| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
First off, thanks to all who replied: Frank Smith, Sean Ryan, Cary Penniman, and Binand. I should have been more clear about my setup, which is that the mail server is behind the firewall. The purpose for this rule is to block mass amounts of e-mail from sending out from virus infected laptop users. This happened and as a result got our IP banned from AOL, Yahoo, and AT&T. :-( Now with the rule in place, I don't have to worry about that situation recurring...or at least I can worry less. Ultimately, I used Frank's solution (which works perfectly) but with DROP instead of REJECT on the last rule. In his words: "At a minimum, all you should need to add would be the FORWARD rules I originally gave you. plus an 'established' rule. Order does matter, the first rule that matches a packet controls what happens to it. # allow established connections (allow replies to allowed packets) iptables -A FORWARD -m state --state ESTABLISHED -j ACCEPT # allow your mail server to send mail iptables -A FORWARD -p tcp -s 192.168.1.111 --dport 25 -j ACCEPT # also allow it to receive mail iptables -A FORWARD -p tcp -d 192.168.1.111 --dport 25 -j ACCEPT # reject all other SMTP connections iptables -A FORWARD -p tcp --dport 25 -j REJECT This assumes you have 'state' match support (which you probably do since I think it is required to do NAT in iptables)." Thanks again! Chris Fischer _______________________________________________ LinuxManagers mailing list - http://www.linuxmanagers.org submissions: LinuxManagers@xxxxxxxxxxxxxxxxx subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers
[Home] [Kernel List] [Linux SCSI] [Video 4 Linux] [Linux Admin] [Yosemite News] [Motherboards]