evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity

Release 10.0.0 #100

Manually merged
jlecour merged 321 commits from unstable into stable 2020-05-13 11:25:49 +02:00
Conversation 0 Commits 321 Files changed 309 +5 -4
2 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 02e8754d75 - Show all commits

1
CHANGELOG.md
View file

@ -83,6 +83,7 @@ The **patch** part changes incrementally at each release.
* certbot: Properly evaluate when apache is installed
* evolinux-base: Don't make alert5.service executable as systemd will complain
* webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
* minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
### Security

8
minifirewall/templates/minifirewall.j2
View file

@ -7,7 +7,7 @@
# Copyright (c) 2007-2015 Evolix
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# as published by the Free Software Foundation; either version 3
# of the License.
# Description
@ -262,14 +262,14 @@ for x in $SSHOK
# SMTP authorizations
for x in $SMTPOK
do
$IPT -A INPUT -p tcp ! --syn --sport 25 --dport $PORTSUSER -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 25 --dport $PORTSUSER -s $x -j ACCEPT
done
# secure SMTP (TCP/465 et TCP/587) authorizations
for x in $SMTPSECUREOK
do
$IPT -A INPUT -p tcp ! --syn --sport 465 --dport $PORTSUSER -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 587 --dport $PORTSUSER -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 465 --dport $PORTSUSER -s $x -j ACCEPT
$IPT -A INPUT -p tcp ! --syn --sport 587 --dport $PORTSUSER -s $x -j ACCEPT
done
# NTP authorizations