From 010579681eb9a8c3aac12ff26740744869a094cc Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Mon, 20 Apr 2020 13:06:25 +0200
Subject: [PATCH] Fixes #633. Variable to globally define the postgresql
 firewall.

---
 library/roles/iptables/templates/iptables-rules.v4.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/library/roles/iptables/templates/iptables-rules.v4.j2 b/library/roles/iptables/templates/iptables-rules.v4.j2
index dfcc792..22c90c7 100644
--- a/library/roles/iptables/templates/iptables-rules.v4.j2
+++ b/library/roles/iptables/templates/iptables-rules.v4.j2
@@ -74,6 +74,12 @@
 {% if psql_firewall_enabled %}
 {% if psql_db_port is defined %}
 {% if psql_listen_on_ext_int is defined and psql_listen_on_ext_int %}
+{% if psql_global_firewall is defined %}
+{% for cidr in psql_global_firewall %}
+-A INPUT -m state --state NEW -s {{ cidr }} -p tcp -m tcp --dport {{ psql_db_port }} -j ACCEPT
+{% endfor %}
+-A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
+{% else %}
 {% if psql_db_data is defined %}
 # postgresql clients
 {% for db in psql_db_data %}
@@ -87,6 +93,7 @@
 -A INPUT -p tcp -m tcp --dport {{ psql_db_port }} -j DROP
 {% endif %}
 {% endif %}
+{% endif %}
 {% if mysql_firewall_enabled %}
 {% if mysql_db_port is defined %}
 {% if mysql_listen_on_ext_int %}