Re: block forwarded smtp, but allow originating smtp
This is a discussion on Re: block forwarded smtp, but allow originating smtp within the IPFilter forums, part of the System Security and Security Related category; --On Thursday, May 20, 2004 12:28 AM -0600 Tommy McNeely <tommy@electro-domestico.com> wrote: .... > I ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
05-20-2004
|
|||
|
|||
Re: block forwarded smtp, but allow originating smtp
--On Thursday, May 20, 2004 12:28 AM -0600 Tommy McNeely <tommy@electro-domestico.com> wrote: .... > I want to be able to allow the server itself to create an SMTP connection > wherever it pleases (as it is a mail server) but I want to restrict the > users on the network to only be able to create an SMTP connection to the > box itself (and maybe a small list of exceptions) to prevent viruses from > spamming the world and having my server NAT the connection. If I am > reading this correctly, I should use the "block out" rules to stop > packets, but the NAT happens first, so I would have to put my "own" IP in > place, which would block my servers outbound SMTP connections. Block it on the inside interface instead. pass in quick on qfe0 proto tcp from any to my.ip.address port = 25 flags S/S AFR keep state keep frags pass in quick on qfe0 proto tcp from any to other.ip.address port = 25 flags S/S AFR keep state keep frags block in log quick on qfe0 proto tcp from any to any port = 25 -- Carson 
|
Linear Mode
