From 71c05309b3b65870b46146f8fb0155592232ac49 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 8 Jan 2022 21:23:05 +0100
Subject: simple nftables setup for ch-gw-lan

---
 inventory/host_vars/ch-router.yml | 9 ---------
 1 file changed, 9 deletions(-)

(limited to 'inventory/host_vars/ch-router.yml')

diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml
index 3be8367b..367ec6cd 100644
--- a/inventory/host_vars/ch-router.yml
+++ b/inventory/host_vars/ch-router.yml
@@ -154,15 +154,6 @@ openwrt_mixin:
         iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport "$SSH_PORT" -j ACCEPT
         iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p udp --dport 1194 -j ACCEPT
         iptables -A INPUT -i "$MAGENTA_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
-      {# TODO: add these to network_services #}
-        # ssh
-        iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 2342 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}"
-        iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" -p tcp --dport 2342 -j ACCEPT
-
-        # dns
-        iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 53 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}"
-        iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}" -p tcp --dport 53 -j ACCEPT
       {% for name, svc in network_services.items() %}
 
         # {{ name }}
-- 
cgit v1.2.3