Fix for minifirewall bug in 8d352f100e
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
The default OS websites would override all the default http sites. I removed those default http sites from the file and put them in the minifirewall_http_sites list. Since this would override the list anyway, it doesnt change much, except that someone who doesnt want to use the OS default websites should also override the related variables (minifirewall_default_*_http_sites) fixes #65
This commit is contained in:
Patrick Marchand
parent
8d352f100e
commit
ff9e1e80aa
|
|
@ -29,7 +29,18 @@ minifirewall_private_ports_udp: []
|
|||
# Keep a null value to leave the setting as is
|
||||
# otherwise use an Array, eg. "minifirewall_ssh_ok: ['0.0.0.0/0']"
|
||||
minifirewall_dns_servers: Null
|
||||
minifirewall_http_sites: Null
|
||||
|
||||
minifirewall_http_sites:
|
||||
- pub.evolix.net
|
||||
- mirror.evolix.org
|
||||
- hwraid.le-vert.net
|
||||
- antispam00.evolix.org
|
||||
- spamassassin.apache.org
|
||||
- sa-update.space-pro.be
|
||||
- sa-update.secnap.net
|
||||
- www.sa-update.pccc.com
|
||||
- sa-update.dnswl.org
|
||||
|
||||
minifirewall_https_sites: Null
|
||||
minifirewall_ftp_sites: Null
|
||||
minifirewall_ssh_ok: Null
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ DNSSERVEURS='0.0.0.0/0'
|
|||
# HTTP authorizations
|
||||
# (you can use DNS names but set cron to reload minifirewall regularly)
|
||||
# (if you have HTTP proxy, set 0.0.0.0/0)
|
||||
HTTPSITES='pub.evolix.net mirror.evolix.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
||||
HTTPSITES=''
|
||||
|
||||
# HTTPS authorizations
|
||||
HTTPSSITES='0.0.0.0/0'
|
||||
|
|
|
|||
|
|
@ -114,10 +114,17 @@
|
|||
create: no
|
||||
when: minifirewall_dns_servers is not none
|
||||
|
||||
- name: Configure HTTPSITES
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
|
||||
regexp: "HTTPSITES='.*'"
|
||||
create: no
|
||||
|
||||
- name: Configure HTTPSITES for debian
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}'"
|
||||
line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}' '{{ minifirewall_http_sites | join(' ') }}'"
|
||||
regexp: "HTTPSITES='.*'"
|
||||
create: no
|
||||
when: ansible_distribution == "Debian"
|
||||
|
|
@ -125,19 +132,11 @@
|
|||
- name: Configure HTTPSITES for ubuntu
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}'"
|
||||
line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}' '{{ minifirewall_http_sites | join(' ') }}'"
|
||||
regexp: "HTTPSITES='.*'"
|
||||
create: no
|
||||
when: ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Configure HTTPSITES
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'"
|
||||
regexp: "HTTPSITES='.*'"
|
||||
create: no
|
||||
when: minifirewall_http_sites is not none
|
||||
|
||||
- name: Configure HTTPSSITES
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue