#!/bin/sh -e
# {{ ansible_managed }}
#
# This script should be included in your rc.local
#

iptables -C FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT || \
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -C FORWARD -s {{ openvpn_ip_start }}.0/24 -j ACCEPT || \
iptables -A FORWARD -s {{ openvpn_ip_start }}.0/24 -j ACCEPT
iptables -C FORWARD -j REJECT || \
iptables -A FORWARD -j REJECT
iptables -t nat -C POSTROUTING -s {{ openvpn_ip_start }}.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE || \
iptables -t nat -A POSTROUTING -s {{ openvpn_ip_start }}.0/24 -o {{ ansible_default_ipv4.interface }} -j MASQUERADE

systemctl restart dnsmasq

exit 0