[BlueOnyx:13889] Re: Whitelists?
Greg Kuhnert
gkuhnert at compassnetworks.com.au
Sat Oct 19 17:29:10 -05 2013
Hi Jim.
On 18/10/2013, at 11:47 AM, Jim Matysek <matysekj at usms.org> wrote:
> We are (finally) upgrading from 5106 to 5108 this weekend on a new set
> of servers and installing a whole raft of new packages along with this.
> In doing so, I want to whitelist IP addresses from our office and from
> key employee's home IP addresses to prevent any issues (we've had APF
> block our office IP in the past due to someone having a bad mail
> password and having their mail client check every x minutes). Where and
> how do I put in IP addresses to always allow access to services when
> using the Solarspeed/Compass All Packages bundle?
>
> So far I have:
>
> - add an ALL record to /etc/hosts.allow
> - add IP address to /etc/apf/allow_hosts.rules
>
> Is there a way to permanently add something to iptables to avoid an IP
> from being blocked there?
>
> What about dfix?
dfix uses /etc/hosts.allow too - but it only allows individual IP's to be added. If you add subnet blocks, they will not be recognised by dfix.
Regards,
Greg.
More information about the Blueonyx
mailing list