[ previous ] [ next ] [ threads ]
 
 From:  Craig FALCONER <cfalconer at avonside dot school dot nz>
 To:  'Lee Sharp' <leesharp at hal dash pc dot org>, 'm0n0wall' <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Block port 25
 Date:  Tue, 29 Nov 2005 10:41:54 +1300
Agree on the LAN rule.

On the DMZ I'd have

Allow mailserverIP port25 
And then below that
Block all dmz Ips port25


-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
Sent: Tuesday, 29 November 2005 8:16 a.m.
To: m0n0wall
Subject: Re: [m0n0wall] Block port 25


From: "Jason King" <jking at informs dot com>

>I have a WAN, LAN, and DMZ on my m0n0wall. I want to block all SMTP  
>traffic from the LAN going to the internet, and disable all SMTP 
>traffic  from the DMZ going to the internet except for one host on the 
>DMZ (the  mail server).

> Basically, I don't want any machine sending SMTP packets out to the 
> internet except for one. What rules do I need to add?

The rules go top down to a matching rule.  So, on the LAN, you want a any 
with a destination port 25 deny.  On the DMZ you want a (not ip of the one 
host) destination port 25 deny.

                        Lee 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch