dogeystamp/homeserver-iac
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wireguard: prevent ufw from screwing up config

Browse Source
This commit is contained in:
dogeystamp 2024-06-19 14:04:51 -04:00
parent 68e2867f44
commit 0f5d50ee44
Signed by: dogeystamp
GPG Key ID: 7225FE3592EFFA38
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
roles/wireguard/tasks/main.yml
View File

@ -17,6 +17,13 @@
reload: yes reload: yes
when: '"bastion" in group_names' when: '"bastion" in group_names'
- name: Prevent UFW from removing IP forwarding
lineinfile:
path: /etc/ufw/sysctl.conf
regexp: "^net/ipv4/ip_forward="
line: "net/ipv4/ip_forward=1"
when: '"bastion" in group_names'
- name: Setup UFW rules to accept VPN traffic - name: Setup UFW rules to accept VPN traffic
community.general.ufw: community.general.ufw:
rule: allow rule: allow