firewall: disable forwarding for mgmt interfaces in if-pre-up

Should be more robust and more importantly works when interfaces are not renamed by mdev as is the situation now.
2024-01-30 12:58:58 +01:00 · 2024-01-30 12:58:58 +01:00 · f54b23f49a
commit f54b23f49a
parent 25289dd82f
2 changed files with 2 additions and 6 deletions
--- a/roles/firewall/templates/sysctl.conf.j2
+++ b/roles/firewall/templates/sysctl.conf.j2
@ -2,12 +2,6 @@
 net.ipv4.ip_forward = 1
 net.ipv6.conf.all.forwarding = 1

-# But not for management interfaces.
-{% for iface in interfaces | selectattr('name', 'match', '^mgmt') %}
-net.ipv4.conf.{{ iface.name }}.forwarding = 0
-net.ipv6.conf.{{ iface.name }}.forwarding = 0
-{% endfor %}
-
 # Zebra docs recommend these.
 net.ipv6.conf.all.keep_addr_on_down = 1
 net.ipv6.route.skip_notify_on_dev_down = 1