Re: limiting port 25 to an IP
> > Actually, it's the list for ISPs, so people here are supposed to have
> > a bit of basic knowledge about networking. But anyways, it could be
> > something like:
> >
> > iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.BLOCK --dport 25 -j REJECT
> >
> > Wanted
>
> Not an elegant solution that, both postfix and exim can be told what IPs
> to bind to, only bind the daemons to the IPs they should be listening
> to, it's much nicer. In fact, do that with all daemons that you don't
> want to be listening on all ports.
Doesn't the iptables rule block connections from a certain IP? Specifying
the address for exim or postfix to listen on is totally different.
I suspect what the original poster was asking for was something like:
iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.ACCEPT --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j REJECT
So accept connections from a single ip, reject the rest. I don't use ip
tables directly any more so I'm not sure if I got it right. I'd recommend
shorewall even for simple firewall setups at this point, as I find it a
nice abstraction over writing iptables rules directly, easier to set policy
with, etc.
Take care,
Dale
--
Dale E. Martin - dale@the-martins.org
http://the-martins.org/~dmartin
pgp key available
Reply to: