I was wondering if I could get someone to verify my rules. What I am trying to do to start with, is make only certain ports available on my outgoing mail server - essentially blocking all other ports not listed. I have the below on my server in an inactive state because when I activate it, it locks it completely down. Could someone please take a look at my rules and share with me what I did wrong? Here is my entire config file: ----------------------------- *mangle :PREROUTING ACCEPT [6:948] :INPUT ACCEPT [6:948] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [7:3269] :POSTROUTING ACCEPT [7:3269] COMMIT *nat :OUTPUT ACCEPT [0:0] :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] COMMIT *filter :FORWARD ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] # HTTP -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 80 --state NEW -j ACCEPT # SSH -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 22 --state NEW -j ACCEPT # DNS -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 53 --state NEW -j ACCEPT # TIME -A INPUT -p udp -m udp -m state NEW,ESTABLISHED --dport 123 --state NEW -j ACCEPT # WEBMIN -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 10000 --state NEW -j ACCEPT # SMTP -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 25 --state NEW -j ACCEPT # POP3 -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 110 --state NEW -j ACCEPT # IMAP -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 993 --state NEW -j ACCEPT # RSYNC-TCP -A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 873 --state NEW -j ACCEPT # RSYNC-UDP -A INPUT -p udp -m udp -m state NEW,ESTABLISHED --dport 873 --state NEW -j ACCEPT # DENY ALL OTHERS -A INPUT -i eth0 -j REJECT --reject-with icmp-net-unreachable COMMIT -------------------------- Thanks, Scott Miller -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
