library/roles/iptables/templates/iptables-rules.v4.j2: Do not duplicate the http (port 80) rule when letsencrypt is active.
This commit is contained in:
Andrea Dell'Amico
parent
e165511469
commit
36d88eb220
|
|
@ -32,7 +32,7 @@
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% else %}
|
{% else %}
|
||||||
# ssh is always open. We use denyhosts to prevent unauthorized accesses
|
# ssh is always open. We use denyhosts or fail2ban to prevent unauthorized accesses
|
||||||
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
|
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if iptables_open_all_to_isti_nets is defined and iptables_open_all_to_isti_nets %}
|
{% if iptables_open_all_to_isti_nets is defined and iptables_open_all_to_isti_nets %}
|
||||||
|
|
@ -41,9 +41,11 @@
|
||||||
-A INPUT -s {{ network.nmis }} -j ACCEPT
|
-A INPUT -s {{ network.nmis }} -j ACCEPT
|
||||||
-A INPUT -s {{ network.eduroam }} -j ACCEPT
|
-A INPUT -s {{ network.eduroam }} -j ACCEPT
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if http_port is not defined %}
|
||||||
{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
|
{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
|
||||||
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
|
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% endif %}
|
||||||
{% if http_port is defined %}
|
{% if http_port is defined %}
|
||||||
# http
|
# http
|
||||||
{% if http_allowed_hosts is defined %}
|
{% if http_allowed_hosts is defined %}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue