Netscaler ACL

Using ACL's to restrict SMTP Access from specific hosts.

I recently had to configure a Citrix Netscaler (version 10.5) to load balance SMTP mail for an organisation. They were using Microsoft's smart mail host, so I wanted to restrict access to specific IP addresses. All configuration is done via the CLI - but you can do this in the GUI - navigate to Configuration / System / Network / ACLs

The remote addresses I will use here, are and

> add ns acl ALLOW-SMTP- ALLOW -srcIP =  -destPort = 25 -protocol TCP -priority 10
> add ns acl ALLOW-SMTP- ALLOW -srcIP =  -destPort = 25 -protocol TCP -priority 20
> add ns acl RESTRICT-SMTP-ALL DENY -srcIP =* -destPort = 25 -protocol TCP -priority 50 

Note there is no implicit deny or accept at the end of the ACL, so you must restrict the source addresses yourself...

After configuring the above ACL's - apply them

> apply ns acls

If you need to remove the ACL's then you can remove one at a time 

rm ns acl ALLOW-SMTP-

or remove them all at once:

clear ns acl