I'm glad it worked but a small note: Is there any standard/RFC specifying that an MX lookup must come from port 25? Or is it just an arbitrary observation which works for certain smtp servers and fails for others? Ramin On Mon, Aug 11, 2003 at 12:48:22PM -0500, Len L. wrote: > OK, > I got it. Here is the rule set I tried and had success (b.t.w. The DNS server is fire walled but is a standalone machine - no forwarding) > The answer was to reference DNS requests for port 25 only. > iptables -A INPUT --protocol udp --source-port 25 -s 63.143.210.0/24 -j LOG --log-prefix "XXX LOCAL UDP DNS XXX " > iptables -A INPUT --protocol udp --source-port 25 -s 63.143.210.0/24 -j ACCEPT > iptables -A INPUT --protocol udp --source-port 25 -j LOG --log-prefix "XXX EXTERNAL UDP LOG XXX " > iptables -A INPUT --protocol udp --source-port 25 -j ACCEPT > iptables -A INPUT -p udp -j LOG --log-prefix "XXX UDP DROP XXX " > iptables -A INPUT -p udp -j DROP > Also will drop the 25 sport reference on the internal side along with the logging as a final solution > > > Len Laulainen > > >
