[Gllug] ipchains/smtp acceptance from Demon
t.clarke
tim at seacon.co.uk
Wed Aug 15 12:26:21 UTC 2001
---------------------------------------
Message from:-
Tim Clarke (tim at seacon.co.uk)
Seacon Holdings plc Group, London, U.K.
Telephone: +44 (0)1474 320000
Fax: +44 (0)1474 329946
---------------------------------------
Sean wrote:
>I want to allow Demon to initiate smtp connection .. so
>ipchains -A input -i $extint -s 194.217.242.0/8 smtp -p TCP -l -j ACCEPT
I believe I am somewhat late entering the debate, but nevertheless my
tuppence worth ( for what its worth)!! :-
ipchains -A input -i $extint -s 194.217.242/24 -dport smtp -j ACCEPT
would seem to to the trick
The default policy on the firewall input chain should relly be DENY, with only
the things you want explicity allowed
Not a bad idea to disallow anything on the internal interface that purports to
come from your 'internal ip address range, also
I left out -p TCP on the basis that SMTP should not be listening on a udp
port anyway !
I left out -l, 'cos with it in I believe you may get loads and loads of messages
for every smtp ip packet that arrives ??
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list