IPCHAINS question

[miah]

1. why ipchains?  Surely you aren't running 2.2, if you're using 2.4,
start using iptables.

2. To add a rule to deny incoming smtp:
iptables -A INPUT -m tcp -p tcp --dport 25 --syn -j REJECT

(reject is better than drop, I like to keep the internet working as it
should)

3. To remove that rule:
iptables -D INPUT -m tcp -p tcp --dport 25 --syn -j REJECT

Your OUTPUT (eg, outgoing smtp) will still function.

-miah

On Mon, Oct 18, 2004 at 04:46:22PM -0400, Jerry Feldman wrote:
> I have a need to temporarily block port 25 (smtp). I've been reading the
> howtos, but I don't want to get myself into a situation requiring a 
> reboot.
> The existing rule is:
> target     prot  opt      src     dst        ports
> ACCEPT     tcp  -y----  anywhere anywhere  any->smtp
> 
> 
> I just want to disable (or deny) it for a few minutes and then reenable 
> it.
> However, I want to keep the MTA up and running, especially for outgoing.
> Before I experiment, here is the specification I think should work
> ipchains -R input -s 0/0 -d 0/0 25 -p tcp -y -j DENY
> 
> Then to reenable it:
> ipchains -R input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
> 
> --- note that I need to do this for moving some mailman lists to another
> server.
> I need to keep the MTA up because the list admin is going to do approve or
> reject a bunch of pending requests.