Ok. How do I populate a specific range of IP addresses (e.g., iptables) without using individual addresses?
On Sun, 25 Oct 2009 11:14:36 +0000, Alain Williams <[email protected]> wrote: > On Sun, Oct 25, 2009 at 03:31:14AM -0700, Harold Huggins wrote: >> >> Where within the EXIM directory, and sample script, should I install >> iptable (replace 1.2.3.4 with IP to allow) rules to block ports 25. >> >> Sample of iptables rules: >> >> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT >> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT >> iptables -I INPUT -p tcp --dport 2525 -j REJECT >> >> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT >> iptables -I INPUT -p tcp -s 1.2.3.4 --dport 25 -j ACCEPT >> iptables -I INPUT -p tcp --dport 2525 -j REJECT >> >> >> And, is this the best policy to block port 25? > > ??? Why are you blocking port 25 at all? > You don't want to do the above unless your machine (presumably internal) > can only receive email from IP 1.2.3.4. > > You presumably want to be able to receive email from anywhere, so you > need to have something like: > > iptables -A INPUT -p TCP --dport smtp -j ACCEPT > iptables -A INPUT -p TCP --dport smtps -j ACCEPT > > ie accept incoming email from anywhere. > > If you accept authenticated email (eg from peripatetic workers) you may > want: > > iptables -A INPUT -p TCP --dport submission -j ACCEPT > > You should be able to use the names for the port numbers (look in > /etc/services) > if not use the numbers: 25, 465 & 587. > > -- > Alain Williams > Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT > Lecturer. > +44 (0) 787 668 0256 http://www.phcomp.co.uk/ > Parliament Hill Computers Ltd. Registration Information: > http://www.phcomp.co.uk/contact.php > Past chairman of UKUUG: http://www.ukuug.org/ > #include <std_disclaimer.h> -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
