From 293811ef05bee32d1d5b6fd9ed7a06905365c529 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Wed, 1 Jul 2020 18:35:12 +0200
Subject: [PATCH] loop on the allowed networks when configuring the rules for a
 smtp relay.

---
 library/roles/iptables/templates/iptables-rules.v4.j2 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/library/roles/iptables/templates/iptables-rules.v4.j2 b/library/roles/iptables/templates/iptables-rules.v4.j2
index b6360ec9..8520f085 100644
--- a/library/roles/iptables/templates/iptables-rules.v4.j2
+++ b/library/roles/iptables/templates/iptables-rules.v4.j2
@@ -243,7 +243,9 @@
 #
 # These are only needed on the machines that act as relay servers
 #
--A INPUT -p tcp -m multiport --dports 25,587,465 -s {{ network.nmis }} -j ACCEPT
+{% for cidr in postfix_relay_server_permitted_networks %}
+-A INPUT -p tcp -m multiport --dports 25,587,465 -s {{ cidr }} -j ACCEPT
+{% endfor %}
 -A INPUT -p tcp -m multiport --dports 25,587,465 -j REJECT --reject-with icmp-host-prohibited
 -A OUTPUT -p tcp -m multiport --dports 25,587,465 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
 {% if postfix_use_relay_host is defined and postfix_use_relay_host %}