# {{ ansible_managed }}

{% if not consul_stub_mode %}
{%   if consul_server %}
iptables -A internal-in -p tcp --dport 8300:8302 -m comment --comment "consul" -j ACCEPT
iptables -A internal-in -p udp --dport 8300:8302 -m comment --comment "consul" -j ACCEPT
{%   else %}
{%     for ip in datacenter_local_networks %}
iptables -A internal-in -s {{ ip }} -p tcp --dport 8300:8302 -m comment --comment "consul" -j ACCEPT
iptables -A internal-in -s {{ ip }} -p udp --dport 8300:8302 -m comment --comment "consul" -j ACCEPT
{%     endfor %}
{%   endif %}

{%   if consul_expose_apis %}
iptables -A internal-in -p tcp --dport 8500:8501 -m comment --comment "consul-http" -j ACCEPT
iptables -A internal-in -p tcp --dport 8600 -m comment --comment "consul-dns" -j ACCEPT
iptables -A internal-in -p udp --dport 8600 -m comment --comment "consul-dns" -j ACCEPT
{%   endif %}

iptables -A internal-out -p tcp --dport 8300:8302 -m comment --comment "consul" -j ACCEPT
iptables -A internal-out -p udp --dport 8300:8302 -m comment --comment "consul" -j ACCEPT
iptables -A internal-out -p tcp --dport 8500:8501 -m comment --comment "consul-http" -j ACCEPT
iptables -A internal-out -p tcp --dport 8600 -m comment --comment "consul-dns" -j ACCEPT
iptables -A internal-out -p udp --dport 8600 -m comment --comment "consul-dns" -j ACCEPT
{% endif %}