boolean fix

trailofbits · May 31, 2018 · 5194ff4 · 5194ff4
1 parent e3ab2b9
commit 5194ff4
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 3 deletions.
diff --git a/config.cfg b/config.cfg
@@ -51,7 +51,7 @@ VPN_PayloadIdentifier: "{{ 800000 | random | to_uuid | upper }}"
 CA_PayloadIdentifier: "{{ 700000 | random | to_uuid | upper }}"
 
 # Block traffic between connected clients
-BetweenClients_DROP: Y
+BetweenClients_DROP: true
 
 congrats:
   common: |

diff --git a/roles/vpn/defaults/main.yml b/roles/vpn/defaults/main.yml
@@ -1,4 +1,5 @@
 ---
+BetweenClients_DROP: true
 wireguard_config_path: "configs/{{ IP_subject_alt_name }}/wireguard/"
 wireguard_interface: wg0
 wireguard_network_ipv4:

diff --git a/roles/vpn/templates/rules.v4.j2 b/roles/vpn/templates/rules.v4.j2
@@ -77,7 +77,7 @@ COMMIT
 # Accept DNS traffic to the local DNS resolver
 -A INPUT -d {{ local_service_ip }} -p udp --dport 53 -j ACCEPT
 
-{% if BetweenClients_DROP is defined and BetweenClients_DROP == "Y" %}
+{% if BetweenClients_DROP %}
 # Drop traffic between VPN clients
 -A FORWARD -s {{ vpn_network }}{% if wireguard_enabled %},{{ wireguard_vpn_network }}{% endif %} -d {{ vpn_network }}{% if wireguard_enabled %},{{ wireguard_vpn_network }}{% endif %} -j DROP
 {% endif %}

diff --git a/roles/vpn/templates/rules.v6.j2 b/roles/vpn/templates/rules.v6.j2
@@ -84,7 +84,7 @@ COMMIT
 # Accept DNS traffic to the local DNS resolver
 -A INPUT -d fcaa::1 -p udp --dport 53 -j ACCEPT
 
-{% if BetweenClients_DROP is defined and BetweenClients_DROP == "Y" %}
+{% if BetweenClients_DROP %}
 -A FORWARD -s {{ vpn_network_ipv6 }}{% if wireguard_enabled %},{{ wireguard_vpn_network_ipv6 }}{% endif %} -d {{ vpn_network_ipv6 }}{% if wireguard_enabled %},{{ wireguard_vpn_network_ipv6 }}{% endif %} -j DROP
 {% endif %}
 -A FORWARD -j ICMPV6-CHECK