LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-16-2011, 01:52 PM   #1
vitalbon
LQ Newbie
 
Registered: Feb 2011
Posts: 4

Rep: Reputation: 0
Question How to configure IPTABLES to allow certain IP ranges to ports 25 and 465


Hi people.

I have a mail server with IPTABLES enabled.


I want to allow access to:

41.0.0.0/8
58.0.0.0/8
61.0.0.0/8
124.0.0.0/8
126.0.0.0/8
168.208.0.0/16
196.192.0.0/16
202.0.0.0/8
210.0.0.0/8
218.0.0.0/8
220.0.0.0/8
222.0.0.0/8

only on ports 25 and 465 on my server


All other IP addresses to have normal access.


HOW TO DO THIS???
 
Old 02-17-2011, 12:28 AM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
Hi, welcome to LQ!

What defines "normal access" as opposed to the two ports above?



Cheers,
Tink
 
Old 02-17-2011, 01:09 AM   #3
EDDY1
LQ Addict
 
Registered: Mar 2010
Location: Oakland,Ca
Distribution: wins7, Debian wheezy
Posts: 6,838

Rep: Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649Reputation: 649
You didn't say what OS.
http://www.debian.org/doc/manuals/se...rvices.en.html
 
Old 02-17-2011, 02:41 AM   #4
vitalbon
LQ Newbie
 
Registered: Feb 2011
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Tinkster View Post
Hi, welcome to LQ!

What defines "normal access" as opposed to the two ports above?


I meant as normal access: all server ports from 0-65536






Cheers,
Tink
I meant as normal access: all server ports from 0-65536
 
Old 02-17-2011, 02:45 AM   #5
vitalbon
LQ Newbie
 
Registered: Feb 2011
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by EDDY1 View Post

OS Mandriva Linux 2010.
 
Old 02-17-2011, 11:12 AM   #6
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
Quote:
Originally Posted by vitalbon View Post
I meant as normal access: all server ports from 0-65536
Any other needs, e.g., logging accepted, dropped, all connections?
What's the current rule-set, so we can see your default policy?


Cheers,
Tink
 
Old 02-17-2011, 12:24 PM   #7
vitalbon
LQ Newbie
 
Registered: Feb 2011
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Tinkster View Post
Any other needs, e.g., logging accepted, dropped, all connections?
What's the current rule-set, so we can see your default policy?


Cheers,
Tink

The firewall is disabled at the moment with all rules flushed at initial state.


No logging is needed, only allow those IP to send and accept emails on port 25 and 465, but others to have access to all ports from 0-65536.
 
Old 02-17-2011, 02:21 PM   #8
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,067
Blog Entries: 11

Rep: Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913Reputation: 913
Something like this might do it for you:
Code:
iptables-restore <<EOT
*filter
:FORWARD DROP [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT --match state --state INVALID --jump DROP
-A INPUT --match state --state ESTABLISHED,RELATED --jump ACCEPT
-A INPUT --in-interface lo --jump ACCEPT
-A INPUT --protocol icmp --icmp-type echo-request --jump ACCEPT
-A INPUT --source 41.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 58.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 61.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 124.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 126.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 168.208.0.0/16 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 196.192.0.0/16 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 202.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 210.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 218.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 220.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --source 222.0.0.0/8 --protocol tcp ! --dport 25 ! --dport 465 --jump DROP
-A INPUT --protocol tcp --dport auth --jump REJECT
COMMIT
EOT

Cheers,
Tink
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Configure iptables to forward ports to an internal server ikaro_tatsomura Linux - Networking 1 02-08-2007 07:45 PM
Firestarter - iptables and blocking ranges ithawtewrong Linux - Security 4 11-04-2006 02:41 PM
465 Infected Ports. How reliable is chkroot? xbaez Linux - Security 1 01-12-2005 10:29 PM
Forwarding port ranges using iptables --to ? ivj Linux - Networking 13 10-13-2004 04:05 AM
Blocking Iptables Ranges SuperSadSmile Linux - Security 6 02-09-2004 03:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration