On 08/12/2017 01:04 PM, mj (li...@merit.unu.edu) wrote:
How can you do last thing? Restrict access to an ip to a specific
process only? Does anyone know?
Just to share my own findings:
The only thing I came up with, is to try something like:
iptables -A OUTPUT -i lo --dport 143 -m owner --uid-owner 999 -j ACCEPT
iptables -A OUTPUT -i lo --dport 143 -j DROP
On our system: id sogo
uid=999(sogo) gid=999(sogo) groups=999(sogo)
(According to the man page -m owner is only valid in the OUTPUT chain)
But even if this would work, I'm unsure about potential unwanted
side-effects, plus it seems suboptimal to me...
Since the SOGo docs recommend to restrict access only to the sogo
process, I hope someone here has another tip/idea for us?
MJ
--
users@sogo.nu
https://inverse.ca/sogo/lists
