[TCLUG] firewalling around sendmail

[Brian]

On Wed, 14 Mar 2001, Austad, Jay wrote:

> Your output chain should have a default of ACCEPT, so you shouldn't need
> those output chains...
> 
> Try changing those rules to:
> ipchains -A input -i eth0 -p tcp -s any/0 -d 12.27.41.52 25 -j ACCEPT
> ipchains -A input -i eth0 -p tcp ! -y -s any/0 25 -d 12.27.41.52 -j ACCEPT

This didn't work either.  This machine is a standalone mail server with
its own domains and stuff.  I have the default ipchains policy to ACCEPT
(it makes it slightly easier IMHO) so an ipchains -F sets everything to
ACCEPT.  The final line in my rc.firewall is 'ipchains -A input -i eth0 -s
any/0 -j DENY' so I get the same security as setting the default policy
but I just like it more.

-Brian