Fixes #633. Variable to globally define the postgresql firewall.

library/roles/iptables/templates/iptables-rules.v4.j2

@@ -74,6 +74,12 @@
 {% if psql_firewall_enabled %}
 {% if psql_db_port is defined %}
 {% if psql_listen_on_ext_int is defined and psql_listen_on_ext_int %}
+{% if psql_global_firewall is defined %}
+{% for cidr in psql_global_firewall %}
+-A INPUT -m state --state NEW -s {{ cidr }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
+{% endfor %}
+-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
+{% else %}
 {% if psql_db_data is defined %}
 # postgresql clients
 {% for db in psql_db_data %}
@@ -87,6 +93,7 @@
 -A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
 {% endif %}
 {% endif %}
+{% endif %}
 {% if mysql_firewall_enabled %}
 {% if mysql_db_port is defined %}
 {% if mysql_listen_on_ext_int %}