From d4248510abafdd29f5a5b32ddcd0759a16fbe3bc Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Fri, 6 Feb 2015 21:29:14 +0000
Subject: [PATCH] Clean up ipv4 specific stuff and make custom require
 different rules from ipv4

---
 inventory/group_vars/all                |  1 +
 roles/base/templates/iptables/ip6tables | 13 ++++---------
 2 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/inventory/group_vars/all b/inventory/group_vars/all
index ee223e2bc5..7d8008eb46 100644
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@@ -17,6 +17,7 @@ libdir: /usr/lib64
 udp_ports: []
 tcp_ports: []
 custom_rules: []
+custom6_rules: []
 
 # defaults for virt installs
 ks_url: http://infrastructure.fedoraproject.org/repo/rhel/ks/kvm-rhel-7
diff --git a/roles/base/templates/iptables/ip6tables b/roles/base/templates/iptables/ip6tables
index a64d7a7933..4d85a04a17 100644
--- a/roles/base/templates/iptables/ip6tables
+++ b/roles/base/templates/iptables/ip6tables
@@ -20,13 +20,8 @@
 # allow ssh - always
 -A INPUT -m conntrack --ctstate NEW -m tcp -p tcp --dport 22 -j ACCEPT
 
-# for nrpe - allow it from nocs
--A INPUT -p tcp -m tcp --dport 5666 -s 192.168.1.10 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 5666  -s 209.132.181.35 -j ACCEPT
--A INPUT -p tcp -m tcp --dport 5666 -s 10.5.126.41 -j ACCEPT
-
 # if the host/group defines incoming tcp_ports - allow them
-{% if tcp_ports is defined %}
+{% if tcp6_ports is defined %}
 {% for port in tcp_ports %}
 -A INPUT -p tcp -m tcp --dport {{ port }} -j ACCEPT
 {% endfor %}
@@ -39,9 +34,9 @@
 {% endfor %}
 {% endif %}
 
-# if there are custom rules - put them in as-is
-{% if custom_rules is defined %}
-{% for rule in custom_rules %}
+# if there are custom6 rules - put them in as-is
+{% if custom6_rules is defined %}
+{% for rule in custom6_rules %}
 {{ rule }}
 {% endfor %}
 {% endif %}