PDA

View Full Version : how to block all ports except pop and smtp in NAT through iptables



smjd7
January 20th, 2010, 10:41 AM
how to block all ports except pop,pop3,smtp in nat using iptables in squid on redhat A3

Sarmacid
January 20th, 2010, 03:15 PM
Check this out https://help.ubuntu.com/community/IptablesHowTo

Lars Noodén
January 20th, 2010, 06:22 PM
Also, be sure to allow ICMP (http://www.iana.org/assignments/icmp-parameters). In particular echo-request and traceroute to your machine, especially if you are hosting any services.

But even if you are not hosting, some ICMP is required anyway for networking and if you block it by accident, the network is broken and some problems will be much harder to diagnose.

For example,



# echo
iptables -A INPUT -p icmp --icmp-type echo-request \
-m limit --limit 1/s -i eth0 -j ACCEPT

ip6tables -A INPUT -p icmpv6 --icmpv6-type echo-request \
-m limit --limit 1/s -i eth0 -j ACCEPT

# traceroute
iptables -A INPUT -p icmp --icmp-type 30 \
-m limit --limit 1/s -i eth0 -j ACCEPT

ip6tables -A INPUT -p icmpv6 --icmpv6-type 30 \
-m limit --limit 1/s -i eth0 -j ACCEPT

# YMMV