On 03/12/2018 08:12 AM, wp.rauchholz wrote:
# POP3
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 110 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 995 -j ACCEPT
# IMAP
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 143 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 993 -j ACCEPT
# SMTP
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 25 -j ACCEPT
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 465 -j ACCEPT
# Submission
iptables -A INPUT -i $EXT_DEV -m state --state NEW -m tcp -p tcp --syn
--dport 587 -j ACCEPT
Easy: remove the --syn flag. Also, be sure to have
sys.net.ipv4.syncookies turn on in /etc/sysctl.conf
