Ranjan Maitra wrote: > Bastian Blank wrote: > > I would just reject SMTP connections outgoing on your non-VPN interfaces. > > | iptables -A OUTPUT -o $vpn -m tcp --dport 25 -j ACCEPT > > | iptables -A OUTPUT -m tcp --dport 25 -j REJECT > > So, I was trying this out: > > $ sudo iptables -A OUTPUT -o $vpn -m tcp --dport 25 -j ACCEPT > Try `iptables -h' or 'iptables --help' for more information. > > Should I be matching with something other than tcp?
The "$vpn" part is a variable was simply a placeholder for the IP address of your VPN connected relayhost. It would be an IP address like 93.184.216.34 but put in the IP address of your relay host that is only accessible when the VPN is up. iptables -A OUTPUT -o 93.184.216.34 -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -m tcp --dport 25 -j REJECT But replace 93.184.216.34 with the IP address of your VPN relay host. I simply used an actual address inorder to clarify the example. What that does is it allows port 25 SMTP connections to 93.184.216.34 but then blocks all other port 25 SMTP connections to other addresses. If you are using port 587 instead of port 25 then repeat those lines with port 587. BTW... +1 for Bastian's very simple and elegant suggestion. :-) Bob
