Yes, that would work. -s is an reserved argument, and there is no order. Whatever is aesthetically pleasing. However, I do not understand your lines. I would allow outgoing by iptables -A FORWARD -i $INTERNALDEVICE -s 192.168.1.67 -p tcp --dport 25 -j ACCEPT
then have an ESTABLISHED, RELATED line to accept the responses. Troy Aden <[EMAIL PROTECTED]> on 11/26/2002 02:40:42 PM To: Phillip Watts/austin/Nlynx@Nlynx cc: "Leaf-User (E-mail)" <[EMAIL PROTECTED]> Subject: RE: [leaf-user] IP Tables question Can you please show me where I need to add -s 192.168.1.67? I am assuming that I can't just tack it onto the end of the rule. Should it look like this? iptables -A FORWARD -i ${OUTSIDE_DEVICE} -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT -s 192.168.1.67 iptables -A FORWARD -o ${OUTSIDE_DEVICE} -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT -s 192.168.1.67 Please demonstrate how this rule should look. It is the syntax that throws me off. Sorry to be a bother. Thanks. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 26, 2002 2:49 PM To: Troy Aden Cc: Leaf-User (E-mail) Subject: Re: [leaf-user] IP Tables question Whoops, I didn't read the whole thing. You would want to add: -s 192.168.1.67 to the outbound permit. Troy Aden <[EMAIL PROTECTED]> on 11/26/2002 02:02:44 PM To: "Leaf-User (E-mail)" <[EMAIL PROTECTED]> cc: (bcc: Phillip Watts/austin/Nlynx) Subject: [leaf-user] IP Tables question Hi there I have a quick IP Tables question. I have an SMTP server behind my firewall and I would like to deny all outbound SMTP traffic "except" if it originates from my internal SMTP server. The current rule allows SMTP traffic outbound from any IP on the internal network. (See below for the current rule.) Lets say that my internal SMTP server is at IP: 192.168.1.67. What should the rules looks like? Can someone help me out? I have gotten so used to working with Shorewall I can't remember the proper syntax for a raw IP tables rule. :) Currently I have these rules: ## SMTP # Allow SMTP outbound from internal network. iptables -A FORWARD -i ${OUTSIDE_DEVICE} -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT iptables -A FORWARD -o ${OUTSIDE_DEVICE} -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT I need rules that allow SMTP outbound from 192.168.1.67 ONLY. (I would want it to drop all SMTP traffic that is not originating from the SMTP server.) Thanks in advance. Troy ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html