From 2e9108c96dd5adfd002dfda0774da06eb68d5d7d Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Thu, 29 Dec 2022 18:07:12 +0100
Subject: [PATCH] Source control of the jgroups source addresses.

---
 templates/iptables-rules.v4.j2 | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/templates/iptables-rules.v4.j2 b/templates/iptables-rules.v4.j2
index 9c060db..af45756 100644
--- a/templates/iptables-rules.v4.j2
+++ b/templates/iptables-rules.v4.j2
@@ -206,8 +206,15 @@
 {% if jgroups_mping_multicast_addr is defined and jgroups_mping_multicast_addr != jgroups_multicast_addr %}
 -A INPUT -m pkttype --pkt-type multicast -d {{ jgroups_mping_multicast_addr }} -j ACCEPT
 {% endif %}
+{% if jgroups_sources is defined %}
+{% for s in jgroups_sources %}
+-A INPUT -s {{ s }} -m state --state NEW -p tcp -m tcp --dport {{ jgroups_multicast_port }} -j ACCEPT
+-A INPUT -s {{ s }} -p udp -m udp --dport {{ jgroups_multicast_port }} -j ACCEPT
+{% endfor %}
+{% else %}
 -A INPUT -m state --state NEW -p tcp -m tcp --dport {{ jgroups_multicast_port }} -j ACCEPT
 -A INPUT -p udp -m udp --dport {{ jgroups_multicast_port }} -j ACCEPT
+{% endif %}
 {% if jgroups_multicast_net is defined %}
 -A INPUT -d {{ jgroups_multicast_net }} -j ACCEPT
 {% endif %}