Koozali.org: home of the SME Server
Obsolete Releases => SME Server 7.x => Topic started by: GlitchFreak on November 08, 2007, 11:30:19 AM
-
Morning
How do I add a custom IPTables rule to block external pop3 access? I want to prevent anyone in the company from popping external email.
Thanks!
-
How do I add a custom IPTables rule to block external pop3 access? I want to prevent anyone in the company from popping external email.
Enjoy ;)
http://wiki.contribs.org/Firewall#Block_outgoing_ports
-
After downloading the stuff referenced above, issue these commands:
config setprop masq TCPBlocks 0.0.0.0:110
signal-event remoteaccess-update
/etc/init.d/masq restart
-
Thanks, I've enabled the changes.
Is there a log I can tail to see the blocks in effect? Perhaps /var/log/iptables?
-
Is there a log I can tail to see the blocks in effect?
/var/log/messages
-
As currently written the 'PortBlocks' code does not log anything.
-
I thought so... Didn't see anything logging...
-
As currently written the 'PortBlocks' code does not log anything.
Ah I didn't realize your new code didn't include "--log-prefix" that's why I do see the blocks in /var/log/messages
-
Is there a hard code method to enable logging port blocks?
-
/var/log/messages
No, any iptables logging is in /var/log/iptables/current.
-
No, any iptables logging is in /var/log/iptables/current.
Thats correct for "any" but if you have parameter "--log-prefix" inserted in to your iptable line then it will show any blocks in the /var/log/messages and via dmesg.
-
Thats correct for "any" but if you have parameter "--log-prefix" inserted in to your iptable line then it will show any blocks in the /var/log/messages and via dmesg.
The standard 'denylog' rule uses --log-prefix, and standard logs don't go to syslog. Something else is going on here - perhaps ulogd is not running.