I see you're trying to using it solely for mail server... it seems ok, but
will u use it for imap/pop too? If it's true then you gotta add more input
rules...
Besides adding a little security checking won't hurt, e.g. denying packets
which pretends to have local source address but come from inappropriate
interfaces, like this...
DENY ALL from 127.0.0.0/8 but interface is not lo
DENY ALL from 192.168.x.x but interface is not eth+
And DNS should also be enabled here, bcz sendmail needs name resolving.
maddog
> Input Default - Deny (Deny Everything comming in)
>
> ALL from 192.168.1.0 Accept (Allow anything coming over ethernet)
> ALL from 192.168.2.0 Accept (As Above)
> ICMP from 0.0.0.0 ppp0 Accept (Allow ping requests etc over modem)
> SMTP from Demon 1 ppp0 Accept (Allow SMTP connections from isp's punt1)
> SMTP from Demon 2 ppp0 Accept (Allow SMTP connections from isp's punt2)
>
> Forward Default - Deny (Don't Masq anything)
>
> ALL from 192.168.1.0 MASQ (Allow any local connection to be masq'd)
> ALL from 192.168.2.0 MASQ (Allow any local connection to be masq'd)
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
