Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

iptables / staging: fix the actual used template

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2023-08-15 12:11:22 -07:00
parent a14b081ab3
commit 363af73e57
1 changed files with 3 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

8
roles/base/templates/iptables/iptables.staging
View file

@ -14,11 +14,9 @@
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# if the blocked_ips is defined - drop them # if the host is external, block some ips
{% if blocked_ips is defined %} {% if external == 'true' %}
{% for ip in blocked_ips %} -A INPUT -p all -m set --match-set blocklist src -j REJECT
-A INPUT -s {{ ip }} -j DROP
{% endfor %}
{% endif %} {% endif %}
# allow ssh - always # allow ssh - always