feat: remove unnecessary conf from VPN

2024-07-05 11:53:35 +02:00
parent b3abba99a8
commit 3004469c0f
1 changed files with 7 additions and 17 deletions
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -200,6 +200,7 @@ config rule
 	option dest_port '80 443'
 	option target 'ACCEPT'
 	option family 'ipv6'
 {% endfor %}
 # Allow traffic to and from bt.dmz.mateu.be
@@ -256,6 +257,7 @@ config rule
 	option dest_port '8006'
 	option target 'ACCEPT'
 	option family 'ipv6'
 {% endfor %}
 # Allow XMPP traffic
@@ -534,39 +536,31 @@ config zone
 	option input 'ACCEPT'
 	option output 'ACCEPT'
 	option forward 'ACCEPT'
-	option network 'lan'
+	list network 'lan'
 config zone
 	option name 'dmz'
 	option input 'REJECT'
 	option output 'REJECT'
 	option forward 'REJECT'
-	option network 'dmz'
+	list network 'dmz'
 config zone
 	option name 'iot'
 	option input 'REJECT'
 	option output 'REJECT'
 	option forward 'REJECT'
-	option network 'iot'
+	list network 'iot'
 config zone
 	option name 'wan'
 	option input 'REJECT'
 	option output 'ACCEPT'
 	option forward 'REJECT'
 	option network 'vpn'
 	option masq '1'
 	option mtu_fix '1'
 config zone
 	option name 'orig'
 	option input 'REJECT'
 	option output 'ACCEPT'
 	option forward 'REJECT'
 	option network 'wan'
 	option masq '1'
 	option mtu_fix '1'
 	list network 'wan'
 	list network 'wan6'
 config forwarding
 	option src 'lan'
@@ -579,7 +573,3 @@ config forwarding
 config forwarding
 	option src 'lan'
 	option dest 'iot'
 config forwarding
 	option src 'lan'
 	option dest 'orig'