summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--inventory/host_vars/ch-gw-c3voc.yml3
1 files changed, 2 insertions, 1 deletions
diff --git a/inventory/host_vars/ch-gw-c3voc.yml b/inventory/host_vars/ch-gw-c3voc.yml
index 60d833bf..ec85f56c 100644
--- a/inventory/host_vars/ch-gw-c3voc.yml
+++ b/inventory/host_vars/ch-gw-c3voc.yml
@@ -77,6 +77,7 @@ openwrt_mixin:
flush ruleset
define nic_svc = eth1
+ define prefixes_internal = { 192.168.0.0/16 }
define nic_c3voc = eth0
define prefix_c3voc = {{ network_zones.c3voc.prefix }}
@@ -108,7 +109,7 @@ openwrt_mixin:
type filter hook forward priority filter; policy drop;
ct state vmap { established: accept, related: accept, invalid: drop }
iif $nic_svc oif $nic_c3voc ip daddr $prefix_c3voc accept
- iif $nic_c3voc ip saddr $prefix_c3voc oifname $nic_svc accept
+ iif $nic_c3voc ip saddr $prefix_c3voc oifname $nic_svc ip daddr != $prefixes_internal accept
}
}