This is not a complete script, but will add security to prevent external people from accessing your mail host. ipchains -A input -p tcp -d externalip:25 -j DENY Going sown the command the -A input add a rule to the input chain. The -p tcp specifies tcp protocol and is needed to specify a port. The -d externip:25 specifies anything addressed to your externalip address port 25. (In case you didn't get it, you will substitute your external ip address here.) The -j DENY causes the packet to simply be dropped. No further action is taken. No ICMP message is genereated. It is as if the packet never came. You could opt for REJECT here in which case an ICMP packet will be sent to let the offending host know that he can't send here. Without getting into an argument about security through obsecurity I choose to be less of a target. I don't count on script kiddies not finding me. But I prefer to not advertise my presence either. ======= Kirk Wood Cpt.Kirk at 1tree.net
