From d32a1e99c6f3e4f143215c915f947af14ae7d4a4 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Wed, 14 Dec 2016 16:09:39 +0100
Subject: [PATCH] library/roles/iptables/templates/iptables-rules.v4.j2: Add a
 rule to add ANY rules.

---
 iptables/templates/iptables-rules.v4.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index 9743236..20abbb0 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -259,6 +259,14 @@
 {% endfor %}
 {% endif %}
 {% endif %}
+{% if iptables.any_rules is defined and iptables.any_rules %}
+# ANY rules
+{% for any_rule in iptables.any %}
+{% for ip in any_rule.allowed_hosts %}
+-A INPUT -s {{ ip }} -j ACCEPT
+{% endfor %}
+{% endfor %}
+{% endif %}
 {% if keepalived_enabled is defined and keepalived_enabled %}
 -A INPUT -p vrrp -d {{ keepalived_mcast_addr }} -j ACCEPT
 -A OUTPUT -p vrrp -d {{ keepalived_mcast_addr }} -j ACCEPT