mail done

2026-05-25 11:09:11 +02:00
parent 366a8cc197
commit 9729b28681
10 changed files with 123 additions and 71 deletions
@@ -9,61 +9,67 @@

    - name: Logging
      community.general.ufw:
-        logging: "low"
+        logging: "medium"

-    - name: Allow SSH
+    - name: UFW - Allow SSH
      community.general.ufw:
        rule: allow
-        name: OpenSSH
-        route: true
+        port: "22"
+        proto: tcp

-    - name: Allow samba
-      community.general.ufw:
-        rule: allow
-        name: samba
-        route: true
-
-    - name: Allow Mail
+    - name: UFW - Allow TCP in
      community.general.ufw:
        rule: allow
        port: '{{ item }}'
        proto: tcp
      loop:
-        - "465"
-        - "25"
-        - "587"
-        - "110"
-        - "995"
-        - "143"
-        - "993"
+        - "80"
+        - "139" # samba
+        - "443"
+        - "445" # samba
+        - "8448" # matrix federation

-    - name: UFW - Allow HTTP connections
+    - name: UFW - Allow TCP forward
      community.general.ufw:
        rule: allow
-        port: "80"
+        port: '{{ item }}'
        proto: tcp
        route: true
+      loop:
+        - "25" # mail
+        - "465" # mail
+        - "587" # mail
+        - "993" # mail
+        - "2222" # gitbee ssh
+        - "8448" # matrix federation

-    - name: UFW - Allow HTTPS connections
+    - name: UFW - Allow SMTP return
      community.general.ufw:
        rule: allow
-        port: "443"
-        proto: tcp
        route: true
+        interface_in: wg0
+        proto: tcp
+        to_port: "25"

-    - name: UFW - Allow gitbee ssh
+    - name: UFW - Allow UDP in
      community.general.ufw:
        rule: allow
-        port: "2222"
-        proto: tcp
-        route: true
+        port: '{{ item }}'
+        proto: udp
+      loop:
+        - "137" # samba
+        - "138" # samba

-    - name: UFW - Allow matrix federation
+    - name: UFW - Limiting
      community.general.ufw:
-        rule: allow
-        port: "8448"
+        rule: limit
+        port: '{{ item }}'
        proto: tcp
        route: true
+      loop:
+        - "465" # mail
+        - "587" # mail
+        - "993" # mail

    - name: UFW - Allow podman forwarding
      community.general.ufw:
@@ -72,6 +78,13 @@
        interface_out: podman+
        route: true

+    - name: UFW - Enable DNS from podman
+      community.general.ufw:
+        rule: allow
+        interface_in: podman+
+        proto: "udp"
+        to_port: 53
+
    - name: UFW - Allow wireguard incoming
      community.general.ufw:
        rule: allow
@@ -117,27 +130,20 @@
        interface_out: wg0
        route: true

-    - name: UFW - Allow podman forwarding 2
+    - name: UFW - Allow local network to podman
      community.general.ufw:
        rule: allow
        interface_in: eth0
        interface_out: podman+
        route: true

-    - name: UFW - Allow podman forwarding 3
+    - name: UFW - Allow podman to local network
      community.general.ufw:
        rule: allow
        interface_in: podman+
        interface_out: eth0
        route: true

-    - name: UFW - Enable DNS
-      community.general.ufw:
-        rule: allow
-        interface_in: podman+
-        proto: "udp"
-        to_port: 53
-
    - name: UFW - Allow node exporter scraping
      community.general.ufw:
        rule: allow