On Sat, 2004-10-23 at 14:41, Dale E. Martin wrote: > > > Actually, it's the list for ISPs, so people here are supposed to have > > > a bit of basic knowledge about networking. But anyways, it could be > > > something like: > > > > > > iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.BLOCK --dport 25 -j REJECT > > > > > > Wanted > > > > Not an elegant solution that, both postfix and exim can be told what IPs > > to bind to, only bind the daemons to the IPs they should be listening > > to, it's much nicer. In fact, do that with all daemons that you don't > > want to be listening on all ports. > > Doesn't the iptables rule block connections from a certain IP? Specifying > the address for exim or postfix to listen on is totally different. > > I suspect what the original poster was asking for was something like: > iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.ACCEPT --dport 25 -j ACCEPT > iptables -A INPUT -p tcp --dport 25 -j REJECT > > So accept connections from a single ip, reject the rest. I don't use ip > tables directly any more so I'm not sure if I got it right. I'd recommend > shorewall even for simple firewall setups at this point, as I find it a > nice abstraction over writing iptables rules directly, easier to set policy > with, etc.
Hi Dale, Original poster here :-) Yes we started out as an ISP but due to competition we are only hosting services for ISP's. We need to limit port 25 on one MTA server to a single /28 pool of addresses. So I need to have the rule to accept the traffic from the /28 and only through port 25. iptables -A INPUT -p tcp -s IP.YOU.WANT.TO.ACCEPT --dport 25 -j ACCEPT iptables -A INPUT -p tcp --dport 25 -j REJECT So are these still the valid rules for that ? And yes am somewhat familiar in lots of areas of the ISP business, just haven't had to setup iptables rules in some time. Thanks so much, Dee -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
