Commit 208cd5d9 authored by Chris Croome's avatar Chris Croome

Added prompt for email gateway IP

parent 209c34bf
......@@ -22,6 +22,11 @@
private: no
default: chris@webarchitects.co.uk
- name: "email_gateway_ip"
prompt: "Are you using a email gateway? (default, 81.95.52.71 is mx.webarch.net) Leave blank for directly accepting email:"
private: no
default: 81.95.52.71
vars:
distro: stretch
root_email_forward: "{{ email }}" # this could be multiple, comma seperated addresses
......
......@@ -35,9 +35,13 @@ COMMIT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
# The following rule is for munin.webarch.net
-A INPUT -m state --state NEW -m tcp -p tcp -s 81.95.52.102 --dport 4949 -j ACCEPT
# The following rule is for mx.webarch.net
-A INPUT -m state --state NEW -m tcp -p tcp -s 81.95.52.71 --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp -s {{ app_ip_address.stdout }} --dport 25 -j ACCEPT
{% if email_gateway_ip is defined and if email_gateway_ip != "" %}
# The following rule is for the IP address of a email gateway
-A INPUT -m state --state NEW -m tcp -p tcp -s {{ email_gateway_ip }} --dport 25 -j ACCEPT
{% else %}
# Accept email from anywhere
-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
{% endif %}
-A INPUT -m state --state NEW -m tcp -p tcp -s 127.0.0.1/8 --dport 25 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment