From 8fa63cddfbf9fd690e696d8cc75c7c2029cceca0 Mon Sep 17 00:00:00 2001
From: VC <veretcle+framagit@mateu.be>
Date: Sun, 30 Mar 2025 09:36:31 +0200
Subject: [PATCH] =?UTF-8?q?=E2=9A=A1:=20exclude=20external=20webservers=20?=
 =?UTF-8?q?from=20Firewall=20ACL?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/firewall/templates/firewall.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/firewall/templates/firewall.j2 b/roles/firewall/templates/firewall.j2
index bf4ea04..168393b 100644
--- a/roles/firewall/templates/firewall.j2
+++ b/roles/firewall/templates/firewall.j2
@@ -189,7 +189,7 @@ config redirect
 	option target 'DNAT'
 
 # Allow Web traffic IN
-{% for host in groups['webservers'] | sort %}
+{% for host in groups['webservers'] | difference(groups['disabled_loadbalanced_webservers']) | sort %}
 config rule
 	option name 'Allow-INPUT-{{ hostvars[host]['ansible_host'] }}-Web'
 	option src 'wan'