Changeset 2618


Ignore:
Timestamp:
Sep 22, 2014, 6:45:42 PM (9 years ago)
Author:
andersk
Message:
ip[6]tables: Really ignore SMTP to localhost

Packets in OUTPUT have an output interface, not an input interface.
Location:
trunk/server/fedora/config/etc/sysconfig
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/sysconfig/ip6tables

    r2617 r2618  
    44:OUTPUT ACCEPT [0:0]
    55:log-smtp - [0:0]
    6 -A log-smtp -i lo -j RETURN
     6-A log-smtp -o lo -j RETURN
    77-A OUTPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j log-smtp
    88-A log-smtp -m owner --uid-owner postfix -j RETURN
  • trunk/server/fedora/config/etc/sysconfig/iptables

    r2617 r2618  
    66-A INPUT -p udp -m udp --dport 161 ! -s 18.0.0.0/8 -j REJECT
    77-A OUTPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j log-smtp
    8 -A log-smtp -i lo -j RETURN
     8-A log-smtp -o lo -j RETURN
    99-A log-smtp -m owner --uid-owner postfix -j RETURN
    1010-A log-smtp -m owner --uid-owner nrpe -j RETURN
Note: See TracChangeset for help on using the changeset viewer.