From ecc337b5be6d36ee5c8ea29cea333d68928fa974 Mon Sep 17 00:00:00 2001
From: Toboshii Nakama <toboshii@gmail.com>
Date: Thu, 3 Jun 2021 21:55:02 -0500
Subject: [PATCH] fix: re-enable policy, disable traffic block

---
 cluster/apps/ext-gateway/helm-release.yaml | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/cluster/apps/ext-gateway/helm-release.yaml b/cluster/apps/ext-gateway/helm-release.yaml
index 65aabedb..0ffbb04c 100644
--- a/cluster/apps/ext-gateway/helm-release.yaml
+++ b/cluster/apps/ext-gateway/helm-release.yaml
@@ -51,7 +51,19 @@ spec:
         #  periodSeconds: 60
         #  failureThreshold: 1
         networkPolicy:
-          enabled: false
+          enabled: true
+
+          egress:
+          - to:
+            - ipBlock:
+                cidr: 0.0.0.0/0
+            ports:
+            # VPN traffic
+            - port: 62441
+              protocol: UDP
+          - to:
+            - ipBlock:
+                cidr: 172.16.0.0/12
 
     configmap:
       # -- configmap contains clients and gateway PODs setting
@@ -87,7 +99,7 @@ spec:
           # If using a VPN, interface name created by it
           VPN_INTERFACE=wg0
           # Prevent non VPN traffic to leave the gateway
-          VPN_BLOCK_OTHER_TRAFFIC=true
+          VPN_BLOCK_OTHER_TRAFFIC=false
           # Traffic to these IPs will be send through the K8S gateway
           VPN_LOCAL_CIDRS="10.0.0.0/8 172.16.0.0/12"