proto (tcp udp) dport ntp ACCEPT;
proto (tcp udp) dport domain ACCEPT;
+ # Allow mail to be routed to smarthost. This may be less than
+ # idea: it seems safer to generate a list of system users to
+ # allow, and then require individual members to request smtp
+ # access. We'll leave that for the wheezy machines.
+ proto tcp dport smtp daddr mail.hcoop.net ACCEPT;
+
# root needs port 80 for things like apt-get
mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
HCoop / hcoop / zz_old / debian / hcoop-firewall-config.git / blobdiff