From 80bd91a46944d8ff52fb110c5bacf36eb937c0ae Mon Sep 17 00:00:00 2001
From: Tobias Hachmer <tobias@hachmer.de>
Date: Tue, 14 Nov 2017 23:09:55 +0100
Subject: [PATCH] Role network-iptables-gateway: fix freifunk bridge rules

---
 roles/network-iptables-gateway/templates/rules.v4.j2 | 8 ++++++--
 roles/network-iptables-gateway/templates/rules.v6.j2 | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/roles/network-iptables-gateway/templates/rules.v4.j2 b/roles/network-iptables-gateway/templates/rules.v4.j2
index 4359b2b..94cdc07 100644
--- a/roles/network-iptables-gateway/templates/rules.v4.j2
+++ b/roles/network-iptables-gateway/templates/rules.v4.j2
@@ -8,8 +8,12 @@
 -A INPUT -d {{ ansible_default_ipv4.address | ipaddr('public') }}/32 -p gre -j ACCEPT
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-{% for mesh in meshes %}
--A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
+{% for mesh_forward in meshes %}
+{% for mesh_recursive in meshes recursive %}
+{% if not mesh_forward.id == mesh_recursive.id %}
+-A FORWARD -i {{ mesh_forward.id }}br -o {{ mesh_recursive.id }}br -j ACCEPT
+{% endif %}
+{% endfor %}
 {% endfor %}
 -A FORWARD -m conntrack --ctstate INVALID -j DROP
 -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
diff --git a/roles/network-iptables-gateway/templates/rules.v6.j2 b/roles/network-iptables-gateway/templates/rules.v6.j2
index f1644f9..7c97f3f 100644
--- a/roles/network-iptables-gateway/templates/rules.v6.j2
+++ b/roles/network-iptables-gateway/templates/rules.v6.j2
@@ -7,8 +7,12 @@
 :OUTPUT ACCEPT [0:0]
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-{% for mesh in meshes %}
--A FORWARD -i {{ mesh.id }}br -o {{ mesh.id }}br -j ACCEPT
+{% for mesh_forward in meshes %}
+{% for mesh_recursive in meshes recursive %}
+{% if not mesh_forward.id == mesh_recursive.id %}
+-A FORWARD -i {{ mesh_forward.id }}br -o {{ mesh_recursive.id }}br -j ACCEPT
+{% endif %}
+{% endfor %}
 {% endfor %}
 -A FORWARD -m conntrack --ctstate INVALID -j DROP
 -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT