firewall/ipt-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for (local) dovecot auth service.

Browse Source
This commit is contained in:
Christoph 2019-09-03 17:54:46 +02:00
parent f87f7bbda0
commit 051e7da995
5 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
conf/main_ipv4.conf.sample
View File

@ -289,6 +289,23 @@ mail_user_ports="$standard_mailuser_ports"
mail_client_ips="" mail_client_ips=""
forward_mail_client_ips="" forward_mail_client_ips=""
# - Dovecot auth service
# -
dovecot_auth_service=false
# - Port listen for dovecot auth requests
# -
dovecot_auth_port=44444
# - Client Network(s) allowed to connect to dovecot's auth service
# -
# - Example:
# - dovecot_auth_allowed_networks="192.68.11.64/27 194.150.169.139"
# -
dovecot_auth_allowed_networks=""
# - FTP Server # - FTP Server
# - # -
ftp_server_ips="" ftp_server_ips=""

17
conf/main_ipv6.conf.sample
View File

@ -305,6 +305,23 @@ mail_user_ports="$standard_mailuser_ports"
mail_client_ips="" mail_client_ips=""
forward_mail_client_ips="" forward_mail_client_ips=""
# - (local) Dovecot auth service
# -
dovecot_auth_service=false
# - Port listen for dovecot auth requests
# -
dovecot_auth_port=44444
# - Client Network(s) allowed to connect to dovecot's auth service
# -
# - Example:
# - dovecot_auth_allowed_networks="2001:678:a40:3000::/64 2a01:30:0:13:2f7:50ff:fed2:cef7"
# -
dovecot_auth_allowed_networks=""
# - FTP Server # - FTP Server
# - # -
ftp_server_ips="" ftp_server_ips=""

8
conf/post_decalrations.conf
View File

@ -272,6 +272,14 @@ for _ip in $forward_mail_client_ips ; do
forward_mail_client_ip_arr+=("$_ip") forward_mail_client_ip_arr+=("$_ip")
done done
# ---
# - (local) Dovecot auth service
# ---
declare -a dovecot_auth_allowed_network_arr
for _port in $dovecot_auth_allowed_networks ; do
dovecot_auth_allowed_network_arr+=("$_port")
done
# --- # ---
# - IP Addresses Mumble Server # - IP Addresses Mumble Server
# --- # ---

21
ip6t-firewall-server
View File

@ -1361,6 +1361,27 @@ else
fi fi
# ---
# - (local) Dovecot auth service
# ---
echononl "\t\t(local) Dovecot auth service"
if [[ -n "$dovecot_auth_service" ]] && $dovecot_auth_service ; then
if [[ ${#dovecot_auth_allowed_network_arr[@]} -gt 0 ]] && [[ -n "$dovecot_auth_port" ]]; then
for _ip in ${dovecot_auth_allowed_network_arr[@]} ; do
$ip6t -A INPUT -p tcp -s $_ip --dport $dovecot_auth_port -m state --state NEW -j ACCEPT
done
echo_done
else
echo_failed
fi
else
echo_skipped
fi
# --- # ---
# - Mail Client (Submission/SMTPS/POPS/IMAPS) out only # - Mail Client (Submission/SMTPS/POPS/IMAPS) out only
# --- # ---

21
ipt-firewall-server
View File

@ -1637,6 +1637,27 @@ else
fi fi
# ---
# - (local) Dovecot auth service
# ---
echononl "\t\t(local) Dovecot auth service"
if [[ -n "$dovecot_auth_service" ]] && $dovecot_auth_service ; then
if [[ ${#dovecot_auth_allowed_network_arr[@]} -gt 0 ]] && [[ -n "$dovecot_auth_port" ]]; then
for _ip in ${dovecot_auth_allowed_network_arr[@]} ; do
$ipt -A INPUT -p tcp -s $_ip --dport $dovecot_auth_port -m state --state NEW -j ACCEPT
done
echo_done
else
echo_failed
fi
else
echo_skipped
fi
# --- # ---
# - HTTP(S) OUT # - HTTP(S) OUT
# --- # ---