From: Boryan Yotov <yotov@prosyst.com>
To: "'netfilter@lists.netfilter.org'" <netfilter@lists.netfilter.org>
Subject: Re: howto only allow outgoing mail from certain hosts
Date: Tue, 01 Oct 2002 17:38:27 +0200 [thread overview]
Message-ID: <3D99C173.4090601@prosyst.com> (raw)
In-Reply-To: 1100D69203AAD2118E3C00508B8B9E8A67F000@mailhost.intech.unu.edu
[-- Attachment #1: Type: text/plain, Size: 1522 bytes --]
Hello,
If I understood the problem correctly you must use the following
iptables -A FORWARD -s x.x.x.a -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s x.x.x.b -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -s x.x.x.0/24 -p tcp --dport 25 -j REJECT
Or if you have more than two host you want to gran SMTP access put
the following into a script:
...
#Here you could add as much as you need IP addresses or hostnames
separated by space
allowed_smpt="x.x.x.a x.x.x.b x.x.x.c x.x.x.d"
for allowed in $allowed_smpt
do
iptables -A FORWARD -s $allowed -p tcp --dport 25 -j ACCEPT
done
iptables -A FORWARD -s x.x.x.0/24 -p tcp --dport 25 -j REJECT
...
Hope this will help
Regards :)
Heupink, Mourik Jan C. wrote:
>Hello all.
>
>The subject says it all, really. I want to (of course) allow OUTGOING mail
>from our domain, from only two designated servers. So, drop outgoing mail
>from any other host.
>
>I can't seem to produce the iptables command to get this to work... (using
>forward chain, because using transp. bridging firewall...)
>
>I guess this: iptables -A FORWARD -s x.x.x.0/24 -p tcp --dport 25 -REJECT
>would drop all outgoing mail, right? (i guess the way to select outgoing
>mail traffic would be to use --dport..?)
>
>Now i have to find a way to make an exclusion in that rule. something like
>-s x.x.x.0/24 EXCEPT x.x.x.y
>
>Could anyone shed some light onto this..?
>
>Thanks very much in advance,
>Yours,
>Mourik Jan
>
>
>
>
>
>
next prev parent reply other threads:[~2002-10-01 15:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-01 14:08 howto only allow outgoing mail from certain hosts Heupink, Mourik Jan C.
2002-10-01 15:38 ` Boryan Yotov [this message]
[not found] <0EB90DD25728C04CBD401CDCD72D2A655A8E@homer.no.laasby.com>
2002-10-01 19:20 ` mourik jan c heupink
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3D99C173.4090601@prosyst.com \
--to=yotov@prosyst.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.