library/roles/iptables/templates/iptables-rules.v4.j2: Add a rule to add ANY rules.

2016-12-14 16:09:39 +01:00 · 2016-12-14 16:09:39 +01:00 · d32a1e99c6
parent efa1b35719
commit d32a1e99c6
1 changed files with 8 additions and 0 deletions
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@ -259,6 +259,14 @@
 {% endfor %}
 {% endif %}
 {% endif %}
+{% if iptables.any_rules is defined and iptables.any_rules %}
+# ANY rules
+{% for any_rule in iptables.any %}
+{% for ip in any_rule.allowed_hosts %}
+-A INPUT -s {{ ip }} -j ACCEPT
+{% endfor %}
+{% endfor %}
+{% endif %}
 {% if keepalived_enabled is defined and keepalived_enabled %}
 -A INPUT -p vrrp -d {{ keepalived_mcast_addr }} -j ACCEPT
 -A OUTPUT -p vrrp -d {{ keepalived_mcast_addr }} -j ACCEPT