--On 29. november 2005 10:41 +1300 Craig FALCONER
<cfalconer at avonside dot school dot nz> wrote:
> Agree on the LAN rule.
> On the DMZ I'd have
> Allow mailserverIP port25
> And then below that
> Block all dmz Ips port25
> -----Original Message-----
> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
> Sent: Tuesday, 29 November 2005 8:16 a.m.
> To: m0n0wall
> Subject: Re: [m0n0wall] Block port 25
> From: "Jason King" <jking at informs dot com>
>> I have a WAN, LAN, and DMZ on my m0n0wall. I want to block all SMTP
>> traffic from the LAN going to the internet, and disable all SMTP
>> traffic from the DMZ going to the internet except for one host on the
>> DMZ (the mail server).
>> Basically, I don't want any machine sending SMTP packets out to the
>> internet except for one. What rules do I need to add?
> The rules go top down to a matching rule. So, on the LAN, you want a any
> with a destination port 25 deny. On the DMZ you want a (not ip of the
> one host) destination port 25 deny.
Folks, isn't by default everything blocked?
From the m0n0 admin rule page - bottom:
" Everything that isn't explicitly passed is blocked by default."
So I have configure for LAN clients to have access to any port except port
25 (which means two rules: ports 1-24 and 26-65535).