# {{ ansible_managed }}

{% if apache_firewall_public %}
iptables -N apache-in
{%   if apache_firewall_public_isolated %}
{%     for ip in apache_firewall_acl %}
iptables -A apache-in -s {{ ip }} -j ACCEPT
{%     endfor %}
{%     for ip in datacenter_global_networks + datacenter_public_networks %}
iptables -A apache-in -s {{ ip }} -j RETURN
{%     endfor %}
{%     for ip in apache_firewall_drop_dst %}
iptables -A apache-in -d {{ ip }} -j RETURN
{%     endfor %}
{%   endif %}
iptables -A apache-in -j ACCEPT

iptables -A INPUT -p tcp --dport 80 -m comment --comment "apache-http" -j apache-in
iptables -A INPUT -p tcp --dport 443 -m comment --comment "apache-https" -j apache-in
{% else %}
iptables -A internal-in -p tcp --dport 80 -m comment --comment "apache-http" -j ACCEPT
iptables -A internal-in -p tcp --dport 443 -m comment --comment "apache-https" -j ACCEPT
{% endif %}

iptables -A monitoring-in -p tcp --dport 80 -m comment --comment "apache-http" -j ACCEPT
iptables -A monitoring-in -p tcp --dport 443 -m comment --comment "apache-https" -j ACCEPT