Security and privacy

 
 
Picture of Adrian Scarle
Re: iptables firewall stops email messages to SMTP host
 

Hi Hubert,

Thanks - I've been doing some further digging and you are, of course, absolutely correct.

Adding INPUT rules for the returning connection helped, as did rules for DNS and LDAP (as I have LDAP authentication running). See below.

Coming from a Windows background has obviously made me lazy, I forget how explicit you need to be when configuring a Linux box.

Adrian


 
Average of ratings: -
Picture of Hubert Chathi
Re: iptables firewall stops email messages to SMTP host
 

I would avoid filtering the INPUT based solely on source port.  In theory, an attacker could send a packet from, say, the LDAP port to any other port on your system, effectively bypassing your firewall.

By the way, instead of writing the iptables rules manually, you may want to use a frontend such as shorewall.

 
Average of ratings: -