summaryrefslogtreecommitdiffstats
path: root/roles/common/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/common/templates')
-rwxr-xr-xroles/common/templates/etc/nftables.conf.j24
1 files changed, 2 insertions, 2 deletions
diff --git a/roles/common/templates/etc/nftables.conf.j2 b/roles/common/templates/etc/nftables.conf.j2
index 098a66d..fc7691a 100755
--- a/roles/common/templates/etc/nftables.conf.j2
+++ b/roles/common/templates/etc/nftables.conf.j2
@@ -1,52 +1,52 @@
#!/usr/sbin/nft -f
define in-tcp-ports = {
{{ ansible_port|default(22) }}
{% if 'MX' in group_names %}
, 25 # SMTP
{% endif %}
-{% if 'LDAP-provider' in group_names %}
+{% if 'LDAP_provider' in group_names %}
, 636 # ldaps
{% endif %}
{% if 'IMAP' in group_names %}
, 993 # imaps
, 4190 # ManageSieve
{% endif %}
{% if 'MSA' in group_names %}
, 587 # submission [RFC4409]
, 465 # submission over TLS [RFC8314]
{% endif %}
{% if 'webmail' in group_names or 'lists' in group_names or 'wiki' in group_names or 'nextcloud' in group_names %}
, 80 # HTTP
, 443 # HTTP over SSL/TLS
{% endif %}
}
define out-tcp-ports = {
22
, 80 # HTTP
, 443 # HTTP over SSL/TLS
{% if 'out' in group_names or 'MSA' in group_names %}
, 25 # SMTP
{% endif %}
-{% if 'LDAP-provider' in group_names %}
+{% if 'LDAP_provider' in group_names %}
, 11371 # OpenPGP HTTP Keyserver
, 43 # whois
{% elif 'MX' in group_names or 'lists' in group_names or 'nextcloud' in group_names %}
, 636 # ldaps
{% endif %}
{% if 'IMAP' in group_names %}
, 2703 # Razor2
{% endif %}
}
###############################################################################
flush ruleset
table inet filter {
# blackholes
set fail2ban { type ipv4_addr; timeout 10m; }
set fail2ban6 { type ipv6_addr; timeout 10m; }
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-22 21:33:05 +0000