diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2 index bf4ea04..168393b 100644 --- a/roles/firewall/templates/firewall.j2 +++ b/roles/firewall/templates/firewall.j2 @@ -189,7 +189,7 @@ config redirect option target 'DNAT' # Allow Web traffic IN -{% for host in groups['webservers'] | sort %} +{% for host in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) | sort %} config rule option name 'Allow-INPUT-{{ hostvars[host]['ansible_host'] }}-Web' option src 'wan'