diff --git a/pinecrypt/server/cli.py b/pinecrypt/server/cli.py index c06678e..b027388 100644 --- a/pinecrypt/server/cli.py +++ b/pinecrypt/server/cli.py @@ -267,7 +267,8 @@ def pinecone_provision(): yield ":INPUT ACCEPT [0:0]" yield ":OUTPUT ACCEPT [0:0]" yield ":POSTROUTING ACCEPT [0:0]" - yield "-A POSTROUTING -j MASQUERADE" + if not const.DISABLE_MASQUERADE: + yield "-A POSTROUTING -j MASQUERADE" yield "COMMIT" with open("/tmp/rules4", "w") as fh: diff --git a/pinecrypt/server/const.py b/pinecrypt/server/const.py index d334675..c698e76 100644 --- a/pinecrypt/server/const.py +++ b/pinecrypt/server/const.py @@ -177,4 +177,5 @@ SESSION_AGE = 3600 SECRET_STORAGE = getenv_in("SECRET_STORAGE", "fs", "db") -DISABLE_FIREWALL = os.getenv("DISABLE_FIREWALL") == "True" if os.getenv("DISABLE_FIREWALL") else False +DISABLE_FIREWALL = os.getenv("DISABLE_FIREWALL") +DISABLE_MASQUERADE = os.getenv("DISABLE_MASQUERADE")