Ceases setting the default forwarded/routed policy to ALLOW (or anything else)
Updates README.md to let the user know that he or she will need to configure the forwarded/routed traffic via ufw outside of this role.
π Motivation and Context
For hardened systems the user may well want the default policy for forwarded/routed traffic to be DENY and create a rule to allow specific forwarded/routed traffic through.
See also cisagov/openvpn-packer@172e6600c667f1d17525ca8990a257d7473464a7.
π§ͺ Testing
I have successfully built a COOL OpenVPN AMI with these changes and verified that they work as intended.
π₯ Types of Changes
[ ] Bug fix (non-breaking change which fixes an issue)
[ ] New feature (non-breaking change which adds functionality)
[x] Breaking change (causes existing functionality to change)
β Checklist
[x] My code follows the code style of this project.
[x] My change requires a change to the documentation.
π£ Description
This pull request:
ALLOW(or anything else)README.mdto let the user know that he or she will need to configure the forwarded/routed traffic via ufw outside of this role.π Motivation and Context
For hardened systems the user may well want the default policy for forwarded/routed traffic to be
DENYand create a rule to allow specific forwarded/routed traffic through.See also cisagov/openvpn-packer@172e6600c667f1d17525ca8990a257d7473464a7.
π§ͺ Testing
I have successfully built a COOL OpenVPN AMI with these changes and verified that they work as intended.
π₯ Types of Changes
β Checklist