From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 22 Sep 2019 09:42:28 +0000 (+0200)
Subject: remove default firewall accept to port submission on the MXes
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=32b5ac5ca40ffc400447d5cf0db658a5ed484188;p=mirror%2Fdsa-puppet.git

remove default firewall accept to port submission on the MXes
---

diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 0157b1439..bcee6aa77 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -23,16 +23,6 @@ class exim::mx(
     notify => Service['exim4'],
   }
 
-  # MXs used as smarthosts
-  ferm::rule { 'dsa-exim-submission':
-    description => 'Allow SMTP',
-    rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
-  }
-  ferm::rule { 'dsa-exim-v6-submission':
-    description => 'Allow SMTP',
-    domain      => 'ip6',
-    rule        => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
-  }
   $autocertdir = hiera('paths.auto_certs_dir')
   dnsextras::tlsa_record{ 'tlsa-submission':
     zone     => 'debian.org',