firewall: also configure VPN forwards in the app

There we can define forwards only for networks with actual VPN users.
2024-05-03 11:27:27 +02:00 · 2024-05-03 11:27:27 +02:00 · 8c82af23e4
parent 7656c05b2d
commit 8c82af23e4
1 changed files with 0 additions and 10 deletions
--- a/roles/firewall/templates/nftables.nft.j2
+++ b/roles/firewall/templates/nftables.nft.j2
@ -80,16 +80,6 @@ table inet filter {
        ct status dnat accept \
        comment "Forward DNAT traffic for servers and suchlike"

-        # Forward IPv4 to/from VPN users in the same network.
-{% for vlan in vrf_prefixes | selectattr('family.value', '==', 4) | map(attribute='vlan.name') | unique %}
-        iif @inside ip saddr @{{ vlan }} ip daddr @{{ vlan }} accept
-{% endfor %}
-
-        # Forward IPv6 to/from VPN users in the same network.
-{% for vlan in vrf_prefixes | selectattr('family.value', '==', 6) | map(attribute='vlan.name') | unique %}
-        iif @inside ip6 saddr @{{ vlan }}/6 ip6 daddr @{{ vlan }}/6 accept
-{% endfor %}
-
        include "/etc/nftables.d/forward.nft*"
    }