[ale] iptables rules

Christopher Fowler cfowler at outpostsentinel.com
Wed Aug 4 14:58:13 EDT 2004


Here is one rule set:
/sbin/iptables -A INPUT -p tcp -i ${PRIVATE} -s 192.168.254.0/24 -d
192.168.1.254/32 --dport 25 -j ALLOW
/sbin/iptables -A INPUT -p tcp -i ${PRIVATE} -s 192.168.254.0/24 -d
0.0.0.0/0 --dport 25 -j DROP


Should'nt the exception be before the rule?


On Wed, 2004-08-04 at 14:45, Christopher Fowler wrote:
> I have a machine on the network that I need to protect my bandwidth
> from.  This is a windows box and it is clear to me that it can not be
> trusted.
> 
> My firewall is 192.168.1.254 and I want it to be able to go to port 25
> of that machine but not out the public interface.  I also want to block
> all outgoing ports other than 80.  
> 
> 2 Trojans were found on this machine and I think it has become a spam
> box.
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list