Re: [leaf-user] IP Tables question

Tue, 26 Nov 2002 12:43:03 -0800 


Whoops, I didn't read the whole thing.
You would want to add:    -s 192.168.1.67  to the outbound permit.





Troy Aden <[EMAIL PROTECTED]> on 11/26/2002 02:02:44 PM

To:   "Leaf-User (E-mail)" <[EMAIL PROTECTED]>
cc:    (bcc: Phillip Watts/austin/Nlynx)

Subject:  [leaf-user] IP Tables question



Hi there I have a quick IP Tables question.

I have an SMTP server behind my firewall and I would like to deny all
outbound SMTP traffic "except" if it originates from my internal SMTP
server.
The current rule allows SMTP traffic outbound from any IP on the internal
network. (See below for the current rule.) Lets say that my internal SMTP
server is at IP: 192.168.1.67. What should the rules looks like? Can someone
help me out? I have gotten so used to working with Shorewall I can't
remember the proper syntax for a raw IP tables rule. :)

Currently I have these rules:
## SMTP
# Allow SMTP outbound from internal network.
iptables -A FORWARD -i ${OUTSIDE_DEVICE} -p tcp --sport 25 -m state --state
ESTABLISHED -j ACCEPT
iptables -A FORWARD -o ${OUTSIDE_DEVICE} -p tcp --dport 25 -m state --state
NEW,ESTABLISHED -j ACCEPT

I need rules that allow SMTP outbound from 192.168.1.67 ONLY. (I would want
it to drop all SMTP traffic that is not originating from the SMTP server.)


Thanks in advance.

Troy


-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html






-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to