I guess if I were you, I would flush the ipchains. Double-check sendmail as you say it works then. Then I would start adding the chains one at a time and see when you lose mail. At least you could narrow it down a little bit that way. -----Original Message----- From: tclug-list-admin at mn-linux.org [mailto:tclug-list-admin at mn-linux.org]On Behalf Of Brian Sent: Wednesday, March 14, 2001 11:40 AM To: 'tclug-list at mn-linux.org' Subject: RE: [TCLUG] firewalling around sendmail On Wed, 14 Mar 2001, Austad, Jay wrote: > Your output chain should have a default of ACCEPT, so you shouldn't need > those output chains... > > Try changing those rules to: > ipchains -A input -i eth0 -p tcp -s any/0 -d 12.27.41.52 25 -j ACCEPT > ipchains -A input -i eth0 -p tcp ! -y -s any/0 25 -d 12.27.41.52 -j ACCEPT This didn't work either. This machine is a standalone mail server with its own domains and stuff. I have the default ipchains policy to ACCEPT (it makes it slightly easier IMHO) so an ipchains -F sets everything to ACCEPT. The final line in my rc.firewall is 'ipchains -A input -i eth0 -s any/0 -j DENY' so I get the same security as setting the default policy but I just like it more. -Brian _______________________________________________ tclug-list mailing list tclug-list at mn-linux.org https://mailman.mn-linux.org/mailman/listinfo/tclug-list