J.M. Althoff
2002-Nov-20 22:59 UTC
[Shorewall-users] Allow pop3 from IP address or IP range
Hello, I have been looking for two days for a way to allow an specified fixed IP address to connect on the FW on port 110 (pop3) to fetch email. A rules accept does not accept IP and on a list I found some answer about custom zone and policy but they both seem not to allow an IP address to accept. What I need is the rule set for example IP 123.123.123.123 (brothers fixed IP) to be able to connect to 234.234.234.234 (my Linux box) on port 110 with tcp to get his mail and a same rule set for my uncle with a dhcp address from his provider so he would need a range.. Yes I could just open a rule set "accept net fw tcp 110" but this will open pop3 for everyone on the net which I do not want there is no public service and nothing to snoop.. ;-) Groetjes / greetings J.M. Althoff -- email : m.althoff@althoffcentral.com / scouty@bromberg.demon.nl althoffcentral : http://www.althoffcentral.com / scouting : http://www.cycloongroep.nl ---------------------------------------- -------------------- All incoming & outgoing mail is scanned with Mail-Scanner, Mcafee for Linux and checked for spam by Third party RBL databases and Procmail. Please report errors to : postmaster@althoffcentral.com Mail-Scanner (Linux/Sendmail plugin) www.mailscanner.co.uk ---------------------------------------- --------------------
shorewall at bolibompa
2002-Nov-20 23:15 UTC
[Shorewall-users] Allow pop3 from IP address or IP range
Hi,> -----Original Message----- > From: J.M. Althoff [mailto:scouty@bromberg.demon.nl]=20 > Posted At: den 20 november 2002 23:59 > Posted To: shorewall > Conversation: [Shorewall-users] Allow pop3 from IP address or IP range > Subject: [Shorewall-users] Allow pop3 from IP address or IP range >=20 >=20 > Hello, >=20 > I have been looking for two days for a > way to allow an specified fixed > IP address to connect on the FW on port > 110 (pop3) to fetch email. > A rules accept does not accept IP and on > a list I found some answer about > custom zone and policy but they both > seem not to allow an IP address > to accept. What I need is the rule set > for example IP 123.123.123.123 > (brothers fixed IP) to be able to > connect to 234.234.234.234 (my Linux > box)ACCEPT net:123.123.123.123 fw tcp 110> on port 110 with tcp to get his mail and > a same rule set for my uncle with a > dhcp address from his provider so he > would need a range..=20ACCEPT net:123.123.123.0/27 fw tcp 110 Yes I could> just open a rule set "accept net fw tcp > 110" but this will open pop3 for > everyone on the net which I do not want > there is no public service and > nothing to snoop.. ;-) >=20 > Groetjes / greetings > J.M. AlthoffHTH, Orjan>=20 > -- > email : m.althoff@althoffcentral.com / > scouty@bromberg.demon.nl > althoffcentral : > http://www.althoffcentral.com / scouting > : http://www.cycloongroep.nl >=20 > ---------------------------------------- > -------------------- > All incoming & outgoing mail is scanned > with Mail-Scanner, > Mcafee for Linux and checked for spam by > Third party RBL databases > and Procmail. Please report errors to : > postmaster@althoffcentral.com > Mail-Scanner (Linux/Sendmail plugin) > www.mailscanner.co.uk > ---------------------------------------- > -------------------- >=20 >=20 >=20 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >=20
--On Wednesday, November 20, 2002 11:59:01 PM +0100 "J.M. Althoff" <scouty@bromberg.demon.nl> wrote:> Hello, > > I have been looking for two days for a > way to allow an specified fixed > IP address to connect on the FW on port > 110 (pop3) to fetch email. > A rules accept does not accept IPIt DOES accept an IP address!!!!! and on> a list I found some answer about > custom zone and policy but they both > seem not to allow an IP address > to accept. What I need is the rule set > for example IP 123.123.123.123 > (brothers fixed IP) to be able to > connect to 234.234.234.234 (my Linux > box) > on port 110 with tcp to get his mail and > a same rule set for my uncle with a > dhcp address from his provider so he > would need a range.. Yes I could > just open a rule set "accept net fw tcp > 110" but this will open pop3 for > everyone on the net which I do not want > there is no public service and > nothing to snoop.. ;-)ACCEPT net:<brothers IP>,<uncles IP> fw tcp 110 -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://shorewall.sf.net ICQ: #60745924 \ teastep@shorewall.net