# {{ ansible_managed }}
# allow SSH to and from rsync target
$ip4 -A custom -i $outside_int -p tcp --dport 22 -s {{ di_rsync_uploads_target }} -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -o $outside_int -p tcp --dport 22 -d {{ di_rsync_uploads_target }} -m conntrack --ctstate NEW -j ACCEPT