|
Allowing SMTP to/from Your FirewallsIn this configuration, our firewall (Host-A) is running a local MTA (Mail Transfer Agent). This MTA is responsible for sending and/or receiving of e-mail. It is assumed that you have correctly configured your MTA and that it functions when the firewall rules are not loaded. The following example rules should allow both host-based and network-protecting firewalls to allow the SMTP service on the firewall: Receiving SMTP traffic on Host-A: $IPTABLES -A INPUT -p tcp--dport 25 -j ACCEPT This rule would allow inbound SMTP connections on all interfaces. If you wanted to limit this to a specific interface, say in the example of a firewall accepting mail only from an internal network, we would specify the interface with the following: # where eth1 is the internal interface $IPTABLES -A INPUT -i eth1 -p tcp--dport 25 -j ACCEPT For allowing outbound SMTP traffic from the firewall, we would use a connection tracking rule as follows: $IPTABLES -A OUTPUT -p tcp sport 25 -m state \ state NEW,ESTABLISHED,RELATED -j ACCEPT |
|