Taylor, Grant wrote:
I have Sendmail configured on my server and I am able to send and
receive mails in the intranet. Now I want to be able to access the
mails from outside world also but i dont want to open the port for
every one. I want to open the pop3 port for the perticular IP (it may
be static or dynamic IP) in the IPTABLES and close the port when not
needed to access from outside.
Please some one tell me how to do this and can I have some script
which will open the port when i need and close when not needed so that
I don't have to enter into the iptables every time.
How to open the pop3 port for a perticular external ipaddress
Presuming that you are not filtering on output it is easy to allow a
specific IP access to your POP3 server.
iptables -t filter -A INPUT -s ! ${known_external_ip_address} -p tcp
--dport 110 -j DROP
This will drop any traffic that comes to port 110 that is not from the
known external ip address.
If you are wanting more help setting up a script to manage this for
you such that you can say pop_open and / or pop_close let me know and
I'll see what I can whip up.
Grant. . . .
I think he is talking about port knocker.
"iptables -t filter -A INPUT -s ! ${known_external_ip_address} -p tcp
--dport 110 -j DROP "
that rule is heavily dependant on his chain policies. E.g. if he has
DROP policy on the INPUT chain (-t filter) that rule won't help much as
${known_external_ip_address} will continue traversing the rules until it
hits the DROP policy.
georgi ...
georgi
