[Dovecot] IP Based Access

matthieu imbert matthieu.imbert at ens-lsh.fr
Sun Jun 26 13:21:09 EEST 2005


kasharif at citech-bd.com wrote:
> Hi,
> Can someone tell me how can I restrict 110 port access other than my IP
> block?
> if it through tcp-wrapper then how can i do that?
> Thanking
> Sharif
> 
> 
> 

i would do it with netfilter/iptables (assuming you're on linux, with a 
recent enough distribution. Under bsd, use ipfilter, it's similar)

something like:

iptables -t filter -P INPUT DROP
iptables -t filter -A INPUT -p tcp --dport 110 --source 10.0.0.0/8 -j ACCEPT
iptables -t filter -A INPUT -p tcp -m state --state ESTABLISHED,RELATED 
-j ACCEPT

this rule would block any incoming traffic except to port 110 coming 
from 10.x.x.x, and would allow any outgoing traffic

i quickly write it from memory, so there may be errors (i mean, verify 
it :), and of course you should adapt it to your specific setup.

-- 

    \|||/
    (o o)                              Matthieu Imbert
ooO-(_)-Ooo------------------------------------------



More information about the dovecot mailing list