From b198b90f3ff3aaccb0c64d2e6595f0eb173d32dd Mon Sep 17 00:00:00 2001
From: dogeystamp <dogeystamp@disroot.org>
Date: Sun, 11 Aug 2024 15:05:40 -0400
Subject: [PATCH] wireguard: remove allow all firewall rule

---
 roles/wireguard/tasks/main.yml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 3d021cf..04682c2 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -24,14 +24,6 @@
     line: "net/ipv4/ip_forward=1"
   when: '"bastion" in group_names'
 
-- name: Setup UFW rules to accept VPN traffic
-  community.general.ufw:
-    rule: allow
-    direction: in
-    src: "{{ wireguard.ip.cidr }}"
-    dest: any
-  when: '"bastion" in group_names'
-
 - name: Deploy wireguard server config
   template:
     src: server.conf.j2