minifirewall: do not open publicly ports except 22222

2024-01-24 11:45:24 +01:00 · 2024-01-24 11:45:24 +01:00 · 68d9d3c47c
parent 251416f3e8
commit 68d9d3c47c
2 changed files with 4 additions and 3 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -89,6 +89,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * webapps/nextcloud: fix Add Ceph volume to fstab : missing UUID= in src
 * webapps/nextcloud: fix misplaced gid attribute
 * webapps/nextcloud: fix missing gid
+* minifirewall: ports 25, 53, 443, 993, 995 not opened publicly by default anymore, ports 20, 21, 110, 143 not opened semi-publicly by default anymore.

 ### Removed

--- a/minifirewall/defaults/main.yml
+++ b/minifirewall/defaults/main.yml
@ -34,9 +34,9 @@ minifirewall_privilegied_ips: []

 minifirewall_protected_ports_tcp: [22]
 minifirewall_protected_ports_udp: []
-minifirewall_public_ports_tcp: [25, 53, 443, 993, 995, 22222]
-minifirewall_public_ports_udp: [53]
-minifirewall_semipublic_ports_tcp: [20, 21, 22, 80, 110, 143]
+minifirewall_public_ports_tcp: [22222]
+minifirewall_public_ports_udp: []
+minifirewall_semipublic_ports_tcp: [22, 80, 443]
 minifirewall_semipublic_ports_udp: []
 minifirewall_private_ports_tcp: [5666]
 minifirewall_private_ports_udp: []