fickit: don't include routing things into frontend

configs/sysctl-frontend.conf

@@ -1,4 +1,3 @@
-net.ipv4.ip_forward = 1
 net.ipv6.conf.all.disable_ipv6 = 1
 
 # Increase system file descriptor limit

fickit-frontend.yml

@@ -53,7 +53,7 @@ onboot:
 #        - name: eth3
   - name: frontal-ip-setup # with bonding
     image: linuxkit/ip:v0.6
-    command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 172.23.42.254/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ]
+    command: ["/bin/sh", "-c", "ip link set bond-frontal up; ifenslave bond-frontal eth1 eth2 eth3; ip a add 172.23.42.1/24 dev bond-frontal; ip a add 163.5.55.58/32 dev bond-frontal; ip link add link bond-frontal name internet type vlan id 1; ip link set internet up;" ]
     net: /run/netns/nginx
     runtime:
       interfaces:
@@ -467,15 +467,6 @@ files:
     mode: "0440"
   - path: etc/iptables/rules-frontal.v4
     contents: |
-      *nat
-      :PREROUTING ACCEPT [0:0]
-      :INPUT ACCEPT [0:0]
-      :OUTPUT ACCEPT [0:0]
-      :POSTROUTING ACCEPT [0:0]
-      [0:0] -A PREROUTING -p tcp -m tcp -i br0 ! -d 172.23.42.254/32 --dport 53 -j DNAT --to-destination 172.23.42.254
-      [0:0] -A PREROUTING -p udp -m udp -i br0 ! -d 172.23.42.254/32 --dport 53 -j DNAT --to-destination 172.23.42.254
-      [0:0] -A POSTROUTING -o internet -j MASQUERADE
-      COMMIT
       *filter
       :INPUT DROP [0:0]
       :FORWARD ACCEPT [0:0]