Verify rules

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I was wondering if I could get someone to verify my rules.  What I am trying
to do to start with, is make only certain ports available on my outgoing
mail server - essentially blocking all other ports not listed.  I have the
below on my server in an inactive state because when I activate it, it locks
it completely down.

Could someone please take a look at my rules and share with me what I did
wrong?  Here is my entire config file:


-----------------------------

*mangle
:PREROUTING ACCEPT [6:948]
:INPUT ACCEPT [6:948]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:3269]
:POSTROUTING ACCEPT [7:3269]
COMMIT
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# HTTP
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 80 --state NEW -j
ACCEPT
# SSH
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 22 --state NEW -j
ACCEPT
# DNS
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 53 --state NEW -j
ACCEPT
# TIME
-A INPUT -p udp -m udp -m state NEW,ESTABLISHED --dport 123 --state NEW -j
ACCEPT
# WEBMIN
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 10000 --state NEW -j
ACCEPT
# SMTP
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 25 --state NEW -j
ACCEPT
# POP3
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 110 --state NEW -j
ACCEPT
# IMAP
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 993 --state NEW -j
ACCEPT
# RSYNC-TCP
-A INPUT -p tcp -m tcp -m state NEW,ESTABLISHED --dport 873 --state NEW -j
ACCEPT
# RSYNC-UDP
-A INPUT -p udp -m udp -m state NEW,ESTABLISHED --dport 873 --state NEW -j
ACCEPT
# DENY ALL OTHERS
-A INPUT -i eth0 -j REJECT --reject-with icmp-net-unreachable
COMMIT

--------------------------

Thanks,
Scott Miller

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux