iptables question - how to securely allow *just* outgoing smtp
Fri, 21 Jun 2002 16:35:31 +0100
On Friday 21 June 2002 4:32 pm, Christian Seberino wrote:
> My firewall does *not* need or use any
> rules on INPUT and OUTPUT chains
> since it just *FORWARD*s packets to/from
> private LAN.....
> I'd like to install Tripwire on firewall
> and have firewall *email* me daily of status.....
> How can I securely *open* up firewall rules
> to allow me to just email out without
> compromising security???
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -A OUTPUT -p tcp --dport 25 -d aa.bb.cc.dd -j ACCEPT
iptables -A INPUT -p tcp --sport 25 -s aa.bb.cc.dd -m state --state
ESTABLISHED,RELATED -j ACCEPT
where aa.bb.cc.dd is the IP address of your mail server.