From fb637796fc19d99f9b228f54d6a7538563ca91f8 Mon Sep 17 00:00:00 2001 From: Christoph Date: Sat, 17 Sep 2022 12:56:45 +0200 Subject: [PATCH] Add Readme file adn comments for/in postfwd2 resources. --- DOC/postfwd/README.processing-rule-sets | 63 +++++++++++++++++++++++++ DOC/{ => postfwd}/README.test.postfwd2 | 0 install_postfix_advanced.sh | 30 ++++++++++++ install_postfwd.sh | 30 ++++++++++++ 4 files changed, 123 insertions(+) create mode 100644 DOC/postfwd/README.processing-rule-sets rename DOC/{ => postfwd}/README.test.postfwd2 (100%) diff --git a/DOC/postfwd/README.processing-rule-sets b/DOC/postfwd/README.processing-rule-sets new file mode 100644 index 0000000..dd5ceb5 --- /dev/null +++ b/DOC/postfwd/README.processing-rule-sets @@ -0,0 +1,63 @@ + +# --- +# +# Processing of the Rule Sets +# +# The parser checks the elements of a policy delegation request against the postfwd set +# of rules and, if necessary, triggers the configured action (action=). Similar to a +# classic firewall, a rule is considered true if every element of the set of rules (or +# one from every element list) applies to the comparison. I.e. the following rule: +# +# client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT +# +# triggers a REJECT if the +# Client address is equal (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown' +# +# +# Note: +# If an element occurs more than once, an element list is formed: +# +# The following rule set is equivalent to the above: +# +# client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT +# +# triggers a REJECT if (as above) the +# Client address (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown' +# +# --- + + + +# --- +# +# Verarbeitung des Regelwerks +# +# Der Parser prüft die Elemente eines Policy Delegation Requests gegen das postfwd +# Regelwerk und löst ggf die konfigurierte Aktion (action=) aus. Ähnlich einer +# klassischen Firewall gilt eine Reg el als wahr, wenn jedes Element des Regelwerkes +# (bzw eines aus jeder Elementliste) beim Vergleich zutrifft. D.h. folgende Regel: +# +# client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT +# +# löst einen REJECT aus, wenn die +# +# Client Adresse (1.1.1.1 ODER 1.1.1.2) UND der Client Name 'unknown' +# +#ist. +# +# +# !! Bemerkung !!: +# +# Bei mehrfachem Vorkommen eines Elementes wird eine Elementliste gebildet: +# +# Das folgende Regelwerk (Rule Set) ist equivalent zu dem oben genannte: +# +# client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT +# +# löst einen REJECT aus, wenn (wie oben) die +# +# Client Adresse (1.1.1.1 ODER 1.1.1.2) UND der Client Name 'unknown' +# +# ist. +# +# --- diff --git a/DOC/README.test.postfwd2 b/DOC/postfwd/README.test.postfwd2 similarity index 100% rename from DOC/README.test.postfwd2 rename to DOC/postfwd/README.test.postfwd2 diff --git a/install_postfix_advanced.sh b/install_postfix_advanced.sh index b6d56fa..5344d04 100755 --- a/install_postfix_advanced.sh +++ b/install_postfix_advanced.sh @@ -1200,6 +1200,36 @@ if [[ ! -f "/etc/postfix/postfwd.cf" ]]; then #======= Rule Sets ============ +# --- +# +# Processing of the Rule Sets +# +# The parser checks the elements of a policy delegation request against the postfwd set +# of rules and, if necessary, triggers the configured action (action=). Similar to a +# classic firewall, a rule is considered true if every element of the set of rules (or +# one from every element list) applies to the comparison. I.e. the following rule: +# +# client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT +# +# triggers a REJECT if the +# +# Client address is equal (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown' +# +# +# Note: +# If an element occurs more than once, an element list is formed: +# +# The following rule set is equivalent to the above: +# +# client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT +# +# +# triggers a REJECT if (as above) the +# +# Client address (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown' +# +# --- + # Whitelists # Whitelist trusted networks diff --git a/install_postfwd.sh b/install_postfwd.sh index bdbd3e2..3b43db2 100755 --- a/install_postfwd.sh +++ b/install_postfwd.sh @@ -387,6 +387,36 @@ echononl " Create configuration file '/etc/postfix/postfwd.cf'.." #======= Rule Sets ============ +# --- +# +# Processing of the Rule Sets +# +# The parser checks the elements of a policy delegation request against the postfwd set +# of rules and, if necessary, triggers the configured action (action=). Similar to a +# classic firewall, a rule is considered true if every element of the set of rules (or +# one from every element list) applies to the comparison. I.e. the following rule: +# +# client_address=1.1.1.1, 1.1.1.2; client_name==unknown; action=REJECT +# +# triggers a REJECT if the +# +# Client address is equal (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown' +# +# +# Note: +# If an element occurs more than once, an element list is formed: +# +# The following rule set is equivalent to the above: +# +# client_address=1.1.1.1; client_address=1.1.1.2; client_name==unknown; action=REJECT +# +# +# triggers a REJECT if (as above) the +# +# Client address (1.1.1.1 OR 1.1.1.2) AND the client name 'unknown' +# +# --- + # Whitelists # Whitelist trusted networks