Re: logging port 25

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



/dev/rob0 wrote:
On Tuesday 2005-October-18 10:29, Scott Mayo wrote:

the outside.  What rules do I need to set in my firewall, so that any
mail that is destined for my mail server through port 25 is alright,
but any mail that is destined for port 25 that is not going to my
mail server, gets logged and dropeed.

I am trying to do this in case I get a virus that uses its own smtp
to send out mail.


Good idea. You probably already have some.

Well, I have virus protections on most things, but uses seem to get them turned off once in a while. :)



What would I need to put in for my rules?  I thought that I had it


Tell us what you tried and I will tell you why it was wrong. My crystal ball thinks you put the rules in INPUT. Was it right?


I was not sure, so I put the rules in both the INPUT and FORWARD chain.


down correctly, but I am not getting anything in the log.  It does
log this to /var/log/messages doesn't it?


It logs according to the configuration of your system syslogd. It might also log to different places depending upon --log-level if specified in the rule[s] which you did not post. IINM the default syslog facility and priority is kern.info, but /proc settings can change the priority too.

Here is what I added in:
The firewall has two different NICS in it.

INT_IP_RANGE="10.0.0/16"
INT_IP_RANGE2="192.168.0.0/24"

$IPTABLES -A INPUT -p tcp -d mail_server_IP --dport 25 -j ACCEPT
$IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE --dport 25 -j LOG --log-level debug $IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE --dport 25 -j LOG --log-prefix "EMAIL:" $IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE --dport 25 -j LOG --log-tcp-sequence $IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE --dport 25 -j LOG --log-ip-options $IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE2 --dport 25 -j LOG --log-level debug $IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE2 --dport 25 -j LOG --log-prefix "EMAIL:" $IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE2 --dport 25 -j LOG --log-tcp-sequence $IPTABLES -A INPUT -p tcp -s $INT_IP_RANGE2 --dport 25 -j LOG --log-ip-options

I did the same thing for the FORWARD chain, except changed teh INPUT to FORWARD obviously. :)

Thanks for any help.

--
Scott Mayo
Technology Coordinator
Bloomfield Schools
PH: 573-568-5669
FA: 573-568-4565
Pager: 800-264-2535 X2549

Duct tape is like the force, it has a light side and a dark side and it
holds the universe together.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux