[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

IPTables question



I'm using ipcop as my firewall and now I want to modify it default iptables script.
ipcop as default will allow any outgoing connection to the internet.
I want to block all, and only allow a few connection.
I only modify in FORWARD chain.

first, I only block few port to the net, and allow anything.
/sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT --to-source $EXTMAIL1 /sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -p tcp -m mport --dport 21,80,81,443,3128,6588,8000,8080,8181 -j DROP

this is works. it only block http and ftp access. outgoing and incoming emails works.

now I changed it into this
/sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT --to-source $EXTMAIL1 /sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL1 -o eth1 -d 0/0 -p tcp --dport 25 -j ACCEPT /sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL2 -o eth1 -d 0/0 -p tcp --dport 25 -j ACCEPT
/sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -j DROP

with this, no emails from the net delivers to local mail server and email from local not delivered to the net.

Something I forget?


Budi Febrianto
   www.indomino.net/blog




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]