minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))

CHANGELOG.md

@@ -83,6 +83,7 @@ The **patch** part changes incrementally at each release.
 * certbot: Properly evaluate when apache is installed
 * evolinux-base: Don't make alert5.service executable as systemd will complain
 * webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
+* minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
 
 ### Security
 

minifirewall/templates/minifirewall.j2

@@ -7,7 +7,7 @@
 # Copyright (c) 2007-2015 Evolix
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
-# as published by the Free Software Foundation; either version 2
+# as published by the Free Software Foundation; either version 3
 # of the License.
 
 # Description
@@ -262,14 +262,14 @@ for x in $SSHOK
 # SMTP authorizations
 for x in $SMTPOK
     do
-        $IPT -A INPUT -p tcp ! --syn --sport 25 --dport $PORTSUSER -j ACCEPT
+        $IPT -A INPUT -p tcp ! --syn --sport 25 --dport $PORTSUSER -s $x -j ACCEPT
     done
 
 # secure SMTP (TCP/465 et TCP/587) authorizations
 for x in $SMTPSECUREOK
     do
-        $IPT -A INPUT -p tcp ! --syn --sport 465 --dport $PORTSUSER -j ACCEPT
-        $IPT -A INPUT -p tcp ! --syn --sport 587 --dport $PORTSUSER -j ACCEPT
+        $IPT -A INPUT -p tcp ! --syn --sport 465 --dport $PORTSUSER -s $x -j ACCEPT
+        $IPT -A INPUT -p tcp ! --syn --sport 587 --dport $PORTSUSER -s $x -j ACCEPT
     done
 
 # NTP authorizations