[TCLUG] need quick ipchain rule

Thu Aug 21 12:06:22 CDT 2003

On Thu, Aug 21, 2003 at 11:18:33AM -0500, Raymond Norton wrote:
> I have a firewall that uses ipchains with a gateway mail server behind it
> that scans messages for viruses for a few networks. Some how the box has
> picked up some sort of trojan or virus that I have not found yet, and is
> spewing mail. For the immediate I need a rule that stops all destination
> port 25 traffic except for the allowed domains.
> 
[snip]
> ipchains -I input -j REJECT -p tcp -s 10.11.11.0/0 -d reject_everything_else/0 25
> 

When you say "reject_everything_else/0", you mean you're using CIDR
like 1.2.3.4/0?

The "/x" is the mask indicating the network size, e.g. a netmask of 
24 is a netmask of 255.255.255.0.  When you say a.b.c.d/0, you're
really saying 0.0.0.0/0, i.e. the whole internet.  Probably not
what you want.

http://www.geocities.com/SiliconValley/Vista/8672/network/cidr.html
http://infocenter.guardiandigital.com/manuals/IDDS/node9.html

-- 
trammell at el-swifto.com  9EC7 BC6D E688 A184 9F58  FD4C 2C12 CC14 8ABA 36F5
Twin Cities Linux Users Group (TCLUG)      Minneapolis/St. Paul, Minnesota

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list