moved nat masq to ufw before.rules and removed before.v4.j2 template

1 files changed, 11 insertions, 8 deletions

diff --git a/tasks/pve_configure.yaml b/tasks/pve_configure.yaml
index c67be1a..514faa4 100644
--- a/tasks/pve_configure.yaml
+++ b/tasks/pve_configure.yaml
@@ -25,20 +25,23 @@
     dest: /etc/default/pveproxy
     mode: '0644'
 
-- name: deploy /etc/iptables/rules.v4
-  template:
-    src: rules.v4.j2
-    dest: /etc/iptables/rules.v4
-    owner: root
-    group: root
-    mode: '0644'
+- name: add nat masquerade rules to ufw before.rules
+  blockinfile:
+    path: /etc/ufw/before.rules
+    insertbefore: BOF
+    block: |
+      :POSTROUTING ACCEPT [0:0]
+      -A POSTROUTING -s {{ nat_subnet }} -o {{ public_interface }} -j MASQUERADE
+      COMMIT
+    marker: "# {mark} ANSIBLE MANAGED NAT MASQUERADE RULE"
 
-- name: enable ipv4 forwarding
+- name: enable ipv4 forwarding persistently
   sysctl:
     name: net.ipv4.ip_forward
     value: '1'
     state: present
     reload: yes
+    sysctl_file: /etc/sysctl.conf
 
 - name: restart pveproxy
   systemd: