|
Last change
on this file since 2700 was
2700,
checked in by andersk, 10 years ago
|
|
Block outgoing port 25
Exceptions are made for localhost, outgoing.mit.edu, and (temporarily)
the cssa user.
Closes: #403
|
|
File size:
557 bytes
|
| Line | |
|---|
| 1 | *filter |
|---|
| 2 | :INPUT ACCEPT [0:0] |
|---|
| 3 | :FORWARD ACCEPT [0:0] |
|---|
| 4 | :OUTPUT ACCEPT [0:0] |
|---|
| 5 | :log-smtp - [0:0] |
|---|
| 6 | -A INPUT -p udp -m udp --dport 161 ! -s 18.0.0.0/8 -j REJECT |
|---|
| 7 | -A OUTPUT -p tcp -m tcp --dport 25 --syn -j log-smtp |
|---|
| 8 | -A log-smtp -o lo -j RETURN |
|---|
| 9 | -A log-smtp -m owner --uid-owner postfix -j RETURN |
|---|
| 10 | -A log-smtp -j LOG --log-prefix "SMTP " --log-uid |
|---|
| 11 | # 18.9.28.100=outgoing.mit.edu |
|---|
| 12 | -A log-smtp -d 18.9.28.100 -j RETURN |
|---|
| 13 | # 536957056=cssa (temporary exception) |
|---|
| 14 | -A log-smtp -m owner --uid-owner 536957056 -j RETURN |
|---|
| 15 | -A log-smtp -j REJECT --reject-with icmp-admin-prohibited |
|---|
| 16 | COMMIT |
|---|
Note: See
TracBrowser
for help on using the repository browser.
