G2MD
asked on
Ipchains only mail
I need put a ipchains for DENY all packets TCP, but no mail packets,from pc 192.168.2.168. I put
ipchains A input -p TCP -s 192.168.2.168 ! pop-3 ! smtp -j DENY. But it doesnt' work as i want it.
ipchains A input -p TCP -s 192.168.2.168 ! pop-3 ! smtp -j DENY. But it doesnt' work as i want it.
oops type the full command path /sbin/ipchains
ASKER
I want that 192.168.2.168 only use internet for email. That's right
then try fisrt denying all packets from 192.168.1.168 then specifically allowing smtp packets from it. Something like
/sbin/ipchains -A input -l -s [banned host] -d $1 -j DENY
then add the other rule I gave you except chage it to accept.Where banned host is the IP of the host whose packets you want to deny.
/sbin/ipchains -A input -l -s [banned host] -d $1 -j DENY
then add the other rule I gave you except chage it to accept.Where banned host is the IP of the host whose packets you want to deny.
ASKER
What's $1 in that command?. And For deny a packet you i put -j DENY, what do i put in the command for accept smtp packet [from banned host]?. Do i need accept pop-3 packets,too ?
You only need to accept pop3 packets if your users are going to allow them to pop mail off your server using clients like eudora outlook express pegasus etc
to allow smtp packets
/sbin/ipchains -A input -p tcp -s 192.x.x.x -d $1 25 -j ACCEPT
If you decide to accept pop3 then change the port 25 above to 110 in a separate entry.
to understand ipchains read the manual pages and the howtos on the internet.
to allow smtp packets
/sbin/ipchains -A input -p tcp -s 192.x.x.x -d $1 25 -j ACCEPT
If you decide to accept pop3 then change the port 25 above to 110 in a separate entry.
to understand ipchains read the manual pages and the howtos on the internet.
ASKER
These commands wasn't accept for the ipchains, because don't have destination ip address. I probe with this command
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 -j DENY
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 25 -j ACCEPT
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 110 -j ACCEPT
And i can't receive and send email from pc 192.168.x.x.x
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 -j DENY
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 25 -j ACCEPT
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 110 -j ACCEPT
And i can't receive and send email from pc 192.168.x.x.x
ASKER
/sbin/ipchains -A input -l -s 192.x.x.x -d 0/0 $1 -j DENY
/sbin/ipchains -A input -p tcp -l -s 192.x.x.x -d 0/0 $1 25 -j ACCEPT
/sbin/ipchains -A input -p tcp -l -s 192.x.x.x -d 0/0 $1 110 -j ACCEPT
I had to read the howsto and these manuals doesn't speak about parameter $ 1 and i don't understand the parameter -l.
Thank's a lot
/sbin/ipchains -A input -p tcp -l -s 192.x.x.x -d 0/0 $1 25 -j ACCEPT
/sbin/ipchains -A input -p tcp -l -s 192.x.x.x -d 0/0 $1 110 -j ACCEPT
I had to read the howsto and these manuals doesn't speak about parameter $ 1 and i don't understand the parameter -l.
Thank's a lot
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Than's for everything
have you also tried the full path i.e /sbin/ipchains?
try ipchains -A input -p tcp -s 192.168.2.168 -d $1 25 -j DENY
if what you want is to allow all other packets apart from smtp packets from 192.168.2.168