[TCLUG] need quick ipchain rule

[Raymond Norton]

I have a firewall that uses ipchains with a gateway mail server behind it
that scans messages for viruses for a few networks. Some how the box has
picked up some sort of trojan or virus that I have not found yet, and is
spewing mail. For the immediate I need a rule that stops all destination
port 25 traffic except for the allowed domains.

This is what I have used, but all port 25 traffic has stopped.


ipchains -I input -j ACCEPT -p tcp -s 10.11.11.0/0 -d permited_domain/0 25

ipchains -I input -j ACCEPT -p tcp -s 10.11.11./0 -d permited_domain/0 25

ipchains -I input -j REJECT -p tcp -s 10.11.11.0/0 -d
reject_everything_else/0 25





Thanks in advance



_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list