True, you should also allow localhost to talk to itself as well. Otherwise a lot of stuff can break. I'm also assuming you are running spamd/spamc on the local box as well.
At a minimum you should have something similar to this. -A INPUT -i lo -j ACCEPT -A OUTPUT -o lo -j ACCEPT -----Original Message----- From: Mike Burger [mailto:[EMAIL PROTECTED] Sent: Monday, May 10, 2004 3:55 AM To: Zagler, Alexander Cc: [EMAIL PROTECTED] Subject: Re: spamc/spamd and iptables problem On Mon, 10 May 2004, Zagler, Alexander wrote: > hi list, > we are running on our box a quite hard iptables setup. > the server is not allowed to connect to any ports expect some we have > defined. > spamd uses 783, this port we have allowed to connect. but spamc uses > every time a different port to start. > > has anyone a good set of rules for iptables/spamassassin or does know > how to tell spamc only to connect from one port? Every program that makes outbound connections uses a different port, every time...telnet, ssh, web browsers. You're going to run into a lot of difficulty with everything if you restrict by inbound and outbound port. -- Mike Burger http://www.bubbanfriends.org Visit the Dog Pound II BBS telnet://dogpound2.citadel.org or http://dogpound2.citadel.org:2000 To be notified of updates to the web site, visit http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a message to: [EMAIL PROTECTED] with a message of: subscribe
