From 644dacf844a094a513a00255f9717f16faac22c5 Mon Sep 17 00:00:00 2001
From: Himbeer <himbeer@disroot.org>
Date: Sat, 17 Aug 2024 19:51:09 +0200
Subject: Make firewall rules for server-to-internal-clients-VoIP less
 restrictive

Internal VoIP now works without a VPN connection when physically on-site.
---
 src/main.rs | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 895e0c1..b3364cf 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -296,20 +296,18 @@ fn filter() -> Result<()> {
         .accept();
     batch.add(&allow_exposed_to_wan6in4, MsgType::Add);
 
-    let allow_exposed_to_vpn_sip = Rule::new(&forward)?
+    let allow_exposed_to_any_sip = Rule::new(&forward)?
         .iface("eth0.40")?
-        .oface("wg0")?
         .dport(5060, Protocol::UDP)
         .accept();
-    batch.add(&allow_exposed_to_vpn_sip, MsgType::Add);
+    batch.add(&allow_exposed_to_any_sip, MsgType::Add);
 
     for port in 16384..=16482 {
-        let allow_exposed_to_vpn_rtp = Rule::new(&forward)?
+        let allow_exposed_to_any_rtp = Rule::new(&forward)?
             .iface("eth0.40")?
-            .oface("wg0")?
             .dport(port, Protocol::UDP)
             .accept();
-        batch.add(&allow_exposed_to_vpn_rtp, MsgType::Add);
+        batch.add(&allow_exposed_to_any_rtp, MsgType::Add);
     }
 
     let allow_vpn_to_modem = Rule::new(&forward)?.iface("wg0")?.oface("eth1")?.accept();
-- 
cgit v1.2.3