On Wednesday 23 June 2004 9:42 am, Dharmendra T. wrote: > Hi, > > Are there any other rules you have defined? If no, this may work: > > iptables -P INPUT DROP > iptables -P OUTPUT DROP > iptables -P FORWARD DROP > > iptables -A FORWARD -o eth0 -p tcp -m tcp -d <approved mail server> > --dport 25 -j ACCEPT > iptables -A OUTPUT -o eth0 -p tcp -m tcp -d <approved mail server> > --dport 25 -j ACCEPT The above rules (if you are propsing them as a complete ruleset) are a highly secure system - nothing will get through it, and nothing will get to communicate with the box itself. Why? 1. You have a default DROP policy on FORWARD (good idea), and a rule allowing packets to TCP port 25 on a specific server, but no rule allowing replies back again. Therefore no traffic gets *through* the machine. 2. You have a default DROP policy on INPUT, and no rules in the INPUT chain allowing anything at all, therefore no packets can get in (which makes the rule in the OUTPUT chain allowing some packets out somewhat pointless). Regards, Antony. -- "Black holes are where God divided by zero." - Steven Wright Please reply to the list; please don't CC me.