mailman3: only allow LMTP from lists.al.org

d7ffbc09 · Kristian Klausen · ddaf5d72 · d7ffbc09
Commit d7ffbc09 authored 2 years ago by Kristian Klausen
--- a/roles/mailman3/tasks/main.yml
+++ b/roles/mailman3/tasks/main.yml
@@ -62,8 +62,9 @@
  become_user: mailman-web
  when: install.changed

- name: open firewall holes for mailman (LMTP)
-  ansible.posix.firewalld: port=8024/tcp zone=wireguard permanent=true state=enabled immediate=yes
+- name: open LMTP ipv4 port for lists.archlinux.org
+  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
+    rich_rule="rule family=ipv4 source address={{ hostvars['lists.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8024 accept"
  tags:
    - firewall