iptables filter table fix (#285)

roles/vpn/tasks/ubuntu.yml

@@ -24,21 +24,6 @@
     - strongswan
     - netfilter-persistent
 
-- name: Ubuntu | Configure iptables so IPSec traffic can traverse the tunnel
-  iptables: table=nat chain=POSTROUTING source="{{ vpn_network }}" jump=MASQUERADE
-  when: (security_enabled is not defined) or
-        (security_enabled is defined and security_enabled != "y")
-  notify:
-    - save iptables
-
-- name: Ubuntu | Configure ip6tables so IPSec traffic can traverse the tunnel
-  iptables: ip_version=ipv6 table=nat chain=POSTROUTING source="{{ vpn_network_ipv6 }}" jump=MASQUERADE
-  when: ((security_enabled is not defined) or
-        (security_enabled is defined and security_enabled != "y")) and
-        ipv6_support is defined and ipv6_support == "yes"
-  notify:
-    - save iptables
-
 - name: Ubuntu | Ensure that the strongswan service directory exist
   file: path=/etc/systemd/system/strongswan.service.d/ state=directory mode=0755  owner=root group=root
 

roles/vpn/templates/rules.v4.j2

@@ -41,3 +41,4 @@ COMMIT
 -A FORWARD -p tcp -m multiport --ports 137,139 -j DROP
 -A FORWARD -m conntrack --ctstate NEW -s {{ vpn_network }} -m policy --pol ipsec --dir in -j ACCEPT
 COMMIT
+

roles/vpn/templates/rules.v6.j2

@@ -55,3 +55,4 @@ COMMIT
 -A ICMPV6-CHECK-LOG -j LOG --log-prefix "ICMPV6-CHECK-LOG DROP "
 -A ICMPV6-CHECK-LOG -j DROP
 COMMIT
+