mudfish Posted August 6, 2007 Report Share Posted August 6, 2007 how do you block port 25 on shorewall firewall? Quote Link to comment Share on other sites More sharing options...
SoulSe Posted August 6, 2007 Report Share Posted August 6, 2007 Shorewall can be configured from within the MCC. You probably know this, but just in case - port 25 is used for email, so you might not want to block it... Quote Link to comment Share on other sites More sharing options...
scoonma Posted August 6, 2007 Report Share Posted August 6, 2007 Hi mudfish, you can edit your /etc/shorewall/rules file and add two lines like this: DROP $FW net tcp SMTP DROP $FW net udp SMTP $FW is your standard firewall zone, net is the zone you're connected to the internet with in this example. For more on zones and options, see additional info in the rules and zones file in /etc/shorewall. @SoulSe: Maybe he only wants to use port 465? HTH, scoonma Quote Link to comment Share on other sites More sharing options...
paul Posted August 6, 2007 Report Share Posted August 6, 2007 iptables -A INPUT -p tcp -m tcp --dport 25 -j DROP just incase you feel like doing it from the command line Quote Link to comment Share on other sites More sharing options...
SoulSe Posted August 6, 2007 Report Share Posted August 6, 2007 iptables -A INPUT -p tcp -m tcp --dport 25 -j DROP just incase you feel like doing it from the command line He... he understands iptables. This must be the man the prophecies foretold... Quote Link to comment Share on other sites More sharing options...
mudfish Posted August 6, 2007 Author Report Share Posted August 6, 2007 hi all ty for the quick and informative replies.it really helps us a lot newbies gain new knowledge from experienced linux users.im a bit new to shorewall as im used to using firestarter with just a few clicks and its done.i am blocking port 25 on the firewall because i am not running a mail server..(am i doing right?i mean closing port 25 does not mean i can no longer check my email account on yahoo right?? greetz goes to scoonma,soulse and paul. Quote Link to comment Share on other sites More sharing options...
SoulSe Posted August 6, 2007 Report Share Posted August 6, 2007 On a server it is always a good idea to shut off the ports you don't need imho. Remember that in Linux iptables is your firewall tool, things like Shorewall are just applications that address iptables. So if you can get your head around iptables you can go direct and cut out the middle-man :P EDIT: Blocking off port 25 will not stop you from reading email from web-sites, no. Since that just needs your http and https ports to be open (80 and... 443... if I remember correctly) Quote Link to comment Share on other sites More sharing options...
Soka Posted August 6, 2007 Report Share Posted August 6, 2007 Just to clarify things a little, blocking ports in the INPUT chain will stop incoming connections to your machine, so blocking port 25 there will prevent outside machines to connect to your smtp port. This will not stop you from checking or sending webmails or normal mails. On the other hand, blocking ports on the OUTPUT chain will stop outgoing connections, so if you block port 25 there you will still be able to check mails but you won't be able to send mail through the standard smtp port. Being it a server or a desktop computer it's always a good idea to block all the incoming ports and only open those you'll be using. Quote Link to comment Share on other sites More sharing options...
iphitus Posted August 6, 2007 Report Share Posted August 6, 2007 He... he understands iptables. This must be the man the prophecies foretold... blasphemer! the man was aru! we await a second coming! James Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.