rc/network
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

firewall: also configure VPN forwards in the app

Browse source 
There we can define forwards only for networks with actual VPN users.
This commit is contained in:
Timotej Lazar 2024-05-03 11:27:27 +02:00
parent 7656c05b2d
commit 8c82af23e4
1 changed files with 0 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
roles/firewall/templates/nftables.nft.j2
View file

@ -80,16 +80,6 @@ table inet filter {
ct status dnat accept \ ct status dnat accept \
comment "Forward DNAT traffic for servers and suchlike" comment "Forward DNAT traffic for servers and suchlike"
# Forward IPv4 to/from VPN users in the same network.
{% for vlan in vrf_prefixes | selectattr('family.value', '==', 4) | map(attribute='vlan.name') | unique %}
iif @inside ip saddr @{{ vlan }} ip daddr @{{ vlan }} accept
{% endfor %}
# Forward IPv6 to/from VPN users in the same network.
{% for vlan in vrf_prefixes | selectattr('family.value', '==', 6) | map(attribute='vlan.name') | unique %}
iif @inside ip6 saddr @{{ vlan }}/6 ip6 daddr @{{ vlan }}/6 accept
{% endfor %}
include "/etc/nftables.d/forward.nft*" include "/etc/nftables.d/forward.nft*"
} }