[Cialug] IPTables Concept
Dave Weis
djweis at internetsolver.com
Tue Oct 31 19:49:40 CST 2006
On Tue, 31 Oct 2006, Chris K. wrote:
> Something like this for the smtp access?
> /sbin/iptables -A OUTPUT -o $OURIF -p tcp -s $OURIP --dport 25 -d $OURSMTP -j
> ACCEPT
> /sbin/iptables -A INPUT -i $OURIF -p tcp -d $OURIP -m state --state
> ESTABLISHED -s $OURSMTP -j ACCEPT
>
> Thanks much! (and Ive trimmed the email down a bit)
> Dave Weis wrote:
>
> Second line should be unnecessary with the state matching done. As written
> the SMTP server could send you unwanted traffic if it's taken over by setting
> the source port outbound to be 25.
With the -m state that we trimmed out from the first one you should get
this automagically. If it doesn't work it might be a syntax problem.
--
Dave Weis
djweis at internetsolver.com
http://www.internetsolver.com/
More information about the Cialug
mailing list