ISTI-ansible-roles
/
ansible-roles
4
0
Fork 3
Code Issues Pull Requests Releases Wiki Activity

loop on the allowed networks when configuring the rules for a smtp relay.

This commit is contained in:
Andrea Dell'Amico 2020-07-01 18:35:12 +02:00
parent ff3a77b157
commit 293811ef05
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
library/roles/iptables/templates/iptables-rules.v4.j2
View File

@ -243,7 +243,9 @@
#
# These are only needed on the machines that act as relay servers
#
-A INPUT -p tcp -m multiport --dports 25,587,465 -s {{ network.nmis }} -j ACCEPT
{% for cidr in postfix_relay_server_permitted_networks %}
-A INPUT -p tcp -m multiport --dports 25,587,465 -s {{ cidr }} -j ACCEPT
{% endfor %}
-A INPUT -p tcp -m multiport --dports 25,587,465 -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -p tcp -m multiport --dports 25,587,465 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
{% if postfix_use_relay_host is defined and postfix_use_relay_host %}