iptables / staging: fix the actual used template

Signed-off-by: Kevin Fenzi <kevin@scrye.com>

roles/base/templates/iptables/iptables.staging

@@ -14,11 +14,9 @@
 -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
-# if the blocked_ips is defined - drop them
-{% if blocked_ips is defined %}
-{% for ip in blocked_ips %}
--A INPUT -s {{ ip }} -j DROP
-{% endfor %}
+# if the host is external, block some ips
+{% if external == 'true' %}
+-A INPUT -p all -m set --match-set blocklist src -j REJECT
 {% endif %}
 
 # allow ssh - always