infrastructure/ansible
1
0
Fork 0
Code Pull requests 7 Activity Actions

base / iptables: simplify conditional to perhaps actually work

Browse source 
Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2023-08-15 12:02:49 -07:00
parent 4fffa25daf
commit fcd3e67484
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/base/templates/iptables/iptables
View file

@ -15,7 +15,7 @@
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# if the host is external, block some ips
{% if datacenter != 'iad2' or ( datacenter == 'iad2' and hostvars[inventory_hostname].external == 'true' ) %}
{% if datacenter != 'iad2' or ( datacenter == 'iad2' and external == 'true' ) %}
-A INPUT -p all -m set --match-set blocklist src -j REJECT
{% endif %}