# {{ ansible_managed }}

# Allow MariaDB Replication only from IPs:
iptables -N mariadb-in
{% for ip in firewall_mariadb_acl|default([]) + firewall_mariadb_acl_extra|default([]) %}
iptables -A mariadb-in -s {{ ip }} -j ACCEPT
{% endfor %}
iptables -A INPUT -p tcp --dport 3306 -m comment --comment "mariadb" -j mariadb-in