From a1252c600a361b2d39bb689009af5c1b6dee0877 Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Wed, 18 Sep 2019 16:58:47 +0200
Subject: [PATCH] fix default rules

---
 molecule/ec2-centos-7/tests/test_default.py | 2 +-
 tasks/config.yml                            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/molecule/ec2-centos-7/tests/test_default.py b/molecule/ec2-centos-7/tests/test_default.py
index 9ab8dfe..192a06d 100644
--- a/molecule/ec2-centos-7/tests/test_default.py
+++ b/molecule/ec2-centos-7/tests/test_default.py
@@ -27,7 +27,7 @@ def test_iptables_default_rules(host):
         '-A INPUT -i lo -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
         '-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
         '-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
-        '-A INPUT -j REJECT'
+        '-A INPUT -m comment --comment "ansible[iptables_default_tail]" -j REJECT --reject-with icmp-port-unreachable'
     ]
 
     rules = host.iptables.rules("filter", "INPUT")
diff --git a/tasks/config.yml b/tasks/config.yml
index 7045f63..fdb5705 100644
--- a/tasks/config.yml
+++ b/tasks/config.yml
@@ -8,7 +8,7 @@
         state: '{{ item.state }}'
         weight: '{{ item.weight | default(omit) }}'
         table: '{{ item.table | default(omit) }}'
-      with_items: '{{ iptables_custom_rules }}'
+      loop: '{{ iptables_custom_rules }}'
       loop_control:
         label: "{{ item.name }}"