From 5a0df92a6ad05f599311bc0ce451e990a1137a93 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Fri, 1 Sep 2023 19:52:36 +0100
Subject: [PATCH] Disable ip_forward

I don't need P2P comms for this, so disable this for extra security.

I should add a proper firewall at some point...
---
 ansible/roles/gateway/tasks/wireguard.yml | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/ansible/roles/gateway/tasks/wireguard.yml b/ansible/roles/gateway/tasks/wireguard.yml
index b70c2fb..4d662cf 100644
--- a/ansible/roles/gateway/tasks/wireguard.yml
+++ b/ansible/roles/gateway/tasks/wireguard.yml
@@ -44,13 +44,3 @@
   loop: "{{ wireguard.clients | dict2items }}"
   loop_control:
     label: "{{ item.key }}"
-
-- name: Enable p2p communication
-  sysctl:
-    name: net.ipv4.ip_forward
-    value: "1"
-    sysctl_set: true
-    state: present
-    reload: true
-    sysctl_file: /etc/sysctl.d/99-sysctl.conf
-  become: true