src.dualinventive.com/devops/ansible-dtap/rootnet-roles/di-rsync-uploads/templates/01-rsync-uploads.rules.j2

# {{ ansible_managed }}
# allow SSH to and from rsync target
$ip4 -A custom -i $outside_int -p tcp --dport 22 -s {{ di_rsync_uploads_target }} -m conntrack --ctstate NEW -j ACCEPT
$ip4 -A custom -o $outside_int -p tcp --dport 22 -d {{ di_rsync_uploads_target }} -m conntrack --ctstate NEW -j ACCEPT