[NTLUG:Discuss] iptable rules
Kevin Hulse
jedi at mishnet.org
Wed Jan 5 12:07:51 CST 2005
Quoting Terry Henderson <trryhend at gmail.com>:
> Learning iptables...
>
> Let's say there's a Trojan somewhere in a LAN. Till it's found &
> fixed, one might temporarily use one's firewall to limit access to
> outside mail servers to a select few
Why not have a mailserver on the LAN that forwards all valid
email traffic? It would not even need be 'accessable' to the outside.
You could then block any SMTP traffic not coming from your known/
trusted host. You could also use the local mailserver to validate
and log all outbound traffic.
>
> Possible solution: ???
>
> First, block all access to outgoing port 25:
> iptables -A OUTPUT -o eth2 -p tcp --dport 25 -j DROP
>
> Second, allow users to send to select few: [this is where I'm lost.]
> iptables -A OUTPUT -o eth2 -to-destination 67.43.4.78:25 64.4.33.7:25
> 198.76.195 .112:25
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
--
Peg Legg! |||
/ | \
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the Discuss
mailing list