library/roles/iptables/templates/iptables-rules.v4.j2: Do not duplicate the http (port 80) rule when letsencrypt is active.

This commit is contained in:
Andrea Dell'Amico 2016-08-04 16:56:59 +02:00
parent e165511469
commit 36d88eb220
1 changed files with 3 additions and 1 deletions

View File

@ -32,7 +32,7 @@
{% endfor %}
{% endif %}
{% else %}
# ssh is always open. We use denyhosts to prevent unauthorized accesses
# ssh is always open. We use denyhosts or fail2ban to prevent unauthorized accesses
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
{% endif %}
{% if iptables_open_all_to_isti_nets is defined and iptables_open_all_to_isti_nets %}
@ -41,9 +41,11 @@
-A INPUT -s {{ network.nmis }} -j ACCEPT
-A INPUT -s {{ network.eduroam }} -j ACCEPT
{% endif %}
{% if http_port is not defined %}
{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
{% endif %}
{% endif %}
{% if http_port is defined %}
# http
{% if http_allowed_hosts is defined %}