# {{ ansible_managed }}

# Allow SSH only from IPs:
iptables -N ssh-in
{% for ip in firewall_ssh_acl|default([]) + firewall_ssh_acl_extra|default([]) %}
iptables -A ssh-in -s {{ ip }} -j ACCEPT
{% endfor %}
iptables -A INPUT -p tcp --dport 22 -m comment --comment "ssh" -j ssh-in