From f57023b0f0d3a4fd656993f707958b1f211acbf1 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Fri, 20 Dec 2024 15:18:36 +0100
Subject: [PATCH] firewall: allow connections from master over IPv6

Oops, missed a spot.
---
 roles/firewall/templates/nftables.nft.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/firewall/templates/nftables.nft.j2 b/roles/firewall/templates/nftables.nft.j2
index e4c2584..bff0c10 100644
--- a/roles/firewall/templates/nftables.nft.j2
+++ b/roles/firewall/templates/nftables.nft.j2
@@ -73,7 +73,7 @@ table inet filter {
 
         # allow SSH connections from firewall master’s IPs
 {% for iface in hostvars[master].interfaces %}
-{% for address in iface.ip_addresses | selectattr('family.value', '==', 4) %}
+{% for address in iface.ip_addresses %}
         tcp dport ssh {{ 'ip' if address.family.value == 4 else 'ip6' }} saddr {{ address.address | ipaddr('address')  }} accept
 {% for nat_address in address.nat_outside %}
         tcp dport ssh ip saddr {{ nat_address.address | ipaddr('address') }} accept