From 56fc118e9d34011ee37ac44d5f161db28aa32b83 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Fri, 20 Oct 2017 17:46:21 +0200
Subject: [PATCH] iptables: in the tcp or udp rules, the allowed_hosts
 variables can be a list.

---
 iptables/templates/iptables-rules.v4.j2 | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index f31e94d..37b51ba 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -241,7 +241,13 @@
 {% for tcp_rule in iptables.tcp %}
 {% if tcp_rule.allowed_hosts is defined %}
 {% for ip in tcp_rule.allowed_hosts %}
+{% if ip is string %}
 -A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ tcp_rule.port }} -j ACCEPT
+{% else %}
+{% for ip_really in ip  %}
+-A INPUT -m state --state NEW -s {{ ip_really }} -p tcp -m tcp --dport {{ tcp_rule.port }} -j ACCEPT
+{% endfor %}
+{% endif %}
 {% endfor %}
 {% else %}
 -A INPUT -m state --state NEW -m tcp -p tcp --dport {{ tcp_rule.port }} -j ACCEPT
@@ -253,7 +259,13 @@
 {% for udp_rule in iptables.udp %}
 {% if udp_rule.allowed_hosts is defined %}
 {% for ip in udp_rule.allowed_hosts %}
+{% if ip is string %}
 -A INPUT -s {{ ip }} -p udp -m udp --dport {{ udp_rule.port }}  -j ACCEPT
+{% else %}
+{% for ip_really in ip  %}
+-A INPUT -s {{ ip_really }} -p udp -m udp --dport {{ udp_rule.port }}  -j ACCEPT
+{% endfor %}
+{% endif %}
 {% endfor %}
 {% else %}
 -A INPUT -p udp -m udp --dport {{ udp_rule.port }}  -j ACCEPT