IPTables question 2007-07-07 - By Budi Febrianto
Back
I'm using ipcop as my firewall and now I want to modify it default
iptables script.
ipcop as default will allow any outgoing connection to the internet.
I want to block all, and only allow a few connection.
I only modify in FORWARD chain.
first, I only block few port to the net, and allow anything.
/sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT
--to-source $EXTMAIL1
/sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -p tcp -m mport --dport
21,80,81,443,3128,6588,8000,8080,8181 -j DROP
this is works. it only block http and ftp access. outgoing and incoming
emails works.
now I changed it into this
/sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT
--to-source $EXTMAIL1
/sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL1 -o eth1 -d 0/0 -p tcp
--dport 25 -j ACCEPT
/sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL2 -o eth1 -d 0/0 -p tcp
--dport 25 -j ACCEPT
/sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -j DROP
with this, no emails from the net delivers to local mail server and
email from local not delivered to the net.
Something I forget?
Budi Febrianto
www.indomino.net/blog
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@(protected)?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
|
|
