White listing a specific remote IP address
Patrick Ben Koetter
p at sys4.de
Sat Aug 19 09:40:56 CEST 2017
* Stephen Davies <sdavies at sdc.com.au>:
> On 18/08/17 17:04, Patrick Ben Koetter wrote:
> > * Stephen Davies <sdavies at sdc.com.au>:
> > > I can see how to white list a domain but not a specific IP address.
> >
> > @client_ipaddr_policy = (
> > [qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
> > [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
> > [qw( 192.2.0.1/32 )] => 'WHITELIST',
> > \@mynetworks => 'MYNETS'
> > );
> >
> > $policy_bank{'WHITELIST'} = {
> > bypass_spam_checks_maps => [1],
> > ...
> > };
> >
> >
> > HTH,
> >
> > p at rick
> >
>
> Thanks. That looks good.
>
> What is the bang before 172.16.1.0/24 (negative?)?
Correct. It negates the expression and excempts the /24 from the /12 it
logically is part of. The list is read from left to right (or top to bottom)
and the first match wins. This said order definitely matters in this list.
This way 172.16.1.0/24 is not part of PRIVATENETS:
PRIVATENETS is
is not !172.16.1.0/24 # first match for 172.16.1.1
is 172.16.0.0/12
is 192.168.0.0/16
Put the other way around 172.16.1.0/24 would be part of PRIVATENETS, because
172.16.0.0/12 matches first:
PRIVATENETS is
is 172.16.0.0/12 # first match for 172.16.1.1
is not !172.16.1.0/24
is 192.168.0.0/16
Regards,
p at rick
--
[*] sys4 AG
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
More information about the amavis-users
mailing list