White listing a specific remote IP address

Patrick Ben Koetter p at sys4.de
Sat Aug 19 09:40:56 CEST 2017


* Stephen Davies <sdavies at sdc.com.au>:
> On 18/08/17 17:04, Patrick Ben Koetter wrote:
> > * Stephen Davies <sdavies at sdc.com.au>:
> > > I can see how to white list a domain but not a specific IP address.
> > 
> > @client_ipaddr_policy = (
> >      [qw( 0.0.0.0/8 127.0.0.1/32 [::] [::1] )] => 'LOCALHOST',
> >      [qw( !172.16.1.0/24 172.16.0.0/12 192.168.0.0/16 )] => 'PRIVATENETS',
> >      [qw( 192.2.0.1/32 )] => 'WHITELIST',
> >      \@mynetworks => 'MYNETS'
> > );
> > 
> > $policy_bank{'WHITELIST'} = {
> >      bypass_spam_checks_maps => [1],
> >      ...
> > };
> > 
> > 
> > HTH,
> > 
> > p at rick
> > 
> 
> Thanks. That looks good.
> 
> What is the bang before 172.16.1.0/24 (negative?)?

Correct. It negates the expression and excempts the /24 from the /12 it
logically is part of. The list is read from left to right (or top to bottom)
and the first match wins. This said order definitely matters in this list.

This way 172.16.1.0/24 is not part of PRIVATENETS:

PRIVATENETS is
    is not  !172.16.1.0/24      # first match for 172.16.1.1
    is      172.16.0.0/12
    is      192.168.0.0/16

Put the other way around 172.16.1.0/24 would be part of PRIVATENETS, because
172.16.0.0/12 matches first:

PRIVATENETS is
    is      172.16.0.0/12       # first match for 172.16.1.1
    is not  !172.16.1.0/24
    is      192.168.0.0/16

Regards,

p at rick

-- 
[*] sys4 AG
 
https://sys4.de, +49 (89) 30 90 46 64
Schleißheimer Straße 26/MG,80333 München
 
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer, Wolfgang Stief
Aufsichtsratsvorsitzender: Florian Kirstein
 


More information about the amavis-users mailing list