From aec38f1dd4b4bdc2bc860e63a7c14d9d77d8596d Mon Sep 17 00:00:00 2001
From: Markus Hauschild <markus@moepman.eu>
Date: Thu, 20 Feb 2020 09:45:46 +0100
Subject: [PATCH] exit-ip: explicitly enable IPv4 forwarding for the primary
 interface

---
 roles/exit-ip/tasks/main.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/roles/exit-ip/tasks/main.yml b/roles/exit-ip/tasks/main.yml
index 8ef5daa..eef8b80 100644
--- a/roles/exit-ip/tasks/main.yml
+++ b/roles/exit-ip/tasks/main.yml
@@ -3,9 +3,12 @@
 - name: Install iptables-persistent
   apt: name=iptables-persistent
 
-- name: Enable IPv4 routing
+- name: Enable IPv4 routing (globally)
   sysctl: name=net.ipv4.ip_forward value=1 state=present
 
+- name: Enable IPv4 routing (primary interface)
+  sysctl: name=net.ipv4.conf.{{ ansible_default_ipv4.interface }}.forwarding value=1 state=present
+
 - name: Load nf_conntrack module
   modprobe: name=nf_conntrack