From a97f2b5c791d95c928dc222c40b6f0d0894e2045 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 11 Sep 2021 17:07:35 +0000
Subject: [PATCH] iptables: Allow hostnames in iptables rules

---
 roles/iptables/templates/ip6tables.j2 | 7 ++++++-
 roles/iptables/templates/iptables.j2  | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/roles/iptables/templates/ip6tables.j2 b/roles/iptables/templates/ip6tables.j2
index bb22bcb..1cd83c5 100644
--- a/roles/iptables/templates/ip6tables.j2
+++ b/roles/iptables/templates/ip6tables.j2
@@ -12,8 +12,13 @@
 {% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
-{%     for from in rule.from | ipv6 %}
+{%     for from in rule.from %}
+{%       if not from | ipv4 and not from | ipv6 %}
+{%         set from = lookup('dig', from) %}
+{%       endif %}
+{%       if from | ipv6 %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} -s {{ from }} --dport {{ rule.port }} -j ACCEPT
+{%       endif %}
 {%     endfor %}
 {%   else %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} --dport {{ rule.port }} -j ACCEPT
diff --git a/roles/iptables/templates/iptables.j2 b/roles/iptables/templates/iptables.j2
index 2e558a1..3067542 100644
--- a/roles/iptables/templates/iptables.j2
+++ b/roles/iptables/templates/iptables.j2
@@ -12,8 +12,13 @@
 {% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
-{%     for from in rule.from | ipv4 %}
+{%     for from in rule.from %}
+{%       if not from | ipv4 and not from | ipv6 %}
+{%         set from = lookup('dig', from) %}
+{%       endif %}
+{%       if from | ipv4 %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} -s {{ from }} --dport {{ rule.port }} -j ACCEPT
+{%       endif %}
 {%     endfor %}
 {%   else %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} --dport {{ rule.port }} -j ACCEPT