Also allow output smtp-submission

2024-10-06 11:40:05 +02:00 · 2024-10-06 11:40:05 +02:00 · 0ddb75d4c5
commit 0ddb75d4c5
parent 58d5ef7ed0
2 changed files with 7 additions and 3 deletions
--- a/roles/mailserver_postfix/files/nftables/output.d/smtp-submission.conf
+++ b/roles/mailserver_postfix/files/nftables/output.d/smtp-submission.conf
@ -0,0 +1 @@
+tcp dport {25, 587} accept comment "Allow SMTP/submission to all"
--- a/roles/mailserver_postfix/tasks/main.yml
+++ b/roles/mailserver_postfix/tasks/main.yml
@ -40,10 +40,13 @@
    mode: "644"
  notify: Restart postfix service

- name: Allow incoming SMTP/submission
+- name: Allow incoming and outgoing SMTP/submission
  become: true
  ansible.builtin.copy:
-    src: nftables/input.d/smtp-submission.conf
-    dest: /etc/nftables/input.d/smtp-submission.conf
+    src: "nftables/{{ item }}.d/smtp-submission.conf"
+    dest: "/etc/nftables/{{ item }}.d/smtp-submission.conf"
    mode: 0640
  notify: Reload nftables service
+  loop:
+    - input
+    - output
				`@ -0,0 +1 @@`
				`tcp dport {25, 587} accept comment "Allow SMTP/submission to all"`