fix default rules

2019-09-18 16:58:47 +02:00 · 2019-09-18 16:58:47 +02:00 · a1252c600a
parent 32a6f97981
commit a1252c600a
2 changed files with 2 additions and 2 deletions
--- a/molecule/ec2-centos-7/tests/test_default.py
+++ b/molecule/ec2-centos-7/tests/test_default.py
@ -27,7 +27,7 @@ def test_iptables_default_rules(host):
        '-A INPUT -i lo -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
        '-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
        '-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
-        '-A INPUT -j REJECT'
+        '-A INPUT -m comment --comment "ansible[iptables_default_tail]" -j REJECT --reject-with icmp-port-unreachable'
    ]

    rules = host.iptables.rules("filter", "INPUT")
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -8,7 +8,7 @@
        state: '{{ item.state }}'
        weight: '{{ item.weight | default(omit) }}'
        table: '{{ item.table | default(omit) }}'
-      with_items: '{{ iptables_custom_rules }}'
+      loop: '{{ iptables_custom_rules }}'
      loop_control:
        label: "{{ item.name }}"