ups: remove iptables based firewall

1 files changed, 13 insertions, 31 deletions

diff --git a/inventory/group_vars/ups/vars.yml b/inventory/group_vars/ups/vars.yml
index 26556942..2e75f882 100644
--- a/inventory/group_vars/ups/vars.yml
+++ b/inventory/group_vars/ups/vars.yml
@@ -36,6 +36,18 @@ openwrt_packages_add:
 
 
 openwrt_mixin:
+  /etc/sysctl.conf:
+    content: |
+      # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+      #
+      # disable IP forwarding, we don't need it since we are
+      # only an monitoring the connected UPS
+      net.ipv4.conf.default.forwarding=0
+      net.ipv4.conf.all.forwarding=0
+      net.ipv4.ip_forward=0
+      net.ipv6.conf.default.forwarding=0
+      net.ipv6.conf.all.forwarding=0
+
   /etc/dropbear/authorized_keys:
     content: "{{ ssh_keys_root | join('\n') }}\n"
 
@@ -53,36 +65,6 @@ openwrt_mixin:
       sleep 5
       upscmd -u admin -p secret "$UPS" load.on
 
-  /etc/rc.d/S22network-fw:
-    link: "../init.d/network-fw"
-
-  /etc/rc.d/K92network-fw:
-    link: "../init.d/network-fw"
-
-  /etc/init.d/network-fw:
-    mode: "0755"
-    content: |
-      #!/bin/sh /etc/rc.common
-
-      START=22
-      STOP=91
-
-      start() {
-        iptables -A INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT
-      {% for src in ups_query_sources %}
-        iptables -A INPUT -p tcp --dport 3493 -s {{ src }} -j ACCEPT
-      {% endfor %}
-        iptables -A INPUT -p tcp --dport 3493 -j DROP
-      }
-
-      stop() {
-        iptables -D INPUT -p tcp --dport 3493 -j DROP
-      {% for src in ups_query_sources %}
-        iptables -D INPUT -p tcp --dport 3493 -s {{ src }} -j ACCEPT
-      {% endfor %}
-        iptables -D INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT
-      }
-
 
 openwrt_uci:
   system:
@@ -96,7 +78,7 @@ openwrt_uci:
 
     - name: timeserver 'ntp'
       options:
-        enabled: '1'
+        enabled: '0'
         enable_server: '0'
         server:
           - '0.lede.pool.ntp.org'