initial upload

roles/firewall/templates/rules-v4.d/85_whitelist.sh.j2

@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+
+{% if firewall_late_whitelist_ip %}
+# Whitelist IPs
+{%   for ip in firewall_late_whitelist_ip %}
+iptables -A INPUT -s {{ ip }} -m comment --comment "whitelist" -j ACCEPT
+{%   endfor %}
+{% endif %}
+
+{% if firewall_whitelist_office_ip and firewall_whitelist_office_ports %}
+# Offices  TODO remove
+{%   for ip in firewall_whitelist_office_ip %}
+iptables -A INPUT -s {{ ip }} -p tcp -m multiport --dports "{{ firewall_whitelist_office_ports | join(',') }}" -m comment --comment "office-whitelist" -j ACCEPT
+{%   endfor %}
+{% endif %}