At 10:21 12.09.01 +0200, Gildas PERROT wrote:
>Hi,
>
>I am trying to understand how user-deny-ip and user-allow-IP work. I want to
>allow all IP except one to use SendSMS-user.
>I found that if I define user-allow-ip to "*.*.*.*" and user-deny-ip to that
>denied IP, it is still authorized but if I comment user-allow-ip, the deny
>works. Is it normal ? Does it mean that we can used user-deny-ip and
>user-allow-IP together ?
box-deny-ip = "*.*.*.*"
box-allow-ip = "127.0.0.1"
box-allow-ip = "152.96.192.53"
First we deny all Ip-Adresses
Then we allow requests from the localhost
and at last we also allow to contact from another remote machine.
You have to use both deny and allow!
With this last option Kannel is no more safe against IP-spoofed packages,
but all my machines are behinde a Firewall that denies every request
comming from the internet on the other side.
Silvio
--
Mac for work, Linux for network and Windows for Solitare.
