Hello,
i need to know how to test my rule for IPTABLE before adding it on custom firewall app ?
is there any way to put my rules in safe side and restart firewall service if it wrong i will delete it without any problem ?
thanks
i need to know how to test my rule for IPTABLE before adding it on custom firewall app ?
is there any way to put my rules in safe side and restart firewall service if it wrong i will delete it without any problem ?
thanks
Share this post:
Accepted Answer
So, if you've changed your default rule to drop all, then all you need is allow rule(s):
BTW, if people are using Gmail/Hotmail are they doing it via the browser or a mail app? If it is by the browser (i.e webmail), you have a completely different issue for which you'll need something like the content filter or DNS poisoning.
iptables -I FORWARD -p tcp -m multiport --dports 25,110 -d your_permitted_ip -j ACCEPT
To test it, copy and paste it into your command line. If you get no errors they the syntax is OK. If it does what you want then the rule is probably OK. If you are happy with it, paste it into the custom firewall module.BTW, if people are using Gmail/Hotmail are they doing it via the browser or a mail app? If it is by the browser (i.e webmail), you have a completely different issue for which you'll need something like the content filter or DNS poisoning.
Responses (6)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
My Friend Nick;
thanks for your help share info.
my Egress firewall block all and i opened the smtp and pop only to make my users in lan network using mail service.
but i need to make my user using smtp and pop3 for the company domain only because i found many users using gmail and hotmail and others
so i need to make control and block all that by make the smtp and pop3 for just my company domain.
so can you tell me what is the rule make smtp and pop3 for only my domain ?
reminder my Egress firewall block all and i have opened the smtp and pop3 so i need from custom firewall to add rule to make the smtp and pop3 for specific domain.
also i need to know how to test the rule via command before added it in custom rule.
thank you very much -
Accepted Answer
By default the Egress firewall is open. Have you changed the default operation?
If you use an external provider for your smtp and pop and you want to block access to anywhere else you can probably do it with a single complex rule for anyone on your LAN:
but test it first. It might be ambitious doing it in a single rule. It won't work with multiple IP's. If you have multiple IP's you'll need a general block rule followed by specific allow rules.iptables -I FORWARD -p tcp -m multiport --dports 25,110 ! -d your_permitted_ip -j DROP
Iptables by domain are a bad idea if the domain resolves to more than one IP address and name resolution only happens when the firewall is loaded and never again. If the name resolves to a different IP when the user comes to access the domain, the firewall will not see the rule. -
Accepted Answer
-
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »