Feature request: exclude IP/network in allow_nets extra field

[@lbutlr]

On 30 Apr 2019, at 00:20, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote:
> On Apr 30, 2019, at 11:21 AM, @lbutlr via dovecot <dovecot at dovecot.org> wrote:
>> 
>> On 29 Apr 2019, at 19:56, Zhang Huangbin via dovecot <dovecot at dovecot.org> wrote:
>>> Recently we need to allow some users to login from everywhere except some IP/networks,
>> 
>> Can you use firewall rules for this?
> 
> I suppose not. We don't restrict ALL users this way, just few of them.

This iOS sounding odder and odder.

> And the client IP addresses may change frequently, not static IPs.

And? How is that an issue? Either way you are going to have to change a configuration. At least with a fireball, you don't have to reload dovecot each time.

>>> how can we accomplish this with "allow_nets"?
>> 
>> Allow_nets specifies allowed networks. Doesn't say anything else about any other use.
>> 
>> "The allow_nets field is a comma separated list of IP addresses and/or networks where the user is allowed to log in from."
> 
> I understand what "allow" means. But it will be very handy to support something like "!a.b.c.d" to allow all but just exclude few IPs/networks. Isn't it? :)

I cannot imagine a case where I would find this useful, no.


-- 
"You never really understand a person until you see things from his
point of view, until you climb inside of his skin and walk around in
it."