block port 25
Rob Sterenborg
rob at sterenborg.info
Thu Dec 22 09:21:47 CET 2005
On Thu, December 22, 2005 08:53, Denny wrote:
> is there a way to block all incoming and outgoing access to port 25,
> with only one exception if it is going through a legitimate mail
> server.
Sure.
First allow email to the legitimate email server, then block
everything else to port 25.
# Accept NEW packet coming in from <smtp-server> to smtp port 25.
$ipt -A INPUT -m state --state NEW -s <smtp-server> \
-p tcp --dport 25 -j ACCEPT
# Drop other NEW packets going to smtp port 25
$ipt -A INPUT -m state --state NEW -p tcp --dport 25 -j DROP
# Accept NEW packet going out to <smtp-server> on smtp port 25.
$ipt -A OUTPUT -m state --state NEW -d <smtp-server> \
-p tcp --dport 25 -j ACCEPT
# Drop other NEW packets going out to smtp port 25.
$ipt -A OUTPUT -m state --state NEW -p tcp --dport -j DROP
Gr,
Rob
More information about the netfilter
mailing list