[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help needed on block SMTP

On Wednesday, 18.05.2005 at 11:37 +0200, Samuel Díaz García wrote:

> You need something as this in your linux router/firewall box:
> #!/bin/sh
> ip_mail_srv=a.b.c.d
> iptables -t filter -A INPUT -d $ip_mail_srv -p tcp --dport 25 --syn -j
> iptables -t filter -A INPUT -p tcp --dport 25 --syn -j DROP

That doesn't look right.  If the mail server is NOT the same system as
the firewall, then nothing will pass on the INPUT chain to the firewall
destined for the mail server.

> #the same in FORWARD chain:
> iptables -t filter -A FORWARD -d $ip_mail_srv -p tcp --dport 25 --syn -j
> iptables -t filter -A FORWARD -p tcp --dport 25 --syn -j DROP

The first of the above two rules will work partly, but won't allow any SMTP
traffic *from* the mail server back out ...

Please don't CC me on list messages!
Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org
All email from me is now digitally signed, key from http://www.sungate.co.uk/
Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92

Attachment: signature.asc
Description: Digital signature

Reply to: