Re: Iptables config
Hello
I will try to help you.
> Hi - i have just installed an mailserver with postfix and wu-imap/pop3
> now i just want to have iptables running. I am no iptables guro, i just
> want to close all exept from ssh(port 22), pop3(port 110) and
> imap(port143). Is there and easy way to do this. ????
# change of politics to drop
iptables -t nat -P PREROUTING DROP
iptables -t nat -P POSTROUTING DROP
#add ssh serwer (allow incoming)
iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 22 -j ACCEPT
#add pop3 and imap
iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 110 -j ACCEPT
iptables -t nat -A PREROUTING -d $yourPublicIP -p tcp --destination-port 143 -j ACCEPT
iptables -t nat -A PREROUTING -d $yourPublicIP -p udp --destination-port 110 -j ACCEPT
iptables -t nat -A PREROUTING -d $yourPublicIP -p udp --destination-port 143 -j ACCEPT
iptables -t nat -A POSTROUTING -s $yourPublicIP -j ACCEPT
# are you want to alow ping you machine ? (I dont know if postfix require it)
iptables -t nat -A PREROUTING -d $yourPublicIP -p icmp -j ACCEPT
iptables -t nat -A POSTROUTING -s $yourPublicIP -p icmp -j ACCEPT
I think that is all.
Jakub Staszek
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: