On Sat, May 20, at 06:08:05AM, Keith McGavin wrote: > This script is an example only. Iptables will have to flushed/ > restarted to accept old dropped addresses if the smtp relay > keeps changing all the time.
I didn't get this part right, it is not required to flush/restart iptables since all it achieves is keep the rules tidy by not repeating the DROP rule on the same ip address and port twice when $PREVSMTP keeps taking on new values. > iptables -A OUTPUT -p tcp -d ! $SMTPADDRESS --dport 25 -o ppp0 -j DROP > iptables -A OUTPUT -p tcp -d $PREVSMTP --dport 25 -o ppp0 -j DROP --- keith.
