alright, I'll be trying that. care to explain what the directives at the --state flag mean? i can't seem to figure out half of the --state thing, and the ipfilter howto doesn't seem to explain much.
thanks! ----- Original Message ----- From: "Michael J. Maravillo" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 21, 2002 6:16 AM Subject: Re: [plug] SMTP Ports Question > On Wed, Mar 20, 2002 at 06:57:29PM +0800, Joon Guillen wrote: > > > > Thanks for the rules. BTW, is the -y flag equivalent to the > > --syn flag on iptables? Sorry I forgot :P > > Hi Joon, > > If you'll be using iptables, don't rely on the SYN flag. Use > iptables' stateful inspection instead. For outbound SMTP for > example: > > iptables -A INPUT -i $IFACE -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT > iptables -A OUTPUT -o $IFACE -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT > > > > # SMTP client (25) > > > # ---------------- > > > > > > ipchains -A input -i $INTERNAL_INTERFACE -p tcp ! -y \ > > > -s $SMTP_SERVER 25 \ > > > -d $INTERNAL_IPADDR $UNPRIVPORTS -j ACCEPT > > > > > > ipchains -A output -i $INTERNAL_INTERFACE -p tcp \ > > > -s $INTERNAL_IPADDR $UNPRIVPORTS \ > > > -d $SMTP_SERVER 25 -j ACCEPT > > > > > > Note: > > > $UNPRIVPORTS="1024:65535" > > -- > .--. Michael J. Maravillo office://+63.2.750.1800/ > ( () ) Q Linux Solutions, Inc. mobile://+63.917.897.0919/ > `--\\ A Philippine Open Source Solutions Co. http://www.q-linux.com/ > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
