commit 242f239004080ac85fdd741d9e5f2d13499dcfe6
parent 1c772987503fc895527df677c64676c6d4ed62a6
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date: Sat, 28 Apr 2018 20:54:47 +0300
spinny: Remove iptables rules for tinc
Diffstat:
1 file changed, 2 insertions(+), 20 deletions(-)
diff --git a/ansible/inventory/host_vars/spinny/ferm.yml b/ansible/inventory/host_vars/spinny/ferm.yml
@@ -2,15 +2,6 @@
ferm__host_rules:
- type: 'accept'
- filename: 'tinc'
- name: 'tinc'
- table: 'filter'
- chain: 'INPUT'
- dport: [ 655 ]
- protocol: ['tcp', 'udp']
- domain: 'ip'
-
- - type: 'accept'
filename: 'haproxy'
name: 'haproxy'
table: 'filter'
@@ -20,16 +11,6 @@ ferm__host_rules:
domain: 'ip'
- type: 'accept'
- filename: 'haproxy_internal'
- name: 'haproxy_internal'
- table: 'filter'
- chain: 'INPUT'
- dport: [ 1936 ]
- protocol: 'tcp'
- domain: 'ip'
- saddr: '192.168.166.0/24'
-
- - type: 'accept'
filename: 'openvpn'
name: 'openvpn'
table: 'filter'
@@ -61,7 +42,8 @@ ferm__host_rules:
- type: 'custom'
filename: 'vmnet_nat'
rules: "domain ip table nat chain POSTROUTING {
- outerface br0 {
+ outerface virbr0 {
MASQUERADE;
}
}"
+ comment: 'Perform NAT for VMs'