On Wed, 04 Jun 2003, Lukas Ruf wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > Hallo * Vittorio <[EMAIL PROTECTED]> [2003-06-04 13:15]: > > > > Now I DON'T want that from the outside world, from the Internet via > > ppp0 someone could access my imap server which is on duty for my > > internal network only. > > > > What IPTABLES lines should I add to my firewall to avoid these > > intrusions? > > > > iptables -A INPUT -i ppp0 -p TCP --dport imap -j DROP > iptables -A INPUT -i ppp0 -p TCP --dport imaps -j DROP
I'd do it slightly differently. First, check in /etc/<package>/ and
try to set the daemons up to listen to only the inside port. If its
started from inetd, look into the xinetd package.
Then, I'd set up the ip tables to reject, not drop the packets.
This is a personaly choice, but IM(very)HO, networks work better when
packets don't disappear into the ether. :)
Just my two cents,
Jesse Meyer
--
...crying "Tekeli-li! Tekeli-li!"... ~ HPL
icq : 34583382 | === ascii ribbon campaign ===
msn : [EMAIL PROTECTED] | () - against html mail
yim : tsunad | /\ - against proprietary attachments
pgp00000.pgp
Description: PGP signature
