Browse Source

minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))

log2mail-beats
Ludovic Poujol 1 year ago
parent
commit
02e8754d75
Signed by: lpoujol GPG Key ID: 6F563E6A4DD5DCEF
2 changed files with 5 additions and 4 deletions
  1. +1
    -0
      CHANGELOG.md
  2. +4
    -4
      minifirewall/templates/minifirewall.j2

+ 1
- 0
CHANGELOG.md View File

@ -83,6 +83,7 @@ The **patch** part changes incrementally at each release.
* certbot: Properly evaluate when apache is installed
* evolinux-base: Don't make alert5.service executable as systemd will complain
* webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
* minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
### Security


+ 4
- 4
minifirewall/templates/minifirewall.j2 View File

@ -7,7 +7,7 @@
# Copyright (c) 2007-2015 Evolix
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# as published by the Free Software Foundation; either version 3
# of the License.
# Description
@ -262,14 +262,14 @@ for x in $SSHOK
# SMTP authorizations
for x in $SMTPOK
do
$IPT -A INPUT -p tcp ! --syn --sport 25 --dport $PORTSUSER -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 25 --dport $PORTSUSER -s $x -j ACCEPT
done
# secure SMTP (TCP/465 et TCP/587) authorizations
for x in $SMTPSECUREOK
do
$IPT -A INPUT -p tcp ! --syn --sport 465 --dport $PORTSUSER -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 587 --dport $PORTSUSER -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 465 --dport $PORTSUSER -s $x -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 587 --dport $PORTSUSER -s $x -j ACCEPT
done
# NTP authorizations


Loading…
Cancel
Save