From 2544a66b68473266d961560976cf3dc10a3ef70e Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <adellam@isti.cnr.it>
Date: Tue, 12 Jul 2016 15:33:46 +0200
Subject: [PATCH] library/roles/iptables/templates/iptables-rules.v4.j2: If we
 are going to install letsencrypt, open the port 80/tcp to the world.

---
 iptables/templates/iptables-rules.v4.j2 | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index f28fb135..22153079 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -41,6 +41,9 @@
 -A INPUT -s {{ network.nmis }} -j ACCEPT
 -A INPUT -s {{ network.eduroam }} -j ACCEPT
 {% endif %}
+{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
+{% endif %}
 {% if http_port is defined %}
 # http
 {% if http_allowed_hosts is defined %}