iptables: Allow hostnames in iptables rules

2021-09-11 17:07:35 +00:00 · 2021-09-11 17:07:35 +00:00 · a97f2b5c79
commit a97f2b5c79
parent 9566266c5c
2 changed files with 12 additions and 2 deletions
--- a/roles/iptables/templates/ip6tables.j2
+++ b/roles/iptables/templates/ip6tables.j2
@ -12,8 +12,13 @@
 {% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
-{%     for from in rule.from | ipv6 %}
+{%     for from in rule.from %}
+{%       if not from | ipv4 and not from | ipv6 %}
+{%         set from = lookup('dig', from) %}
+{%       endif %}
+{%       if from | ipv6 %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} -s {{ from }} --dport {{ rule.port }} -j ACCEPT
+{%       endif %}
 {%     endfor %}
 {%   else %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} --dport {{ rule.port }} -j ACCEPT
--- a/roles/iptables/templates/iptables.j2
+++ b/roles/iptables/templates/iptables.j2
@ -12,8 +12,13 @@
 {% endif %}
 {% for rule in firewall_in %}
 {%   if rule.from is defined %}
-{%     for from in rule.from | ipv4 %}
+{%     for from in rule.from %}
+{%       if not from | ipv4 and not from | ipv6 %}
+{%         set from = lookup('dig', from) %}
+{%       endif %}
+{%       if from | ipv4 %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} -s {{ from }} --dport {{ rule.port }} -j ACCEPT
+{%       endif %}
 {%     endfor %}
 {%   else %}
 -A INPUT -m state --state NEW -m {{ rule.proto }} -p {{ rule.proto }} --dport {{ rule.port }} -j ACCEPT