Re: limiting port 25 to an IP
On Sat, 2004-10-23 at 14:41, Dale E. Martin wrote:
> > > Actually, it's the list for ISPs, so people here are supposed to have
> > > a bit of basic knowledge about networking. But anyways, it could be
> > > something like:
> > >
> > > iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.BLOCK --dport 25 -j REJECT
> > >
> > > Wanted
> >
> > Not an elegant solution that, both postfix and exim can be told what IPs
> > to bind to, only bind the daemons to the IPs they should be listening
> > to, it's much nicer. In fact, do that with all daemons that you don't
> > want to be listening on all ports.
>
> Doesn't the iptables rule block connections from a certain IP? Specifying
> the address for exim or postfix to listen on is totally different.
>
> I suspect what the original poster was asking for was something like:
> iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.ACCEPT --dport 25 -j ACCEPT
> iptables -A INPUT -p tcp --dport 25 -j REJECT
>
> So accept connections from a single ip, reject the rest. I don't use ip
> tables directly any more so I'm not sure if I got it right. I'd recommend
> shorewall even for simple firewall setups at this point, as I find it a
> nice abstraction over writing iptables rules directly, easier to set policy
> with, etc.
Hi Dale,
Original poster here :-) Yes we started out as an ISP but due to
competition we are only hosting services for ISP's.
We need to limit port 25 on one MTA server to a single /28 pool of
addresses. So I need to have the rule to accept the traffic from the /28
and only through port 25.
iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.ACCEPT --dport 25 -j ACCEPT
iptables -A INPUT -p tcp --dport 25 -j REJECT
So are these still the valid rules for that ? And yes am somewhat
familiar in lots of areas of the ISP business, just haven't had to setup
iptables rules in some time.
Thanks so much,
Dee
Reply to: