tpiccioli
/
ansible-roles
forked from ISTI-ansible-roles/ansible-roles
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

iptables: in the tcp or udp rules, the allowed_hosts variables can be a list.

This commit is contained in:
Andrea Dell'Amico 2017-10-20 17:46:21 +02:00
parent 220af7bf9d
commit 56fc118e9d
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
iptables/templates/iptables-rules.v4.j2
View File

@ -241,7 +241,13 @@
{% for tcp_rule in iptables.tcp %}
{% if tcp_rule.allowed_hosts is defined %}
{% for ip in tcp_rule.allowed_hosts %}
{% if ip is string %}
-A INPUT -m state --state NEW -s {{ ip }} -p tcp -m tcp --dport {{ tcp_rule.port }} -j ACCEPT
{% else %}
{% for ip_really in ip %}
-A INPUT -m state --state NEW -s {{ ip_really }} -p tcp -m tcp --dport {{ tcp_rule.port }} -j ACCEPT
{% endfor %}
{% endif %}
{% endfor %}
{% else %}
-A INPUT -m state --state NEW -m tcp -p tcp --dport {{ tcp_rule.port }} -j ACCEPT
@ -253,7 +259,13 @@
{% for udp_rule in iptables.udp %}
{% if udp_rule.allowed_hosts is defined %}
{% for ip in udp_rule.allowed_hosts %}
{% if ip is string %}
-A INPUT -s {{ ip }} -p udp -m udp --dport {{ udp_rule.port }} -j ACCEPT
{% else %}
{% for ip_really in ip %}
-A INPUT -s {{ ip_really }} -p udp -m udp --dport {{ udp_rule.port }} -j ACCEPT
{% endfor %}
{% endif %}
{% endfor %}
{% else %}
-A INPUT -p udp -m udp --dport {{ udp_rule.port }} -j ACCEPT