Silly question time: IPCop has, really, a pretty decent web interface. Why aren't you using that to handle this? > I'm using ipcop as my firewall and now I want to modify it default > iptables script. > ipcop as default will allow any outgoing connection to the internet. > I want to block all, and only allow a few connection. > I only modify in FORWARD chain. > > first, I only block few port to the net, and allow anything. > /sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT > --to-source $EXTMAIL1 > /sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -p tcp -m mport --dport > 21,80,81,443,3128,6588,8000,8080,8181 -j DROP > > this is works. it only block http and ftp access. outgoing and incoming > emails works. > > now I changed it into this > /sbin/iptables -t nat -A CUSTOMPOSTROUTING -s $INTMAIL1 -o eth1 -j SNAT > --to-source $EXTMAIL1 > /sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL1 -o eth1 -d 0/0 -p tcp > --dport 25 -j ACCEPT > /sbin/iptables -A CUSTOMFORWARD -i eth0 -s $MAIL2 -o eth1 -d 0/0 -p tcp > --dport 25 -j ACCEPT > /sbin/iptables -A CUSTOMFORWARD -i eth0 -o eth1 -j DROP > > with this, no emails from the net delivers to local mail server and > email from local not delivered to the net. > > Something I forget? > > > Budi Febrianto > www.indomino.net/blog > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org To be notified of updates to the web site, visit: https://www.bubbanfriends.org/mailman/listinfo/site-update or send a blank email message to: site-update-subscribe@xxxxxxxxxxxxxxxxx -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
