fripost-ansible/roles/common/templates/etc/iptables, branch master Fripost ansible scripts Convert firewall to nftables. 2020-01-23T04:57:01+00:00 Guilhem Moulin guilhem@fripost.org 2020-01-23T03:29:12+00:00 7641a5d5d152db349082b1d0ec93a40888b2ef8e Debian Buster uses the nftables framework by default. 
Debian Buster uses the nftables framework by default.
MSA: Open 465/TCP for Email Submission over TLS. 2019-03-19T01:27:42+00:00 Guilhem Moulin guilhem@fripost.org 2019-03-19T01:27:42+00:00 b16aa5bd33e5ca4bdc8a0734e8db1f42611aa75b See RFC 8314 sec. 3.3 "Cleartext Considered Obsolete". 
See RFC 8314 sec. 3.3 "Cleartext Considered Obsolete".
Update 'IMAP', 'MSA' and 'LDAP-provider' roles to Debian Stretch. 2018-12-09T19:25:40+00:00 Guilhem Moulin guilhem@fripost.org 2018-12-09T17:41:06+00:00 e2ddcfc51f66c2a52a401064eab005e793f148ee 






Firewall: disable outgoing access to git:// remote servers.
2018-12-09T19:25:39+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-08T00:12:18+00:00

53c62a66705402235ef7077f5fab759b59c490cb

We don't need it anymore as we use https:// these days.





We don't need it anymore as we use https:// these days.







Define new host "calima" serving Nextcloud.
2018-12-03T02:43:48+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T02:37:19+00:00

5ad9fc5e963b9a461f60799d7f185a9e2e13522f












IPsec: allow ISAKMP over IPv6.
2018-12-03T02:43:41+00:00

Guilhem Moulin
guilhem@fripost.org

2018-12-03T02:14:22+00:00

78a300a2430cb2652c7839cd35400cc22122c798












Firewall: Allow DNS queries over TCP.
2018-04-04T14:15:14+00:00

Guilhem Moulin
guilhem@fripost.org

2018-04-04T14:15:05+00:00

7afde49053e95cf4125598927e8223007e393570












Perform recipient address verification on the MSA itself.
2018-04-04T14:11:20+00:00

Guilhem Moulin
guilhem@fripost.org

2018-04-04T14:11:20+00:00

b5a0be7a37e1bbc1aef2a7d1844a1da4aec5634f












Webmail: don't allow outgoing TCP/993 connections.
2017-06-15T09:20:55+00:00

Guilhem Moulin
guilhem@fripost.org

2017-06-15T09:20:52+00:00

7d3a9a5340d5faae1347bf010c193c36e1771fa1

We're going through IPsec to communicate with the IMAP server.





We're going through IPsec to communicate with the IMAP server.







Route all internal SMTP traffic through IPsec.
2016-07-10T03:14:29+00:00

Guilhem Moulin
guilhem@fripost.org

2016-07-10T03:13:33+00:00

bf960a066466d7719ada8fe7bc3dec99d237b88a