From 37275e2ae347cf1c7c78780754ef70b59093848c Mon Sep 17 00:00:00 2001
From: Jack Ivanov <e601809@gmail.com>
Date: Tue, 19 Nov 2019 19:18:55 +0100
Subject: [PATCH] Iptables to ansible_ssh_port

---
 roles/common/templates/rules.v4.j2 | 4 ++--
 roles/common/templates/rules.v6.j2 | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/common/templates/rules.v4.j2 b/roles/common/templates/rules.v4.j2
index 378db71..0f5bfba 100644
--- a/roles/common/templates/rules.v4.j2
+++ b/roles/common/templates/rules.v4.j2
@@ -64,8 +64,8 @@ COMMIT
 -A INPUT -p icmp --icmp-type echo-request -m hashlimit --hashlimit-upto 5/s --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name icmp-echo-drop -j ACCEPT
 # Accept IPSEC/WireGuard traffic to ports {{ subnets|join(',') }}
 -A INPUT -p udp -m multiport --dports {{ ports|join(',') }} -j ACCEPT
-# Allow new traffic to port {{ ssh_port }} (SSH)
--A INPUT -p tcp --dport {{ ssh_port }} -m conntrack --ctstate NEW -j ACCEPT
+# Allow new traffic to port {{ ansible_ssh_port }} (SSH)
+-A INPUT -p tcp --dport {{ ansible_ssh_port }} -m conntrack --ctstate NEW -j ACCEPT
 
 {% if ipsec_enabled %}
 # Allow any traffic from the IPsec VPN
diff --git a/roles/common/templates/rules.v6.j2 b/roles/common/templates/rules.v6.j2
index 1d37bb9..47226b7 100644
--- a/roles/common/templates/rules.v6.j2
+++ b/roles/common/templates/rules.v6.j2
@@ -70,8 +70,8 @@ COMMIT
 -A INPUT -p icmpv6 --icmpv6-type echo-request -m hashlimit --hashlimit-upto 5/s --hashlimit-mode srcip --hashlimit-srcmask 32 --hashlimit-name icmp-echo-drop -j ACCEPT
 # Accept IPSEC/WireGuard traffic to ports {{ subnets|join(',') }}
 -A INPUT -p udp -m multiport --dports {{ ports|join(',') }} -j ACCEPT
-# Allow new traffic to port {{ ssh_port }} (SSH)
--A INPUT -p tcp --dport {{ ssh_port }} -m conntrack --ctstate NEW -j ACCEPT
+# Allow new traffic to port {{ ansible_ssh_port }} (SSH)
+-A INPUT -p tcp --dport {{ ansible_ssh_port }} -m conntrack --ctstate NEW -j ACCEPT
 
 # Accept properly formatted Neighbor Discovery Protocol packets
 -A INPUT -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT