On Wed, 04 Jun 2003, Lukas Ruf wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hallo * Vittorio <vdemart@supereva.it> [2003-06-04 13:15]:
> >
> > Now I DON'T want that from the outside world, from the Internet via
> > ppp0 someone could access my imap server which is on duty for my
> > internal network only.
> >
> > What IPTABLES lines should I add to my firewall to avoid these
> > intrusions?
> >
>
> iptables -A INPUT -i ppp0 -p TCP --dport imap -j DROP
> iptables -A INPUT -i ppp0 -p TCP --dport imaps -j DROP
I'd do it slightly differently. First, check in /etc/<package>/ and
try to set the daemons up to listen to only the inside port. If its
started from inetd, look into the xinetd package.
Then, I'd set up the ip tables to reject, not drop the packets.
This is a personaly choice, but IM(very)HO, networks work better when
packets don't disappear into the ether. :)
Just my two cents,
Jesse Meyer
--
...crying "Tekeli-li! Tekeli-li!"... ~ HPL
icq : 34583382 | === ascii ribbon campaign ===
msn : dasunt@hotmail.com | () - against html mail
yim : tsunad | /\ - against proprietary attachments
Attachment:
pgpe0nsQKPVV_.pgp
Description: PGP signature