From f3a7f26cbd1911ca40ddaca15b089ae9a61d6b03 Mon Sep 17 00:00:00 2001
From: Craig R Webster <craig@barkingiguana.com>
Date: Tue, 18 Apr 2017 23:06:52 +0100
Subject: [PATCH 1/2] Prefix each v4 rule with --ipv4

---
 templates/rules.v4.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/rules.v4.j2 b/templates/rules.v4.j2
index de625dd..9a37f66 100644
--- a/templates/rules.v4.j2
+++ b/templates/rules.v4.j2
@@ -4,7 +4,7 @@
 :OUTPUT {{ firewall_ipv4_filter_output_policy }} [0:0]
 
 {% for rule in firewall_ipv4_filter_rules %}
-{{ rule }}
+--ipv4 {{ rule }}
 {% endfor %}
 COMMIT
 
@@ -16,7 +16,7 @@ COMMIT
 :POSTROUTING {{ firewall_ipv4_mangle_postrouting_policy }} [0:0]
 
 {% for rule in firewall_ipv4_mangle_rules %}
-{{ rule }}
+--ipv4 {{ rule }}
 {% endfor %}
 COMMIT
 
@@ -26,6 +26,6 @@ COMMIT
 :OUTPUT {{ firewall_ipv4_nat_output_policy }} [0:0]
 
 {% for rule in firewall_ipv4_nat_rules %}
-{{ rule }}
+--ipv4 {{ rule }}
 {% endfor %}
 COMMIT

From e1e448eccb110194ecc65ccb009d633ef3ac5c24 Mon Sep 17 00:00:00 2001
From: Craig Webster <craig.webster@versent.com.au>
Date: Sun, 28 Jul 2019 21:07:54 +0800
Subject: [PATCH 2/2] Update regex

---
 vars/main.yml | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/vars/main.yml b/vars/main.yml
index 021eec7..9f43293 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -1,37 +1,37 @@
 ---
-firewall_ipv4_filter_input_rules: "{{ (firewall_ipv4_filter_input_rules_custom + firewall_ipv4_filter_input_rules_default) | map('regex_replace', '(.*)', '-A INPUT \\1') | list }}"
-firewall_ipv4_filter_forward_rules: "{{ (firewall_ipv4_filter_forward_rules_custom + firewall_ipv4_filter_forward_rules_default) | map('regex_replace', '(.*)', '-A FORWARD \\1') | list }}"
-firewall_ipv4_filter_output_rules: "{{ (firewall_ipv4_filter_output_rules_custom + firewall_ipv4_filter_output_rules_default) | map('regex_replace', '(.*)', '-A OUTPUT \\1') | list }}"
+firewall_ipv4_filter_input_rules: "{{ (firewall_ipv4_filter_input_rules_custom + firewall_ipv4_filter_input_rules_default) | map('regex_replace', '^(.*)$', '-A INPUT \\1') | list }}"
+firewall_ipv4_filter_forward_rules: "{{ (firewall_ipv4_filter_forward_rules_custom + firewall_ipv4_filter_forward_rules_default) | map('regex_replace', '^(.*)$', '-A FORWARD \\1') | list }}"
+firewall_ipv4_filter_output_rules: "{{ (firewall_ipv4_filter_output_rules_custom + firewall_ipv4_filter_output_rules_default) | map('regex_replace', '^(.*)$', '-A OUTPUT \\1') | list }}"
 
-firewall_ipv4_mangle_prerouting_rules: "{{ (firewall_ipv4_mangle_prerouting_rules_custom + firewall_ipv4_mangle_prerouting_rules_default) | map('regex_replace', '(.*)', '-A PREROUTING \\1') | list }}"
-firewall_ipv4_mangle_input_rules: "{{ (firewall_ipv4_mangle_input_rules_custom + firewall_ipv4_mangle_input_rules_default) | map('regex_replace', '(.*)', '-A INPUT \\1') | list }}"
-firewall_ipv4_mangle_forward_rules: "{{ (firewall_ipv4_mangle_forward_rules_custom + firewall_ipv4_mangle_forward_rules_default) | map('regex_replace', '(.*)', '-A FORWARD \\1') | list }}"
-firewall_ipv4_mangle_output_rules: "{{ (firewall_ipv4_mangle_output_rules_custom + firewall_ipv4_mangle_output_rules_default) | map('regex_replace', '(.*)', '-A OUTPUT \\1') | list }}"
-firewall_ipv4_mangle_postrouting_rules: "{{ (firewall_ipv4_mangle_postrouting_rules_custom + firewall_ipv4_mangle_postrouting_rules_default) | map('regex_replace', '(.*)', '-A POSTROUTING \\1') | list }}"
+firewall_ipv4_mangle_prerouting_rules: "{{ (firewall_ipv4_mangle_prerouting_rules_custom + firewall_ipv4_mangle_prerouting_rules_default) | map('regex_replace', '^(.*)$', '-A PREROUTING \\1') | list }}"
+firewall_ipv4_mangle_input_rules: "{{ (firewall_ipv4_mangle_input_rules_custom + firewall_ipv4_mangle_input_rules_default) | map('regex_replace', '^(.*)$', '-A INPUT \\1') | list }}"
+firewall_ipv4_mangle_forward_rules: "{{ (firewall_ipv4_mangle_forward_rules_custom + firewall_ipv4_mangle_forward_rules_default) | map('regex_replace', '^(.*)$', '-A FORWARD \\1') | list }}"
+firewall_ipv4_mangle_output_rules: "{{ (firewall_ipv4_mangle_output_rules_custom + firewall_ipv4_mangle_output_rules_default) | map('regex_replace', '^(.*)$', '-A OUTPUT \\1') | list }}"
+firewall_ipv4_mangle_postrouting_rules: "{{ (firewall_ipv4_mangle_postrouting_rules_custom + firewall_ipv4_mangle_postrouting_rules_default) | map('regex_replace', '^(.*)$', '-A POSTROUTING \\1') | list }}"
 
-firewall_ipv4_nat_prerouting_rules: "{{ (firewall_ipv4_nat_prerouting_rules_custom + firewall_ipv4_nat_prerouting_rules_default) | map('regex_replace', '(.*)', '-A PREROUTING \\1') | list }}"
-firewall_ipv4_nat_input_rules: "{{ (firewall_ipv4_nat_input_rules_custom + firewall_ipv4_nat_input_rules_default) | map('regex_replace', '(.*)', '-A INPUT \\1') | list }}"
-firewall_ipv4_nat_output_rules: "{{ (firewall_ipv4_nat_output_rules_custom + firewall_ipv4_nat_output_rules_default) | map('regex_replace', '(.*)', '-A OUTPUT \\1') | list }}"
-firewall_ipv4_nat_postrouting_rules: "{{ (firewall_ipv4_nat_postrouting_rules_custom + firewall_ipv4_nat_postrouting_rules_default) | map('regex_replace', '(.*)', '-A POSTROUTING \\1') | list }}"
+firewall_ipv4_nat_prerouting_rules: "{{ (firewall_ipv4_nat_prerouting_rules_custom + firewall_ipv4_nat_prerouting_rules_default) | map('regex_replace', '^(.*)$', '-A PREROUTING \\1') | list }}"
+firewall_ipv4_nat_input_rules: "{{ (firewall_ipv4_nat_input_rules_custom + firewall_ipv4_nat_input_rules_default) | map('regex_replace', '^(.*)$', '-A INPUT \\1') | list }}"
+firewall_ipv4_nat_output_rules: "{{ (firewall_ipv4_nat_output_rules_custom + firewall_ipv4_nat_output_rules_default) | map('regex_replace', '^(.*)$', '-A OUTPUT \\1') | list }}"
+firewall_ipv4_nat_postrouting_rules: "{{ (firewall_ipv4_nat_postrouting_rules_custom + firewall_ipv4_nat_postrouting_rules_default) | map('regex_replace', '^(.*)$', '-A POSTROUTING \\1') | list }}"
 
 firewall_ipv4_filter_rules: "{{ firewall_ipv4_filter_input_rules + firewall_ipv4_filter_forward_rules + firewall_ipv4_filter_output_rules }}"
 firewall_ipv4_mangle_rules: "{{ firewall_ipv4_mangle_prerouting_rules + firewall_ipv4_mangle_input_rules + firewall_ipv4_mangle_forward_rules + firewall_ipv4_mangle_output_rules + firewall_ipv4_mangle_postrouting_rules }}"
 firewall_ipv4_nat_rules: "{{ firewall_ipv4_nat_prerouting_rules + firewall_ipv4_nat_input_rules + firewall_ipv4_nat_output_rules + firewall_ipv4_nat_postrouting_rules }}"
 
-firewall_ipv6_filter_input_rules: "{{ (firewall_ipv6_filter_input_rules_custom + firewall_ipv6_filter_input_rules_default) | map('regex_replace', '(.*)', '-A INPUT \\1') | list }}"
-firewall_ipv6_filter_forward_rules: "{{ (firewall_ipv6_filter_forward_rules_custom + firewall_ipv6_filter_forward_rules_default) | map('regex_replace', '(.*)', '-A FORWARD \\1') | list }}"
-firewall_ipv6_filter_output_rules: "{{ (firewall_ipv6_filter_output_rules_custom + firewall_ipv6_filter_output_rules_default) | map('regex_replace', '(.*)', '-A OUTPUT \\1') | list }}"
+firewall_ipv6_filter_input_rules: "{{ (firewall_ipv6_filter_input_rules_custom + firewall_ipv6_filter_input_rules_default) | map('regex_replace', '^(.*)$', '-A INPUT \\1') | list }}"
+firewall_ipv6_filter_forward_rules: "{{ (firewall_ipv6_filter_forward_rules_custom + firewall_ipv6_filter_forward_rules_default) | map('regex_replace', '^(.*)$', '-A FORWARD \\1') | list }}"
+firewall_ipv6_filter_output_rules: "{{ (firewall_ipv6_filter_output_rules_custom + firewall_ipv6_filter_output_rules_default) | map('regex_replace', '^(.*)$', '-A OUTPUT \\1') | list }}"
 
