Netscaler ACL

Using ACL's to restrict SMTP Access from specific hosts.

I recently had to configure a Citrix Netscaler (version 10.5) to load balance SMTP mail for an organisation. They were using Microsoft's smart mail host, so I wanted to restrict access to specific IP addresses. All configuration is done via the CLI - but you can do this in the GUI - navigate to Configuration / System / Network / ACLs

The remote addresses I will use here, are 1.1.1.1 and 2.2.2.2

> add ns acl ALLOW-SMTP-1.1.1.1 ALLOW -srcIP =  1.1.1.1  -destPort = 25 -protocol TCP -priority 10
 Done
> add ns acl ALLOW-SMTP-2.2.2.2 ALLOW -srcIP =  2.2.2.2  -destPort = 25 -protocol TCP -priority 20
 Done
> add ns acl RESTRICT-SMTP-ALL DENY -srcIP = 0.0.0.0-* -destPort = 25 -protocol TCP -priority 50 
 Done

Note there is no implicit deny or accept at the end of the ACL, so you must restrict the source addresses yourself...

After configuring the above ACL's - apply them

> apply ns acls
 Done

If you need to remove the ACL's then you can remove one at a time 

rm ns acl ALLOW-SMTP-1.1.1.1

or remove them all at once:

clear ns acl