majic-ansible-roles Changeset

Changeset - 9837860d0e76

Parent rev.

Child rev.

[Not reviewed]

0 1 0

Branko Majic (branko) - 16 days ago 2024-09-03 17:05:05
branko@majic.rs

MAR-218: Fix erroneous test for ipv6 address (copy/paste error).

1 file changed with 1 insertions and 1 deletions:

roles/common/templates/00-base.conf.j2

0 comments (0 inline, 0 general)

roles/common/templates/00-base.conf.j2

➞

Show inline comments

@@ @@ -76,33 +76,33 @@ domain ip6 { @@
             jump allowed_sources;
 {% endif %}
+        }
         # The flood chain is used for controlling the rate of the incoming connections.
         chain flood {
             # Rate-limit the ping requests.
             proto icmp icmp-type echo-request {
                 mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
                     hashlimit-mode srcip hashlimit-name icmp RETURN;
                 DROP;
+            }
             # Rate-limit the TCP connections.
             proto tcp tcp-flags (FIN SYN RST ACK) SYN {
                 mod hashlimit hashlimit {{ incoming_connection_limit }} hashlimit-burst {{ incoming_connection_limit_burst }}
                     hashlimit-mode srcip hashlimit-name icmp RETURN;
                 LOG;
                 DROP;
+            }
+        }
 {% if maintenance %}
         # Resume processing for allowed source addresses, otherwise drop packets.
         chain allowed_sources {
             {% for source in maintenance_allowed_sources %}
-                {% if source is ansible.utils.ipv4_address %}
+                {% if source is ansible.utils.ipv6_address %}
             saddr {{ source }} RETURN;
                 {% endif %}
             {% endfor %}
             DROP;
+        }
 {% endif %}
+    }
+}

0 comments (0 inline, 0 general)