Yes, that would work. -s is an reserved argument, and there is no order.
Whatever is aesthetically pleasing.
However, I do not understand your lines. I would allow outgoing by
iptables -A FORWARD -i $INTERNALDEVICE -s 192.168.1.67 -p tcp --dport 25 -j
ACCEPT
then have an ESTABLISHED, RELATED line to accept the responses.
Troy Aden <[EMAIL PROTECTED]> on 11/26/2002 02:40:42 PM
To: Phillip Watts/austin/Nlynx@Nlynx
cc: "Leaf-User (E-mail)" <[EMAIL PROTECTED]>
Subject: RE: [leaf-user] IP Tables question
Can you please show me where I need to add -s 192.168.1.67? I am assuming
that I can't just tack it onto the end of the rule. Should it look like
this?
iptables -A FORWARD -i ${OUTSIDE_DEVICE} -p tcp --sport 25 -m state --state
ESTABLISHED -j ACCEPT -s 192.168.1.67
iptables -A FORWARD -o ${OUTSIDE_DEVICE} -p tcp --dport 25 -m state --state
NEW,ESTABLISHED -j ACCEPT -s 192.168.1.67
Please demonstrate how this rule should look. It is the syntax that throws
me off.
Sorry to be a bother. Thanks.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 26, 2002 2:49 PM
To: Troy Aden
Cc: Leaf-User (E-mail)
Subject: Re: [leaf-user] IP Tables question
Whoops, I didn't read the whole thing.
You would want to add: -s 192.168.1.67 to the outbound permit.
Troy Aden <[EMAIL PROTECTED]> on 11/26/2002 02:02:44 PM
To: "Leaf-User (E-mail)" <[EMAIL PROTECTED]>
cc: (bcc: Phillip Watts/austin/Nlynx)
Subject: [leaf-user] IP Tables question
Hi there I have a quick IP Tables question.
I have an SMTP server behind my firewall and I would like to deny all
outbound SMTP traffic "except" if it originates from my internal SMTP
server.
The current rule allows SMTP traffic outbound from any IP on the internal
network. (See below for the current rule.) Lets say that my internal SMTP
server is at IP: 192.168.1.67. What should the rules looks like? Can someone
help me out? I have gotten so used to working with Shorewall I can't
remember the proper syntax for a raw IP tables rule. :)
Currently I have these rules:
## SMTP
# Allow SMTP outbound from internal network.
iptables -A FORWARD -i ${OUTSIDE_DEVICE} -p tcp --sport 25 -m state --state
ESTABLISHED -j ACCEPT
iptables -A FORWARD -o ${OUTSIDE_DEVICE} -p tcp --dport 25 -m state --state
NEW,ESTABLISHED -j ACCEPT
I need rules that allow SMTP outbound from 192.168.1.67 ONLY. (I would want
it to drop all SMTP traffic that is not originating from the SMTP server.)
Thanks in advance.
Troy
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T
handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
