Merge branch 'limit-apollo-mail-ports' into 'master'

limit port 25 on apollo to mail.archlinux.org only See merge request !162

Merge branch 'limit-apollo-mail-ports' into 'master'
c923dfda · Jelle van der Waa · 7c9f0b11 · 0df643a7 · c923dfda
Commit c923dfda authored 4 years ago by Jelle van der Waa
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@@ -109,6 +109,21 @@
    - smtp
    - smtp-submission
    - smtps
-  when: postfix_smtpd_public and configure_firewall
+  when: postfix_smtpd_public and configure_firewall and inventory_hostname != "apollo.archlinux.org"
+  tags:
+    - firewall
+
+
+- name: open ipv4 firewall holes on apollo
+  ansible.posix.firewalld: permanent=true state=enabled immediate=yes
+    rich_rule="rule family=ipv4 source address={{ hostvars['mail.archlinux.org']['ipv4_address'] }} port protocol=tcp port=25 accept"
+  when: postfix_smtpd_public and configure_firewall and inventory_hostname == "apollo.archlinux.org"
+  tags:
+    - firewall
+
+- name: open ipv6 firewall holes on apollo
+  ansible.posix.firewalld: permanent=true state=enabled immediate=yes
+    rich_rule="rule family=ipv6 source address={{ hostvars['mail.archlinux.org']['ipv6_address'] }} port protocol=tcp port=25 accept"
+  when: postfix_smtpd_public and configure_firewall and inventory_hostname == "apollo.archlinux.org"
  tags:
    - firewall