On Fri, Apr 12, 2002 at 11:37:09AM +0200, Michal Melewski wrote: > On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote: > > Hi - i have just installed an mailserver with postfix and wu-imap/pop3 > > now i just want to have iptables running. I am no iptables guro, i just > > want to close all exept from ssh(port 22), pop3(port 110) and > > imap(port143). Is there and easy way to do this. ???? > > Sure it is easy... > iptables -P INPUT DROP > iptables -I INPUT -p tcp -s 0/0 --dport $port -i $dev -j DROP ^^^^ ACCEPT
If you set INPUT policy to DROP, doesn't that drop everything, not just incoming SYN packets? If you want to be able to establish any connections from the machine to anywhere else, e.g. for an apt-get update (downloading stuff with ftp or http), you need to allow that with iptables. The rule you gave will let the replies to your SYN be dropped. I'm just learning iptables, and I haven't figured out the connection tracking stuff yet. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]