Commit 0df643a7 authored by Frederik Schwan's avatar Frederik Schwan Committed by Jelle van der Waa
Browse files

limit port 25 on apollo to mail.archlinux.org only

While apollo hosts patchwork it needs to receive mail for
patchwork@archlinux.org. Those mails are forwarded from
mail.archlinux.org. This implies apollo being configures for the
archlinux.org domain. Since Patchwork is not maintained anymore,
this is a quick fix to prevent sending of forged mails via
apollo.
parent 7c9f0b11
......@@ -109,6 +109,21 @@
- smtp
- smtp-submission
- smtps
when: postfix_smtpd_public and configure_firewall
when: postfix_smtpd_public and configure_firewall and inventory_hostname != "apollo.archlinux.org"
tags:
- firewall
- name: open ipv4 firewall holes on apollo
ansible.posix.firewalld: permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv4 source address={{ hostvars['mail.archlinux.org']['ipv4_address'] }} port protocol=tcp port=25 accept"
when: postfix_smtpd_public and configure_firewall and inventory_hostname == "apollo.archlinux.org"
tags:
- firewall
- name: open ipv6 firewall holes on apollo
ansible.posix.firewalld: permanent=true state=enabled immediate=yes
rich_rule="rule family=ipv6 source address={{ hostvars['mail.archlinux.org']['ipv6_address'] }} port protocol=tcp port=25 accept"
when: postfix_smtpd_public and configure_firewall and inventory_hostname == "apollo.archlinux.org"
tags:
- firewall
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment