Changeset 2700 for trunk


Ignore:
Timestamp:
May 29, 2015, 1:18:37 AM (7 years ago)
Author:
andersk
Message:
Block outgoing port 25

Exceptions are made for localhost, outgoing.mit.edu, and (temporarily)
the cssa user.

Closes: #403
Location:
trunk/server/fedora/config/etc
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/server/fedora/config/etc/modules-load.d/iptables.conf

    r2651 r2700  
    44ip6_tables
    55ip6table_filter
     6ip6t_REJECT
     7nf_log_ipv6
  • trunk/server/fedora/config/etc/sysconfig/ip6tables

    r2618 r2700  
    55:log-smtp - [0:0]
    66-A log-smtp -o lo -j RETURN
    7 -A OUTPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j log-smtp
     7-A OUTPUT -p tcp -m tcp --dport 25 --syn -j log-smtp
    88-A log-smtp -m owner --uid-owner postfix -j RETURN
    99-A log-smtp -j LOG --log-prefix "SMTP " --log-uid
     10# 536957056=cssa (temporary exception)
     11-A log-smtp -m owner --uid-owner 536957056 -j RETURN
     12-A log-smtp -j REJECT --reject-with icmp6-adm-prohibited
    1013COMMIT
  • trunk/server/fedora/config/etc/sysconfig/iptables

    r2618 r2700  
    55:log-smtp - [0:0]
    66-A INPUT -p udp -m udp --dport 161 ! -s 18.0.0.0/8 -j REJECT
    7 -A OUTPUT -p tcp -m tcp --dport 25 --tcp-flags FIN,SYN,RST,ACK SYN -j log-smtp
     7-A OUTPUT -p tcp -m tcp --dport 25 --syn -j log-smtp
    88-A log-smtp -o lo -j RETURN
    99-A log-smtp -m owner --uid-owner postfix -j RETURN
    10 -A log-smtp -m owner --uid-owner nrpe -j RETURN
    11 -A log-smtp -m owner --uid-owner 537644531 -j RETURN
    1210-A log-smtp -j LOG --log-prefix "SMTP " --log-uid
     11# 18.9.28.100=outgoing.mit.edu
     12-A log-smtp -d 18.9.28.100 -j RETURN
     13# 536957056=cssa (temporary exception)
     14-A log-smtp -m owner --uid-owner 536957056 -j RETURN
     15-A log-smtp -j REJECT --reject-with icmp-admin-prohibited
    1316COMMIT
Note: See TracChangeset for help on using the changeset viewer.