oh silly me.. {{}} matter

roles/base/templates/iptables/iptables.serverbeach06.fedoraproject.org

@@ -5,8 +5,8 @@
 :OUTPUT ACCEPT [3:224]
 :POSTROUTING ACCEPT [428:23328]
 # dnat and snat everything to the internal virt host
-#-A PREROUTING -d {{guest_ip}}/32 -j DNAT --to-destination 192.168.122.2
-#-A POSTROUTING -s 192.168.122.2/32 -j SNAT --to-source {{guest_ip}}
+#-A PREROUTING -d guest_ip/32 -j DNAT --to-destination 192.168.122.2
+#-A POSTROUTING -s 192.168.122.2/32 -j SNAT --to-source guest_ip
 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
@@ -77,7 +77,7 @@ COMMIT
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 
 # source and dest of the guest ip we forward into the guest
-#-A FORWARD -d {{guest_ip}}/32 -j ACCEPT
-#-A FORWARD -s {{guest_ip}}/32 -j ACCEPT
+#-A FORWARD -d guest_ip/32 -j ACCEPT
+#-A FORWARD -s guest_ip/32 -j ACCEPT
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited
 COMMIT