# {{ ansible_managed }}

{% if firewall_late_whitelist_ip %}
# Whitelist IPs
{%   for ip in firewall_late_whitelist_ip %}
iptables -A INPUT -s {{ ip }} -m comment --comment "whitelist" -j ACCEPT
{%   endfor %}
{% endif %}

{% if firewall_whitelist_office_ip and firewall_whitelist_office_ports %}
# Offices  TODO remove
{%   for ip in firewall_whitelist_office_ip %}
iptables -A INPUT -s {{ ip }} -p tcp -m multiport --dports "{{ firewall_whitelist_office_ports | join(',') }}" -m comment --comment "office-whitelist" -j ACCEPT
{%   endfor %}
{% endif %}