[KLUG Members] iptables

Bruce Smith members@kalamazoolinux.org
01 Aug 2002 10:11:30 -0400

Previous message: [KLUG Members] iptables
Next message: [KLUG Members] iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> >>I want  to close the ident port (113) for all incomming 
> >>connections except for thoose there is already a connection open. Some 
> >>mail servers appear to need a open ident port before accepting email, or 
> >>at least need significant more time to accept email. How can I make 
> >>netfiler to accept incomming requests to this port when there is already 
> >>an active (smtp) connection?
> >>
> After doing some firewall digging, I believe that this can be done by 
> setting up the following rules:
> 
> iptables -A INPUT -i ${EXTERN} -p tcp --dport 113 -m state --state 
> RELATED -j ACCEPT

I don't know if iptables is smart enough to know that a connection to
port 25 is related to port 113, so I don't know if the first line will
work or not.  It should be easy enough to test if you start logging
certain connections and rejects.

> iptables -A INPUT -i ${EXTERN} -p tcp --dport 113 -j DROP 

The second line should jump to REJECT instead of DROP!  
Otherwise you may still experience annoying delays in email delivery.

--------------------------------------------
Bruce Smith                bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan  49093  USA
http://www.armstrong-intl.com/
--------------------------------------------

Previous message: [KLUG Members] iptables
Next message: [KLUG Members] iptables
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]