From da5c299497151a14dfe421c19fda50e8795fd3b4 Mon Sep 17 00:00:00 2001
From: Ashpool <ashpool@xecut.net>
Date: Sat, 21 Aug 2021 12:55:29 +0300
Subject: [PATCH 1/2] fix a nesting mistake in the iptables template (fix #7)

---
 templates/iptables.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/iptables.j2 b/templates/iptables.j2
index 0dc024a..0c80ce1 100644
--- a/templates/iptables.j2
+++ b/templates/iptables.j2
@@ -10,8 +10,8 @@
 {% for service in firewall_services %}
 {% if service.state != "absent" %}
 -A INPUT -m state --state NEW {% if service.protocol is defined %}{% if service.protocol == "tcp" %}-m tcp{% endif %}{% endif %} -p {{ service.protocol | default ('tcp') }} --dport {{ service.name }} -j ACCEPT
-{% endfor %}
 {% endif %}
+{% endfor %}
 
 -A INPUT -j REJECT --reject-with icmp-host-prohibited
 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

From 5b594b20eea2ea6f78bd3e6fd3a1477b6859ecbb Mon Sep 17 00:00:00 2001
From: Ashpool <ashpool@xecut.net>
Date: Sat, 21 Aug 2021 13:12:56 +0300
Subject: [PATCH 2/2] assume service state present by default in iptables (fix
 #8)

---
 templates/iptables.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/iptables.j2 b/templates/iptables.j2
index 0c80ce1..127cf42 100644
--- a/templates/iptables.j2
+++ b/templates/iptables.j2
@@ -8,7 +8,7 @@
 -A INPUT -i lo -j ACCEPT
 
 {% for service in firewall_services %}
-{% if service.state != "absent" %}
+{% if (service.state | default("present")) != "absent" %}
 -A INPUT -m state --state NEW {% if service.protocol is defined %}{% if service.protocol == "tcp" %}-m tcp{% endif %}{% endif %} -p {{ service.protocol | default ('tcp') }} --dport {{ service.name }} -j ACCEPT
 {% endif %}
 {% endfor %}