[Dovecot] IP Based Access
Alan Premselaar
alien at 12inch.com
Mon Jun 27 10:47:07 EEST 2005
matthieu imbert wrote:
> kasharif at citech-bd.com wrote:
>
>> Hi,
>> Can someone tell me how can I restrict 110 port access other than my IP
>> block?
>> if it through tcp-wrapper then how can i do that?
>> Thanking
>> Sharif
>>
>>
>>
>
> i would do it with netfilter/iptables (assuming you're on linux, with a
> recent enough distribution. Under bsd, use ipfilter, it's similar)
>
> something like:
>
> iptables -t filter -P INPUT DROP
> iptables -t filter -A INPUT -p tcp --dport 110 --source 10.0.0.0/8 -j
> ACCEPT
> iptables -t filter -A INPUT -p tcp -m state --state ESTABLISHED,RELATED
> -j ACCEPT
>
> this rule would block any incoming traffic except to port 110 coming
> from 10.x.x.x, and would allow any outgoing traffic
>
> i quickly write it from memory, so there may be errors (i mean, verify
> it :), and of course you should adapt it to your specific setup.
>
This is only good if the *ONLY* access you want to the machine is to be
on port 110 from the 10.0.0.0/8 subnet.
I'm pretty sure that's not what the OP wants.
alan
More information about the dovecot
mailing list