-firewall_ipv6_mangle_prerouting_rules: "{{ (firewall_ipv6_mangle_prerouting_rules_custom + firewall_ipv6_mangle_prerouting_rules_default) | map('regex_replace', '(.*)', '-A PREROUTING \\1') | list }}"
-firewall_ipv6_mangle_input_rules: "{{ (firewall_ipv6_mangle_input_rules_custom + firewall_ipv6_mangle_input_rules_default) | map('regex_replace', '(.*)', '-A INPUT \\1') | list }}"
-firewall_ipv6_mangle_forward_rules: "{{ (firewall_ipv6_mangle_forward_rules_custom + firewall_ipv6_mangle_forward_rules_default) | map('regex_replace', '(.*)', '-A FORWARD \\1') | list }}"
-firewall_ipv6_mangle_output_rules: "{{ (firewall_ipv6_mangle_output_rules_custom + firewall_ipv6_mangle_output_rules_default) | map('regex_replace', '(.*)', '-A OUTPUT \\1') | list }}"
-firewall_ipv6_mangle_postrouting_rules: "{{ (firewall_ipv6_mangle_postrouting_rules_custom + firewall_ipv6_mangle_postrouting_rules_default) | map('regex_replace', '(.*)', '-A POSTROUTING \\1') | list }}"
+firewall_ipv6_mangle_prerouting_rules: "{{ (firewall_ipv6_mangle_prerouting_rules_custom + firewall_ipv6_mangle_prerouting_rules_default) | map('regex_replace', '^(.*)$', '-A PREROUTING \\1') | list }}"
+firewall_ipv6_mangle_input_rules: "{{ (firewall_ipv6_mangle_input_rules_custom + firewall_ipv6_mangle_input_rules_default) | map('regex_replace', '^(.*)$', '-A INPUT \\1') | list }}"
+firewall_ipv6_mangle_forward_rules: "{{ (firewall_ipv6_mangle_forward_rules_custom + firewall_ipv6_mangle_forward_rules_default) | map('regex_replace', '^(.*)$', '-A FORWARD \\1') | list }}"
+firewall_ipv6_mangle_output_rules: "{{ (firewall_ipv6_mangle_output_rules_custom + firewall_ipv6_mangle_output_rules_default) | map('regex_replace', '^(.*)$', '-A OUTPUT \\1') | list }}"
+firewall_ipv6_mangle_postrouting_rules: "{{ (firewall_ipv6_mangle_postrouting_rules_custom + firewall_ipv6_mangle_postrouting_rules_default) | map('regex_replace', '^(.*)$', '-A POSTROUTING \\1') | list }}"
 
-firewall_ipv6_nat_prerouting_rules: "{{ (firewall_ipv6_nat_prerouting_rules_custom + firewall_ipv6_nat_prerouting_rules_default) | map('regex_replace', '(.*)', '-A PREROUTING \\1') | list }}"
-firewall_ipv6_nat_input_rules: "{{ (firewall_ipv6_nat_input_rules_custom + firewall_ipv6_nat_input_rules_default) | map('regex_replace', '(.*)', '-A INPUT \\1') | list }}"
-firewall_ipv6_nat_output_rules: "{{ (firewall_ipv6_nat_output_rules_custom + firewall_ipv6_nat_output_rules_default) | map('regex_replace', '(.*)', '-A OUTPUT \\1') | list }}"
-firewall_ipv6_nat_postrouting_rules: "{{ (firewall_ipv6_nat_postrouting_rules_custom + firewall_ipv6_nat_postrouting_rules_default) | map('regex_replace', '(.*)', '-A POSTROUTING \\1') | list }}"
+firewall_ipv6_nat_prerouting_rules: "{{ (firewall_ipv6_nat_prerouting_rules_custom + firewall_ipv6_nat_prerouting_rules_default) | map('regex_replace', '^(.*)$', '-A PREROUTING \\1') | list }}"
+firewall_ipv6_nat_input_rules: "{{ (firewall_ipv6_nat_input_rules_custom + firewall_ipv6_nat_input_rules_default) | map('regex_replace', '^(.*)$', '-A INPUT \\1') | list }}"
+firewall_ipv6_nat_output_rules: "{{ (firewall_ipv6_nat_output_rules_custom + firewall_ipv6_nat_output_rules_default) | map('regex_replace', '^(.*)$', '-A OUTPUT \\1') | list }}"
+firewall_ipv6_nat_postrouting_rules: "{{ (firewall_ipv6_nat_postrouting_rules_custom + firewall_ipv6_nat_postrouting_rules_default) | map('regex_replace', '^(.*)$', '-A POSTROUTING \\1') | list }}"
 
 firewall_ipv6_filter_rules: "{{ firewall_ipv6_filter_input_rules + firewall_ipv6_filter_forward_rules + firewall_ipv6_filter_output_rules }}"
 firewall_ipv6_mangle_rules: "{{ firewall_ipv6_mangle_prerouting_rules + firewall_ipv6_mangle_input_rules + firewall_ipv6_mangle_forward_rules + firewall_ipv6_mangle_output_rules + firewall_ipv6_mangle_postrouting_rules }}"