From 9c14bd50f23afda63b7973d8c5d20fef55f0fba7 Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Tue, 4 Jun 2013 16:37:06 +0000 Subject: [PATCH] Add iptables for sign, drop no longer needed postfix (it's in base) --- files/iptables/iptables.sign | 12 ++++++++++++ inventory/group_vars/sign | 1 + playbooks/groups/sign.yml | 1 - 3 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 files/iptables/iptables.sign diff --git a/files/iptables/iptables.sign b/files/iptables/iptables.sign new file mode 100644 index 0000000000..4e88ecba74 --- /dev/null +++ b/files/iptables/iptables.sign @@ -0,0 +1,12 @@ +# {{ ansible_managed }} +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -p icmp -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -j REJECT --reject-with icmp-host-prohibited +-A FORWARD -j REJECT --reject-with icmp-host-prohibited +COMMIT + diff --git a/inventory/group_vars/sign b/inventory/group_vars/sign index 4b42409a4a..d962812ae6 100644 --- a/inventory/group_vars/sign +++ b/inventory/group_vars/sign @@ -1,3 +1,4 @@ --- freezes: true postfix_group: sign +iptables: $files/iptables/iptables.sign diff --git a/playbooks/groups/sign.yml b/playbooks/groups/sign.yml index 8c69bdc793..ac21d3e770 100644 --- a/playbooks/groups/sign.yml +++ b/playbooks/groups/sign.yml @@ -20,7 +20,6 @@ - include: $tasks/base.yml - include: $tasks/rkhunter.yml - include: $tasks/motd.yml - - include: $tasks/postfix_basic.yml - include: $tasks/sign_setup.yml handlers: