With iptables I can change the for example INPUT policy with iptables -P INPUT DROP to drop. Is there any option to do the same with nft?
Editing /etc/nftables.conf would work of course but that is not what I want.
Please note, this is not like the other question asked about the same topic (wrong SSL setup, whatever)! My mail setup works fine, IMAP / POP3 login and smtp is just working.
But I have some log entries I do not understand.
The machine has two interfaces.
eth0 -> 172.16.5.12 (an internal IP)
eth1 -> public IP address
dovecot: auth: Debug: auth client connected (pid=x)
dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=172.16.5.12, lip=172.16.5.12, TLS, session=<xxxasd>
Postfix uses Dovecot as auth backend (if this is important). I do not perform any other IMAP login from the machine itself.
What I wonder is, why it uses the IP 172.16.5.12 and not even 127.0.0.1 if there would be any attemp.
What I tried:
-A INPUT -i eth0 -p tcp -m tcp --dport 143 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 993 -j DROP
Log entries are still there. If any config snippet is needed to debug what this is, please let me know!
--
I have another mailserver with nearly similar setup, on this server the rip and lip in the maillog is the public IP address from eth1.
I want to connect several devices (in the LAN) to the Internet via a single public IPv6 address.
Unfortunately I did not find a good way to do this. The only idea I had was to tunnel everything from the PF/OPNsense via OpenVPN to an Raspberry Pi or similar before the Sense and then go to the Internet with the IPv6 from the Pi.
The planned setup would be Internet (WAN) - Fritzbox (LAN1) - PFSense / OPNsense (with WAN interface) - LAN2
Are there any other possibilities? The VPN solution is not really nice.
Why? Assigning each (private) device its own public IP (also with privacy extension) simplifies tracking. In addition, some devices do not have a privacy extension or it is not active.
I tried to grant cn=admin,ou=Administrators,dc=example,dc=com full write access to ou=People,dc=example,dc=com so that this admin can create (and of course read) new entries under ou=People and also can modify them (e.g. changing passwords).
My ldif file looks like
dn: olcDatabase={1}mdb,cn=config
changetype: modify
add: olcAccess
olcAccess: {4}to dn.subtree="ou=People,dc=example,dc=com" by dn.exact="cn=admin,ou=Administrators,dc=example,dc=com" write
After running it with
ldapadd -Y EXTERNAL -H ldapi:/// -f permission.ldif, I just got
SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
modifying entry "olcDatabase={1}mdb,cn=config"
Anyone can explain what is wrong here and how to do it correct? Tried quite a lot things which I found online.