[ previous ] [ next ] [ threads ]
 From:  Sasa Stupar <sasa at stupar dot homelinux dot net>
 To:  "'m0n0wall'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Block port 25
 Date:  Tue, 29 Nov 2005 08:31:58 +0100
--On 29. november 2005 10:41 +1300 Craig FALCONER 
<cfalconer at avonside dot school dot nz> wrote:

> Agree on the LAN rule.
> On the DMZ I'd have
> Allow mailserverIP port25
> And then below that
> Block all dmz Ips port25
> -----Original Message-----
> From: Lee Sharp [mailto:leesharp at hal dash pc dot org]
> Sent: Tuesday, 29 November 2005 8:16 a.m.
> To: m0n0wall
> Subject: Re: [m0n0wall] Block port 25
> From: "Jason King" <jking at informs dot com>
>> I have a WAN, LAN, and DMZ on my m0n0wall. I want to block all SMTP
>> traffic from the LAN going to the internet, and disable all SMTP
>> traffic  from the DMZ going to the internet except for one host on the
>> DMZ (the  mail server).
>> Basically, I don't want any machine sending SMTP packets out to the
>> internet except for one. What rules do I need to add?
> The rules go top down to a matching rule.  So, on the LAN, you want a any
> with a destination port 25 deny.  On the DMZ you want a (not ip of the
> one  host) destination port 25 deny.
>                         Lee

Folks, isn't by default everything blocked?
From the m0n0 admin rule page - bottom:
" Everything that isn't explicitly passed is blocked by default."
So I have configure for LAN clients to have access to any port except port 
25 (which means two rules: ports 1-24 and 26-65535).