Use nftables for firewall on ingress

See ya never, iptables!
2023-10-26 21:34:06 +01:00
parent 54e2205e48
commit 9f83efa53b
9 changed files with 64 additions and 15 deletions
--- a/ansible/roles/nebula/tasks/main.yml
+++ b/ansible/roles/nebula/tasks/main.yml
@ -53,14 +53,3 @@
    name: nebula
    enabled: true
  become: true
-
- name: Enable unsafe routing
-  iptables:
-    table: nat
-    chain: POSTROUTING
-    out_interface: ens18
-    source: "{{ nebula.cidr }}"
-    jump: MASQUERADE
-  notify: persist iptables
-  become: true
-  when: ansible_hostname == "ingress"