IPTables question
Mike Burger
mburger at bubbanfriends.org
Sat Jul 7 11:33:49 UTC 2007
Silly question time:
IPCop has, really, a pretty decent web interface. Why aren't you using
that to handle this?
> I'm using ipcop as my firewall and now I want to modify it default
> iptables script.
> ipcop as default will allow any outgoing connection to the internet.
> I want to block all, and only allow a few connection.
> I only modify in FORWARD chain.
>
> first, I only block few port to the net, and allow anything.
> /sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT
> --to-source $EXTMAIL1
> /sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -p tcp -m mport --dport
> 21,80,81,443,3128,6588,8000,8080,8181 -j DROP
>
> this is works. it only block http and ftp access. outgoing and incoming
> emails works.
>
> now I changed it into this
> /sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT
> --to-source $EXTMAIL1
> /sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL1 -o eth1 -d 0/0 -p tcp
> --dport 25 -j ACCEPT
> /sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL2 -o eth1 -d 0/0 -p tcp
> --dport 25 -j ACCEPT
> /sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -j DROP
>
> with this, no emails from the net delivers to local mail server and
> email from local not delivered to the net.
>
> Something I forget?
>
>
> Budi Febrianto
> www.indomino.net/blog
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit:
https://www.bubbanfriends.org/mailman/listinfo/site-update
or send a blank email message to:
site-update-subscribe at bubbanfriends.org
More information about the redhat-list
mailing list