|
Last change
on this file since 2806 was
2708,
checked in by andersk, 10 years ago
|
|
Remove temporary outgoing port 25 exemption for cssa
|
|
File size:
614 bytes
|
| Line | |
|---|
| 1 | *filter |
|---|
| 2 | :INPUT ACCEPT [0:0] |
|---|
| 3 | :FORWARD ACCEPT [0:0] |
|---|
| 4 | :OUTPUT ACCEPT [0:0] |
|---|
| 5 | :log-smtp - [0:0] |
|---|
| 6 | -A INPUT -p udp -m udp --dport 161 ! -s 18.0.0.0/8 -j REJECT |
|---|
| 7 | -A OUTPUT -p tcp -m tcp --dport 25 --syn -j log-smtp |
|---|
| 8 | -A log-smtp -m owner --uid-owner postfix -j RETURN |
|---|
| 9 | -A log-smtp -m owner --uid-owner nrpe -o lo -j RETURN |
|---|
| 10 | # 537644531=scripts (for heartbeat) |
|---|
| 11 | -A log-smtp -m owner --uid-owner 537644531 -o lo -j RETURN |
|---|
| 12 | -A log-smtp -j LOG --log-prefix "SMTP " --log-uid |
|---|
| 13 | -A log-smtp -o lo -j RETURN |
|---|
| 14 | # 18.9.28.100=outgoing.mit.edu |
|---|
| 15 | -A log-smtp -d 18.9.28.100 -j RETURN |
|---|
| 16 | -A log-smtp -j REJECT --reject-with icmp-admin-prohibited |
|---|
| 17 | COMMIT |
|---|
Note: See
TracBrowser
for help on using the repository browser.
