IPCHAINS question
Ernest Horne
bill at horne.net
Mon Oct 18 18:58:00 EDT 2004
----- Original Message -----
From: miah <jjohnson at sunrise-linux.com>
To: discuss at blu.org
Subject: Re: IPCHAINS question
Date: Mon, 18 Oct 2004 18:20:51 -0400
>
> 1. why ipchains? Surely you aren't running 2.2, if you're using 2.4,
> start using iptables.
>
> 2. To add a rule to deny incoming smtp:
> iptables -A INPUT -m tcp -p tcp --dport 25 --syn -j REJECT
>
> (reject is better than drop, I like to keep the internet working as it
> should)
>
> 3. To remove that rule:
> iptables -D INPUT -m tcp -p tcp --dport 25 --syn -j REJECT
>
> Your OUTPUT (eg, outgoing smtp) will still function.
>
> -miah
I hate to pick nits, but in this case I'll make an exception: to be effective, a REJECT rule would have to be inserted instead of appended, because there's probably an existing rule that allows port 25, and a REJECT rule would never be used if it came after.
iptables -I INPUT 1 ....
Bill
More information about the Discuss
mailing list