Ok. How do I populate a specific range of IP addresses (e.g., iptables)
without using individual addresses?
On Sun, 25 Oct 2009 11:14:36 +0000, Alain Williams <addw@???>
wrote:
> On Sun, Oct 25, 2009 at 03:31:14AM -0700, Harold Huggins wrote:
>>
>> Where within the EXIM directory, and sample script, should I install
>> iptable (replace 1.2.3.4 with IP to allow) rules to block ports 25.
>>
>> Sample of iptables rules:
>>
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>>
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT
>> iptables -I INPUT -p tcp --dport 2525 -j REJECT
>>
>>
>> And, is this the best policy to block port 25?
>
> ??? Why are you blocking port 25 at all?
> You don't want to do the above unless your machine (presumably internal)
> can only receive email from IP 1.2.3.4.
>
> You presumably want to be able to receive email from anywhere, so you
> need to have something like:
>
> iptables -A INPUT -p TCP --dport smtp -j ACCEPT
> iptables -A INPUT -p TCP --dport smtps -j ACCEPT
>
> ie accept incoming email from anywhere.
>
> If you accept authenticated email (eg from peripatetic workers) you may
> want:
>
> iptables -A INPUT -p TCP --dport submission -j ACCEPT
>
> You should be able to use the names for the port numbers (look in
> /etc/services)
> if not use the numbers: 25, 465 & 587.
>
> --
> Alain Williams
> Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer,
IT
> Lecturer.
> +44 (0) 787 668 0256 http://www.phcomp.co.uk/
> Parliament Hill Computers Ltd. Registration Information:
> http://www.phcomp.co.uk/contact.php
> Past chairman of UKUUG: http://www.ukuug.org/
> #include <std_disclaimer.h>
