On Wednesday, 18.05.2005 at 11:37 +0200, Samuel Díaz García wrote: > You need something as this in your linux router/firewall box: > > #!/bin/sh > ip_mail_srv=a.b.c.d > > iptables -t filter -A INPUT -d $ip_mail_srv -p tcp --dport 25 --syn -j > ACCEPT > iptables -t filter -A INPUT -p tcp --dport 25 --syn -j DROP That doesn't look right. If the mail server is NOT the same system as the firewall, then nothing will pass on the INPUT chain to the firewall destined for the mail server. > #the same in FORWARD chain: > > iptables -t filter -A FORWARD -d $ip_mail_srv -p tcp --dport 25 --syn -j > ACCEPT > iptables -t filter -A FORWARD -p tcp --dport 25 --syn -j DROP The first of the above two rules will work partly, but won't allow any SMTP traffic *from* the mail server back out ... Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature