fix(security): fixed invalid template generation for nft rules 02 and 03 when ipv6 addresses are specified in controllers ips list

2024-08-08 00:00:00 +00:00 · 2024-08-08 00:00:00 +00:00 · 3acdd804df
commit 3acdd804df
parent b83c6c1d4f
2 changed files with 3 additions and 3 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/02-mangle.table.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/02-mangle.table.j2
@ -50,7 +50,7 @@ table inet mangle {
        {% if security_firewall_supervisors_ip6 -%}
        ip6 saddr $ansible_controllers_ip6 tcp dport $ssh_localport accept
        ip6 daddr $ansible_controllers_ip6 tcp sport $ssh_localport accept
-        {%- endif %}
+        {% endif -%}
        ip saddr $ansible_controllers_ip4 tcp dport $ssh_localport accept
        ip daddr $ansible_controllers_ip4 tcp sport $ssh_localport accept
    }
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/03-filter.table.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/03-filter.table.j2
@ -5,7 +5,7 @@ table inet filter {

        {% if security_firewall_supervisors_ip6 -%}
        ip6 saddr $ansible_controllers_ip6 tcp dport $ssh_localport accept
-        {%- endif %}
+        {% endif -%}
        ip saddr $ansible_controllers_ip4 tcp dport $ssh_localport accept

        iifname "lo" counter accept
@ -17,7 +17,7 @@ table inet filter {
        type filter hook output priority 0; policy {{ security_firewall_filter_policy_output }};
        {% if security_firewall_supervisors_ip6 -%}
        ip6 daddr $ansible_controllers_ip6 tcp sport $ssh_localport accept
-        {%- endif %}
+        {% endif -%}
        ip daddr $ansible_controllers_ip4 tcp sport $ssh_localport accept

        oifname "lo" counter accept