From 3acdd804dfc5f46d96ffb4bc2b785892dbc73bc6 Mon Sep 17 00:00:00 2001
From: NaeiKinDus <git@0x2a.ninja>
Date: Thu, 8 Aug 2024 00:00:00 +0000
Subject: [PATCH] fix(security): fixed invalid template generation for nft
 rules 02 and 03 when ipv6 addresses are specified in controllers ips list

---
 .../security/templates/system/nftables/02-mangle.table.j2     | 2 +-
 .../security/templates/system/nftables/03-filter.table.j2     | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/02-mangle.table.j2 b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/02-mangle.table.j2
index 9abe332..24b2e35 100644
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/02-mangle.table.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/02-mangle.table.j2
@@ -50,7 +50,7 @@ table inet mangle {
         {% if security_firewall_supervisors_ip6 -%}
         ip6 saddr $ansible_controllers_ip6 tcp dport $ssh_localport accept
         ip6 daddr $ansible_controllers_ip6 tcp sport $ssh_localport accept
-        {%- endif %}
+        {% endif -%}
         ip saddr $ansible_controllers_ip4 tcp dport $ssh_localport accept
         ip daddr $ansible_controllers_ip4 tcp sport $ssh_localport accept
     }
diff --git a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/03-filter.table.j2 b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/03-filter.table.j2
index fad4648..a42312d 100644
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/03-filter.table.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/templates/system/nftables/03-filter.table.j2
@@ -5,7 +5,7 @@ table inet filter {
 
         {% if security_firewall_supervisors_ip6 -%}
         ip6 saddr $ansible_controllers_ip6 tcp dport $ssh_localport accept
-        {%- endif %}
+        {% endif -%}
         ip saddr $ansible_controllers_ip4 tcp dport $ssh_localport accept
 
         iifname "lo" counter accept
@@ -17,7 +17,7 @@ table inet filter {
         type filter hook output priority 0; policy {{ security_firewall_filter_policy_output }};
         {% if security_firewall_supervisors_ip6 -%}
         ip6 daddr $ansible_controllers_ip6 tcp sport $ssh_localport accept
-        {%- endif %}
+        {% endif -%}
         ip daddr $ansible_controllers_ip4 tcp sport $ssh_localport accept
 
         oifname "lo" counter accept