On 7/21/20 10:55 AM, jack wrote: > Hi - my first request: > > Using shorewall 4.5.4
Shorewall 4.5.4 is more than 8 years old!!!
> For some time now but I'm pretty much limited to a simple drop line
> in the blrules file and am having difficulty working out the more
> complex features- eg. I can do:
>
> DROP net:123.123.123.123-456.456.456.456 all
> and its configured and working ok.
>
> What I would like to do is drop everything except incoming email
> from an IP or range of IP's as above.
>
> I'm getting confused reading the docs and am not sure if I can do this
> just using blrules.
>
> I tried adding an ACCEPT net:x.x.x.x-y.y.y.y 993,995
The correct rule would be:
ACCEPT net:x.x.x.x-y.y.y.y all tcp 993,995
The 'all' in the DEST column should probably be replaced by the zone
where your imap and pop servers live.
>
> above the drop line but this doesnt seem to be the way to do this.
> I'm not sure if I need to modify any of the other files.
>
> As this is a live site I'm reluctant to keep experimenting without some
> more knowledgable input.
> Any advice or pointers would be welcome.
>
Any particular reason why you are using blrules for this filtering
rather than the rules file?
-Tom
--
Tom Eastep \ Q: What do you get when you cross a mobster
Shoreline, \ with an international standard?
Washington, USA \ A: Someone who makes you an offer you
http://shorewall.org \ can't understand
\________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
