From 77ec14c2846ba156c5d89cc1821d387db06f44ef Mon Sep 17 00:00:00 2001
From: Alex Kotov <kotovalexarian@gmail.com>
Date: Wed, 15 Sep 2021 03:36:13 +0500
Subject: [PATCH] Allow to prepend iptables rules for both IPv4 and IPv6

---
 defaults/main.yml  | 8 ++++++--
 templates/rules.v4 | 2 ++
 templates/rules.v6 | 2 ++
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index f2f9537..dd07cb3 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,9 +2,13 @@
 iptables__state: install
 iptables__drop_by_default: false
 iptables__allow_output_ifaces: []
+
 iptables__v4_filter_prepend: null
-iptables__v4_filter_append: null
-iptables__v4_nat: null
 iptables__v6_filter_prepend: null
+iptables__all_filter_prepend: null
+
+iptables__v4_filter_append: null
 iptables__v6_filter_append: null
+
+iptables__v4_nat: null
 iptables__v6_nat: null
diff --git a/templates/rules.v4 b/templates/rules.v4
index 22666f3..f354a16 100644
--- a/templates/rules.v4
+++ b/templates/rules.v4
@@ -31,6 +31,8 @@ COMMIT
 
 {{ iptables__v4_filter_prepend }}
 
+{{ iptables__all_filter_prepend }}
+
 # Allow all loopback (lo) traffic and reject anything
 # to localhost that does not originate from lo.
 -A INPUT   -i lo                -j ACCEPT
diff --git a/templates/rules.v6 b/templates/rules.v6
index 1eab748..dcff29a 100644
--- a/templates/rules.v6
+++ b/templates/rules.v6
@@ -31,6 +31,8 @@ COMMIT
 
 {{ iptables__v6_filter_prepend }}
 
+{{ iptables__all_filter_prepend }}
+
 # Allow all loopback (lo) traffic and reject anything
 # to localhost that does not originate from lo.
 -A INPUT   -i lo           -j ACCEPT