[CentOS] iptables

Chad Cordero Thu, 25 May 2017 10:26:11 -0700

I have an old postfix server that was historically used by the campus as an 
outbound gateway.  The campus is now supposed to use a different server running 
HAProxy with several backe-end postfix servers.  I am using iptables on CentOS 
7 to log and block smtp and submission traffic not coming from my front-end 
HAProxy server (with a few exceptions for testing and monitoring).  What I 
would like to do is log and redirect the connection to the proxy server.  How 
do I do this?



# cat /etc/sysconfig/iptables

# Generated by iptables-save v1.4.21 on Wed May 24 12:22:03 2017

*filter

:INPUT DROP [0:0]

:FORWARD DROP [0:0]

:OUTPUT ACCEPT [134:13069]

:LOGGING - [0:0]

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

…

-A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 25 -j ACCEPT

-A INPUT -s 139.182.75.64/27 -p tcp -m tcp --dport 587 -j ACCEPT

-A INPUT -s 139.182.111.0/24 -p tcp -m tcp --dport 587 -j ACCEPT

-A INPUT -s 139.182.249.25/32 -p tcp -m tcp --dport 587 -j ACCEPT

-A INPUT -s 139.182.249.254/32 -p tcp -m tcp --dport 587 -j ACCEPT

…

-A INPUT -j LOGGING

-A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables-Dropped: "

-A LOGGING -j DROP

COMMIT

# Completed on Wed May 24 12:22:03 2017



---
Chad Cordero
Information Technology Consultant
Enterprise & Cloud Services
Information Technology Services
California State University, San Bernardino
5500 University Pkwy
San Bernardino, CA 92407-2393
Main Line: 909/537-7677
Direct Line: 909/537-7281
Fax: 909/537-7141
http://support.csusb.edu/

---
Disclaimer: This e-mail message is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information protected 
from disclosure. If the reader of this message is not the intended recipient, 
or an employee or agent responsible for delivering this message to the intended 
recipient, you are hereby notified that any dissemination, distribution or 
copying of this communication is strictly prohibited. If you have received this 
communication in error, please notify us immediately by replying to the message 
and deleting it from your computer.

_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] iptables

Reply via email to