On Wed, 2002-05-15 at 13:26, Matt Sales wrote: > Hello, > I'm setting up iptables policies on one of my machines and I'm having some > problems with it... For a mail server, I set up the following rules: > > iptables -P INPUT DROP > iptables -A -i eth0 -p tcp -d localhost --destination-port smtp -j ACCEPT > iptables -A -i eth0 -p udp -d localhost --destination-port smtp -j ACCEPT > iptables -A -i eth0 -p tcp -d localhost --destination-port pop3 -j ACCEPT > iptables -A -i eth0 -p udp -d localhost --destination-port pop3 -j ACCEPT > iptables -A -i eth0 -p tcp -d localhost --destination-port ssh -j ACCEPT > iptables -A -i eth0 -p tcp -d localhost --destination-port 1024: -j ACCEPT > iptables -P OUTPUT ACCEPT > > when checking mail, I can get through but sending and receiving takes an > extremely long time...
Make sure DNS is functioning properly, or turn off DNS and identd lookups. (identd might be the delay if you have similarly silly rules on your own machine/router. Don't DROP packets) > Also (a side note), for some reason I can still subvert the firewall using > sftp (port 115)... I have no idea why. Because the destination for packets coming in to eth0 is never "localhost". It's always the address you've assigned to the NIC. Don't specify -d <anything>. _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
