From 89b5593abf8f9d55b0f6a047534c3246d92d30b2 Mon Sep 17 00:00:00 2001
From: Jon <jonathon.lockwood@networkedweb.com>
Date: Mon, 18 Mar 2024 19:08:33 +0930
Subject: [PATCH] fix(firewall): dont add rules for disabled features

!48
---
 .../templates/iptables-kubernetes.rules.j2           | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2 b/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
index 839773d..53f0a21 100644
--- a/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
+++ b/roles/nfc_kubernetes/templates/iptables-kubernetes.rules.j2
@@ -162,9 +162,17 @@
 
       {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-four -s ' + kubernetes_host + ' -j ACCEPT'] -%}
 
-      {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
+      {%- if false -%}{# see IPv6 is disabled #}
+        
+        {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-flannel-wg-six -s ' + kubernetes_host + ' -j ACCEPT'] -%}
+      
+      {%- endif -%}
 
-      {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
+      {%- if false -%}{# see Installation-manifest-Calico_Cluster.yaml.j2 bgp is disabled #}
+      
+        {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-bgp -s ' + kubernetes_host + ' -j ACCEPT'] -%}
+
+      {%- endif -%}
 
       {%- set data.firewall_rules = data.firewall_rules + ['-I kubernetes-calico-typha -s ' + kubernetes_host + ' -j ACCEPT'] -%}