* Re: mail relay
[not found] ` <OFF04453C4.ECF4132D-ONC1256CEF.00548382-C1256CEF.00543F77@LocalDomain>
@ 2003-03-20 15:33 ` Andreas Czerniak
2003-03-20 15:39 ` Rob Sterenborg
2003-03-20 16:00 ` Sven Schuster
2 siblings, 0 replies; 3+ messages in thread
From: Andreas Czerniak @ 2003-03-20 15:33 UTC (permalink / raw)
To: david; +Cc: netfilter
iptables -A INPUT -j DROP -p tcp -m tcp -s ! <isp_ip> --dport 25
Nice day,
Andreas.
-- On 20.03.2003 16:25:01 +0100 david@atd.es wrote:
>
> Hi everybody,
> I would like to know how can I filter the mail relay received in my port 25
> with the firewall,.. I want only accept the packets from only one ip, my
> ISP. This is possible this rule with iptables ??
>
> Thanks
--
"Ich denke, man hat kein Recht, andere zu kontrollieren oder Ihnen etwas
aufzuzwingen, den eigenen Glauben oder die eigene Art zu leben."
- Dalai Lama "Begegnungen".
-------------------------------------------------------------------
Andreas Czerniak <cognac@toppoint.de> - Kiel - FRG - Fax:+49-431-2000447
PGPkey: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xEDB224EC
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: mail relay
[not found] ` <OFF04453C4.ECF4132D-ONC1256CEF.00548382-C1256CEF.00543F77@LocalDomain>
2003-03-20 15:33 ` mail relay Andreas Czerniak
@ 2003-03-20 15:39 ` Rob Sterenborg
2003-03-20 16:00 ` Sven Schuster
2 siblings, 0 replies; 3+ messages in thread
From: Rob Sterenborg @ 2003-03-20 15:39 UTC (permalink / raw)
To: david, netfilter
> I would like to know how can I filter the mail relay received
> in my port 25 with the firewall,.. I want only accept the
> packets from only one ip, my ISP.
iptables -P INPUT DROP
# Maybe you don't need it, but I'll add it anyway
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i <eth_inet> -s <isp_mailserver_ip> -p tcp --dport 25
-j ACCEPT
However, this way you will be blocking *everything* else from coming in.
You probably want to accept local traffic, something like this :
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i <eth_lan> -s <net_lan> -j ACCEPT
If you're running other servers on the box too (e.g. a webserver), you
also need rules for those servers.
Or you could do simply this, dropping all traffic *not* coming from your
isp's mailserver :
iptables -A INPUT -i <eth_inet> -s <! isp_mailserver_ip> -p tcp --dport
25 -j DROP
Rob
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: mail relay
[not found] ` <OFF04453C4.ECF4132D-ONC1256CEF.00548382-C1256CEF.00543F77@LocalDomain>
2003-03-20 15:33 ` mail relay Andreas Czerniak
2003-03-20 15:39 ` Rob Sterenborg
@ 2003-03-20 16:00 ` Sven Schuster
2 siblings, 0 replies; 3+ messages in thread
From: Sven Schuster @ 2003-03-20 16:00 UTC (permalink / raw)
To: netfilter; +Cc: david
david@atd.es wrote:
>
> Hi everybody,
> I would like to know how can I filter the mail relay received in my
> port 25 with the firewall,.. I want only accept the packets from only
> one ip, my ISP.
> This is possible this rule with iptables ??
If your mailserver is on the firewall itself, you should give this one a
try (this is very
basic, one would usually add some more rules, set default policy to
drop, then even
this rule wouldn't be right anymore):
iptables -A INPUT -p tcp --dport 25 -s ! 1.2.3.4 -j REJECT --reject-with
tcp-reset
Sven
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-03-20 16:00 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <OFF04453C4.ECF4132D-ONC1256CEF.00548382-C1256CEF.00543F77@LocalDo main>
[not found] ` <OFF04453C4.ECF4132D-ONC1256CEF.00548382-C1256CEF.00543F77@LocalDomain>
2003-03-20 15:33 ` mail relay Andreas Czerniak
2003-03-20 15:39 ` Rob Sterenborg
2003-03-20 16:00 ` Sven Schuster
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox