• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 879
  • Last Modified:

How to block port 25 for all machine except the mailserver

I like to block the port 25 on our firewall so no other than the real email server can send emails

Considering that the mail server address is, the gateway is and the gateway that connects to the internet through the router has the IP of
So the machine that is running IPTables is on and the external nic is
What should my rule look like?


1 Solution
iptables -I FORWARD -p tcp --dport 25 -j DROP
iptables -I FORWARD -s -p tcp --dport 25 -j ACCEPT

This rules will drop every connection to port 25 if not comming from your email server. Note that I wrote "-I" which means insert at the beginning - the rules will be reversed in the FORWARD chain.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now