subject: [PATCH] wireguard: prevent ufw from screwing up config --- roles/wireguard/tasks/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml index 45e8874..3d021cf 100644 --- a/roles/wireguard/tasks/main.yml +++ b/roles/wireguard/tasks/main.yml @@ -17,6 +17,13 @@ reload: yes when: '"bastion" in group_names' +- name: Prevent UFW from removing IP forwarding + lineinfile: + path: /etc/ufw/sysctl.conf + regexp: "^net/ipv4/ip_forward=" + line: "net/ipv4/ip_forward=1" + when: '"bastion" in group_names' + - name: Setup UFW rules to accept VPN traffic community.general.ufw: rule: allow