{% load conntrackt_tags %}
# iptables rules generated by conntrackt for {{entity}}
*filter
:INPUT DROP [0:0]
{% for interface in entity.interface_set.all %}
  {% for communication in interface.destination_set.all %}
    {% ifchanged communication.description %}

      {% if communication.description %}
# {{communication.description}}
      {% else  %}
# Communications without desecription.
      {% endif %}
    {% endifchanged %}
{% iptables communication %}
  {% endfor %}
{% endfor %}
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT