iptables question - how to securely allow *just* outgoing smtp

[Antony Stone]

On Friday 21 June 2002 4:32 pm, Christian Seberino wrote:

> My firewall does *not* need or use any
> rules on INPUT and OUTPUT chains
> since it just *FORWARD*s packets to/from
> private LAN.....
>
> I'd like to install Tripwire on firewall
> and have firewall *email* me daily of status.....
>
> How can I securely *open* up firewall rules
> to allow me to just email out without
> compromising security???

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A OUTPUT -p tcp --dport 25 -d aa.bb.cc.dd -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -s aa.bb.cc.dd -m state --state 
ESTABLISHED,RELATED -j ACCEPT

where aa.bb.cc.dd is the IP address of your mail server.

 

Antony.