From ff9e1e80aa6a71f408d722f553d90c546be262e5 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Wed, 3 Jul 2019 08:56:07 -0400 Subject: [PATCH] Fix for minifirewall bug in 8d352f100eea329e16f6a09035f8e879113891b8 The default OS websites would override all the default http sites. I removed those default http sites from the file and put them in the minifirewall_http_sites list. Since this would override the list anyway, it doesnt change much, except that someone who doesnt want to use the OS default websites should also override the related variables (minifirewall_default_*_http_sites) fixes #65 --- minifirewall/defaults/main.yml | 13 ++++++++++++- minifirewall/files/minifirewall.conf | 2 +- minifirewall/tasks/config.yml | 19 +++++++++---------- 3 files changed, 22 insertions(+), 12 deletions(-) diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 6d12777a..7defa14f 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -29,7 +29,18 @@ minifirewall_private_ports_udp: [] # Keep a null value to leave the setting as is # otherwise use an Array, eg. "minifirewall_ssh_ok: ['0.0.0.0/0']" minifirewall_dns_servers: Null -minifirewall_http_sites: Null + +minifirewall_http_sites: + - pub.evolix.net + - mirror.evolix.org + - hwraid.le-vert.net + - antispam00.evolix.org + - spamassassin.apache.org + - sa-update.space-pro.be + - sa-update.secnap.net + - www.sa-update.pccc.com + - sa-update.dnswl.org + minifirewall_https_sites: Null minifirewall_ftp_sites: Null minifirewall_ssh_ok: Null diff --git a/minifirewall/files/minifirewall.conf b/minifirewall/files/minifirewall.conf index 4e0d00ca..3de4f7f9 100644 --- a/minifirewall/files/minifirewall.conf +++ b/minifirewall/files/minifirewall.conf @@ -50,7 +50,7 @@ DNSSERVEURS='0.0.0.0/0' # HTTP authorizations # (you can use DNS names but set cron to reload minifirewall regularly) # (if you have HTTP proxy, set 0.0.0.0/0) -HTTPSITES='pub.evolix.net mirror.evolix.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org' +HTTPSITES='' # HTTPS authorizations HTTPSSITES='0.0.0.0/0' diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index 6a0d0483..5d851cbc 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -114,10 +114,17 @@ create: no when: minifirewall_dns_servers is not none +- name: Configure HTTPSITES + lineinfile: + dest: "{{ minifirewall_main_file }}" + line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'" + regexp: "HTTPSITES='.*'" + create: no + - name: Configure HTTPSITES for debian lineinfile: dest: "{{ minifirewall_main_file }}" - line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}'" + line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}' '{{ minifirewall_http_sites | join(' ') }}'" regexp: "HTTPSITES='.*'" create: no when: ansible_distribution == "Debian" @@ -125,19 +132,11 @@ - name: Configure HTTPSITES for ubuntu lineinfile: dest: "{{ minifirewall_main_file }}" - line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}'" + line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}' '{{ minifirewall_http_sites | join(' ') }}'" regexp: "HTTPSITES='.*'" create: no when: ansible_distribution == "Ubuntu" -- name: Configure HTTPSITES - lineinfile: - dest: "{{ minifirewall_main_file }}" - line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'" - regexp: "HTTPSITES='.*'" - create: no - when: minifirewall_http_sites is not none - - name: Configure HTTPSSITES lineinfile: dest: "{{ minifirewall_main_file }}"