forked from ISTI-ansible-roles/ansible-roles
library/roles/iptables/templates/iptables-rules.v4.j2: Do not duplicate the http (port 80) rule when letsencrypt is active.
This commit is contained in:
parent
e165511469
commit
36d88eb220
|
@ -32,7 +32,7 @@
|
|||
{% endfor %}
|
||||
{% endif %}
|
||||
{% else %}
|
||||
# ssh is always open. We use denyhosts to prevent unauthorized accesses
|
||||
# ssh is always open. We use denyhosts or fail2ban to prevent unauthorized accesses
|
||||
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
|
||||
{% endif %}
|
||||
{% if iptables_open_all_to_isti_nets is defined and iptables_open_all_to_isti_nets %}
|
||||
|
@ -41,9 +41,11 @@
|
|||
-A INPUT -s {{ network.nmis }} -j ACCEPT
|
||||
-A INPUT -s {{ network.eduroam }} -j ACCEPT
|
||||
{% endif %}
|
||||
{% if http_port is not defined %}
|
||||
{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
|
||||
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if http_port is defined %}
|
||||
# http
|
||||
{% if http_allowed_hosts is defined %}
|
||||
|
|
Loading…
Reference in New Issue