 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
1. why ipchains? Surely you aren't running 2.2, if you're using 2.4, start using iptables. 2. To add a rule to deny incoming smtp: iptables -A INPUT -m tcp -p tcp --dport 25 --syn -j REJECT (reject is better than drop, I like to keep the internet working as it should) 3. To remove that rule: iptables -D INPUT -m tcp -p tcp --dport 25 --syn -j REJECT Your OUTPUT (eg, outgoing smtp) will still function. -miah On Mon, Oct 18, 2004 at 04:46:22PM -0400, Jerry Feldman wrote: > I have a need to temporarily block port 25 (smtp). I've been reading the > howtos, but I don't want to get myself into a situation requiring a > reboot. > The existing rule is: > target prot opt src dst ports > ACCEPT tcp -y---- anywhere anywhere any->smtp > > > I just want to disable (or deny) it for a few minutes and then reenable > it. > However, I want to keep the MTA up and running, especially for outgoing. > Before I experiment, here is the specification I think should work > ipchains -R input -s 0/0 -d 0/0 25 -p tcp -y -j DENY > > Then to reenable it: > ipchains -R input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT > > --- note that I need to do this for moving some mailman lists to another > server. > I need to keep the MTA up because the list admin is going to do approve or > reject a bunch of pending requests.
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
