From fcd3e67484b819c6c387b12be1b5f083188c594e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 15 Aug 2023 12:02:49 -0700
Subject: [PATCH] base / iptables: simplify conditional to perhaps actually
 work

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
---
 roles/base/templates/iptables/iptables | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/base/templates/iptables/iptables b/roles/base/templates/iptables/iptables
index f163ee9749..bc23f84f20 100644
--- a/roles/base/templates/iptables/iptables
+++ b/roles/base/templates/iptables/iptables
@@ -15,7 +15,7 @@
 -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 # if the host is external, block some ips
-{% if datacenter != 'iad2' or ( datacenter == 'iad2' and hostvars[inventory_hostname].external == 'true' ) %}
+{% if datacenter != 'iad2' or ( datacenter == 'iad2' and external == 'true' ) %}
 -A INPUT -p all -m set --match-set blocklist src -j REJECT
 {% endif %}