On Thu, December 22, 2005 08:53, Denny wrote: > is there a way to block all incoming and outgoing access to port 25, > with only one exception if it is going through a legitimate mail > server. Sure. First allow email to the legitimate email server, then block everything else to port 25. # Accept NEW packet coming in from <smtp-server> to smtp port 25. $ipt -A INPUT -m state --state NEW -s <smtp-server> \ -p tcp --dport 25 -j ACCEPT # Drop other NEW packets going to smtp port 25 $ipt -A INPUT -m state --state NEW -p tcp --dport 25 -j DROP # Accept NEW packet going out to <smtp-server> on smtp port 25. $ipt -A OUTPUT -m state --state NEW -d <smtp-server> \ -p tcp --dport 25 -j ACCEPT # Drop other NEW packets going out to smtp port 25. $ipt -A OUTPUT -m state --state NEW -p tcp --dport -j DROP Gr, Rob
