I've got haproxy and need to provide smtp to servers which does not have direct connection.
Here is portion of my config:
listen smtp 10.12.23.10:3025
mode tcp
server smtp 172.30.33.12:25
#tcp-request inspect-delay 2s
acl white_list src 10.146.5.247 10.146.5.201
tcp-request content accept if white_list
tcp-request content reject
Any attempt to connect to the port are rejected. If I remove line tcp-request content reject
– works for everyone, but haproxy by default accepts everything.
What is correct way of letting in only two or more servers in?
I've tried following lines as well:
tcp-request content reject unless whitelist
tcp-request content reject if !whitelist
I have haproxy 1.4.18, if helps.
Best Answer
The con below works as expected for me on haproxy 1.4.15.
You can even remove the inspect delay line, but the clients would be rejected after the "timeout connect".